Microsoft Rushes Internet Explorer Patch

← Back to Stories (view on slashdot.org)

Microsoft Rushes Internet Explorer Patch

Posted by CmdrTaco on Thursday December 18, 2008 @02:34AM from the open-source-is-faster dept.

drquoz writes "Last week, it was reported that a critical security flaw was found in Internet Explorer. On Tuesday, experts were advising users not to use IE until a patch could be released. On Wednesday, Microsoft released the patch. An interesting quote from the article: 'Kandek suggests that Microsoft is at a disadvantage in updating Internet Explorer because its browser doesn't have a built-in update mechanism like other browser makers. Mozilla, for instance, just released Firefox 3.05 to Firefox users through its auto-update system.'"

61 of 376 comments (clear)

Doesn't have a built in update mechanism? by JeffSpudrinski · 2008-12-18 02:38 · Score: 2, Insightful

Sorry...but, "huh?"
Tools-Windows update. Or it is updated automagically if you have auto updates turned on.
I did RTFA, but I still didn't understand that comment.
-JJS
1. Re:Doesn't have a built in update mechanism? by initialE · 2008-12-18 02:52 · Score: 4, Informative
  
  Firefox updates upon the point of relaunch. There is no need to restart windows. Also it remembers the context of every session in every tab, so you can continue where you left off.
  
  --
  Starbucks, Harbuckle of Breath.
2. Re:Doesn't have a built in update mechanism? by MikeBabcock · 2008-12-18 02:53 · Score: 4, Informative
  
  The automatic update system in Windows is far from perfect, and doesn't allow users the granularity of saying "yes, update my browser but no, leave the rest of my system alone."
  Also, telling it you want to be notified of available updates (similar to Firefox's behaviour) is nowhere near as convenient as the way Firefox handles simply installing its own update and then restarting with your windows and tabs reopened to where you were last.
  
  --
  - Michael T. Babcock (Yes, I blog)
3. Re:Doesn't have a built in update mechanism? by EricX2 · 2008-12-18 02:54 · Score: 3, Insightful
  
  But does it check when you launch IE and install updates if they are available?
4. Re:Doesn't have a built in update mechanism? by Anonymous Coward · 2008-12-18 02:59 · Score: 2, Funny
  
  Sorry...but, "huh?"
  Tools-Windows update. Or it is updated automagically if you have auto updates turned on.
  I did RTFA, but I still didn't understand that comment.
  Clearly the article doesn't believe the microsoft line about IE being an integral, inseparable part of windows.
5. Re:Doesn't have a built in update mechanism? by Culture20 · 2008-12-18 02:59 · Score: 4, Informative
  
  The automatic update system in Windows is far from perfect, and doesn't allow users the granularity of saying "yes, update my browser but no, leave the rest of my system alone."
  I'm more of a Linux man, but I know this is wrong. If you set auto updates to download and notify for installation, you can choose which updates to apply.
6. Re:Doesn't have a built in update mechanism? by buddyglass · 2008-12-18 03:06 · Score: 5, Informative
  
  True, true, and true. But that doesn't change the fact that IE only runs on Windows and 99% of Windows users have Automatic Updates turned on, usually checking weekly. So you're usually looking at a max "lag time" of seven days before an IE user gets the patch. And that assumes the worst possible case: the patch releases right after that user's computer was updated, and they use their computer (and IE) every day.
7. Re:Doesn't have a built in update mechanism? by rlp · 2008-12-18 03:08 · Score: 5, Funny
  
  doesn't allow users the granularity of saying "yes, update my browser but no, leave the rest of my system alone
  Indeed, you can't have it automatically update a critical browser flaw, but say 'no' to the 1673rd revision of "Windows Genuine Advantage".
  
  --
  [Insert pithy quote here]
8. Re:Doesn't have a built in update mechanism? by prefect42 · 2008-12-18 03:14 · Score: 4, Insightful
  
  With Vista they've made it doubly annoying, as Windows Defender gets updates *all* the time. So if you've got it set to notify, you get a whole lot of nagging. If only you could pre-approve Windows Defender updates...
  
