Microsoft wants Automatic Update for Windows

Edward Dao writes "After the embarassment of last week's blaster worm, Microsoft is weighing the possibility of automatic update. Microsoft not only wants to upload the latest patch on to users' computer but also installing it for them." This will work out really well for everyone I'm sure. Yikes! Can I at least press 'Ok' first?

imagine...

[borgdows]

if someone breaks into MS WindowsUpdate servers, he could install ANYTHING on millions of computers!

wow... scary...

A few things Microsoft needs to do...

[forsetti]

1) WindowsUpdate needs to become MicrosoftUpdate. This would scan and offer patches for all MS software (OS, Exchange, SQL, IIS, Office, Visual Studio, ....). Also extend SUS to do the same.

2) Critical Update notification should be done the way OSX does it (with a little configging) -- instead of a tiny little innocuos icon in the system tray, put an obnoxious pop-up in the middle of the screen, with a big "Go Ahead and Install" button, with lots of skull & cross-bone icons.

3) Create patches using their own packaging structure: MSI. This allows for much simpler deployment and management, via Active Directory. No need to pay for SMS simply for patch deployment.

4) Supply MUCH MORE documentation to end users, discussing the importance of keeping one's machine patched.

5) Stop producing such buggy software! =}8v)

Just my $0.02 ...

Re:Not such a bad idea

[fireduck]

how often do MS patches actually break things?

I'm a home user. I've applied every critical update MS puts out. I apply practically everything available on the windows update site (even the beta versions of stuff like movie maker). I have never had a piece of software not work after applying an update. I think I'm a fairly typical home user. MS Office, MS Money, a bunch of games, photo editing software, winamp, random shareware. Stuff most people use. and stuff that has never broken on me.

Software breaking is definitely a problem, but how often does it really happen? I'd imagine that the liklihood of these people getting a virus / worm is greater than the liklihood of an ms patch breaking a piece of software...

I love home users.

[BoomerSooner]

I have several people who use a web based service from my company that runs on Windows 2000 Server. I check for patches daily and install them as soon as I do a full backup (in case it shits out the whole system).

My users kept calling saying "You have that Blaster Worm on your system because every time I try to connect my computer dies!". So I explain to them my systems have been patched for that exploit for over a month and I have run all the proper testing software to verify. I then ask if they have AntiVirus software installed and their reply is "I don't know.". Lol, I don't know, so it must me my server! I immediately tell them to invest in a copy of Norton Antivirus and Norton Firewall.

Ah, the world of windows.

The funny thing is if these same people were running linux they would be logged in as root and still execute whatever script someone sent them. I'm not too sure Linux would be any more secure than Windows because in windows you can also run as just a User. However, when doing that a significant number of poorly designed programs will not work.

Re:I love home users.

[EvilTwinSkippy]

The funny thing is if these same people were running Linux they would be logged in as root and still execute whatever script someone sent them.

I definitely hear that. In fact Lindows operates in precisely this manner.

I am increasingly convinced that our enemy is not Microsoft, or even SCO. Our enemy is cluelessness. If we could somehow impart the masses with an infantessimal fraction of our sense of the big picture most of our problems would disappear.

When I say "our" I mean all computer professionals. I don't give a rat's ass what kind of Guru you are, Networking, Windows, Linux, BSD, Mac, or PDP-11. We all share a chunk of "the clue". It is our duty to impart "the clue" onto others, without bias, and without favoring any particular implementation.

What is the best way? I don't know. I can only shoot off a few half-baked ideas. My front-running suggestion is take an example from Mythology.

Think about it. How many people do you know who never change their oil, yet decorate for Christmas, throw salt over their shoulder after spilling it, and avoid black cats and ladders? Imagine a computer mythology complete with ritual, dogma, and superstition. The masses already have developed their own misguided rituals, we should just go ahead and publish a book on the proper ones.

Think about how complete a job all of the Greek god did to explain about weather, war, death, and fate. These are REALLY tough concepts even today. And yet, but putting names on them, giving them personalities, and endowing these creations with a sense of power people bought into it.

