Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet ā FREE Edition as my thank you for subscribing!
In my opinion, background updates are awesome. I love that Chrome is always up to date without my ever even having to think about it. Let's look at why.
I have a little philosophical question: whatās the difference between Google Chrome silently updating in the background without me ever giving it explicit permission to do so, and malware updating itself in much the same way and getting new commands to wreak havoc? In fact, I believe Google Earth also updates itself with no explicit permission. At some point, it suddenly showed up in my frequently used programs as a new program even though I already had it. If thereās a clause in the User Agreement that says they can, it becomes a legal issue where the question is whether they can just change the Agreement after a user agrees to a different version of it.
Well, Iām not a lawyer, so Iām not going to address legal issues. But I bet the agreement probably contains terminology to giveĀ them permission to do silent updates.
Itās one of those things about legalese: lawyers can always interpret it in a way that allows them to say you agreed.
The concern I have with your question is that you seem to be very distrustful of these silent updates and consider them akin to malware.
Google probably set up silent updates because people donāt update Google Chrome, Google Earth, and other types of Google programs when they should.
Now, I know many people want absolute and ultimate control over their machine. I can understand that. But those people are actually in a very small minority.
In reality, the average consumer doesnāt care. They just want the thing to work. Asking them repeatedly to update is too intrusive and annoying. And if you give them the option to update, itās too easy for consumers to say no or simply forget and not update their programs.
When an automatic update happens, the average consumer really doesnāt need to be involved. They donāt need to know when it happens, and they arenāt interested in the details.
Automatic updates and malware
The concern that legitimate software updates are akin to malware is, in my opinion, borderline hyperbole. The difference between Google running automatic updates in the background and malware silently doing things in the background is extremely clear.
Itās all about intent.
Google updates its software to become more stable and less vulnerable while adding features.
Malware does it because it intends to do something malicious.
Thatās not even close to being the same thing.
Personally, I think background updates are awesome. I love that Chrome is always up to date without having to think about it. I have a few other apps that are starting to do this as well. I donāt even have to click OK; an update just happens. Ā I really appreciate that, and I wish more applications would move to a model like that.
Avoiding automatic updates
If you donāt like background or automatic updates, I suggest you choose software that doesnāt use it. Pick software that forces you to choose and approve every update.
But for most people, having things update or work automatically without having to stop and think about it really is the right solution. As a result, itās getting harder to keep that absolute control over your machine, as background and automatic updates improve the security and the stability of machines both at the individual level and across the internet.
Ultimately, I think thatās a great thing. Automatic updates and background tasks depend on intent, but I wish more legitimate applications would use them.
20 comments on āAre Silent Background Updates a Good Thing?ā
Do you check what is on your page? In the middle of the page that concerns automatic updates, there is a download button for windows 8 drivers. Why isnāt Microsoft the one to allow this download. Could this download allow malware to enter my pc from another type vendor other than Microsoft???
Yes, automatic updates are a great way to stay updated without using my brain. My beef is that the programs do their updates when I am trying to do something on line and all of a sudden I lose half or more of my bandwidth for an unknown time until the update finishes. Sometimes I think two programs pick the same time, and my computer is useless.
One program lets me set the update time and the maximum % of computer that it will use (good work, Microsoft Security Essentials), but my antivirus and others think they are more important than me.
When all auto updaters are as considerate as Microsoft, then Iāll be happy. Until then, the others are malware during the updates.
For the record, Iād be of the opinion that your anti-malware tool updates really are more important. But I do agree with the overall sentiment ā updates should be constructed so as to minimize their interference.
I agree with you are saying. The only problem Iāve ever had with any auto updates is Windows Up-date. Specifically the .net up-dates. What a headache when one go south! Thank God for Macrium Reflect! Iāve used this ever since I read your very first news letter. I use the paid version.
I also subscribe to Window Secrets news letter mainly for their āpatch Tuesday suggestions. However it can be very confusing! One must almost be an IT expert to understand it. Should I just switch to auto and forget it?
I agree that silent background updates by trusted suppliers are great.
But suppliers I donāt trust all that much, because they want to install their toolbars or worse⦠I like to keep control over them.
