Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!
In my opinion, background updates are awesome. I love that Chrome is always up to date without my ever even having to think about it. Let's look at why.
I have a little philosophical question: what’s the difference between Google Chrome silently updating in the background without me ever giving it explicit permission to do so, and malware updating itself in much the same way and getting new commands to wreak havoc? In fact, I believe Google Earth also updates itself with no explicit permission. At some point, it suddenly showed up in my frequently used programs as a new program even though I already had it. If there’s a clause in the User Agreement that says they can, it becomes a legal issue where the question is whether they can just change the Agreement after a user agrees to a different version of it.
Well, I’m not a lawyer, so I’m not going to address legal issues. But I bet the agreement probably contains terminology to give them permission to do silent updates.
It’s one of those things about legalese: lawyers can always interpret it in a way that allows them to say you agreed.
The concern I have with your question is that you seem to be very distrustful of these silent updates and consider them akin to malware.
Google probably set up silent updates because people don’t update Google Chrome, Google Earth, and other types of Google programs when they should.
Now, I know many people want absolute and ultimate control over their machine. I can understand that. But those people are actually in a very small minority.
In reality, the average consumer doesn’t care. They just want the thing to work. Asking them repeatedly to update is too intrusive and annoying. And if you give them the option to update, it’s too easy for consumers to say no or simply forget and not update their programs.
When an automatic update happens, the average consumer really doesn’t need to be involved. They don’t need to know when it happens, and they aren’t interested in the details.
Automatic updates and malware
The concern that legitimate software updates are akin to malware is, in my opinion, borderline hyperbole. The difference between Google running automatic updates in the background and malware silently doing things in the background is extremely clear.
It’s all about intent.
Google updates its software to become more stable and less vulnerable while adding features.
Malware does it because it intends to do something malicious.
That’s not even close to being the same thing.
Personally, I think background updates are awesome. I love that Chrome is always up to date without having to think about it. I have a few other apps that are starting to do this as well. I don’t even have to click OK; an update just happens. I really appreciate that, and I wish more applications would move to a model like that.
Avoiding automatic updates
If you don’t like background or automatic updates, I suggest you choose software that doesn’t use it. Pick software that forces you to choose and approve every update.
But for most people, having things update or work automatically without having to stop and think about it really is the right solution. As a result, it’s getting harder to keep that absolute control over your machine, as background and automatic updates improve the security and the stability of machines both at the individual level and across the internet.
Ultimately, I think that’s a great thing. Automatic updates and background tasks depend on intent, but I wish more legitimate applications would use them.
20 comments on “Are Silent Background Updates a Good Thing?”
Do you check what is on your page? In the middle of the page that concerns automatic updates, there is a download button for windows 8 drivers. Why isn’t Microsoft the one to allow this download. Could this download allow malware to enter my pc from another type vendor other than Microsoft???
Yes, automatic updates are a great way to stay updated without using my brain. My beef is that the programs do their updates when I am trying to do something on line and all of a sudden I lose half or more of my bandwidth for an unknown time until the update finishes. Sometimes I think two programs pick the same time, and my computer is useless.
One program lets me set the update time and the maximum % of computer that it will use (good work, Microsoft Security Essentials), but my antivirus and others think they are more important than me.
When all auto updaters are as considerate as Microsoft, then I’ll be happy. Until then, the others are malware during the updates.
For the record, I’d be of the opinion that your anti-malware tool updates really are more important. But I do agree with the overall sentiment – updates should be constructed so as to minimize their interference.
I agree with you are saying. The only problem I’ve ever had with any auto updates is Windows Up-date. Specifically the .net up-dates. What a headache when one go south! Thank God for Macrium Reflect! I’ve used this ever since I read your very first news letter. I use the paid version.
I also subscribe to Window Secrets news letter mainly for their “patch Tuesday suggestions. However it can be very confusing! One must almost be an IT expert to understand it. Should I just switch to auto and forget it?
I agree that silent background updates by trusted suppliers are great.
But suppliers I don’t trust all that much, because they want to install their toolbars or worse… I like to keep control over them.
And I really hate the software suppliers who are LOUD and INTERFERING while doing their automatic updates, e.g. by showing an info-box: “X has installed the update; restart the computer now to have the changes take effect.”
