Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Did Microsoft go too far this time?

Windows Update Automatic will update itself, even if you’ve turned automatic updates off. How bad a thing is that?

Become a Patron of Ask Leo! and go ad-free!


Transcript

This is Leo Notenboom for askleo.info.

Earlier this week the Windows Secrets newsletter broke the news that
Microsoft updates Windows without users’ consent“. This has
a lot of people very upset as they infer the absolute worst from this
blunder.

Let’s look at what’s really happening before we jump to any rash
conclusions.

Windows has been shown to update only one very specific part of itself, the
Windows Automatic Update component itself, regardless of whether you’ve elected
to enable automatic updates.

That’s all.

Yes, it’s proof that Microsoft could update anything at any
time.

But you know what?

  1. that’s nothing new. If you didn’t already realize that they could then you
    haven’t been paying attention

  2. they didn’t. They updated the updater, nothing more.

Now I could make a case that updating the updater itself is an extremely
important scenario and that it should happen regardless of the setting
of the automatic update selection. But I won’t, because whether this technology
should or should not be updated just isn’t the issue.

The issue isn’t even about whether you “own your own machine” as some have
made it out to be. That’s a red herring.

The issue here is transparency plain and simple.

There’s no reason that this behavior should not have been officially
documented somewhere. Anywhere. Microsoft knows that it’s under a
microscope regarding what’s perceived as stealthy, user-UNfriendly behavior.
There’s simply no excuse for not being transparent about this.

Microsoft should have seen this coming, and prevented it: not by altering
the behavior (though to do so with an obscure setting makes sense for several
reasons), but simply by documenting “hey, this is what happens, and this is why
we think it’s important that it does”.

Yes, even then the paranoid would still be crying foul, but at least then
the discussion would be about the merits of the specific behavior and not
about wondering what else Microsoft is doing without telling us.

As I’ve mentioned before, I know for a fact that Microsoft is full of
passionate people who are truly concerned for their user’s experience, and are
working hard every day to make the best possible product. Yes, sometimes
boneheaded mistakes get
made, and when you’re under the microscope that Microsoft is, they’re going to
get noticed in a big way.

But as mistakes go, and there’s no doubt it was a mistake, the furor about
this one is much ado about very little.

I’d love to hear what you think. Visit askleo.info and enter 11845 in the go
to article number box to access the show notes, the transcript and to leave me
a comment. While you’re there, browse over 1,200 technical questions and
answers on the site.

Till next time, I’m Leo Notenboom, for askleo.info.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

8 comments on “Did Microsoft go too far this time?”

  1. This latest episode of Microsoft employing stealth technology doesn’t really surprise me. MS is the same company that decided to question the legitimacy of its users by implementing WGA. Any company that hides things from its customers is suspect in my opinion. I haven’t been able to find any comments from Microsoft, either. If it’s really just an update to the installer, why all the secrecy? Makes no sense, unless there’s something more to it. Conspiracy theories, anyone?

    Reply
  2. > If it’s really just an update to the installer, why all the secrecy?
    > Makes no sense, unless there’s something more to it.
    > Conspiracy theories, anyone?

    Meh. In these sort of situations, I tend to go by Hanlon’s razor (http://en.wikipedia.org/wiki/Hanlon's_razor): “Never attribute to malice that which can be adequately explained by stupidity”.

    I find it far more likely that, say, whoever realised that there was a security hole or whatever in Windows update and coded and pushed out the fix wasn’t authorised to post the documentation or something and was defeated by the paperwork required; than that it was all some great conspiracy. It’s a huge, badly-managed corporate bureaucracy; as company size increases, the probability of things like this happening tends to 1, and they don’t get much bigger than Microsoft.

    (Plus, in a company of X hundred thousand employees, eleven levels of management, and a number of anonymous bloggers; exactly how long do you think it would remain a secret if ot *was* a conspiracy?)

    Reply
  3. Yes; for two reasons, one personal, one not.

    I have a PC with a hard drive that contains nearly 1TB of data. The drive is backed up incrementally once a day, fully every few months. A compressed full backup with verification of the drive contents takes about 48 hours. The PC’s OS is Windows XP and the machine is connected to the Internet with automatic updates turned off. (Windows Update is run manually once a week.) Serendipitously, the update in question was applied while a full backup was in progress. The update itself wasn’t the issue, it was the automatic restart afterwards. Obviously the backup was corrupted.

