Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Technology

More Than Half of PC Applications Installed Worldwide Are Out-of-Date (helpnetsecurity.com) 151

Posted by msmash from the security-woes dept.
Avast's PC Trends Report 2019 found [PDF] that users are making themselves vulnerable by not implementing security patches and keeping outdated versions of popular applications on their PCs. From a news report: The applications where updates are most frequently neglected include Adobe Shockwave (96%), VLC Media Player (94%) and Skype (94%). The report, which uses anonymized and aggregated data from 163 million devices across the globe, also found that Windows 10 is now installed on 40% of all PCs globally, which is fast approaching the 43% share held by Windows 7. However, 15% of all Windows 7 users and 9% of all Windows 10 users worldwide are running older and no longer supported versions of their product, for example, the Windows 7 Release to Manufacturing version from 2009 or the Windows 10 Spring Creators Update from early 2017.
This discussion has been archived. No new comments can be posted.

More Than Half of PC Applications Installed Worldwide Are Out-of-Date More

More Than Half of PC Applications Installed Worldwide Are Out-of-Date

Comments Filter:

  • Because upgrades are often crap (Score:5, Informative)

    by AmiMoJo ( 196126 ) on Wednesday January 23, 2019 @10:06AM (#58007460) Homepage Journal

    Half the time the upgrade doesn't add any value for the user, so why upgrade? VLC is a great example, it pretty much just works and the updates only add support for very obscure stuff that most users don't care about.

    The real problem is that security fixes are not well communicated, and that sometimes abused as a way to get users to take user-hostile changes.

    • Umm... VLC isn't exactly the best example of what you shouldn't update due to feature bloat. Quite a few of the updates VLC gets plug security holes. Video formats are public knowledge and quite hard to implement securely, twice so if that wasn't exactly the key demand when developing the formats, and the programs using them.

      • Re: (Score:3)

        by AmiMoJo ( 196126 )

        It would help if updating was easier. I keep meaning to try Chocolatey or another package manager to make the process easier. The effort of downloading and installing/extracting VLC every time they release an update is too great for me to bother.

        If it was just VLC I might, but most apps are as bad. Particularly annoying is when you have non-default install options that the update resets every time.

        • It would help if updating was easier. I keep meaning to try Chocolatey or another package manager to make the process easier. The effort of downloading and installing/extracting VLC every time they release an update is too great for me to bother.

          As well, many updates don't work as well as what they replace.

          • ^ This.

            Another common trend nowdays is to take previously free features and move them a login-required paywall, especially on mobile devices but often on desktops as well.

            • ^ This.

              Another common trend nowdays is to take previously free features and move them a login-required paywall, especially on mobile devices but often on desktops as well.

              There is a Bell Curve to many softwares. The early versions show promise, then they hit a peak of quality after a couple revisions. Then they get bloated.

              I have an SDR program I use that is pretty nice. Many other users keep asking for this or that new feature - often for some arcane things only they use. I've been pleading the devs not to implement them - which of course pisses off the demander. But I'll probably lose, as one person gets their special feature, and the rest of us will have to jump throug

        • Re: (Score:1)

          by Zehsi ( 5630632 )
          wrong OS

    • Re:Because upgrades are often crap (Score:5, Insightful)

      by oogoliegoogolie ( 635356 ) on Wednesday January 23, 2019 @11:37AM (#58008088)

      The real problem is that security fixes are not well communicated, and that sometimes abused as a way to get users to take user-hostile changes.

      Exactly! Most updates have replaced detailed release notes with ambiguous comments as such.
      "Fixed various bugs"
      "Fixes some other minor issues"
      "Other improvements and bug fixes"
      "Major improvements under the hood"
      "Improved security measures"
      "Improved wifi setup"

      Words like "improved, improvement,various, some" are ambiguous and/or subjective. Was a feature removed or added? Was functionality changed? When companies say improved, does that mean improved for me or for the company? Every bug-tracking software lets you create a list of the fixed bugs-export it, review it, edit it, then publish it! Usually when companies aren't explaining something it makes me wonder what are they hiding.

