Slashdot Mirror
Microsoft wants Automatic Update for Windows
Edward Dao writes "After the embarassment of last week's blaster worm, Microsoft is weighing the possibility of automatic update. Microsoft not only wants to upload the latest patch on to users' computer but also installing it for them." This will work out really well for everyone I'm sure. Yikes! Can I at least press 'Ok' first?
... how they will get people to activate the TCPA/Palladium features.
Now we know: MS will do it for you. How kind of them!
I know broadband usage is on the rise but really ... I use a modem. You know ... the kind that attaches to a phone line? Everytime I get online with my low bandwidth solution, I don't want my bandwidth eaten up by patches.
... no thanks.
Granted, by the time this is incorporated into the OS, phone line users may be in the minority but until then
KARMA TAG! You're it.
Automatic protection from running applications that break following a patch? At least a corporate user can call the helpdesk, while a novice home user would have no idea why something stopped working suddenly, and would chalk it up to "Computers are evil". The divide between the tech-aware and tech-unaware grows exponentially.
Feh.
In the past MS has packaged EULA updates along with software updates. I really wouldn't have too much trouble with this as long as they don't try to push EULA changes along with the update.
Sure, some people might want to turn it off, but by and large I think there would be less damage with it on. I rarely meet a person who even knows what MS Update *is* let alone have used it.
I wonder how well this would work on dialup though? It seems like the world is really leaving dialup folks behind. I have cable myself but know a lot of people on dialup either because high speed is not available to them or because they really don't need a fulltime connection, and are getting by just fine on a $5/month dialup plan.
MSBlaster wasn't an embarrasment for MS, but for the lazy sysadmins who, with a month's prior notice and the patch to fix it, were still hobbled by the bug. If people who are in charge of systems and security spent more time patching and paying ATTENTION to things like Bugtraq and less time complaining about MS the world would be safer.
How is this bug more of a bummer than how gnuftp was compromised and potentially more damaging? Oh, don't hear people moaning about that on here now do you...?
The tale is telling, is it not?
So who is held accountable when the latest patch breaks something and causes loss of data? The user, because they didn't opt out? Seems like a potential shitstorm for Microsoft there. If people are too dumb to patch their system with the existing Window Update, how in the hell are they going to diagnose problems when its being done without their knowledge?
Microsoft is also considering whether to make the Auto Update mandatory earlier, through an interim upgrade known as a service pack.
This is a huge mistake. Talk about a support nightmare. I recently spent several hours trying to find out why my machine was freezing intermittently, only to find that Update 811493 was to blame. I uninstalled it and everything worked perfectly-- if they make it mandatory, and have a similiar problem what do we do? (Switch to Mac or Linux, right?)
For the record, there's still no way to tell Microsoft I NEVER want this update. If I use "auto update" at all it downloads it and wants to install. So, now I'm stuck using manual update or my machine might freeze up again.
Just great.
Most people are in far more danger of their computer being destroyed by a virus than they are of it being damaged by an automatic update.
If you think this is a bad idea, then you don't realize just how stupid the great mass of computer users are. I'm sure Microsoft will make this in a way that will allow anyone who knows what they are doing to turn this feature off. But it will kill viruses and worms that exploit windows holes, that's for sure. I can't recall one that's come out in years where the patch hadn't already existed, but that users were too stupid to download.
Besides, I'm sure that recent power outages spooked Microsoft for at least a few moments. They thought: Could this have been a computer problem? Not even Microsoft has that kind of money were it to be found liable.
"if you are a home user of XP that is technically savvy you can turn it off, and if you are a home user who is not computer savvy then you are going to get automatic updates."
This is already the case...
Who doesn't like free music?
Two things from the article:
And...
So... only for home users and users can shut it off!
So don't freak out too much... maybe this will actually help... think if this had been in effect for slammer... we keep bitching that the 'patch was available, why didn't people use it!'... well, this would fix that problem.
One other thing from the article:
Now that makes sense!
How is this any different then the scheme they're using now? By default, automatic update is enabled for Windows. Anyone technically savvy immediately turns it off five seconds after installation is complete.
