Windows 7's security rollups, the most comprehensive of the fixes it pushes out each Patch Tuesday, have almost doubled in size since Microsoft revamped the veteran operating system's update regimen last year.
According to Microsoft's own data, what it calls the "Security Quality Monthly Rollup" (rollup from here on) grew by more than 70% within the first dozen issued updates. From its October 2016 inception, the x86 version of the update increased from 72MB to 124.4MB, a 73% jump. Meanwhile, the always-larger 64-bit version went from an initial 119.4MB to 203.2MB 12 updates later, representing a 70% increase.
The swelling security updates were not, in themselves, a surprise. Last year, when Microsoft announced huge changes to how it serviced Windows 7, it admitted that rollups would put on pounds as the months pass. "The Rollups will start out small, but we expect that these will grow over time,' Nathan Mercer, a Microsoft product marketing manager, said at the time. Mercer's explanation: "A Monthly Rollup in October will include all updates for October, while November will include October and November updates, and so on."
Two months later, when he was asked about the growth issue, Mercer again conceded that the rollups could get big. "Eventually Monthly Rollup will grow to around the 500MB size," Mercer said in mid-October 2016.
It looks like Mercer's forecast might have been on the light side.
At the 12-update pace that Windows 7's rollups have established, the 64-bit version will weigh in at approximately 350MB by October 2018, and a year after that, as Windows 7 nears its expiration date, almost 600MB. The latter would represent a 20% boost above and beyond Mercer's target size. Likewise, the x86 edition would increase to 216MB and 374MB in 2018 and 2019, respectively, if the 12-update growth rate continues.
Windows 7's rollups, the monthly everything-and-the-kitchen-sink updates, have grown by more than 70% in just the last year. By the time Microsoft retires Windows 7, its 64-bit rollup will be bloated to more than 600MB. (
"The size of these is definitely a concern," said Chris Goettl, product manager with client security and management vendor Ivanti. "When the rollups grow to 300MB to 500MB, some companies don't have the downtime [to download and install updates that large], especially those with a global reach or to remote areas across slow connections."
Imagine a 500MB update hitting the systems in a retail shop, Goettl said. "That would be a pretty significant use of the available bandwidth when the store [and its devices] are running 24/7."
Sign up for Computerworld eNewsletters.