      WTF is with all this rapid-release crap? So many products have too many releases now. Don't push an update out just for typos other minor UI designs. Return to semi-annual major updates for everything except for critical security patches and major functionality issues.

      • Re: (Score:2)

        by solios ( 53048 )

        Go back to telling me EXACTLY what you're changing on my system when I install your update and I'll go back to installing them.

      • Probably the whole continuous integration and dev-ops crap. Developers are being conditioned/trained to rapidly release changes, and use the customer as the tester, rather than stick to a reliable and predictable release schedule. It should be the job of the rest of the company to push back and insist on a reliable release schedule. This lets the company predict and communicate to customers what upcoming features will be, engage and figure out what customers want, and so forth. Letting developers run the s

      • The real problem is that security fixes are not well communicated...

        Exactly! Most updates have replaced detailed release notes with ambiguous comments as such.
        "Fixed various bugs"
        "Fixes some other minor issues" [...]

        Even worse, so many apps now (on mobile devices especially) have dumbed their release notes down to something that isn't even release notes. You 've seen them--things like: "We're making things better in every release. Make sure you have automatic updates turned on!" without even the slightest hint of something resembling the summary of a changelog (which, at least, "fixed various bugs" might be).

      • WTF is with all this rapid-release crap?

        Gotta get the product out this quarter or the company will fold. Quality Assurance takes time, we don't have time. Quality Assurance takes money.... whoah whoah whoah there cowboy. QA costs money?! Fuck that shit. Release it now. We will fix any bugs later if they impact adoption of the device/thing/product.

        Are you really curious or ...

    • Re:Because upgrades are often crap (Score:4, Insightful)

      by Solandri ( 704621 ) on Wednesday January 23, 2019 @11:53AM (#58008186)

      The real problem is that security fixes are not well communicated, and that sometimes abused as a way to get users to take user-hostile changes.

      Yeah, for open source software the security fixes are usually only available via updating the software. It's like car manufacturers requiring you to get the newest model car (for free in the case of open source) instead of issuing recalls to fix problems.

      Pay software usually issues security updates for older versions for a while, without requiring you update to a new version (that you have to pay for). But they seem to be trying to kill that model off, replacing it with a subscription model which forces everyone onto the same version.

      It would be less of a problem if you could customize software and its installations. Often you only want a limited feature set (e.g. only Word and Excel) but the software insists on installing everything. That's the problem I've had with antivirus software. They all now include all sorts of web monitoring and active file inspection (tries to scan in real-time every file your computer tries to open) which just intolerably slows down the computer or browser. I have to shut those features off, but would rather not install them in the first place. Or things like the infamous ribbon interface in Office. I bet tens if not hundreds of millions of users would've killed for an option to disable it and go back to the previous interface. Instead, your only option is to continue using outdated software.

      • Re: (Score:1)

        by Anonymous Coward

        ACD Canvas is a classic example of the push to subscription mode. Back around 2015 they moved from regular version numbering to annual version numbering ... but the annual updates had gradually fewer useful changes and there have not been bug or security updates for years. Maybe the lack of security/bug fixes means there aren't any - highly unlikely in any software no matter how long it's been out (Canvas has been out using its current architecture since before 2010). Then, in the last year or so, they've m

      • That may be for PC software, but in many areas of software it isn't true. Ie, embedded medical devices - you sell the expensive device, plus some amount of maintenance that gives up updated software, and every release gives you a detailed list of what changed. Since some customes may be optionally paying for the update, it is good business to list what the new features are and why they are worth paying for.

        Right now with one product I worked on there was a bump in a version number just to keep it matched

    • Comment removed based on user account deletion

    • I don't upgrade itunes often, because every time I do they radically change the user interface. I only use it to sync podcasts, never to buy music, and it only runs when I ask it to.

      Upgrading rarely does anything useful. Yes, if there's a security hole then upgrading is good. But applications insist on upgrading when there is not need and even when the upgraded version becomes less useful or introduces dubious features. The concept that a new version is automatically more secure is naive.