Also, from the article:
The next version of Windows, which analysts expect to be completed in late 2004, could be the first to let the Auto Update feature download patches from Microsoft without requiring the user's explicit approval. Microsoft is also considering whether to make the Auto Update mandatory earlier, through an interim upgrade known as a service pack
and
Harris Miller, president of the Information Technology Association of America, applauded Microsoft for considering the move.
"People are going to have to accept mandatory updates as part of the warranty process, and that's exactly what Microsoft should be doing," Miller said. "You can't just send out a recall notice and hope that people come into the shop and do their maintenance."
I didn't see anything anywhere in the article that said business users or technically savvy home users would be given the option of disabling the forced update.
Cruising the internet on my TI-99/4A @ a whopping 300 baud!
If you RTFA you'd find that Microsoft is only "looking very seriously" at this idea
Microsoft are MORONS. The fix for this particular worm required SP2 or greater. That is 8 hours and 10 minutes over dialup.
Windowsupdate is a god send for people with broadband but MS are going to be required to send CDs in the mail if they want to keep dial-up users up to speed.
Life is the leading cause of death in America.
Hmm.... you clearly don't get how Microsoft got to be so huge in the first place, do you? :) Home users actually want stuff like this.
"Times have not become more violent. They have just become more televised."
-Marilyn Manson
Okay, now what happens when they decide to enter some draconian language into the EULA that you supposedly agree to by installing these patches....are you now just agreeing to whatever they want by simply using Windows? You now have no choice in this case?
Karma: Chameleon (mostly due to the fact that you come and go).
If they don't know what a patch is, then they're in more danger of a virus attacking their computer anyway. So "the divide between the tech-aware and tech-unaware" shrinks exponentially, as viruses become far less likely. The very rare case of a WU breaking something will have little impact in comparison.
Microsoft would find out about it. Thousands (millions?) of machines would suddenly stop working, making news headlines similar to Blaster. Hence, MS would be forced into doing something, like a patch to rollback an earlier patch. It may also get regular people asking if anything else is out there if it starts happening a lot.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
Sure the tech savvy users like those who frequent slashdot (and we're ignoring the rabid fascist anti-MS zealots here) will not like the idea - but the problem that Microsoft is having is that even the general public are starting to mistrust them.
A case in point is the abysmal failure of Passport. Sure it has hundreds of users, but nearly all of them were forced into getting it because they wanted a hotmail account. Very few people actually store all their personal details on there.
Until they get the trust issue sorted, people are never going knowingly let them take control.
Avantslash - View Slashdot cleanly on your mobile phone.
This is a bad idea on soooo many levels
First of all is their patches. They sure as hell aren't 100%. So one day your favorite program might work, and the next day it might not. All wihtout you doing anything. This is why businesses take a while to evaluate patches.
Secondly, what if there is an exploitable bug(and there will be at least one). Every windows machine out there might be downloading viruses instead of updates. If someone were to reverse engineer the network interface, and hack a couple DNS servers, they could have all those users downloading whatever they wanted, even illegal things, or viruses, hacks, anything.
Plus there's the privacy issues. I konw that right now windowsupdate could send MS anything anyway, but if we all expect it to update any time it wants, we have no controls at all on our system, MS could send an update to lock you out of your own system if they suspect you of something, or just for the hell of it.
While I don't expect this to actually go through, its important to be wary of just how abusive such a system could be.
P.S. I, for one, welcome our new windowsupdate.microsoft.com masters.
If Dell, HP, IBM, for Vendor X sells a PC to a customer, and Automatic Update causes that PC to no longer boot or work properly, that customer is going to back to where they bought the PC. Who is expected to pay the support? The vendor? Microsoft? The customer? My guess it'll be the customer one way or the other.
What if the machine is in a small or home-office business handling some critical task and the Automatic Update causes a failure or some data to be lost? Will M$ be liable and pay damages? Doubtful.
If the patch requires a reboot, will it also automatically reboot the machine?
I can see so many ways this is going to cause all kinds of problems.
My guess is that the "Home" version of the OS will have automatic update turned on by default, and probably difficult to turn off since M$ users don't know how to do anything for themselves, therefore if they try to turn this off they must really be trying to turn it on so they'll leave it on. (Hmm, that sounds kind of like turning off DCOM but it still being active).
The "Pro" of "Office" or "Server" or whatever they call the more expensive version used by IT departments will probably have this turned off so automatic update doesn't take out people's networks. Especially people big enough to be more than just a minor irritant.