  --
  jh
9. Re:Doesn't have a built in update mechanism? by Joe+U · 2008-12-18 03:18 · Score: 4, Insightful
  
  If the user isn't bright enough to read the patch list, then why are you trusting them to selectively patch the OS?
  Set windows update to automatic and be done with it.
  I have yet to run into an average user with a properly working computer who has had a problem with something pushed through Windows Update.
10. Re:Doesn't have a built in update mechanism? by markkezner · 2008-12-18 03:35 · Score: 5, Insightful
  
  While I would agree with you in theory, your ideas don't match up with what I've seen in the real world.
  
  Until recently I worked in a mom and pop PC repair business. About 9 out of 10 systems I worked on were out of date, typically by a few months. I don't know for sure, but my guess is that users are switching auto-update off because can't be bothered with 'nag' messages from their software.
  
  Granted, the machines I saw were generally dying, so it may not be a fair cross-section of home computer users. Still, the idea that 99% of home users should have new patches within a week flies in the face of what I saw every day.
  
  --
  Dangerous, sexy, turing complete: Femme Bots
11. Re:Doesn't have a built in update mechanism? by BlackSnake112 · 2008-12-18 03:36 · Score: 2, Informative
  
  Yes you can. The auto update settings: 1. download and install everything. Or 2. download and tell me there are updates ready to be installed. Or 3. do not download but tell me there are updates.
  With 2 or 3 you can pick the updates to install. You click on the update icon in the lower right on the task bar (unless you moved it to a different location). Choose custom install. Do not select express. Express will install everything. Custom will let you pick which ones to install. With 2 if you just shut down and get the option: install updates and shutdown, all the updates at that time will be installed and the computer shuts down. Some of the updates (usually on vista) finish on the next power on. Yes you can choose which updates to install. But you have had to change it from the default (option 1) to do so.
12. Re:Doesn't have a built in update mechanism? by mshannon78660 · 2008-12-18 04:12 · Score: 5, Informative
  
  Actually, you can - I've done exactly this on my home PC, which was installed from a corporate license (had an MSDN subscription at the time). You need to go through the process manually once - you select everything other than WGA, and when it asks if you really want to ignore that update, you check the box that says something like 'Never ask me about this update again', and click OK. Now, I still get all the critical updates installed automatically, but never have WGA installed on my PC. It's been like that for several years now.
13. Re:Doesn't have a built in update mechanism? by mhall119 · 2008-12-18 04:12 · Score: 2, Informative
  
  Ubuntu disables Firefox's own auto-updater, instead all Firefox updates are pushed through Ubuntu's repositories so that they are kept in sync with the rest of the system.
  
  --
  http://www.mhall119.com
14. Re:Doesn't have a built in update mechanism? by PJ1216 · 2008-12-18 04:15 · Score: 2, Insightful
  
  You haven't taken into account that the users you're used to running into aren't the best users. If people kept their machines updated and running properly, you wouldn't see them. Its like a cop saying everybody is a criminal because a majority of the people he sees are criminals.
  
  I'm not saying that the other guy is right, but when it comes down to it, neither of you really have much to go on. From my experience, if auto update is turned on to download and install automatically very rarely gets turned off completely. One, for the most part, people who turn it off understand the system and either run updates manually themselves OR have it set to download and then they just install it whenever they see the little yellow shield icon. However, this doesn't apply to people who aren't constantly connected to the internet. If they're on dial-up, they can fall out of sync. I'm not sure of the percentage of people on dial-up, but it could be a problem.
15. Re:Doesn't have a built in update mechanism? by mhall119 · 2008-12-18 04:18 · Score: 3, Informative
  
  Just for clarification, this is only true for the version of Firefox you installed from Ubuntu's repositories. You can install the version provided by Mozilla and it should have it's own updater enabled.
  