And I really hate the software suppliers who are LOUD and INTERFERING while doing their automatic updates, e.g. by showing an info-box: āX has installed the update; restart the computer now to have the changes take effect.ā
Worse: āYou must restart the computer now. If you donāt choose it will restart automatically within 10 minutes.ā The countdown is running. Imagine my XP installation that takes 2:30 to shut down and 4:10 to start up. Imagine I have about 30 minutes before I must attend a meeting, and I want to finish my work before I go. Imagine Iām working with info from 3 windows, each filled with data I have selected doing queries.
The worst instance was that I had been writing and checking a query for some time, was finally content, grabbed the mouse to hit the āgoā button, only to see my click being grabbed by a sudden popup box that wanted my āOKā to RESTART NOW. Of course the āOKā button had focus in that popup. That moment I lost more than a hourās work. I was so sore I went home. The next morning I cancelled the product and spent a few hours finding a replacement. I hope they have bettered their lives or have gone out of business.
In short: I like automatic silent updates on condition that they:
ā donāt interfere with my work and
ā donāt assume their update is more important and more urgent than my work.
Manners!
And remember: āAssumption is the mother of all fuckups.ā
Leo ā I may be in the āminorityā but I think you should try to see the minority point-of-view. Should everyone think the same way? ⦠We want ācontrolā of this machine that we bought because we bought it for a purpose and it thinks it can have a mind of its own⦠Some decades ago, imagine, I bought myself a record player and over time gradually acquired a collection of favourite records. Now the machine has decided to declare all ny favourite old songs obsolete and it sends them back to the shop and orders new ones for me ā but I donāt want the new ones! Theyāre not my favourites! Why would anyone buy a record player that does that? It automatically changed the stylus so I canāt play 78s anymore. I canāt alter the volume control while a record is playing, or even stop the record ā because the player is ābusyā. I get sent all sorts of records that I didnāt even order, some in very unpleasant looking sleeves. I just wanted a little computer, sorry, record player! I didnāt expect it to become so overcrowded with gadgetry. Like the man who accidentally drove his car into a river last winter ā the road was icy. He died because he couldnāt open the electrically controlled windows. (Soon afterwards his wife met the same ice and also drove into the river; she and the two children survived.) We didnāt have these problems with gadgetry in the old days⦠(Stop the world! It was running along so nicely ā and logically and intelligently ā until stupid people took control of it. Progress ā huh!)
Perhaps ironically I think that advances in the ways that we can access the internet also provide an argument for keeping control of silent background updates, or at the very least the timing of those updates. I have a home PC network (all behind a NAT router and regularly backed up using Acronis ā thanks Leo!) and a smartphone, which could just as easily be a tablet or a laptop using the smartphone as a wifi hotspot. At home I have a generous, and inexpensive, data allowance as part of my contract with an ISP; on the move I have a PAYG arrangement for data with the mobile phone company. Now I can connect my smartphone (or tablet or laptop) to the internet at home cheaply via a wireless connection, or I can make use of the more expensive data connection over the 3G network if Iām away from home. The point is that I donāt want any more traffic over the 3G data connection than is absolutely neccessary because it costs, I have my email software set to download headers only for example. So whilst I can see the logic of silent updates protecting us from ourselves I for one would prefer to remain in the driving seat, and I think this may apply to a lot of folk.
Exactly. I pay in the daytime 50 times as much for data transfer than from 0:00 till 6:00. So my updates are planned in the night. No automatic updates.
Theo.
What about programs ā like Adobe Flash Player ā that will, unless you āuncheckā the box, install toolbars and other unwanted applications? Will a āsilent background updateā include those things?
Well, thatās not really a background download ā thatās foistware, software that is explicitly installed when you installed something else. They may update themselves in the background like other software might, but thatās not the problem ā that initial malicious install is.
āThe concern that legitimate software updates are akin to malware is, in my opinion, borderline hyperbole.ā I donāt see anything borderline about it. For one thing, malware will continue to update itself regardless of what Google does.
In fact, I see the opposite with programs like Java and Flash. They use the opportunity of asking permission to trick people into agreeing to install malware.
Auto updates may net out to a good thing for many users, but there is an implicit trust the application will do so promptly. This is not always the case. For example on two occasions Chrome Beta has taken 4 days to automatically update their embedded Flash to resolve a critical Flash issue. The flip side of the coin is usually the Chrome Beta Flash level is at or higher than the Adobe released version, which nets to Chrome Beta is usually more Flash secure.