Can you image a Fortune 100 company having 1/3 or 1/2 of it's systems down and its IT department totally consumed and in knots trying to fix a problem that looks like a virus. First just a couple of systems would have problems, but as their clocks hit a certain time and the Auto Update goes out and installs the new code, more and more systems fail.
And then there are the systems that report they have the update installed, but really they don't for whatever reason. Following NTBugTraq on this last virus has been more interesting than for past viruses. Several systems had DCOM turned off, all the tools said it was off, but the systems were still vulnerable. Other systems reported the patch was installed, but they were still vulnerable.
This auto update sounds like such a can of worms. M$ may just be giving more people the push they need to check out alternatives. Here's hoping.
. 62,400 repetitions make one truth -- Brave New World, Aldous Huxley
From the article:
"The company is 'looking very seriously' at requiring future versions of Windows to accept automatic software fixes unless the user specifically refuses to receive them..."
So yes you can "at least press Ok first." Although I'm sure CmdrTaco has nothing to worry about, since he doesn't run Windows any more, which I suppose is why he didn't read the article.
Personally, I think that this would probably be a responsible move on their part (and Bruce Schneier apparently agrees with me). I especially like the fact that they're going to start shipping Windows with the firewall enabled. As far as I'm concerned, no one should be worried as long as you can disable automatic updates and disable the firewall (though I think they should make it slightly non-obvious how to do so, so that the people this is intended to benefit won't turn it off). After all, you don't leave Windows exactly as it comes off the CD, do you? Hopefully, you'll also be able to create corporate install CDs with these features disabled if need be.
There are only two things that concern me:
1. Broken patches: What if, as has happened in the past, an update breaks the auto-update mechanism? Then they'll be pretty well stuffed. I'm not sure what to say about that other than "don't do that."
2. Dial-up users: As the article mentions, SP1a is big. Really big. I mean, you might think that the OpenOffice download is big, but that's just peanuts compared to...right. However, that was a combination of many small patches, and just like many other things in life, if people had updated incrementally as they should have, they wouldn't have a need for a giant update. Hopefully, MS will be able to keep the patch size down, and we can watch 2003 to see if they can keep the frequency down as well.
(Yes, I now have to care about Microsoft products again, which is annoying, but I might as well make the best of it).
WMBC freeform/independent online radio.
So you make the software update so that you agree to a EULA the first time you run it. As long as there are no changes, the patched get installed automatically. Any patch that brings a change to the EULA will not install. It would be downloaded, but a message would pop up saying that there is an update, and make you agree to the new EULA before it is installed.
At any rate, I think the EULA changes come with things like new versions of the Media Player and the like. Those shouldn't be done automatically anyway. Only security patches should be automatic.
As long as there is a way to disable it, I don't see why this would be a problem. The users who don't care about this are exactly the people that need it anyway.
Happiness is like peeing yourself. Everybody can see it but only you can feel its warmth.
You don't really own your computer, Microsoft does. They can do whatever they want whenever they want. Isn't that right class? Now repeat after me...
"People are going to have to accept mandatory updates as part of the warranty process,"
Since when does Microsoft include a warranty on Windows?
Actually, it's quite good. You'll note that it's emulating only the X11 libraries, really even only the X11 server itself. The slowdown of having X apps pass through that layer also occurs on Linux, *BSD, or any other OS. KDE and GNOME may be open standards, but they're not as nice-looking as Aqua, and the WindowServer that runs Apple's windowing system, is, AFAIK, part of Darwin, and thus open.
Darwin is not a kernel, Mach is the kernel. You'll note that it's the same micro-kernel that GNU Hurd uses, and if Hurd isn't Unix, what is (nowadays)? Darwin may be based on FreeBSD, but the kernel is Mach, which isn't. Also, you seem to be overlooking that most Linux programs are compiled for Intel processors, not PowerPCs. Thus, they wouldn't run anyways. However, most do compile with little or no modification. Netinfo is never used directly. Requests are handeled by lookupd, which uses Netinfo, but searches flat files (/etc/passwd, /etc/hosts, etc.) first. Netinfo also allows networks that share common printers, hosts, network configuration, users, mounts, etc. to be constructed easily. Unlike the registry, Netinfo is documented, and has manipulation utilities, for both the command line and the GUI. And, it's never gotten fscked up (for me.) Mac hardware may be expensive, but- it's better. Even the Linux people who use Linux on Macs agree it's faster, better, etc. on a Mac. Macs are more durable, featureful, more standard, and "just work" more and don't work less.