  --
  http://www.mhall119.com
16. Re:Doesn't have a built in update mechanism? by Qzukk · 2008-12-18 04:18 · Score: 2, Informative
  
  Well, let's just say that the other day I found out my roommate was using version 1.5.
  The inability to upgrade across major versions is one of the weaknesses in Firefox. I was hoping that that last 2.x patch would add a bar at the top telling people to download FF3 if not upgrading its update tool to handle the transition.
  Another weakness (in both WU and FF) is that neither will ask the user to log in as admin and install updates. WU will just do it and reboot the computer in the middle of whatever you were doing (such as giving a presentation to potential clients using a laptop that had been off for a couple of weeks. No, the "Rebooting in 5 minutes" bar does not have a cancel button if you're not an administrator) unless there's a EULA to click, in which case it does jack shit (in the case of my mother's computer, which I have to remind her to log in as admin every once in a while to install any updates requiring her to click I Agree, then log back in as her unprivileged user before Teh Nasties take over her computer.
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
17. Re:Doesn't have a built in update mechanism? by RMingin · 2008-12-18 04:18 · Score: 2, Interesting
  
  I work for a school district, cyber-schooling. Ours may not be a scientifically valid cross-section either, but I'd say 6/10 or more machines either have WUAU turned off (the more advanced kids) or they simply hit the 'go away' button and never reboot to apply updates.
  If you have pending updates, suspend/resume at night, and never manually reboot, WUAU will NOT apply further updates till the pending ones go on. I've had machines 6 months and more out of date (coming in today with XP SP2) on a regular basis.
  I think one of the key things here is that Windows seems to require a reboot for EVERY LITTLE PATCH, which is a problem with the way they've hyper-integrated the kernel, the IE engine, and the shell. If things weren't tied together so tightly, a lot less reboots would be needed, and I'd imagine fewer people would be clicking 'later, go away' on WUAU notifications.
  Hell, *I* am guilty. My work laptop applied the IE7 rush fix this AM and I told Vista to stuff it for 4 hours. When it pops up after lunch I'll tell it to stuff it for 4 again. I'm not using IE at all (never unless I have to), so I know I'm not running in a compromised state, but I'm sure the great majority of the 'later' clickers both do not know what they are postponing and further WOULD NOT CARE.
  
  --
  The preceding comment is my own, and in no way construes an opinon of the Emperor of Mankind.
18. Re:Doesn't have a built in update mechanism? by L0rdJedi · 2008-12-18 04:21 · Score: 5, Informative
  
  Weekly? The default is to check every day at 3am. If it's turned on and left at the default (like most people do with FireFox), they'll be notified this morning and able to install it right away.
19. Re:Doesn't have a built in update mechanism? by RMingin · 2008-12-18 04:27 · Score: 2, Informative
  
  Probably because it wasn't, and it wasn't for a VERY long time. It's only when the EU got serious about pushing for an IE-less Windows that MS suddenly started integrating the crap out of IE/Windows.
  As recently as Windows 2000, you could have a fully functional machine with IE fully removed. MS would swear up and down that it wasn't possible, but folks all over did it every day.
  With XP and onwards, MS used IE instead of the older Explorer cousin to render local folders and files. This was a gargantuan mistake in many opinions, mine included. It exposed myriad security holes in IE, most of which got patched, which is a net-good effect, but it also exposed a TON more attackable surface to the local filesystem.
  
  --
  The preceding comment is my own, and in no way construes an opinon of the Emperor of Mankind.
20. Re:Doesn't have a built in update mechanism? by UnknowingFool · 2008-12-18 04:48 · Score: 2, Informative
  
  I did that for years but at one point (I think before SP2) it refused to download any more patches until I updated WGA. I'm pretty sure MS Update checks to make sure your WGA is recent. Granted I have a consumer license and not a corporate one. The vast majority of home users have my type of license and not yours.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
21. Re:Doesn't have a built in update mechanism? by RMingin · 2008-12-18 04:48 · Score: 3, Insightful
  
  Yeah, cause Active Directory scales great over the internet, and EVERYONE has a 100Mb connection or better at their place of business.
  We're physically discontiguous and your solution, while what I would do (and have done) in single site or robust WAN environments, simply does not work with the tools I have at hand and the geographical barriers I have to hurdle.
  So yeah, you pass the MCSE exam but fail the Real Life test. Not everything can be solved by dropping WSUS onto an underutilized server and defining a new policy object.
  