    On a wider scale, isn’t this the update associated with the recent Skype outage? After restarting, so many machines attempted to log on to Skype simultaneously, the servers handling logins crashed. An unintended Microsoft DOS attack? I depend on Skype and was unable to log in for over a day.

    (Note on a related and irritating behavior of Windows Update. Even if updates are selected, downloaded, and installed with the user’s consent, if an update requires a restart, it’s very difficult to postpone. Windows asks if it’s OK to restart now and will keep asking every few minutes as long as the responses are negative. Ignoring the question results in a forced restart.)

    The whole situation seems arrogant on Microsoft’s part.

    Reply
  4. If the update to the updater were that critical, why not do it “the right way”? The next time your computer goes for updates (automatic or manual), there is only one update available — the new updater. Until you have the new updater, no other updates are available.

    They’ve certainly done that in the past, at least with the manual update. The first thing the manual update does is check that you have the latest ActiveX control for the updater. If you don’t have it, you don’t get updates.

    Now, I agree that this is probably stupidity and/or arrogance, rather than malice. But the fact is, there are plenty of corporations and government agencies that don’t allow _any_ software to be installed without being checked out first.

    While the “only” problem that Ray ran into was a corrupt backup, imagine the possible consequences of a forced reboot on some critical server at the wrong moment. (And the backup servers reboot as well, at the same time, for the same reason.)

    Reply
  5. While I am a very private person, and don’t like spam, viruses, government intrusions, etc., here is what I think about Updating the Updater.

    If I have Windows, then I have purchased their system, and trust that they have the best system for my needs and money. And I want them to give me all the free updates to what I have PURCHASED, that they have.

    Technology changes faster than women change shoes, so it SEEMS it would go without saying that I wanted to keep up with the latest fixes, patches, and security.

    If I did NOT trust Microsoft, which I know could no doubt hack into my computer anytime it wanted, and do anything it wanted, then who can I trust?

    Trust. It boils down to TRUST. If Microsoft had proven in the past that it was UNtrustworthy, which it has not, then there would already be legal issues, etc.

    There comes a time when we have to trust our policemen, our soldiers, our ministers, our doctors, AND the Big IT guy, Microsoft.

    If I truly did not trust Microsoft, then I would block Microsoft’s website on my computer, and then I would not have to worry about it.

    I do believe they could have sent out emails, bought a few ads, gone on the Tech Talk Shows, etc., and been upfront about what they were going to do, and when, and why. It would have been very wise, and proactive in dealing with the privacy issue.

    I do think it has been a lot of blow over something that we more or less BOUGHT when we bought their system, and checked the “I AGREE” box when we bought or installed it. We were SAYING we read it. If someone wants to say they checked the “I AGREE” box, but did not read the fine print, then whose problem is it?
    David Cary
    Lake Charles, LA.

    p.s. I enjoy your emails and articles.

    Reply
  6. This is disturbing in the least. I have kept my updater disabled for ever. I have always been a conspiracy theorist and am suspicious about who is greater the govt or Microsoft. Which can access your system when they really wanted to. This seems to be a clue. With all the other losses of freedom, I too may look for a way to make my computer my own.

    Reply
  7. I don’t have a problem with Microsoft’s updater updating itself. What I really dislike it the whole windows update process. It is much too clumsy and even if you do run updates on a regular basis their updater is upgraded way too often which of course requires that it update itself before you can get in and even see if your PC is up to date. The other thing they could streamline is the two options that are listed when you first get in. I’m talking about the screen that comes up with two buttons labeled “Express” and “Custom” where the button labeled “Express” has the word “Recommended” next to it. How stupid is that… A single work leaves many users of Windows thinking nothing under the “Custom” update section is important enough to worry about or that it doesn’t apply to them. Microsoft has forgotten that not every computer user is an expert or has the time to keep up with what Microsoft is up to.

    The system needs to be changed to eliminate that first screen and go directly to a page displaying every available update – using a priority scale of some type so users can see what items are highly recommended down to those items that are optional.
    The other thing most people don’t realize is Microsoft’s main priority for running the update site isn’t so we will all keep our PCs up to date. That falls secondary to the fact that Microsoft wants a way to keep checking your Windows License to make sure you aren’t running stolen software. Many of the updates are available through the support site and are much easier to download and install without going through the Windows Update runaround.
    Take a look at Windows Upadate and Vista and it looks like usability is starting to take a back seat to perceived “more important” priorities at Microsoft lately!

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.