Okay, find music for that cheap on Linux (while still supporting the artisit. It's hard. The music industries wouldn't stand for a service without DRM, and you'll note Apple is pretty darn nice. Unlimited CD burns (but no more that 10 for the same playlist), 3 computers, unlimited iPods. Plus, AACs are MPEG-4, which is darn good quality, and darn small file size. I would never use Windoze, and always like Linux. But for me, Mac OS X is a great UNIX, and is all I need it to be.
It would seem youhaven't taken a close enough look at Mac OS X.
Moderators: Mod me down troll all you want, but mod the parent down troll as well.Where are my mod points when I need them? This is perhaps the single best argument raised in this thread. I'm a broadband user (ah the joys of in-home ethernet) and I'm in the process of puting together a new machine. It's running windows because some of the software my school requires is Windows only.
Now, I've been downloading updates for the last hour or so now. I understand that the Microsoft site is probably pegged following all the media coverage of the latest worm, but nonetheless, I'm a broadband user and it's still taking me a significant chunk of time to download all these updates.
Dialup can only be worse. If MSFT wants to keep the users current they've gotta either find some way of updating Windows that's not quite so hard on dial up (mailing CDs sounds good) or they need to find some way to bring the average patch size down. I have a hard time buying into the idea that the problems in the system really require a patch of that size. With a little more creative work you'd think they could find a more efficient way to insert the new code.
Killfile(TGK)
No trees were killed in the creation of this post. However, many electrons were inconvenienced.
Ok MS, that will work.
At least until someone finds out that the update system itself is broken and uses it to directly install stuff into your computer.
Oh wait... they've been on secure programming for some time now... ain't gonna happen.
By default, automatic update is enabled for Windows. Anyone technically savvy immediately turns it off five seconds after installation is complete.
Sounds like you're unreasonably paranoid. I've been using Windows 2000 for three years and whenever I need to reinstall (usually due to hard disk crashes or building a new machine. NEVER because the OS or Microsoft did something stupid) the first thing I do is go get all the updates. Nobody who is "technically savvy" wants to run a version of their OS that is three years old. Why? For reasons of security, stability, and compatibility with new software. Why not have the OS go find them for me?
Stop speaking for me. I consider myself technically savvy due to my degrees in Electrical Engineering and Computer Science as well as my hobby of building PCs for my friends. At first, when a service pack added the auto-update feature to W2K, I had it set to let me verify updates, but then I noticed something: I kept hearing about worms and vulnerabilities in Windows on Slashdot and from my friends a day or two after I saw my PC automatically find the fix from MS. It certainly beats going to windows update myself after the fact. I let auto-update have free reign after that discovery.
The fact is that most people who use Windows do not understand that they need to update their OS in order to keep their computer running. What's the first thing you do if you try installing a piece of software and it doesn't work? Roll back to a earlier backup? I doubt it. If your hardware seems to be working you go and get all the current driver and OS updates because developers usually release their software built on platforms with recent OS and driver versions.
Obviously I think automatic updating could be a good thing, but there could be some problems. Nobody with a modem connection wants their OS to automatically dial in and start downloading 15MB patches. You also may not want your server to start downloading patches at peak traffic hours. I hope that MS leaves the option for user input for these reasons. It also only currently downloads critical updates. Their decisions about what is critical have been reasonable so far.
One good thing that you might not see coming from the auto-update is that now you don't need Internet Explorer to use the windows update site.
Dewey, you fool! Your decimal system has played right into my hands!
The last thing that I saw break my system was a patch or update to DirectX. After it installed, my laptop blue-screened on boot. I was unable to fix. After re-installing the OS (and everything else) at great cost to my time, the patch/update worked the second time.
Right now we're holding off applying Win2K SP4 to our web servers. It contains a change to the security model that will break some of our ISAPI extensions. The fix is trivial, but we haven't had time to check it out on a test bed, nor deploy it to all our servers (unfortunately we have to do them manually as we don't have anything like SMS deployed).