  --
  The preceding comment is my own, and in no way construes an opinon of the Emperor of Mankind.
22. Re:Doesn't have a built in update mechanism? by drsmithy · 2008-12-18 05:07 · Score: 2, Insightful
  
  Yeah, cause Active Directory scales great over the internet, and EVERYONE has a 100Mb connection or better at their place of business.
  AD scales fine over a WAN if you have a DC at your satellite sites.
23. Re:Doesn't have a built in update mechanism? by ACMENEWSLLC · 2008-12-18 05:30 · Score: 3, Insightful
  
  I have Firefox running on Vista, XP, 2000, 2003, Mac OS X, OpenSUSE, Mandriva, Ubuntu, and others. Firefox versions 2 and 3.
  My experience is that the Auto Update mechanism in Firefox is flawed. A number of these PC's never trigger to be updated even if they are months behind. One of my Windows 2000 servers often takes about a week before it's auto updated.
  Experience shows that it doesn't check for an update at every launch. And that sometimes it gets stuck, something gets corrupt, and not until you ask it to check will it check again.
  Granted, this is much better than most software. However the update mechanism needs work.
  Microsoft signs/encrypts and then checks the IE package signature. As much as a dog Microsoft, their update mechanism is one of the best.
24. Re:Doesn't have a built in update mechanism? by RMingin · 2008-12-18 06:10 · Score: 2, Insightful
  
  Yeah, I'll just add a DC to each of the 400 students scattered to Hell and gone all over the state. When I say geographically separated, I don't mean we have a stretch between buildings, I mean we have counties between each student and the next.
  I know the suggestions are a healthy mix of 'how I'd do it' and 'UR DOIN IT RONG', but I'm really one of those cases where the MS Way simply will not work, no matter how much or little I'd like it to.
  
  --
  The preceding comment is my own, and in no way construes an opinon of the Emperor of Mankind.
25. Re:Doesn't have a built in update mechanism? by superphreak · 2008-12-18 06:23 · Score: 2, Insightful
  
  Except that some of us "never" "boot." I S3 all the time. And you know if MS made updates mandatory w/o user intervention or any option of NOT updating, ./ would go bananas.
  
  --
  Evolution is a state-sponsored, state-protected religion.
26. Re:Doesn't have a built in update mechanism? by TheNetAvenger · 2008-12-18 06:59 · Score: 2, Informative
  
  Yeah, cause Active Directory scales great over the internet, and EVERYONE has a 100Mb connection or better at their place of business.
  Please explain, WTF this has to do with the OP, other than you expressing a hard on for Active Directory?
  If you think updates across sites must have Active Directory running over the WAN is required, you don't know crap about Active Directory.
  Side Note: If you are having trouble using Active Directory on even a 56K Frame Relay, your network design is really messed up. Handing out a security credential token and policy is a few freaking KB.
  Talk about failing real life experience... Holy Fek...
27. Re:Doesn't have a built in update mechanism? by QuantumRiff · 2008-12-18 07:14 · Score: 2, Insightful
  
  One annoying little feature of XP updates... You can choose to apply updates and shutdown, but you can't choose to apply updates and restart when you go to the shutdown menu. There are many times I'm heading to a meeting or whatever, and wouldn't mind it downloading, installing, and restarting, all ready for me when I come back. I don't want to come back and have to boot it up.
  