    • Re: (Score:2)

      by Luckyo ( 1726890 )

      There's also the fact that most security fixes for software like VLC are utterly pointless unless you're using some obscure internet facing features that actually have meaningful holes in them.

      Most people I know use media players to play files they trust already on their machine. Meaning it is not a security threat even if it's ten years old.

    • The real problem is that security fixes are not well communicated, and that sometimes abused as a way to get users to take user-hostile changes.

      I'd also argue that if Microsoft had taken steps to allow third parties (including independent developers, not just large software houses) the ability to have their applications registered on and then automatically updated through Windows Update then we probably wouldn't have had quite the situation without outdated software as we do now.

      I know UWP changes things a

      • Re: (Score:2)

        by AmiMoJo ( 196126 )

        I was really hoping that Chocolatey would make updates much easier. The only real issue I've seen so far is that it's support for portable apps is very poor. I generally prefer not to install if possible, many apps run just fine from an extracted archive. Even the ones that claim to need installing.

  • As far as I know (feel free to correct my ignorance) Adobe Shockwave is for online games which I don't bother with, I only use VLC for DVDs since Windows refuses a proper media player and I don't use Skype. If these programs are running in a vulnerable manner (excluding VLC, which is not set to auto run), seems like Windows is more responsible since I never asked for them to run...

    • In this case I'd highly recommend removing Shockwave from the system altogether (and flush Flash while you're at it, too). I would still keep VLC updated just in case, unless you deliberately decided to associate video files with Media Player (and I honestly couldn't think of any good reason why anyone would want that if they have VLC), there is a nonzero chance that at some point in time it might open a video file.

      • I pretty much don't view videos except DVD or streaming, so media player is associated with all the videos I don't watch... Removing Shockwave is probably a good idea, I've never really given the program much thought, assuming it is installed.

        • Are you sure? I wouldn't put it beyond some shady site to abuse a loophole in HTML5 to open a video, whether you like it or not.

          • Are you sure? I wouldn't put it beyond some shady site to abuse a loophole in HTML5 to open a video, whether you like it or not.

            As long as it is a video run by the default player, it will be media player as I never set VLC as default anything, I just manually open DVDs. I'm not big on auto run anyway, I usually plug in a device or insert a disk, then go do something else for a while and then come back later and use it. I hate windows popping up on me when I'm busy with something else.

  • No kidding (Score:5, Insightful)

    by The Grim Reefer ( 1162755 ) on Wednesday January 23, 2019 @10:12AM (#58007492)

    Avast's PC Trends Report 2019 found [PDF] that users are making themselves vulnerable by not implementing security patches and keeping outdated versions of popular applications on their PCs. From a news report:

    The applications where updates are most frequently neglected include Adobe Shockwave (96%), VLC Media Player (94%) and Skype (94%).

    There are a lot of applications that the newer versions are considerably worse. It's funny that they mention Skype. It worked much better and was more intuitive 10 years ago in comparison to what is currently available.

    I'm surprised that Shockwave is on the list. I didn't know that it was still in use.

    • Re:No kidding (Score:4, Insightful)

      by Austerity Empowers ( 669817 ) on Wednesday January 23, 2019 @10:39AM (#58007662)

      This is the best reason why users don't upgrade. The upgrade is trash or breaks something of value. People are going to pick features > security every time.

      • Not true. Upgrades and security should be separate things. If there is a security fix then the upgrade notes must mention this. Upgrading by itself does not increase security. If the company can't take the time to accurately communicate what is in an upgrade then the consumer rightfully should refuse the upgrades, or uninstall the product. If the company insists on automatic upgrades then that is a problem in itself. Rapid release cycles do not promote security and can actually worsen security because o

    • Not that they are worse. But updating software just brings in features that you don't use and could get in the way for your usage.
      It would be a nightmare for even a large software company like Microsoft and Apple. To apply Security Updates, Bug Fixes, and performance improvements, for more then 3 major versions. of a product. A small company it is taking too many resources to fix their current version, where they want to put their resources in making the next version.

