Microsoft wants Automatic Update for Windows 917
Edward Dao writes "After the embarassment of last week's blaster worm, Microsoft is weighing the possibility of automatic update. Microsoft not only wants to upload the latest patch on to users' computer but also installing it for them." This will work out really well for everyone I'm sure. Yikes! Can I at least press 'Ok' first?
No thanks (Score:5, Informative)
You can do this already (Score:5, Informative)
You can do this already with Windows XP if you set it up to do so. In the system properties go to the Automatic Updates tab and then click on the radio button next to the bottom option, "Automatically download the updates, and then install them on the schedule that I specify".
Of course you'd have to be out of your gourd to do this regarding MS's history of untested patches. Also I noticed that MS is including driver updates in the critical updates as well (nVidia driver). I've NEVER installed a driver from MS on my computer and every time a customer of ours does it, it seems to totally screw up everything.
Big deal (Score:2, Informative)
* NB: allowed, not required---it's your choice.
Yawn. "Keep my computer up to date" (Score:4, Informative)
By default, this already happens.
The story here is that Microsoft backed off when privacy groups thought this was a crummy idea (especially with the EULA of SP3 and XP SP1, big-brother visions abound).
Now they are saying they'd consider giving you more control over this, and to, by default, accept security-relevant patches in this manner by default.
Also, (big item), they'll ship the machines with the firewall enabled. That alone is probably the best idea they've adopted under recent community pressure.
Good for home users (Score:3, Informative)
You can already have Windows download and install the most important updates on its own. I have this feature enabled on an internal webserver at work, and it works very well. It downloads the patches as they become available, then it installs them att 3 AM when there's noone visiting the server anyway.
Corporate users probably don't want a feature like this though, if a fix breaks the most critical business application, it's better to not apply it at all. They would be better off with an internal Windows update-server that only hosts the patches that has been OK'd by the tech department. This feature is already available as well.
People are lazy? People are stupid? Good heavens! (Score:5, Informative)
I'm not sure who these customers are that want this...but to me this amounts to saying "our customers are lazy and stupid". Maybe I'm trolling, but...the "kinds of threats" that are out there are caused by microsoft writing vulnerable code in the first place! Sure everyone has bugs, but maybe, just maybe, they'll write a buggy patch too! I don't see how anyone could even be considering this as the default. If these people want microsoft to automatically update their computer...they can turn it on right now!
I know you hear this a lot here, but people need to either
a) have a working knowledge of their computer/operating system, including how to maintain it.
b) have their computer regularly maintained by another live human being.
This isn't that hard. People have this perception of computers as the same as their television or washing machine in terms of support - don't touch it unless it's obviously unusably broken. They don't work that way, they're much closer to cars. Sure, some people don't maintain their cars either, but those people aren't in the majority.
I'm rambling at this point, but really this is a disaster waiting to happen. What, are we going to end up testing EULAS in court finally when microsoft breaks ten million computers automagically and then says "well, you clicked the agreement"? I guess that could be agreeable. Please, I know most people here know what they're doing with their computers, but this problem is not just caused by microsoft. Educate everyone you know about the needs for computer mainenence! Make them pay you, I don't care, do something. Of course, the stupid IT department here got the worm too, so maybe it's completely hopeless.
Windows already has this... (Score:2, Informative)
You can set it completely off, or set it to automagically download and install updates.
Re:Not such a bad idea (Score:2, Informative)
http://www.discreet.com/products/gmax/gmax_inte
Well, actually, the entire 3DSMax product line is affected, but this was the best link I could fine.
Our sysadmins were also complaining about having something else broken, but I'm not sure what that was all about.
Re:MSBlaster (Score:3, Informative)
I'm using critical update notification on Windows 2000. I installed a generic critical update the day before Blaster really took hold. The next day, I had six new critical updates.
That same day, Windows Update on three Windows XP systems showed no updates. when I ran Windows Update again in the afternoon, there were twenty critical updates.
If the patch has really been available for months, then Windows Update is severely broken. If it doesn't work when I'm actively using it, why would I want it to be automatic?
