Feeds

Post Blaster, MS floats default auto updates for Windows

It's an ill Win... d'oh

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Never happier than when making things compulsory, Microsoft is floating the notion of making home versions of Windows download and install software updates automatically by default. You'll be able to switch it off, of course (for a while), but the joy of shipping things to home users is that most of them leave the system's default settings as is, either because they don't know any different or because (grief) they trust software vendors.

Seamless, auto-updating without user intervention is something that Microsoft has wanted for a long time, as The Reg has frequently pointed out, sometimes without even using words like "evil", "bunch of" and "control-freaks". But it's not something the company has been able to achieve in the past, and the last serious flotation of the notion, at the time of XP's rollout, engendered significant adverse reaction to the possibility of Microsoft 'controlling' your machine.

But that was then, and this is now. The Blaster plague of boils ripped through the user base, and Microsoft's security people are now suggesting that customers want their systems to update automatically. We have a healthy disrespect for that old Microsoft marketing catch-all, "customer demand", but we're inclined to trust the security mob a tad more than the rest, so maybe some customers do want it. Not that we entirely grasp why they don't just switch the bleeding thing on then, if they do.

The slightly higher trustworthy rating of the security people is not however reflected elsewhere in The Beast's command structure, which brings us why you don't want this to happen, reason number one. You'll note the Washington Post's report gives Microsoft's justification of XP SP1 control-freak licence as a 'clarification' of the company's "ability to verify product information and provide accurate updates." Whoever told them this black lie has a trustworthiness rating somewhere south of duplicitous snake; any security implications of the new licence terms were merely a happy side-effect of Microsoft's paving the road to DRM.

There's a clear tension here, in that the security side of MS is pushing to secure Windows from a relatively genuine perspective, while the bean-counter driven side of the company is pushing ROI. The efforts of the latter frequently undermine the ability of the former to achieve their goal, by maintaining the essentially untrustworthy status of the company, and you can never be sure whether, or to what extent, the latter are overruling the former.

It may however be that you're confident that all your software, including all of the entertainment content of your system, is legal, and you fully agree that Microsoft has a right to audit you, and to install patches to keep your/their software secure. Do you then trust Microsoft to automatically download and install those patches without asking you first?

Next reason - of course you don't. Microsoft has a long and inglorious record of producing updates that break more things than they fix, patches cause unexpected failures of other software components, and some updates (thank you, Redmond Duplicitious Snake Division) switch off useful old stuff that somebody in there wants you to stop using. Do you honestly believe that anybody within Microsoft responsible for producing patches is going to wager their grandemother's life on their latest effort not breaking anything? Of course you don't, so they don't entirely trust themselves either.

Which brings us on to a reason for Microsoft not going the whole way initially. It's currently just about conceivable that Microsoft could clean up its security update operation to the extent where they largely did what they said on the tin, and where breakages were largely isolated and minor, and to be fair this is mostly the case already. But it's not when it comes to more general updates, and sane souls within Microsoft will point to the potential PR disaster of crippling ten of millions of machines in one night and argue for the procedure to be ringfenced at security updates. Personal security updates.

But doing that properly isn't just a matter of Microsoft solemnly binding itself to security, and promising not to happily ski down the slippery slope at some point in the future when it thinks the coast is clear. We've heard from Solomon Binding in the past, and don't trust him either. We're probably talking about a free-standing security update system here, nothing to do with Windows Update, nothing to do with shotgun licence changes and nothing to with Microsoft's financial security. And - here's a novel one - it ought to be accompanied by a sort of green kryptonite licence, where rather than establishing its rights over you and the software it turns out you only thought you bought, Microsoft establishes rights for, and makes guarantees to, you.

Nah, couldn't happen. And even if it did we probably wouldn't trust them anyway. But we're like that. ®

Boost IT visibility and business value

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.