      For the most part we will need to expect

  • Way too many (Score:5, Interesting)

    by DarkRookie2 ( 5551422 ) on Wednesday January 23, 2019 @10:14AM (#58007508)
    Software now adays seems to want to update every 6 hours.
    This is not surprising and prolly the reason for stuff like this.
    People should make stuff that doesn't require that many updates.

    • Re: (Score:1)

      by Anonymous Coward
      You can thank "Agile" for that. Which is just another spin on the old "change request" of waterfall except that clients are told it is better. Not saying that waterfall is any mind you.

      • Customer push 1 fixes a bug. Two weeks later customer push 2 fixes the security hole in the earlier push, while also adding a new UI widget. Two weeks later the security patch is tweaked because it wasn't working, and at the same time there is a patch to have tighter integration with the monetization store. Two weeks later a patch is out to fix actually encrypt the monetizing transaction, along with a new dark UI theme. Two weeks later the software now pops up a notification to remind users to not turn

    • Re:Way too many (Score:4, Interesting)

      by Malc ( 1751 ) on Wednesday January 23, 2019 @10:42AM (#58007684)

      Updates this frequently seems to be an excuse for poorer quality software. Every update fixes problems with the last version and introduces a ton of new issues. The overall average quality of the software stays poor and doesn't incrementally improve. I think I preferred the old way of working where updates were just fixes, and once in a while I got an upgrade that actually felt worthwhile because the impact of all the new features normally out weighed any new issues introduced.

      If I've got something I'm happy with then I can wait; I don't need something new every 30s (or even every two weeks)

      • People certainly tried a lot harder before internet updates, when most customers wouldn't apply updates at all. To my mind games have actually been hit hardest. The patches often add up to be bigger than the game...

    • Well it is based on how much software you want to update. A highly maintained app may get an update once a week. but if you have 28 of these apps, it will seem like every 6 hours there is a new update.

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      Users are partly to blame for this. They think that an app that hasn't been updated for 3 years is dead and abandoned, when in fact it's just stable.

      • I think most user wouldn't notice or care.

        • Re: (Score:2)

          by AmiMoJo ( 196126 )

          App stores and search engines do it too. They favour new apps and recently updated web pages.

          • Re: (Score:2)

            by Falos ( 2905315 )

            Heard somewhere they will outright unlist something from the two major stores (ios/playstore) if it hasn't updated in X timeunits.

      • Re: (Score:2)

        by RedK ( 112790 )

        After waiting for more than a decade for Enlightenment 17 while stuck on an aging Enlightenment DR16, yes, it felt like Rasterman had abandonned it while hyping up and over-promising a bunch of features. Features that most people were hungry for.

        You guys generalize quite a bit. Slow release cycles are not inherently better or provide more stability than faster cycles. Sometimes slow release cycles are just that : overly slow because stuff isn't getting done.

        Another good example : Duke Nukem Forever, dela

    • Future Linux User in 2020

      Almost 2020 now bud. Need any advice on getting started? ;)

      • Nah, but thanks.
        Was waiting on Steam to allow things that weren't Steam games to run on Proton.
        That has happened and WINE is now version 4.0
        Going to Kubuntu sometime this weekend.
  • That's way too recent to be unsupported.

    • Depends on the App.
      Internet facings apps, that allow the user to point to wherever. Such as web browsers, email clients, or even that Facebook app, which will link to an outside site within the App. Will need constant security updates and fixes. Spring 2017 for your web browser is like crossing a tightrope. However if it is an internal app. Say how Excel use to be before it went to the cloud. Then 2017 isn't that big of a deal, especially if you have macros disabled.

  • -enabled more ads

  • This is not a problem to most users, it's an perk (Score:5, Insightful)

    by cloud.pt ( 3412475 ) on Wednesday January 23, 2019 @10:17AM (#58007526)

    There was a time stable software was a standard, not a luxury. Now, the definition of stable is whatever the software maker decides at that point in time. This doesn't make sense. The user is the one with his requirements in mind. That's what makes people buy some piece of software and expect a life-long license. That's also why cloud apps are cheaper and have a time-frame. The real problem comes when the two worlds mix: you buy a piece of software that is offline only but is a time bomb, with expiring license and basically stopping because the local clock got past a point or the remote clock from the authentication server did. Or the opposite, when you purchase an Office 365 cloud license but have access to a download of the offline suite which will only work for as long as your remote account hasn't expired.