  --
  
  What are we going to do tonight Brain?
28. Re:Doesn't have a built in update mechanism? by shutdown+-p+now · 2008-12-18 08:24 · Score: 2, Interesting
  
  It's fairly easy to check for yourself - compile int main() { getch(); }, run it, and see what you can do with executable. You will see that you cannot delete it, but you can rename it (and after you rename it, you can create a new file with the same name; you cannot do it before that).
29. Re:Doesn't have a built in update mechanism? by hmar · 2008-12-18 09:17 · Score: 2, Informative
  
  Following the advice here http://techrepublic.com.com/5208-6230-0.html?forumID=3&threadID=201099&messageID=2231826 fixed the windows update hanging for me at my company.
30. Re:Doesn't have a built in update mechanism? by Arterion · 2008-12-18 11:05 · Score: 2, Informative
  
  You can use a GPO to force the computers to use Microsoft for updates. A GPO isn't going to be a big deal, even across a dial-up connection.
  Though one of the main reasons for using WSUS is that you only have to download the updates ONCE from Microsoft, not once for each system, thus saving WAN bandwidth.
  
  --
  "That which does not kill us makes us stranger." -Trevor Goodchild
31. Re:Doesn't have a built in update mechanism? by Qzukk · 2008-12-18 12:46 · Score: 2, Insightful
  
  Oh wait, replying to myself since I found it finally:
  http://www.broadbandreports.com/forum/remark,14167743
  Now to try walking my mother through that over the phone...
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
32. Re:Doesn't have a built in update mechanism? by tokul · 2008-12-18 19:16 · Score: 2, Informative
  
  A number of these PC's never trigger to be updated even if they are months behind.
  
  Linux versions use standard system update tools and internal firefox update can be deliberately turned off by packager.
Interesting... by nhaines · 2008-12-18 02:38 · Score: 4, Insightful

Internet Explorer may not have an auto-update system, but Microsoft Windows has an update system rivaling that of Ubuntu and OS X in automaticness, if not scale.
Since Windows encourages users to allow automatic updates installed at 3am every morning and also by default installs any pending critical updates at system power down, it doesn't seem like any supported version of Internet Explorer should remain unpatched for too long.
1. Re:Interesting... by Yvanhoe · 2008-12-18 02:41 · Score: 2, Interesting
  
  I even find it awkward that no popular linux distribution checks and proposes security updates at bootup.
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
2. Re:Interesting... by Zonk+(troll) · 2008-12-18 02:59 · Score: 3, Informative
  
  Internet Explorer may not have an auto-update system, but Microsoft Windows has an update system rivaling that of Ubuntu and OS X in automaticness, if not scale.
  Since Windows encourages users to allow automatic updates installed at 3am every morning and also by default installs any pending critical updates at system power down, it doesn't seem like any supported version of Internet Explorer should remain unpatched for too long.
  Ubuntu and Mint, at least, check daily. In Ubuntu when there are security updates you see a red arrow in the notification area, when non-security updates are available you see a orange sun(?). Also, if you go to "System"->"Software Sources" and then the "Updates" tab you can set it to apply security updates automatically (this really should be default, IMHO).
  I still think Ubuntu's update system rivals Windows and OS X as it not only updates the base OS and OS vendor applications, it updates everything on the system.
  
  --
  "The Federal Reserve is a fraudulent system."--Lew Rockwell
  End The FED. -
3. Re:Interesting... by Ilgaz · 2008-12-18 05:08 · Score: 4, Insightful
  
  I went to microsoft.com support pages on purpose, with unpatched IE.
  They spam Silverlight 2.x install on the pages instead of "update your Internet Explorer NOW!" in same fashion. I call it "spam", total spam I tell you. It is like whole page darkens before you can click anything and middle of page, there is "Install Silverlight Now!". Based on the hugeness of the security bug, I would cheer if they showed that IE warning in ALL MS sites including MSN. I saw MSN too, it has 1 liner "Download urgent Internet Explorer update". Of course it was blocked by "See your specific country page now!", another pop-in trick.
  What kind of purpose will Silverlight 2 serve at Support pages to "enhance" my experience besides not being Adobe Flash?
  Oh BTW, guess what XP SP3 installs. Flash Player 6. Yes, SIX. On the other hand, Apple updates all their customers Flash to secured 9.x version.
  They really believed that buying Yahoo for 46 billion would fix that logical problem?
"Microsoft is at a disadvantage ... " by El+Cabri · 2008-12-18 02:38 · Score: 4, Informative