The other disadvantage of autoupdate is identifying the program that provided a bad update. When that kind of bug happens, itās true the application soon knows it and auto updates again as soon as the problem is resolved. If I need the application badly in the interim I like to revert to the old version, but thatās harder to do if the bad update happened automatically. Te best solution is to sign up for an applicationās email notification when an update is available, and allow me to go get it when convenient for me. While several applications optionally provide this service, itās unfortunately a far from universal practice.
In theory auto / background updates are a āgood thingā for āthe average userā. But in practice, that is only true when the updates work. Even MS has been known to put out ābadā updates.
Then there is the question of whether the update is an improvement. A few years back, MS lost a court case and rather than pay the winner license fees, they issued an update to remove functionality from Office. Functionality that we the consumers PAID MS for ! Recently, MS āupdatedā the way that the āOffice to Goā feature in Office 365 was accessed. Now, many people cannot access the feature that they paid for!
People who have āOffice 365ā are now on the āauto updateā roller coaster. For example, when people āupgradedā to it they found out that the āPicture Managerā program has been āreplacedā. It has been āreplacedā by a crippled program that is missing most of the functionality present in picture manager. The same thing can happen in the future when Office 365 auto āupgradesā from 2013 to Office Vnext (2015? 2017???). They will have no control over that upgrade. It will just happen and they will have to like it or lump it.
After using a computer for a short while you quickly learn that your number one trouble shooting question is āwhat has changedā on the computer. Have you installed a new program? Have you āupdatedā anything (ie Windows Updates)? When you live in an āauto updateā world you canāt answer that question. And MS will not provide a good answer to that question for Office 365. They just make changes, publicly announce a few but hide many other changes / āfixesā.
Yes, automatic software updates are a good thing, as most fix bugs or patch security vulnerabilities. And judging from WinPatrol notifications, software updates are pretty much a daily occurrence for those who have a lot of programs installed. Of course the pipeline for updates must be set, as you donāt want your device updating over a data-priced network (e.g., cellular). When I hear of a major security fix for my Windows OS Iāll often run Windows Update immediately, instead of waiting for the Microsoft queue to get to my computer. And the first thing I do after each boot-up, before any browsing, is update my security suite.
My real peeve is the constant escalation of app permissions on smart phones, many of which seem designed for data mining rather than functionality. In a number of cases Iāve simply deleted an app (or, if thatās not possible, stopped using it) and found a well-regarded alternative that wasnāt so nosy. For those who donāt want search provider data mining, consider using Ixquick, a metasearch engine that has a clean interface and doesnāt track or mine data. Their Advanced Search option has powerful filters, including the ability to limit the results to a particular domain like .edu / .org / .gov.
Windows 10 has automatic updates built into it and unless youāre using Windows 10 Pro or Enterprise versions which give you the option of delaying the updates for a certain period.
Windows 10 users might want to look at Spybot Anti-Beacon, while it will not turn off auto updates it will control how much Microsoft is watching you.
Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.
I want comments to be valuable for everyone, including those who come later and take the time to read.
Do you check what is on your page? In the middle of the page that concerns automatic updates, there is a download button for windows 8 drivers. Why isnāt Microsoft the one to allow this download. Could this download allow malware to enter my pc from another type vendor other than Microsoft???
LGā¦.
Get the AdBlock Plus plugin and you wonāt be bothered by that ad.
Erā¦. itās an advertisement, and Leo doesnāt really have that much control over what the advertisements display.
Thatās an advertisement. Please see Whatās the difference between an ad and your recommendation?
Iām not a fan of them, but thatās more a testament of my nitpickiness than anything, really
Yes, automatic updates are a great way to stay updated without using my brain. My beef is that the programs do their updates when I am trying to do something on line and all of a sudden I lose half or more of my bandwidth for an unknown time until the update finishes. Sometimes I think two programs pick the same time, and my computer is useless.
One program lets me set the update time and the maximum % of computer that it will use (good work, Microsoft Security Essentials), but my antivirus and others think they are more important than me.
When all auto updaters are as considerate as Microsoft, then Iāll be happy. Until then, the others are malware during the updates.