    • Re: (Score:2)

      by Malc ( 1751 )

      Adobe don't seem to understand this. I've been using Lightroom 6 for 3.5 years, and now they've broken one of it's key modules (Adobe apologist blame one of their vendors). I took a look at the latest Lightroom Class CC (v8.1) and I really can't see the benefit: native support for HEIC (I'd already worked around that), a dehaze filter that doesn't seem to do anything I couldn't do with contrast and clarity, autosettings that cause more work because they over compress contrast and pump the colour saturatio

      • Forced me to switch to Mail.app. Support couldn't offer any rollback options to something that worked for me. I did try to switch to IMAP, but this took four days to download my mail and 3x the SSD space.

        The trick to IMAP is to have a separate server, then connect to it remotely. This works best on a LAN, but still works as long as you have an internet connection back to your server. My server allows users to read mail with Outlook, Seamonkey, Mutt, etc.

    • There was a time stable software was a standard, not a luxury.

      Those were also the days of comically bad security vulnerabilities and insanely long times to delivering critical security fixes.

      These days, Project Zero gives you a 90 day disclosure window [blogspot.com]. Stable or not, you are highly incentivized to patch it before it's publicly disclosed.

    • The real problem comes when the two worlds mix: you buy a piece of software that is offline only but is a time bomb, with expiring license and basically stopping because the local clock got past a point or the remote clock from the authentication server did.

      ROFLMAO. This is what recently took down a major drug lord. It is absolutely hilarious.

  • In my experience, the biggest offenders: (Score:3)

    by Opportunist ( 166417 ) on Wednesday January 23, 2019 @10:20AM (#58007552)

    Compression tools.

    I'm not kidding here. Most of the things listed in the report usually come with auto-update features that you have to deliberately disable or cancel. Compression tools like WinRar or 7zip get installed once and never get touched again. Ever. Unfortunately, due to the nature of what they do, they can very easily be exploited to run arbitrary malware code if the decompression algorithm is poorly implemented.

    Keep your compression tools updated!

    • What hacker is targeting WinRar and 7zip exploits? Hackers have much bigger things to exploit. There are a lot of CVE's filed but you would have to open a trojan file to get exploited.

      • You don't download compressed files from the internet? No mods for your favorite game, no file someone sends you on whatsapp? While I'd guess that you probably don't work in HR where opening compressed files is pretty much par for the course every time you're hiring and someone sends you their CV, you don't exchange files with anyone? Where you always, really always, check whether the from-header is actually from your mail partner?

        But you're right, these are usually things that the average Joe Hacker doesn'

    • what if I only want this compression tool for decompressing my own files? Do I have to pay another commercial WinRar license just because the owner wants to sell me, what to my use case effectively is, some snake-oil?

      It's a nice tip you got there, but companies want to make money, continuously, no matter your rights. That purpose of theirs will never align of our intention of buying stuff that we really own.

      • Then I guess switching to 7zip which is free and can read RAR files is an option.

        • Yes, 7zip is great. But you started using an unzip tool for the sake of the argument, and I kept it going. It would apply to anything else, such as MS Word documents.

          • With the difference that MS Office (as well as Adobe Acrobat) comes with an auto-update function that you have to deliberately disable (or at the very least not enable).

            Compression tools don't offer the option to check for updates altogether. In other words, updating them is easily overlooked by the average user.

  • Because older versions support Windows XP (Score:3)

    by xack ( 5304745 ) on Wednesday January 23, 2019 @10:21AM (#58007556)
    Like it not, XP is not going away soon. It is too useful for many purposes and still has over 10% market share in China. If software arbitrarily drops support for XP then older versions will stay in use. There is still significant amount of users on Chrome 49 and Firefox 52 since they support XP. Just because Microsoft dosen't support it dosen't have to mean that open source software needs to. XP forever!