I found this this morning in my Windows Updater log :
"
Security Update for Internet Explorer 7 in Windows Vista (KB960714)
Installation date: 12/18/2008 3:01 AM
"
IE autoupdating.. by skgrey · 2008-12-18 02:39 · Score: 4, Insightful

If Microsoft had the same reputation that Mozilla did for their updates not screwing the pooch then maybe I would consider using that kind of auto-update feature.

Then again, I only use Firefox, and would never consider using IE. At one point do even common household users realize that IE is not the way to go?
1. Re:IE autoupdating.. by djmurdoch · 2008-12-18 03:09 · Score: 4, Interesting
  
  Then again, I only use Firefox, and would never consider using IE.
  It's harder to avoid than you seem to think. If you use Windows help to view .chm files, you're using IE. Usually they stay local, but many help files do include
  links to web pages, and then you're out in the real world.
2. Re:IE autoupdating.. by Beat+The+Odds · 2008-12-18 03:58 · Score: 2, Funny
  
  It's harder to avoid than you seem to think. If you use Windows help to view .chm files, you're using IE. Usually they stay local, but many help files do include links to web pages, and then you're out in the real world.
  
  And for Slashdot readers... that's a no no..
Firefox updated? by Henry+V+.009 · 2008-12-18 02:40 · Score: 5, Insightful

No -- Firefox is at the disadvantage. If you're a single user running as administrator, its auto-update is great. However, the users (all running limited accounts) on our Windows/Samba network will have to wait until I install the new update manually because there is no built in mechanism for administrators to push out updates.

And should I use my cobbled together scripts to push out a security update for Firefox on the last day of finals when it might break everything, or should I wait until Monday?

On the other hand, the WSUS server that I set up worked exactly like it was supposed to last night.
1. Re:Firefox updated? by denis-The-menace · 2008-12-18 02:57 · Score: 4, Interesting
  
  You are right.
  The strange thing is that some FF updates do get installed with XP's "Limited User" accounts but some just fail.
  No rhyme, no reason.
  For those that failed I had to log on with an Admin account and let the FF update install.
  FF needs a updater service that runs in the System context so that all FF updates can get installed without the user being logged on as an administrator.
  
  --
  Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
2. Re:Firefox updated? by Anonymous Coward · 2008-12-18 03:09 · Score: 5, Insightful
  
  FF needs a updater service that runs in the System context so that all FF updates can get installed without the user being logged on as an administrator.
  No, I don't want another mysterious service that runs in the background doing whatever it feels like without explicit approval.
  Firefox for windows needs to start deploying the program as a regular .msi file (like most windows applications) so that all the existing application deployment tools will work. That will go a long way to boosting firefox among businesses & large organizations.
Windows Update? by Farmer+Pete · 2008-12-18 02:43 · Score: 3, Interesting

I wonder how many exploits will be found in IE before they are all gone. I mean, logically, there has to be some point in the future when IE7 is totally exploit free. To bad that the cycle of software replacements wont let that happen. Given enough time, IE7 and WinXP could be some of the toughest software in existence.
Re:IE updates by BotnetZombie · 2008-12-18 02:45 · Score: 5, Insightful

Tightly bound indeed. I've been postponing the inevitable reboot all day long (GMT here). It's ridiculous to need a reboot just for a browser update.
Ubuntu has update notification by tepples · 2008-12-18 02:46 · Score: 5, Informative

I even find it awkward that no popular linux distribution checks and proposes security updates at bootup.
I have an ASUS laptop that runs Ubuntu 8.04. I turned it on, turned on the Wi-Fi radio, and started Firefox to look up something about reenactment costuming. After a few minutes, I noticed the update icon in the tray. One of the updates was Mozilla Firefox 3.05. I clicked download and apply, and it was done. So yes, Ubuntu automatically "checks and proposes security updates".
Re:IE updates by Civil_Disobedient · 2008-12-18 02:46 · Score: 5, Funny