Worse: “You must restart the computer now. If you don’t choose it will restart automatically within 10 minutes.” The countdown is running. Imagine my XP installation that takes 2:30 to shut down and 4:10 to start up. Imagine I have about 30 minutes before I must attend a meeting, and I want to finish my work before I go. Imagine I’m working with info from 3 windows, each filled with data I have selected doing queries.
The worst instance was that I had been writing and checking a query for some time, was finally content, grabbed the mouse to hit the “go” button, only to see my click being grabbed by a sudden popup box that wanted my “OK” to RESTART NOW. Of course the “OK” button had focus in that popup. That moment I lost more than a hour’s work. I was so sore I went home. The next morning I cancelled the product and spent a few hours finding a replacement. I hope they have bettered their lives or have gone out of business.
In short: I like automatic silent updates on condition that they:
– don’t interfere with my work and
– don’t assume their update is more important and more urgent than my work.
Manners!
And remember: “Assumption is the mother of all fuckups.”
Leo – I may be in the ”minority” but I think you should try to see the minority point-of-view. Should everyone think the same way? … We want ”control” of this machine that we bought because we bought it for a purpose and it thinks it can have a mind of its own… Some decades ago, imagine, I bought myself a record player and over time gradually acquired a collection of favourite records. Now the machine has decided to declare all ny favourite old songs obsolete and it sends them back to the shop and orders new ones for me – but I don’t want the new ones! They’re not my favourites! Why would anyone buy a record player that does that? It automatically changed the stylus so I can’t play 78s anymore. I can’t alter the volume control while a record is playing, or even stop the record – because the player is ”busy”. I get sent all sorts of records that I didn’t even order, some in very unpleasant looking sleeves. I just wanted a little computer, sorry, record player! I didn’t expect it to become so overcrowded with gadgetry. Like the man who accidentally drove his car into a river last winter – the road was icy. He died because he couldn’t open the electrically controlled windows. (Soon afterwards his wife met the same ice and also drove into the river; she and the two children survived.) We didn’t have these problems with gadgetry in the old days… (Stop the world! It was running along so nicely – and logically and intelligently – until stupid people took control of it. Progress – huh!)
Perhaps ironically I think that advances in the ways that we can access the internet also provide an argument for keeping control of silent background updates, or at the very least the timing of those updates. I have a home PC network (all behind a NAT router and regularly backed up using Acronis – thanks Leo!) and a smartphone, which could just as easily be a tablet or a laptop using the smartphone as a wifi hotspot. At home I have a generous, and inexpensive, data allowance as part of my contract with an ISP; on the move I have a PAYG arrangement for data with the mobile phone company. Now I can connect my smartphone (or tablet or laptop) to the internet at home cheaply via a wireless connection, or I can make use of the more expensive data connection over the 3G network if I’m away from home. The point is that I don’t want any more traffic over the 3G data connection than is absolutely neccessary because it costs, I have my email software set to download headers only for example. So whilst I can see the logic of silent updates protecting us from ourselves I for one would prefer to remain in the driving seat, and I think this may apply to a lot of folk.
Exactly. I pay in the daytime 50 times as much for data transfer than from 0:00 till 6:00. So my updates are planned in the night. No automatic updates.
Theo.
What about programs — like Adobe Flash Player — that will, unless you ‘uncheck’ the box, install toolbars and other unwanted applications? Will a ‘silent background update’ include those things?
Well, that’s not really a background download – that’s foistware, software that is explicitly installed when you installed something else. They may update themselves in the background like other software might, but that’s not the problem – that initial malicious install is.
“The concern that legitimate software updates are akin to malware is, in my opinion, borderline hyperbole.” I don’t see anything borderline about it. For one thing, malware will continue to update itself regardless of what Google does.
In fact, I see the opposite with programs like Java and Flash. They use the opportunity of asking permission to trick people into agreeing to install malware.
Auto updates may net out to a good thing for many users, but there is an implicit trust the application will do so promptly. This is not always the case. For example on two occasions Chrome Beta has taken 4 days to automatically update their embedded Flash to resolve a critical Flash issue. The flip side of the coin is usually the Chrome Beta Flash level is at or higher than the Adobe released version, which nets to Chrome Beta is usually more Flash secure.