Idiot proof everything, like the way the standard RedHat install sets up all basic command line functions to be verbose by default. And then as you learn more about what you're doing you can set these preferences to something else.
Don't forget, people, in general, hate to A) Read and B) Learn
Then, as the user becomes more proficient, s/he can set things up the way they like.
Think about it, if you don't know enough about something to know how to turn it on or off, do you really think you should be able to choose if it's on or off?
"Whadda'ya watchin'?"
"Angry Monkey."
"That HORRIBLE monkey."
but i can understand why redmond thinks it's a good idea. they're taking a beating in the press over security and they've determined that the real problem (rightly or wrongly) is the end user - so now they have a "solution"
I don't want to stick up for MS or anything but the problem is the user. If there is a patch availiable and the user doesn't install it then it is the user's fault (even if the user is ignorant).
The way I see it there are two obvious solutions...
1. Force the update on people.
2. People should have to have a licence to own a computer and take a test so that they understand security issues. Now I realise that sounds a little extreme but if you take into account the the cost in bussiness that worms cause then it might be a good idea. It would certainly get rid of the ignorance defense.
what off hours? there is no such thing in most cases. and the off hours wouldn't be enough time to download the patches anyways in time(speed just isn't fast enough)
typical users DON'T leave their home computers on when they don't use them btw.
and need that phone line occasionally for phone calls, i'm sure you've had one, but some people get them like all the time even on their landline.
most people when they are online with their modem, are in the middle of doing something important(they wouldn't be online unless they were). using the phone line isn't free either in majority of countries, so leaving it to up to the os to decide when to dial up is not an option.
the bloated drivers and updates are a real problem in todays world when you're trying to keep your relatives little computers running good enough (nvidia drivers take +30mb, for example). sure it isn't a problem when you have 100mbit jack on the wall but majority of people don't have that.
world was created 5 seconds before this post as it is.
In fact I want MS to quietly run every aspect of my life unasked. I want multimegabyte SPs unasked. I want new and improved packaging and several dozen applet upgrades unasked. Especially the ones that break something else. I want updates to wipe out competing applications unasked. I want application changes on the fly so that file formats suddently become incompatible. I want their updates to clash with themselves. And mostly I want to pay for it.
Additionally I would hate to think that computers would roll out with auto update automatically enforced on home users machines. Quite a few home users wouldn't know if they had turned it off or not for one. Can you trust Microsoft to have tested the patch against software you use? What if you've got a "pay for use" internet account? Do you want to pay for the bandwidth Microsoft uses? HINT: Think service pack. What if a patch goes wrong or the home user mistakes it for a virus and forces a shut down in the middle of a service pack?
I'm not going to suggest that Microsoft would use this to monitor individuals or covertly take over peoples machines, that's just more FUD. I do think, however, that the last thing Microsoft needs to do to their software is add another automated feature that can be comprimised and easlity manipulated because it's already built for interaction with external machines over an inherantly insecure environment.
You don't fix a hole in a dam by adding more holes.
It take more faith to believe in evolution than it takes to believe in God
Instead of taking the blame for writing yet another security hole (not even a novel one at that), they're pushing it off on the customers who are behind on patches. Yes, people should apply patches for these, but maybe they could be a bit more careful in writing the OS and apps in the first place. The blame here is on MS and the virus/worm writers, not on the customers who are having both inflicted on them.
Yes, no OS is perfect. But, their attitude here seems to be "you deserve to get hit if you didn't apply the patch-of-the week".
Sounds like you're unreasonably paranoid. I've been using Windows 2000 for three years and whenever I need to reinstall (usually due to hard disk crashes or building a new machine. NEVER because the OS or Microsoft did something stupid) the first thing I do is go get all the updates. Nobody who is "technically savvy" wants to run a version of their OS that is three years old. Why? For reasons of security, stability, and compatibility with new software. Why not have the OS go find them for me?
And my argument (as is the argument of many others) is that its my machine and I'll make the decisions as to which updates I need. Take, for example, the 'Critical update' for OE 6. Why would I need to install an update for OE when its never been used on my computer? Sure, slap the latest Service Pack on your box - as long as its relevant.
There are also several documented instances where an update or service pack breaks another software component. In the case of my work system, the last service pack for 2000 would break Rational Robot. Yes, I know business users could disable the feature, but what about home users with the same software and the occasional VPN connection?