Perhaps this is because Microsoft so tightly binds IE to the operating system
Not perhaps.
I believe the engineering term is "reap what you sow, bitches."
Autoupdate is a ghastly bandaid by fuzzyfuzzyfungus · 2008-12-18 02:47 · Score: 4, Insightful

Per application autoupdates are a horrendous pain. Each one has its own, completely idiosyncratic configuration mechanism, its own schedule, and its own behavior. A lot of them will run(but fail in various annoying ways) under limited user accounts, and they are utterly useless in an environment where firewalls or similar block application downloads on client machines.

I can understand why companies use them, since the alternative typically involves things sitting unpatched for ever and ever; but the whole thing is a mess. Hurray for package management.
Huh? by I.M.O.G. · 2008-12-18 02:52 · Score: 4, Insightful

IE is at a disadvantage because it doesn't have a built in update mechanism? Seriously?
IE updates are managed thru a single interface, windows update, and windows update is actually one small thing windows gets mostly right. I don't want every god awful program under the sun phoning home ON ITS OWN to god knows where and updating itself without my knowledge.
However I do want a convenient method to make sure I'm getting updates I may need from a trusted source. Windows update is better than programs phoning home on their own. Short of having an update repository for 3rd party apps like Linux distros do things, thats about the best you can hope for...
That is, unless you like the google software updater, apple software updater, etc, running all the time soaking up resources and generally being non-value added.

--
Overclockers
1. Re:Huh? by I.M.O.G. · 2008-12-18 06:07 · Score: 2, Insightful
  
  Once Windows update hoses your system, you'll realise that "mostly" isn't good enough.
  I work with thousands of client machines in my environment - I've had experience with SUS hosing things up, but it still mostly gets things right for the updates it manages. Letting programs hose things up on their own is no better than letting windows update hose them up. In fact, judging by the way things work in Linux, I'd say managing updates centrally makes everything play better together on average. This part of your comment does not have any substance.
  
  Of course not. The god awful program or OS should only check for updates when it's both launched and connected to the internet, and it should inform you and give you the choice of updating.
  And... why are you running god awful programs on your computer? Are you insane?
  I disagree. The programs should be updated from an approved repository that has oversight. Letting every application developer out there decide what updates will be applied to machines they know nothing about is poor design. And I'm not running any god awful applications - I'm running Gentoo with VirtualBox for my Windows only management applications (check out the articles on my website). But my users do, and I do often consider many of them insane. Other IT folks who work in large environments they don't have complete authority over can sympathize I'm certain.
  
  How is Windows Update supposed to help when it's Acrobat that has the vuln and patch?
  Windows Update could be improved by making it easy for application updates to be approved and deployed thru windows update, and then perhaps applications like Acrobat would get onboard. This would be similar to the way in which microsoft works very hard to make it easy to develop for the windows platform. The whole point of my post was to describe what Windows Update could be but isn't, because of choices MS has made. Next question.
  
  If you trust a program enough to install it in the first place, you shouold trust it to download its own patches from its own site. The program itself should check for updates, not the OS.
  Which division of Microsoft do you work for, anyway? I mean, nobody but Microsoft employees have Microsoft-only computers.
  I disagree. Updates should be managed centrally. This would directly alleviate issues of having numerous update services running constantly in the background, which is a solution application developers resort to because they have no realistic better option on the Windows platform.
  