The comparison to the GNU FTP site is specious. On the one hand, a million computers were compromised by a worm; on the other, one FTP server was compromised by an insider.
Re:And we kept wondering ... (Score:4, Informative)
yeah it seems totally stupid and unforceable but so is most things in eulas nowadays anyways.
Re:MSBlaster (Score:3, Informative)
Do you not read the newspapers?
When the GNU ftp site was compromised did it affect any DMVs?
Did the cracking of the GNU server cause disruption at entire school districts?
In case you missed it, look here [arnnet.com.au]
or here [clarionledger.com]
If you follow the first link you'll see that even Cisco's VoIP customers are affected by Blaster, not just WIndows users.
I'd call that more of a bummer than the GNU compromise.
Re:You can do this already (Score:3, Informative)
Are you humoured yet?
Re:Not such a bad idea (Score:2, Informative)
That's why there's an "I Agree" button in the first place. If you don't know a change happened, you can't have agreed to it. If you don't have the option to disagree, then you haven't agreed to it either.
Re:You can do this already (Score:4, Informative)
You can do this with any Win* box that's running IE6-SP1 (with the latest updates). This stuff is installed for you (and no, I haven't noticed an option to stop it from doing so - I'm the admin of a 75 or so MS Shop).
Re:OS X has a nice compromise (Score:2, Informative)
Sure beats the "Winbows XP re-install and download 80 Mb of updates" hamster wheel.
Re:You can do this already (Score:3, Informative)
And, oh yeah, this is on XP with all relevant updates applied (by relevant, I exclude things like fax and game related patches, which mean nothing on this machine).
Re:MSBlaster (Score:3, Informative)
Why would you so foolishly have a purduction machine open to the Internet? Firewall, anyone? If you can't take that normal of a precaution then you should be fired.
You've never worked in IT, have you?
Apparently, I've been doing this longer than you.
Re:oh yeah? (Score:2, Informative)
Re:oh yeah? (Score:4, Informative)
According to the Windows XP EULA, Microsoft has already given themselves the right to install software on users' home machines without their consent or knowledge. And there's no provision for allowing users to "opt out".
Re:Not such a bad idea (Score:2, Informative)
If that had been automatically updated, there would be a lot of people in a world of hurt.
Actually the real problem... (Score:3, Informative)
What would be nice is if Microsoft provided a CD subscription for their patches for cheap.
Re:M$ worm. (Score:3, Informative)
Who do you fine if a hole in Linux caused similar damage? Every person who's contributed to the kernel? Redhat? Registered Debian devs? All of the above?
The law demands equal protection. You can't just apply a law to one corporation or individual without applying it to all.
</flame>
Beating Windows File Protection (Score:2, Informative)
The problems you had deleting Outlook Express are no doubt caused by Windows File Protection. In order to beat it, simply delete the copies of the files you wish to delete from the directory C:\Windows\System32\dllcache (or similar, depending on where you installed Windows).
Once the relevant files (such as msimn.exe) are not present in dllcache, you can delete the versions of them in the main program directory. Windows will, at this point, moan that it failed to restore the files and ask for the CD to restore them, but you have the opportunity to decline, and Windows will never bother you about those files again.
I don't advise that you delete the entire contents of dllcache, though, no matter how elite you think you are. Windows File Protection is good for protecting against apps which overwrite the installed libraries in the Windows directory which can render your Windows 2000 installation unbootable in some cases.
Re:Not such a bad idea (Score:2, Informative)
I honestly can't understand why you wouldn't want to understand the patches you're installing. You might even want all of them, but you still ought to understand what they are supposed to do. This is not an opportunity afford to you by Windows Update, and it certainly wouldn't happen with automagic updates.
So thank you very much, but I'll keep being "unreasonably paranoid" and get my patches the old fashioned way -- by reading security advisories and deciding which patches I need.
It already does that? (Score:2, Informative)
Re:This is better than OS X (Score:3, Informative)
Just a note. Apple's X11 server on MacOS X is not an emulator at all. It is a window sever application, just like the ones you would have on Linux, Windows, BSD, or whatever. It is still in beta (not alpha as an earlier poster tries to say) but it works pretty much perfectly and is just as quick as other X11 window servers out there. Apple plans on releasing the completed version with MacOS X 10.3, Panther, and it will be a free download.