Of course, you should encourage those who show a natural aptitude to study computers in the conventional hacker sense. More or less the same way wizards always seemed to be operating on a different level than average folk.

Re:M$ worm.

[Frymaster]

I don't want anything installed on my system without my permission too.

well, technically you give permission when

1. you agree to the eula
2. you don't activate the opt-out option

i agree that not knowing what's getting put on your machine is irksome, but this idea has sprung from two problems that everyone here is very aware of:

1. people don't do their patches! blaster is all over the news yet a casual poll of my non-geek friends (the windows ones at least) showed that only one had done the patch!
2. joe avg. user doesn't know what half this stuff is anyway? he can get an "agree?" box but he doesn't know what he's agreeing to anyway. the thinking is that the savvy will go for the opt out.

now, having said that, i hate the idea on principle... but i can understand why redmond thinks it's a good idea. they're taking a beating in the press over security and they've determined that the real problem (rightly or wrongly) is the end user - so now they have a "solution"

Re:Not such a bad idea

[crazyphilman]

Well, I'm a developer, and I run Windows 2000 professional at home, with IIS and Visual Studio .Net installed. Wanna talk about patches breaking stuff? Here's my list of woes (noting that Linux has never given me this kind of trouble):

1. If you install the O/S, then patch it, and THEN try to install Visual Studio, the Visual Studio installer crashes. The problem seems to be that if you install Microsoft's updated .Net packages before Visual Studio, Visual Studio can't handle that and it chokes.

2. If you install the O/S, then Visual Studio, then Norton Internet Security (kind of important on a windows 2000 box, which doesn't have an integrated firewall), then try to update Norton and Windows, WHICH OUGHT TO WORK, Norton will update fine, Windows Update will crash several times, and the end result will be your IIS will stop working, so your Visual Studio won't be able to create VS.Net projects. I think this might be related to a recent patch, because it didn't happen before Service Pack 4 came out.

3. If you have a recent copy of Roxio's CD burning software, it'll stop working after you update Windows. The app will start up, but it'll crash as soon as you insert a CD-RW into the drive. I've updated the software from the Roxio site, too, hoping that would help (no luck). It's got to be something in one of the windows patches. So, patch windows or burn CDs! You seem to have to choose one or the other. Older, no longer available copies of Roxio seem to keep working, so if you get a Rio Volt MP3 Cd-player, you can install the older software off of their disk (warning: this might not be true anymore).

5. Windows patches keep restoring MS Outlook Express! If I kill it off, it keeps coming back like a friggin' vampire. It's the undead, unwanted email app. Actually, the only easy way I've found to kill it is to change the security on the Outlook Express folder so that no one has read-write priviledges, then boot from a floppy and clean the thing out. This way, Windows can't keep putting the files back (Grr... Windows puts 'em back THREE SECONDS after you delete them, otherwise!).

Ugh. I hate Microsoft. And, I'm a programmer who uses that platform! What does THAT tell you? ;)

Re:M$ worm.

[SmallFurryCreature]

People undertake training and a test to verify that they can drive a car. How many people die on the road each year due to people being incapable of handling their car? So much for testing people.

What I find really odd is that we threat computers so differently from the real world. If a real product is found to have a defect then a recall notice is published in all major newspapers (in europe don't know about rest of world) and you can return the faulty product for either a replacement or your money back.

Granted if software companies had to do it this way they would all have gone bust. Or maybe they would invest in real testing. Real testing is not to see if something works but to see if you can break it. When I hear excuses like people using the product wrong as an explantion for bugs I get pissed off. You are not supposed to bite the nose of a teddy bear and then swallow it. Nonetheless this is exactly what is tested against. A product should be safe to use or clearly labelled to indicate who it shouldn't be used by.

I think it says it all that unlike almost everything we buy in the netherlands, software is not tested by a goverment/indepedent organisation. Everything else is. Clothes, cars, books, movies, toys, furniture, food etc etc. But software and hardware are not.

Think this is a strange notion to test software by a central organisation? This what all the consoles do for their software. Oh and please don't mention MS certification, this are just logos you can buy.