  • Absolutely! (Score:3)

    by rickb928 ( 945187 ) on Wednesday January 23, 2019 @10:21AM (#58007562) Homepage Journal

    I run Office 2003 on all my home machines, first because it's good enough. And because I have a valid multi user license. And because Microsoft somehow gave it compatibility updates. And, lastly, because LibreOffice would be my replacement.

    Flash and Shockwave I avoid, so those usually are disabled or uninstalled. Problems solved.

    And my Surface Pro 3 is in the Windows Insider Program, so I get a lot of updates, back up my data obsessively, and have updates scheduled. So far so good.

    Truly, word processing hasn't advanced much since Word 6.0 and Quark, unless you hang on features like formatting preview and dynamic content, and since paper is out of favor, these now make sense. In the day of printing, there were a lot of features not useful to production environments.

    But hey,. I missed Minesweeper so much I went and found it.

  • Yeah (Score:5, Insightful)

    by ArchieBunker ( 132337 ) on Wednesday January 23, 2019 @10:27AM (#58007586)

    Because coders can't stop coding. Quit adding shit for the sake of adding it. You're done, stop, move on to another project. At some point your project has evolved to a pinnacle and anything you do from there on detracts from it.

    • Yes, but such coding should be planned out in advance. Coders should not be coding without a direction from management. That means they should have a release schedule, a list of features going into the release, a list of bugs that need fixing, and ultimately a set of detailed release notes. That's where you get stability. And you can do his sort of development while also using Agile! Agile does not preclude long term planning.

  • Purposefully using an older 7.40 version of Skype while I can, because the newest version is a bloated, buggy piece of crap.

    • I gave up on Skype a while ago and moved to Jitsi. Accessible through the web, free, open source. Don't even need an account to start a call.

      Makes me wonder how they stay afloat. I hope they are not recording my calls!

  • That's one of the reasons I prefer Linux. Most major distributions have some kind of package manager that takes the burden of checking every application for updates from me. Just one command/click and every program is updated to the latest version. It can't get much easier than that. And if you are lazy and don't care you can let your distro even do the updates silently in the background.
    • It's why popular linux distros are so superior to windoze: very good package management, automatic updates to all software used (unique exception here is http://atom.io/ [atom.io] that I manually update)

    • Re: (Score:1)

      by Anonymous Coward

      Depends, I've had far worse luck dealing with package managers on desktop focused distros then I've had on any version of Windows. Last problem I had was on Mint 18.3 when some genius pushed an Xorg update and then forgot that libGLX also needs to be updated as well, causing X to abort with an ABI version mismatch. Ubuntu I gave up on constantly fighting with out of date repos that 9 times out of 10 it's faster and easier just to reinstall then to fight with apt.

      Debian and RHEL/CENTOS are better in that reg

      • Arch Linux or many of its derivatives. Everything stays updated, you can choose to not install Systemd (look here https://artixlinux.org/ [artixlinux.org] for instructions or installation media) and everything updates pretty quickly, even in AUR. A rolling release distribution is the keyword here, there's a few more like Gentoo, with Debian or Ubuntu they release by cycles of specific time intervals, which would work fine for a server but not particularly well for a desktop if you need faster package updates.

  • Makes sense (Score:5, Insightful)

    by HalAtWork ( 926717 ) on Wednesday January 23, 2019 @10:36AM (#58007646)

    As others have mentioned a lot of newer versions of apps remove features or rearrange the UI just to seem fresh but that's annoying to the user.

    Besides that, on Windows a lot of apps seem to install a companion app just to check for updates, a lot of the time this gets disabled because it adds clutter to the taskbar and adds to startup time, not to mention triggering annoying popups if it can't reach the internet or if they need you to agree to new terms.

    During Windows installers people see a checkbox for that and disable it automatically because they're usually trying to shoehorn some adware or promotional app, or take over file associations or sign you up for something you don't want. So people just disable these.