Take a look at Apple's X11 site [apple.com] for more information.
No Thanks! Patch MS03-026 hosed all my work! (Score:3, Informative)
I posted my story to the discreet support site, a couple days later discreet posted an official response, confirming what i had posted. Some customers were notified via email, many were not. A lot of people got screwed like I did with this bizarre conflict.
I learned my lesson, don't click on Windows system dialog boxes when you are half asleep and unable to make sound decisions.
Re:Not such a bad idea (Score:3, Informative)
Ok, people. You really need to research this.
XP and 2003's auto updating feature uses the "Background Intelligent Transfer" service. This service will throttle itself to only download using "leftover" bandwidth. If you're not using your internet connection, it chugs along full steam ahead. If you start to use it, it throttles back and gives you priority.
Read all about it here [microsoft.com] before whining about how slow it will make your dialup.
Plus there's always the option of downloading the SP/hotfixes elsewhere and burning them on CD. Or just ordering the SP from Microsoft. Sheesh.
Re:oh yeah? (Score:3, Informative)
http://support.microsoft.com/default.aspx?scid=kb; en-us;306203
With Microsoft Internet Protocol version 6 (IPv6) installed and Internet Connection Firewall (ICF) or Basic Firewall enabled, the firewall filters Internet Protocol version 4 (IPv4) traffic, but the basic firewall and the ICF does not block or filter IPv6 traffic.
Note ICF is available on Microsoft Windows XP and Microsoft Windows Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition. Basic Firewall is a component of Routing and Remote Access that you can enable for any public interface on a computer running both Routing and Remote Access and a member of the Windows Server 2003 family.
Auto-update works for dial-up (Score:3, Informative)
Windowsupdate is a god send for people with broadband but MS are going to be required to send CDs in the mail if they want to keep dial-up users up to speed.
Windows Update has an Automatic Updates feature that downloads updates in the background. It uses a service called Background Intelligent Transfer Service (BITS) to check for updates and download using idle bandwidth. While you are typing Slashdot comments, the connection is idle, and BITS can use this idle time to download updates. It can download part of it, and restart when you reconnect. So, unless your ISP charges you by the bit, you wouldn't notice it. Sure, it will take a while to get the update (weeks?), but you'll eventually get it.
Dial-up users aren't the weak link in the chain anyway - broadband users with insecure computers are, and are the reason these worms spread to rapidly.
There is an API for BITS [microsoft.com] if you are interested in making a self-updating application for Windows:
Re:That's even SLOWER and less reliable (Score:3, Informative)
Re:Not such a bad idea (Score:4, Informative)
Under known issues with SP4, I found this [microsoft.com], which, I believe, addresses your Norton problem in item 2.
What CD burner do you have? I have found a reference to Sony burners failing with SP4 unless you install a fix from Roxio here [roxio.com], which may cover #3.
I have already addressed #4(or 5 :-)) when I discussed WFP.
That leaves #1 which, I too, had this problem with. However, all I did was go to add/remove programs, uninstalled the .NET framework that windowsupdate installed, then restarted VS.NET installation. Worked fine after that, and I just skipped the .NET framework recommendation on the windowsupdate site (it was not a "critical" update, anyway).
The point being that as awesome as the resources and support are for Linux and other open source OSes, there is a multitude of free support for Windows as well. I don't infer that this relates to a lack of knowledge or ability, but perhaps a lack of effort to resolve the problem?
Not so good for slow connections (Score:3, Informative)
Ok, I can see the logic in making Windows Update fully transparent (and for the majority of users, this would be a good idea).
Regardless, for users like me running on a 56k connection, downloading a couple of meg worth of useless patches, this is *not* an option. My firewall is a better preventative measure than patches upon patches, so i'd rather not bother.
And if the "functionality" is put in anyway? Well, there will be cracks - hey, my firewall will probably block it anyways
Of course, its all the more reason to convert to linux.