The other disadvantage of autoupdate is identifying the program that provided a bad update. When that kind of bug happens, it’s true the application soon knows it and auto updates again as soon as the problem is resolved. If I need the application badly in the interim I like to revert to the old version, but that’s harder to do if the bad update happened automatically. Te best solution is to sign up for an application’s email notification when an update is available, and allow me to go get it when convenient for me. While several applications optionally provide this service, it’s unfortunately a far from universal practice.
In theory auto / background updates are a “good thing” for “the average user”. But in practice, that is only true when the updates work. Even MS has been known to put out “bad” updates.
Then there is the question of whether the update is an improvement. A few years back, MS lost a court case and rather than pay the winner license fees, they issued an update to remove functionality from Office. Functionality that we the consumers PAID MS for ! Recently, MS “updated” the way that the “Office to Go” feature in Office 365 was accessed. Now, many people cannot access the feature that they paid for!
People who have “Office 365” are now on the “auto update” roller coaster. For example, when people “upgraded” to it they found out that the “Picture Manager” program has been “replaced”. It has been “replaced” by a crippled program that is missing most of the functionality present in picture manager. The same thing can happen in the future when Office 365 auto “upgrades” from 2013 to Office Vnext (2015? 2017???). They will have no control over that upgrade. It will just happen and they will have to like it or lump it.
After using a computer for a short while you quickly learn that your number one trouble shooting question is “what has changed” on the computer. Have you installed a new program? Have you “updated” anything (ie Windows Updates)? When you live in an “auto update” world you can’t answer that question. And MS will not provide a good answer to that question for Office 365. They just make changes, publicly announce a few but hide many other changes / “fixes”.
Yes, automatic software updates are a good thing, as most fix bugs or patch security vulnerabilities. And judging from WinPatrol notifications, software updates are pretty much a daily occurrence for those who have a lot of programs installed. Of course the pipeline for updates must be set, as you don’t want your device updating over a data-priced network (e.g., cellular). When I hear of a major security fix for my Windows OS I’ll often run Windows Update immediately, instead of waiting for the Microsoft queue to get to my computer. And the first thing I do after each boot-up, before any browsing, is update my security suite.
My real peeve is the constant escalation of app permissions on smart phones, many of which seem designed for data mining rather than functionality. In a number of cases I’ve simply deleted an app (or, if that’s not possible, stopped using it) and found a well-regarded alternative that wasn’t so nosy. For those who don’t want search provider data mining, consider using Ixquick, a metasearch engine that has a clean interface and doesn’t track or mine data. Their Advanced Search option has powerful filters, including the ability to limit the results to a particular domain like .edu / .org / .gov.
Windows 10 has automatic updates built into it and unless you’re using Windows 10 Pro or Enterprise versions which give you the option of delaying the updates for a certain period.
Windows 10 users might want to look at Spybot Anti-Beacon, while it will not turn off auto updates it will control how much Microsoft is watching you.
Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.
I want comments to be valuable for everyone, including those who come later and take the time to read.
Do you check what is on your page? In the middle of the page that concerns automatic updates, there is a download button for windows 8 drivers. Why isn’t Microsoft the one to allow this download. Could this download allow malware to enter my pc from another type vendor other than Microsoft???
LG….
Get the AdBlock Plus plugin and you won’t be bothered by that ad.
Er…. it’s an advertisement, and Leo doesn’t really have that much control over what the advertisements display.
That’s an advertisement. Please see What’s the difference between an ad and your recommendation?
I’m not a fan of them, but that’s more a testament of my nitpickiness than anything, really
Yes, automatic updates are a great way to stay updated without using my brain. My beef is that the programs do their updates when I am trying to do something on line and all of a sudden I lose half or more of my bandwidth for an unknown time until the update finishes. Sometimes I think two programs pick the same time, and my computer is useless.
One program lets me set the update time and the maximum % of computer that it will use (good work, Microsoft Security Essentials), but my antivirus and others think they are more important than me.
When all auto updaters are as considerate as Microsoft, then I’ll be happy. Until then, the others are malware during the updates.