For the record, Iād be of the opinion that your anti-malware tool updates really are more important. But I do agree with the overall sentiment ā updates should be constructed so as to minimize their interference.
I agree with you are saying. The only problem Iāve ever had with any auto updates is Windows Up-date. Specifically the .net up-dates. What a headache when one go south! Thank God for Macrium Reflect! Iāve used this ever since I read your very first news letter. I use the paid version.
I also subscribe to Window Secrets news letter mainly for their āpatch Tuesday suggestions. However it can be very confusing! One must almost be an IT expert to understand it. Should I just switch to auto and forget it?
I agree that silent background updates by trusted suppliers are great.
But suppliers I donāt trust all that much, because they want to install their toolbars or worse⦠I like to keep control over them.
And I really hate the software suppliers who are LOUD and INTERFERING while doing their automatic updates, e.g. by showing an info-box: āX has installed the update; restart the computer now to have the changes take effect.ā
Worse: āYou must restart the computer now. If you donāt choose it will restart automatically within 10 minutes.ā The countdown is running. Imagine my XP installation that takes 2:30 to shut down and 4:10 to start up. Imagine I have about 30 minutes before I must attend a meeting, and I want to finish my work before I go. Imagine Iām working with info from 3 windows, each filled with data I have selected doing queries.
The worst instance was that I had been writing and checking a query for some time, was finally content, grabbed the mouse to hit the āgoā button, only to see my click being grabbed by a sudden popup box that wanted my āOKā to RESTART NOW. Of course the āOKā button had focus in that popup. That moment I lost more than a hourās work. I was so sore I went home. The next morning I cancelled the product and spent a few hours finding a replacement. I hope they have bettered their lives or have gone out of business.
In short: I like automatic silent updates on condition that they:
ā donāt interfere with my work and
ā donāt assume their update is more important and more urgent than my work.
Manners!
And remember: āAssumption is the mother of all fuckups.ā
I have an abort_shutdown.bat file on my desktop with the following line:
C:\WINDOWS\system32\shutdown.exe -a
It works on scheduled shutdown/restart. Not when you already are shutting down. The -a is for the abort.
Theo
Leo ā I may be in the āminorityā but I think you should try to see the minority point-of-view. Should everyone think the same way? ⦠We want ācontrolā of this machine that we bought because we bought it for a purpose and it thinks it can have a mind of its own⦠Some decades ago, imagine, I bought myself a record player and over time gradually acquired a collection of favourite records. Now the machine has decided to declare all ny favourite old songs obsolete and it sends them back to the shop and orders new ones for me ā but I donāt want the new ones! Theyāre not my favourites! Why would anyone buy a record player that does that? It automatically changed the stylus so I canāt play 78s anymore. I canāt alter the volume control while a record is playing, or even stop the record ā because the player is ābusyā. I get sent all sorts of records that I didnāt even order, some in very unpleasant looking sleeves. I just wanted a little computer, sorry, record player! I didnāt expect it to become so overcrowded with gadgetry. Like the man who accidentally drove his car into a river last winter ā the road was icy. He died because he couldnāt open the electrically controlled windows. (Soon afterwards his wife met the same ice and also drove into the river; she and the two children survived.) We didnāt have these problems with gadgetry in the old days⦠(Stop the world! It was running along so nicely ā and logically and intelligently ā until stupid people took control of it. Progress ā huh!)
Perhaps ironically I think that advances in the ways that we can access the internet also provide an argument for keeping control of silent background updates, or at the very least the timing of those updates. I have a home PC network (all behind a NAT router and regularly backed up using Acronis ā thanks Leo!) and a smartphone, which could just as easily be a tablet or a laptop using the smartphone as a wifi hotspot. At home I have a generous, and inexpensive, data allowance as part of my contract with an ISP; on the move I have a PAYG arrangement for data with the mobile phone company. Now I can connect my smartphone (or tablet or laptop) to the internet at home cheaply via a wireless connection, or I can make use of the more expensive data connection over the 3G network if Iām away from home. The point is that I donāt want any more traffic over the 3G data connection than is absolutely neccessary because it costs, I have my email software set to download headers only for example. So whilst I can see the logic of silent updates protecting us from ourselves I for one would prefer to remain in the driving seat, and I think this may apply to a lot of folk.