    I moved away from Windows because of these hassles and now I have a central updating service for everything on my system. I understand Windows Store can do this, but not all apps are on the Windows Store because of certain restrictions and other criteria that leaves out the app you may want, or because the third party has their own storefront service/launcher they want you to use, and some people want to avoid it altogether because of the experience.

    It seems like a hassle to deal with all of this when you just want to accomplish things in a straightforward way, especially if you are an end user who gets anxious when they are presented with a dialog box with options like many non-techies who will just see that and immediately call the local nerd.

  • This is why. (Score:1)

    by Anonymous Coward

    "Man I love this app. The way it handles and does everything I want. The way everything hangs together in a logical..."

    "WTF? Why did they completely change the UI?"

  • I like Chrome's approach (Score:3)

    by ddtmm ( 549094 ) on Wednesday January 23, 2019 @10:44AM (#58007696)
    If it was just 1 or 2 programs that need regular updating, for whatever reason, people would be more inclined to do them. The problem is that there are so many programs that need regular updating, people just can't be bothered.

    If more programs allowed you to enable automatic updating in the background like the way Chrome does (that is, seamlessly in the background) I think more people would enable that method. I know I would. And if you don't like it, just don't enable it. There are a lot pf apps I'd be fine with background auto-update.

  • If you like that feature you can keep it (Score:5, Insightful)

    by DarkOx ( 621550 ) on Wednesday January 23, 2019 @10:53AM (#58007748) Journal

    "If you like your feature you can keep it"

    I think in the consumer software space there is very real conflict between security updates and functional requirements.

    Uses chose software because it did something they wanted to do. The home computer is not purely entertainment for a lot people. Many of them actually do care that they can create the weekly mailer, exchange very documents with people in their only hobby group - which could range from pictures to CAD drawings and 3d printing instructions.

    The trouble is these days installing that update could do any number of things. Maybe a feature you used is out right dropped or is only available in the paid "pro" version now; requires an active internet connection when it did not before etc etc. Maybe is just works and looks different and learning some new work flow or rebuilding all your scripts and macros just isn't something you want to do this month. If the changes don't work for you to bad; no security fixes then. Also if you only have one system and don't know other people doing exactly what you are doing often its a mystery as to what version next will bring. Again if its a process that is critical to you, can your risk updating?

    At least before critical system components like Windows itself could be pretty well depended on not push major user visible changes or changes likely to break other applications and API functions in updates. Increasingly this too is changing and its no surprise people respond by not updating.

    What does MS do in response make it more and more difficult to turn off auto updates; yes I suppose it keeps people on the update train a little longer but it does nothing to build confidence. Increasingly it drives the to other platforms which they will then not install updates on with our without justification.

  • I'd update more if... (Score:4, Interesting)

    by QuietLagoon ( 813062 ) on Wednesday January 23, 2019 @11:03AM (#58007832)
    ... the updates did not add data collection. One application I am using requires me to install google analytics when I upgrade the application. So I stopped upgrading it. Then there is Windows 10, if I upgrade to Windows 10, I turn my PC into a Microsoft data collection machine. If you want to know a reason why some do not upgrade, ask the software providers who put egregious data collection into their upgrades.

  • There's a HUGE difference between "needs update" and "needs MEANINGFUL update".

    I don't know of a metric that would measure that, unless perhaps you measured the size of the update vs installed size of the program?

    I know this wouldn't be perfect, but I'd guess in general critical updates would be more sizable than trivial "this button doesn't look right when clicked" updates.

  • I am in IT Security and I know the risks. I also view all CVE released daily. I know what I am doing. But there is only so much time in the day to manage your own software. If you had a company managing all things installed on your desktops (or laptops) and took away the rights of users to install their own software, then hell yeah I blame them when they have the tools to manage it. But for my home machines? I know Putty, VLC, and libreoffice are out of date. Those are the only three applications I h

  • Bloated "security" patches... (Score:1)

    by Anonymous Coward

    Not long ago, Steam made me update Civilization V. Not to make it better, not to fix security holes, but to force a new bloated interface so the makers of the Civilization series could show me ads for some Civ 6 DLC. That's all. Fallout 4 still gets updates that are mostly worthless ways of new monetization angles rather than actually improving the game.

