Windows 7's security roll-ups, the most comprehensive of the fixes it pushes out each Patch Tuesday, have doubled in size since Microsoft revamped the veteran operating system's update regimen in 2016.
According to Microsoft's own data, what it calls the "Security Quality Monthly roll-up" (roll-up from here on) grew by more than 90 per cent from the first to the twenty-first update.
From its October 2016 inception, the x86 version of the update increased from 72MB to 137.5MB, a 91 per cent jump.
Meanwhile, the always-larger 64-bit version went from an initial 119.4MB to 227.5MB, also representing a 91 per cent increase.
The swelling security updates were not, in themselves, a surprise. Last year, when Microsoft announced huge changes to how it services Windows 7, it admitted that roll-ups would put on the pounds.
"The roll-ups will start out small, but we expect that these will grow over time," Nathan Mercer, a Microsoft product marketing manager, said at the time.
Mercer's explanation: "A Monthly roll-up in October will include all updates for October, while November will include October and November updates, and so on."
Two months later, when he was asked about the growth issue, Mercer again conceded that the roll-ups could get big. "Eventually Monthly roll-up will grow to around the 500MB size," Mercer said in mid-October 2016.
It looks like Mercer's forecast may have been pessimistic.
At the 22-update pace that Windows 7's roll-ups have established, the 64-bit version will weigh in at approximately 244MB by October 2018, and a year after that, as Windows 7 nears its expiration date, about 306MB.
The latter would represent a 39 per cent shortfall of Mercer's target. Likewise, the x86 edition would increase to 147MB and 186MB in 2018 and 2019, respectively, if the 22-update growth rate continues.
Credit: Computerworld Those numbers are not only far below Mercer's 500MB maximum, but also lower than Computerworld's estimates at the end of 2017. Then, using the first 12 updates as a guide to future update bloating,
Computerworld said that the Windows 7 x86 updates would balloon to 216MB and 374MB by October 2018 and October 2019, respectively.
Meanwhile, the Windows 8 x64 updates would expand to about 350MB by October 2018 and a whopping 600MB by October 2019, just months shy of its retirement.
The previous predictions were wildly off-base. Why?
After an aggressive expansion in size over their first year, Windows 7's updates' rate of growth nearly screeched to a halt.
The difference was stark between the first 12 updates' increase and that of the next nine. In the 12 updates from October 2016 to October 2017, Windows 7 x64's update grew by 83MB; the next nine updates boosted the size by just 25MB (that nine-month rate translates to under 32MB for 12 months, to make the comparison more apples-to-apples).
"The size of these is definitely a concern," said Chris Goettl, product manager with client security and management vendor Ivanti.
"When the roll-ups grow to 300MB to 500MB, some companies don't have the downtime (to download and install updates that large), especially those with a global reach or to remote areas across slow connections."
Enterprises get to pick the update poison
Microsoft issues two kinds of security updates for Windows 7 on the second Tuesday of each month: a roll-up and what the company has dubbed "Security Only Quality Update" (security-only from here on). The latter includes the month's security-related patches and nothing else.
Because they contain only that month's patches, they're much smaller than the same month's corresponding roll-up.
The 64-bit security-only for July was just 37MB and the 32-bit was an even smaller 24MB, compared to the same month's roll-ups of 228MB and 138MB.
The roll-ups are larger not only because they drag their past with them - each succeeding roll-up includes that month's patches as well as all previous patches back to October 2016 - but because they also include non-security bug fixes.
Usually, though not always, issued later in each month, the non-security updates are bundled with the security patches, adding to the size of the roll-up.
But only some Windows 7 machines are eligible for the smaller security-only updates: Those serviced by WSUS (Windows Server Update Services), or tools, whether third-party or Microsoft's own System Centre Configuration Manager (SCCM), that rely on WSUS for content.
Read more on the next page...