  --
  Overclockers
Yes, but by Reality+Master+201 · 2008-12-18 02:57 · Score: 2, Interesting

Most people aren't in your situation or that of your users. Most people are surfing the web on their personal computers, and so automatic updates will work just peachy for them.
Dear God, No by TheNinjaroach · 2008-12-18 03:18 · Score: 3, Insightful

FF needs a updater service that runs in the System context so that all FF updates can get installed without the user being logged on as an administrator.
I would never enable that feature on my PCs. The last thing I want Firefox to do is join the ranks of Flash, Java, Adobe Reader and iTunes with nagging auto-update services that always run in the background. Often the updates aren't even critical, I think many of those 'features' are pushed by marketing departments who want to plaster your desktop with as many of their logos as possible.

--
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
Reboot? Why? by clintre · 2008-12-18 03:27 · Score: 4, Interesting

The bad thing about IE not having the built in updater is that this patch required a freaking reboot for a browser patch!!

That is just stupid.

The great thing about this fiasco is that I was able to convince several people who had been un-willing to move to Firefox or Opera to now do so.

Thanks Microsoft!
Wrong by Nicolas+MONNET · 2008-12-18 03:29 · Score: 4, Informative

Firefox doesn't do tray icon notifications. And distribution-provided Firefox packages disable the auto-update, which wouldn't succeed anyway as the user running FF is not supposed to have write access to /usr. Instead, the distrib's auto-update mechanism handle it (apt for Ubuntu/Debian, yum for RedHat/Fedora, emerge for Gentoo, yast IIRC for Suse and so on). This is better on many levels, since it prevents a user process from altering the binary.
But you can also download the official Linux tarball and deploy it to your home directory; the FF update mechanism will handle it.
Re:Why not windows update? by Fred_A · 2008-12-18 03:29 · Score: 2, Insightful

One thing I do notice about the less savvy users is that they do mostly trust windows update.
On the other hand, what else could they trust ?
They have no idea how their computer works, certainly aren't interested in figuring it out, so they trust their vendor. Makes sense.
It's probably safer than they trusting random sources on the Web where they don't have the know how to separate the wheat from the chaff.
Ideally they should have an administrator taking care of this for them. But in the real world we all know this won't happen. Especially with home users.

--

May contain traces of nut.
Made from the freshest electrons.
Apple fixed that by apparently · 2008-12-18 03:42 · Score: 4, Funny

Or even worse than soaking up resources, suggesting new software once a week, like apple software updater. It always suggests that I need iTunes, and it always selects it by default. If I'd wanted iTunes, I would have downloaded iTunes and not gone to the extra hassle of trying to fine Quicktime without iTunes. I don't know how it is now, but when I downloaded, it was a hassle to find these two separated.
Apple has resolved this issue. Now they try to install Safari in addition to Quicktime and Itunes.
"Firefox issues eight patches" by apparently · 2008-12-18 03:48 · Score: 2, Informative

The great thing about this fiasco is that I was able to convince several people who had been un-willing to move to Firefox or Opera to now do so.
Mozilla has issued eight patches for its Firefox Web browser, three of which fix problems classified as critical.
Man, you really showed them.
1. Re:"Firefox issues eight patches" by phayes · 2008-12-18 04:41 · Score: 4, Insightful
  
  Your comment shows ignorance.
  When FF needs to install critical patches it restarts itself & conserves as much context as possible.
  When windows needs to install critical patches it reboots the system & loses all context. Even if you delay the reboot to finish critical tasks the reminder that you need to reboot pops up periodically with reboot preselected. If you were performing an unrelated task & happen to hit enter at the wrong time the system reboots without saving your work possibly corrupting it.
  I've seen it happen a few times & people do switch browsers after being burnt or seeing it happen to colleagues, but I suppose you'll just stick your fingers in your ears, close your eyes & mumble your prayers to the Redmond God to spare you...
  
  --
  Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
How does Firefox update itself by Skapare · 2008-12-18 03:48 · Score: 2, Interesting

... if it is running in a restricted userid?

--
now we need to go OSS in diesel cars
Re:Costuming for geeks by ConceptJunkie · 2008-12-18 04:15 · Score: 2, Funny

You know, it's a little premature (and uncool) to refer to it as "Civil War I" until the second one actually starts. Give it a few years.

--
You are in a maze of twisty little passages, all alike.