For the record, I’d be of the opinion that your anti-malware tool updates really are more important. But I do agree with the overall sentiment – updates should be constructed so as to minimize their interference.
I agree with you are saying. The only problem I’ve ever had with any auto updates is Windows Up-date. Specifically the .net up-dates. What a headache when one go south! Thank God for Macrium Reflect! I’ve used this ever since I read your very first news letter. I use the paid version.
I also subscribe to Window Secrets news letter mainly for their “patch Tuesday suggestions. However it can be very confusing! One must almost be an IT expert to understand it. Should I just switch to auto and forget it?
I agree that silent background updates by trusted suppliers are great.
But suppliers I don’t trust all that much, because they want to install their toolbars or worse… I like to keep control over them.
And I really hate the software suppliers who are LOUD and INTERFERING while doing their automatic updates, e.g. by showing an info-box: “X has installed the update; restart the computer now to have the changes take effect.”
Worse: “You must restart the computer now. If you don’t choose it will restart automatically within 10 minutes.” The countdown is running. Imagine my XP installation that takes 2:30 to shut down and 4:10 to start up. Imagine I have about 30 minutes before I must attend a meeting, and I want to finish my work before I go. Imagine I’m working with info from 3 windows, each filled with data I have selected doing queries.
The worst instance was that I had been writing and checking a query for some time, was finally content, grabbed the mouse to hit the “go” button, only to see my click being grabbed by a sudden popup box that wanted my “OK” to RESTART NOW. Of course the “OK” button had focus in that popup. That moment I lost more than a hour’s work. I was so sore I went home. The next morning I cancelled the product and spent a few hours finding a replacement. I hope they have bettered their lives or have gone out of business.
In short: I like automatic silent updates on condition that they:
– don’t interfere with my work and
– don’t assume their update is more important and more urgent than my work.
Manners!
And remember: “Assumption is the mother of all fuckups.”
I have an abort_shutdown.bat file on my desktop with the following line:
C:\WINDOWS\system32\shutdown.exe -a
It works on scheduled shutdown/restart. Not when you already are shutting down. The -a is for the abort.
Theo
Leo – I may be in the ”minority” but I think you should try to see the minority point-of-view. Should everyone think the same way? … We want ”control” of this machine that we bought because we bought it for a purpose and it thinks it can have a mind of its own… Some decades ago, imagine, I bought myself a record player and over time gradually acquired a collection of favourite records. Now the machine has decided to declare all ny favourite old songs obsolete and it sends them back to the shop and orders new ones for me – but I don’t want the new ones! They’re not my favourites! Why would anyone buy a record player that does that? It automatically changed the stylus so I can’t play 78s anymore. I can’t alter the volume control while a record is playing, or even stop the record – because the player is ”busy”. I get sent all sorts of records that I didn’t even order, some in very unpleasant looking sleeves. I just wanted a little computer, sorry, record player! I didn’t expect it to become so overcrowded with gadgetry. Like the man who accidentally drove his car into a river last winter – the road was icy. He died because he couldn’t open the electrically controlled windows. (Soon afterwards his wife met the same ice and also drove into the river; she and the two children survived.) We didn’t have these problems with gadgetry in the old days… (Stop the world! It was running along so nicely – and logically and intelligently – until stupid people took control of it. Progress – huh!)
Perhaps ironically I think that advances in the ways that we can access the internet also provide an argument for keeping control of silent background updates, or at the very least the timing of those updates. I have a home PC network (all behind a NAT router and regularly backed up using Acronis – thanks Leo!) and a smartphone, which could just as easily be a tablet or a laptop using the smartphone as a wifi hotspot. At home I have a generous, and inexpensive, data allowance as part of my contract with an ISP; on the move I have a PAYG arrangement for data with the mobile phone company. Now I can connect my smartphone (or tablet or laptop) to the internet at home cheaply via a wireless connection, or I can make use of the more expensive data connection over the 3G network if I’m away from home. The point is that I don’t want any more traffic over the 3G data connection than is absolutely neccessary because it costs, I have my email software set to download headers only for example. So whilst I can see the logic of silent updates protecting us from ourselves I for one would prefer to remain in the driving seat, and I think this may apply to a lot of folk.