    Thats just two examples of why I would have never updated that software if it had not been forced on me. I'll update more software when it's proven that pat

  • I can't wait to see what new ads they will blast me with and what plug-ins they will automatically install.

    • Hmm imust be lucky then non of the games i play regyraly, nor Vs 2017 communery or Davinci resolve 15 is blasring me whith ads, tru Resolve has gone tru several ui changes tha last few years but evrytime it has gitten better imho and we have gotten more features, ( fairlight and fusuion are the onse that stand out most) in both cases no ads that I have spotted (in resolves case I use the free (non studio version so, some effects and transitions are dissabld as is the fusion camera tracher and dnr. Iâ

  • Summary of reasons WHY no updating (Score:5, Insightful)

    by UnknownSoldier ( 67820 ) on Wednesday January 23, 2019 @11:57AM (#58008206)

    Here is a (partial) list of why people don't upgrade:

    - Don't fix what isn't broken. The old version is KNOWN to work, the new one is a GAMBLE. /s Because Microsoft has such a good track of updates not breaking -- oh wait, they don't!
    - Hate having to schedule time for updates
    - Telemetry bullshit
    - New version is not compatible with old version files
    - New UI is crap
    - Useful features removed
    - Cost of new version is prohibitive
    - New version holds you hostage -- if you don't pay the rental tax it stops working
    - Can't run the old version along side the new version to test what changed
    - No ability to "downgrade" to the previous version if you run into issues with the new version
    - Installer fucks up
    - New installer has malware and/or ads or hijacks the browser.
    - No solution for upgrade issues
    - No perceived value with a patch that only has security fixes. "They don't effect me."
    - Distrust of a patch that was "only" supposed to address security issues -- yet breaks functionality.
    - Updates dont respect MY time for when is a good time to update
    - New version doesn't work on your older OS -- such as Microsoft's bullshit of not releasing DX12 for Windows 7,
    - Forced updates which means downtime.
    - Auto updates are broken
    - Patch notes don't list WHAT has changed. MS has a shitty habit of this.

    When I installed Gimp 2.8 it blew away my working 2.6 versions on OSX. I then had to track down why Export wasn't working AT ALL. Turns out it was a problem with one of the python scripts IIRC. There is no way in hell a normal user would have been able to track down what the cause was.

    I also ran into this recently when I upgraded to the latest Inkscape 0.9x.

    I did an upgrade but all the menu icons were missing. Had to uninstall and reinstall to fix.

    Once I got the new version working I noticed the default units got changed from 90px/inch to 96px/inch. Now whenever I open old files I have to manually verify they didn't get fucked up.

    Upgrades aren't cheap -- both from a Time and Money factor.

    The old version may have a fixed cost; the new version may nickel and dime you -- worse it holds you hostage. If you stop paying the monthly rental tax it stops working.

    Users have learnt to distrust upgrades. They almost never work out-of-the-box. This means wasting even MORE time.

    There are only 2 main reasons to update:

    - New features
    - Security fixes

    When the risk:reward ratio is analyzed it isn't always cut and dry.

    Is it any wonder people don't trust new versions?

  • I'm surprised it isn't higher.
  • It almost makes better sense not to use computers these days.

  • A lot of this is because in Windows, every vendor pretty much had to build-their-own auto-updater, if at all.

    If a software installs an auto-update agent that runs as a matter of course, they are assholes because they are running when they shouldn't be and many auto-updaters add up.

    If a software checks auto-update on startup, it's annoying and disruptive because you are trying to use this app, not get nagged about updating. Additionally this means software is neglected when not run and frequently an update

  • Oh look another sleazy company rummaging through millions of computers and collecting shit on all of the software everyone has installed when they don't have to then publically bragging about their exploits after the fact.

Slashdot Top Deals

THEGODDESSOFTHENETHASTWISTINGFINGERSANDHERVOICEISLIKEAJAVELININTHENIGHTDUDE

Close