Stop speaking for me. I consider myself technically savvy due to my degrees in Electrical Engineering and Computer Science as well as my hobby of building PCs for my friends.
You sound more like someone who feels the need to brag about your college education. No? A simple 'I'm technically savvy' would've sufficed. No one here cares about your credentials.
The fact is that most people who use Windows do not understand that they need to update their OS in order to keep their computer running.
Bullshit. You only update your computer if a fix addresses a problem present on your PC. Ask anyone who works in support if you should apply all fixes simply because they're available.
Cruising the internet on my TI-99/4A @ a whopping 300 baud!
Too dumb? How about just not interested? Many people just want their computer to work, the way their car and dishwasher "just work". They couldn't care less about any of the technical details. Resistance from arrogant fucks like you has been holding this back, and Microsoft is finally making a bold move in the right direction.
Windows NT service pack 6
[RANT]
Remember this gem? All the people that installed it had inoperable machines. It was so bad that it was recalled *6* hours after being posted. Then a week later came SP6a. I definitely do *NOT* want them pushing crap to my machines. I have no problem getting my own updates. Set up auto-update by default, but let those of us that know what we're doing be able to turn it off. I'm all for (l)users getting crap in general (not necessarily viruses/virii). Maybe that will get them off computers and leave them to the experts.
How come everyone and their brother is allowed to operate a computer at will, but I need a license to fish?
[/RANT]
-Ab
Nothing fails quite like prayer.
Clearly the technology's simplicity is oversold. "Anyone can use it!" Hey, how about some intelligence/knowledge requirements for voting? Right now, just anyone can vote.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
This is a terrible idea. My brother is a sys admin and 9 times out of 10 the microsoft update patch breaks some or all of the 3rd party software installed like Backup Exec, anti virus.... you know... the minor things ;-)
Have a Happy.
Resistance from arrogant fucks like you has been holding this back, and Microsoft is finally making a bold move in the right direction.
Thank you for pointing this out. People don't want to know how the computer works, they just want it to work. I want to write an email, push the email button on my keyboard and click send. That's how a car works. 2% of the American population could actually fix anything that goes wrong with their car, why expect it to be different?
It's because of the computer elitist group (Hi Slashdot!) that computers "scare" people. They aren't interested, and would rather just have someone who is interested fix their problems. There is nothing wrong with that, and it doesn't make them stupid.
(On a side note, there are a lot of stupid people, like those who use white-out on the screen, etc.)
Dacels Jewelers can't be trusted.
Actually, all they have to do is spoof your computer into thinking their computer is the WindowsUpdate system. Now this depends on how they implement their system but I'm willing to bet it depends on trusting some basic internet function that is exploitable one way or another.
Aren't MS patches signed? If they are, then fooling your computer (say, by poisoning dns) into connecting to a non-ms site would only yield invalid downloads. Even if they hijaak the actual servers, if they don't have the key, the result will be the same.
MS might produce crappy software (and some very good software IMHO) but surely with their resources they probably already considered this posibility.
No sig
It'd be pretty damn noticable on my British Telecom phone bill.
Not everywhere has free/inclusive local calls, remember.
Andrew Oakley - www.aoakley.com
HI, MY NAME IS ISAAC.
Hardly insightful.
Yes, you can stand back and say "it's the users fault". But when did the user click an agreement to spend inordinate amounts of time patching his OS? Did I miss the pop-up box during installation that said 'We're sorry if you're on dialup, but you will and should update this operating system at least once a week, or even more often.'
There is a large difference between routine maintenance and an obscene level of commitment. For many (and I'm sure that most of the users on Slashdot forget this) the computer is a tool that they may turn on only once or twice a WEEK. Unusual? Hardly. The majority of the US still doesn't even have broadband.
When you're going at the rate of a couple patches a month, and this for a product that is only used a couple times a week by MOST USERS, that equates to changing the oil in your car roughly once ever 2-3 days. And who the hell is going to do that?
Not everyone is a computer addict like the folks at slashdot.
what off hours? there is no such thing in most cases. and the off hours wouldn't be enough time to download the patches anyways in time(speed just isn't fast enough)
Do you not sleep, or what? And of course they're not going to download in one shot, that's what resumable multi-part downloads are for.
typical users DON'T leave their home computers on when they don't use them btw.