Exactly. I pay in the daytime 50 times as much for data transfer than from 0:00 till 6:00. So my updates are planned in the night. No automatic updates.
Theo.
What about programs — like Adobe Flash Player — that will, unless you ‘uncheck’ the box, install toolbars and other unwanted applications? Will a ‘silent background update’ include those things?
Well, that’s not really a background download – that’s foistware, software that is explicitly installed when you installed something else. They may update themselves in the background like other software might, but that’s not the problem – that initial malicious install is.
“The concern that legitimate software updates are akin to malware is, in my opinion, borderline hyperbole.” I don’t see anything borderline about it. For one thing, malware will continue to update itself regardless of what Google does.
In fact, I see the opposite with programs like Java and Flash. They use the opportunity of asking permission to trick people into agreeing to install malware.
Auto updates may net out to a good thing for many users, but there is an implicit trust the application will do so promptly. This is not always the case. For example on two occasions Chrome Beta has taken 4 days to automatically update their embedded Flash to resolve a critical Flash issue. The flip side of the coin is usually the Chrome Beta Flash level is at or higher than the Adobe released version, which nets to Chrome Beta is usually more Flash secure.
The other disadvantage of autoupdate is identifying the program that provided a bad update. When that kind of bug happens, it’s true the application soon knows it and auto updates again as soon as the problem is resolved. If I need the application badly in the interim I like to revert to the old version, but that’s harder to do if the bad update happened automatically. Te best solution is to sign up for an application’s email notification when an update is available, and allow me to go get it when convenient for me. While several applications optionally provide this service, it’s unfortunately a far from universal practice.
In theory auto / background updates are a “good thing” for “the average user”. But in practice, that is only true when the updates work. Even MS has been known to put out “bad” updates.
Then there is the question of whether the update is an improvement. A few years back, MS lost a court case and rather than pay the winner license fees, they issued an update to remove functionality from Office. Functionality that we the consumers PAID MS for ! Recently, MS “updated” the way that the “Office to Go” feature in Office 365 was accessed. Now, many people cannot access the feature that they paid for!
People who have “Office 365” are now on the “auto update” roller coaster. For example, when people “upgraded” to it they found out that the “Picture Manager” program has been “replaced”. It has been “replaced” by a crippled program that is missing most of the functionality present in picture manager. The same thing can happen in the future when Office 365 auto “upgrades” from 2013 to Office Vnext (2015? 2017???). They will have no control over that upgrade. It will just happen and they will have to like it or lump it.
After using a computer for a short while you quickly learn that your number one trouble shooting question is “what has changed” on the computer. Have you installed a new program? Have you “updated” anything (ie Windows Updates)? When you live in an “auto update” world you can’t answer that question. And MS will not provide a good answer to that question for Office 365. They just make changes, publicly announce a few but hide many other changes / “fixes”.
Yes, automatic software updates are a good thing, as most fix bugs or patch security vulnerabilities. And judging from WinPatrol notifications, software updates are pretty much a daily occurrence for those who have a lot of programs installed. Of course the pipeline for updates must be set, as you don’t want your device updating over a data-priced network (e.g., cellular). When I hear of a major security fix for my Windows OS I’ll often run Windows Update immediately, instead of waiting for the Microsoft queue to get to my computer. And the first thing I do after each boot-up, before any browsing, is update my security suite.
My real peeve is the constant escalation of app permissions on smart phones, many of which seem designed for data mining rather than functionality. In a number of cases I’ve simply deleted an app (or, if that’s not possible, stopped using it) and found a well-regarded alternative that wasn’t so nosy. For those who don’t want search provider data mining, consider using Ixquick, a metasearch engine that has a clean interface and doesn’t track or mine data. Their Advanced Search option has powerful filters, including the ability to limit the results to a particular domain like .edu / .org / .gov.
Leo,
Windows 10 has automatic updates built into it and unless you’re using Windows 10 Pro or Enterprise versions which give you the option of delaying the updates for a certain period.
Windows 10 users might want to look at Spybot Anti-Beacon, while it will not turn off auto updates it will control how much Microsoft is watching you.
Robert