Exactly. I pay in the daytime 50 times as much for data transfer than from 0:00 till 6:00. So my updates are planned in the night. No automatic updates.
Theo.
What about programs ā like Adobe Flash Player ā that will, unless you āuncheckā the box, install toolbars and other unwanted applications? Will a āsilent background updateā include those things?
Well, thatās not really a background download ā thatās foistware, software that is explicitly installed when you installed something else. They may update themselves in the background like other software might, but thatās not the problem ā that initial malicious install is.
āThe concern that legitimate software updates are akin to malware is, in my opinion, borderline hyperbole.ā I donāt see anything borderline about it. For one thing, malware will continue to update itself regardless of what Google does.
In fact, I see the opposite with programs like Java and Flash. They use the opportunity of asking permission to trick people into agreeing to install malware.
Auto updates may net out to a good thing for many users, but there is an implicit trust the application will do so promptly. This is not always the case. For example on two occasions Chrome Beta has taken 4 days to automatically update their embedded Flash to resolve a critical Flash issue. The flip side of the coin is usually the Chrome Beta Flash level is at or higher than the Adobe released version, which nets to Chrome Beta is usually more Flash secure.
The other disadvantage of autoupdate is identifying the program that provided a bad update. When that kind of bug happens, itās true the application soon knows it and auto updates again as soon as the problem is resolved. If I need the application badly in the interim I like to revert to the old version, but thatās harder to do if the bad update happened automatically. Te best solution is to sign up for an applicationās email notification when an update is available, and allow me to go get it when convenient for me. While several applications optionally provide this service, itās unfortunately a far from universal practice.
In theory auto / background updates are a āgood thingā for āthe average userā. But in practice, that is only true when the updates work. Even MS has been known to put out ābadā updates.
Then there is the question of whether the update is an improvement. A few years back, MS lost a court case and rather than pay the winner license fees, they issued an update to remove functionality from Office. Functionality that we the consumers PAID MS for ! Recently, MS āupdatedā the way that the āOffice to Goā feature in Office 365 was accessed. Now, many people cannot access the feature that they paid for!
People who have āOffice 365ā are now on the āauto updateā roller coaster. For example, when people āupgradedā to it they found out that the āPicture Managerā program has been āreplacedā. It has been āreplacedā by a crippled program that is missing most of the functionality present in picture manager. The same thing can happen in the future when Office 365 auto āupgradesā from 2013 to Office Vnext (2015? 2017???). They will have no control over that upgrade. It will just happen and they will have to like it or lump it.
After using a computer for a short while you quickly learn that your number one trouble shooting question is āwhat has changedā on the computer. Have you installed a new program? Have you āupdatedā anything (ie Windows Updates)? When you live in an āauto updateā world you canāt answer that question. And MS will not provide a good answer to that question for Office 365. They just make changes, publicly announce a few but hide many other changes / āfixesā.
Yes, automatic software updates are a good thing, as most fix bugs or patch security vulnerabilities. And judging from WinPatrol notifications, software updates are pretty much a daily occurrence for those who have a lot of programs installed. Of course the pipeline for updates must be set, as you donāt want your device updating over a data-priced network (e.g., cellular). When I hear of a major security fix for my Windows OS Iāll often run Windows Update immediately, instead of waiting for the Microsoft queue to get to my computer. And the first thing I do after each boot-up, before any browsing, is update my security suite.
My real peeve is the constant escalation of app permissions on smart phones, many of which seem designed for data mining rather than functionality. In a number of cases Iāve simply deleted an app (or, if thatās not possible, stopped using it) and found a well-regarded alternative that wasnāt so nosy. For those who donāt want search provider data mining, consider using Ixquick, a metasearch engine that has a clean interface and doesnāt track or mine data. Their Advanced Search option has powerful filters, including the ability to limit the results to a particular domain like .edu / .org / .gov.
Leo,
Windows 10 has automatic updates built into it and unless youāre using Windows 10 Pro or Enterprise versions which give you the option of delaying the updates for a certain period.
Windows 10 users might want to look at Spybot Anti-Beacon, while it will not turn off auto updates it will control how much Microsoft is watching you.
Robert