I feel like a broken record saying this, but you don't speak for everyone. Unless you regularly provide in-home support for a wide variety of users in many different countries, which I doubt, you just can't assume that.
I can only speak for what i've seen in my corner of the US, and some friends in England, Australia, Canada, and Russia, but any "typical" user i've seen leaves their PC on 24-7 or close to it. The university I attend leaves the umpteen computers in it's public labs on continuously. I don't think i've ever seen a system turned off there unless it had some sort of failure.
Microsoft not only wants...
That's the difference between open source and proprietary: It's about what *you* want, not what the *vendor* wants. You never give up control.
I think that Microsoft should halt development and roll out of it's next OS's until it's fixed the base functions. They should start from the beginning, and review the code line by line with a focus for security. Stop adding more and more features until you've fixed the old ones.
I know, NO OS is 100% secure, no program in unhackable and being the biggest boy around Microsoft is also the biggest target. That doesn't excuse their continued shody behaviour.
lol, I say this, knowing of course, that it will never happen. It's not in Microsofts interests (nor the interests of their shareholders) to go back to code and rewrite and rebuild. I personally think it would be good corporate behaviour to do it though.
This is a little off topic but consider your car. What if your car manufacture refused to fix your older vehicle because they no longer support that model? The public would crucify them. But Microsoft does exactly that by terminating patches and support for older OS's. Those older machines, if they provide the base code for the exploits in the current release, are then potential holes. I don't know about you but I'm still running a copy of 98 at home for games because it works and is stable (sorta).
Anyways, back on topic, I agree. We've all bitched about Microsoft being insecure and when they try and make right we bitch some more. And it's not giving them a fair shake. Who knows, maybe this will be the tool that saves everything. I for one am getting sick of paying for bandwidth that gets absorbed by virus's and spam. Actually, I think we should hold the ISP's more responsible.
It take more faith to believe in evolution than it takes to believe in God
If 90% of the consumers cant drive the new CarX is the fault in the consumers or in the car?
If 90% of the users don't know how to make a call in their new cell phone is the fault in the users or in the cellphone?
If 99.99% of the users cant read a book written in latin should we:
a) Translate the book
b) Teach everyone latin
Only people who would even consider option b are computer engineers.
If you don't like the fact that most people are ignorant about inner life of computers? Go back to BBSes. Oh wait, they dont have the content, the people, the cheap connectivity? Has it occured to you that those exist because internet is full of people! You cant have it both ways.
If companies think being on the internet is dangerous who forces them to put critical services there? Maybe they are there because the gains outweight the benefits?
And before you throw in the facts about traffic laws... Majority of drivers are in favor of some sort of laws existing, I'd even bet that they support the majority of the current laws. What you'd want is a law supported by the few, benefitting the few, paid by the majority (in work hours wasted studying computer security).
As opposed to a using a system that just works?
I forget what 8 was for.
I guess it depends on what you're calling a defect. If someone comes along and pours sugar into your gas tank your car won't keep running right. Is that a recallable defect?
If someone sends a particularly malformed request to a process on your machine it won't run right. Is that a recallable defect?
I'd say no in both cases.
> Microsoft are MORONS. The fix for this particular worm required SP2 or greater. That is 8 hours and 10 minutes over dialup.
Think how fun it's going to be when you re-install your media and then get to download three years of cumulative updates.
Sheesh, evil *and* a jerk. -- Jade
2) People whine that users are too lazy/stupid to install the patches
3) People whine about automatic patch installation
Well geez people, it looks like you're going to have to quit whining about at least one of these three things, because they aren't all compatible. If we admit that users are too ignorant/lazy/stupid to install patches, then we have no right to complain about MS wanting to automatically update things, because everyone is complaining that their security is terrible. It isn't fair to put people into an impossible situation like that, then blame them for it.
Like my ex-NASA boss likes to say: "Faster, better, cheaper. You can pick two."
Well, considering the quality of your post, I'm not sure many people will rush to try out your head-ass removal services. However, you are completely wrong about Linux. The first time my grandmother says, "I tried to install this piece of software, and it says I don't have privledges", and I reply with, "Just type Su and enter the root password"...she's going to think, "Why don't I just run as root all the time?" Problem solved, and Linux is once again shown to be as secure as any other OS. Forget removing the network cable, you wanna secure your system? Remove the user.
If you skip setting up standard users (which most grandmas would do) you can ONLY log in as root. Same goes for every distro I've used (Slackware, Debian, Redhat, Suse, etc...)
;)
It's not an attack on linux it's a fact of who is using the system and who is setting it up? IF it's the same person they are significantly more likely to use ROOT. This is the reason Linux has almost zero likelihood of being successful on the Desktop, it requires conceptual understanding of security and the how and why you should(n't) run as root. Grandma doesn't care.
Plus, most users of computers learnt the Windows-Way. All Admin, All the time.
If we could just get rid of the hackers there would be no security issues. BURN THEM AT THE STAKE!!! lol, j/k
As it works now when you click OK to install the update you agree to a new EULA. If they change the update to work automatically without the OK button would you still be agreeing to the new EULA? I don't think they could do that without asking you, because if they could do that they would be doing it now.
And as my father, a mechanic, will tell you, most people do not check the oil, coolant, power steering fluid, tire pressure, etc. The more careful ones bring in the car if it makes a funny noise long enough. Many people only think about the car when it won't run anymore. Putting gas in the car is pretty much the only thing "end-users" do reliably, and even that doesn't happen often enough sometimes (did you know that it's better for your car to not allow it to get below 1/4 tank, because then junk on the bottom of the fuel tank gets sucked into the engine?)
The frightening bit is that my mom, a Physician's Assistant, will tell you the same thing about people and their bodies. She gets in all sorts of cases where people have had horrible things wrong with them and haven't bothered to come in for a week, or the guy who drank 3 40-oz. beers a night, and his main concern was wondering why he had to wake up to go to the bathroom so often.
(as for dishwashers, most of them require you to at least scrape your plate before you put it in, and my father, having cleared out a dishwasher that pretended you didn't have to do that, will tell you that they ALL require this.)
WMBC freeform/independent online radio.
How reliable is a non-standard download protocol? Maybe it's described in the paper, and if I can't download the paper about BITS, I'm skeptical about using BITS to download hotfixes :-)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Gee, put some effort in configuring Windows too, and you'll never have this kind of trouble
Buzzz. Wrong. The .NET Framework won't be part of the system until Longhorn. Either you personally install it, or it doesn't get installed or updated automatically. The problem lies somewhere else
Guess what? it does have one. It's part of the native IPSec service. See this tutorial, and, in general, avoid Norton products like rats with bubonic plague
Yeah, quite annoying, but blame sloppy Windows developers for that (system file protection is good. I didn't realize it until an install of Corel DRAW 9 on Windows NT 4 overwrote msvcrt.dll with an earlier version, and I was blamed). However, I've reversed it, discovered where the list of protected files is (sfcfiles.dll), in which format, and I can hand you a bogus sfcfiles.dll (with sources, if you're curious) that disables file protection completely by returning an empty list of files. Mail me if you are interested
Make a difference - use Windows! (open source clone of Windows NT)
Another big step forwards would be getting rid of dynamic IPs. Let every user have his own personal IP # so you could block the right person when necessary.
However it is looked at above we then must ask what is acceptable "problem fixing" behavior and methodology. Should I just walk in the customer's homes and fix it myself or should I at least schedule a time when convenient. What happens if my "fix" causes other problems or just incompatabilities and lost bread? For that matter, what about all that bread lost from my inept development?
What if some customers have bothered to pay attention to my lack of commitment to quality in both the initial development and in fixes and as such do not trust me to fix their systems until they hear from all their neighbors what they have experienced as a result of the fix? They may have real concerns that my toaster fix will not work and cause other problems and more lost bread. They may have even had relatives or friends be electrocuted.
What about other appliances? Perhaps in the past I have noticed that other components plugged into the electrical grid of the house fail to operate after earlier toaster patches. Maybe my refridgerator stops working and my Microwave's light and half of its controls go out. Who pays for those repairs?
I can tell you with certainty that if this was indeed about toasters (or TV's, Washers, or Microwaves) that there would not be any toaster makers in business still that produced such crap as Microsoft does. I think MS has done some great things but it is often hard to see the roses when all your vision is blurred by blood from the thorns.