Post Blaster, MS floats default auto updates for Windows

It's an ill Win... d'oh


Never happier than when making things compulsory, Microsoft is floating the notion of making home versions of Windows download and install software updates automatically by default. You'll be able to switch it off, of course (for a while), but the joy of shipping things to home users is that most of them leave the system's default settings as is, either because they don't know any different or because (grief) they trust software vendors.

Seamless, auto-updating without user intervention is something that Microsoft has wanted for a long time, as The Reg has frequently pointed out, sometimes without even using words like "evil", "bunch of" and "control-freaks". But it's not something the company has been able to achieve in the past, and the last serious flotation of the notion, at the time of XP's rollout, engendered significant adverse reaction to the possibility of Microsoft 'controlling' your machine.

But that was then, and this is now. The Blaster plague of boils ripped through the user base, and Microsoft's security people are now suggesting that customers want their systems to update automatically. We have a healthy disrespect for that old Microsoft marketing catch-all, "customer demand", but we're inclined to trust the security mob a tad more than the rest, so maybe some customers do want it. Not that we entirely grasp why they don't just switch the bleeding thing on then, if they do.

The slightly higher trustworthy rating of the security people is not however reflected elsewhere in The Beast's command structure, which brings us why you don't want this to happen, reason number one. You'll note the Washington Post's report gives Microsoft's justification of XP SP1 control-freak licence as a 'clarification' of the company's "ability to verify product information and provide accurate updates." Whoever told them this black lie has a trustworthiness rating somewhere south of duplicitous snake; any security implications of the new licence terms were merely a happy side-effect of Microsoft's paving the road to DRM.

There's a clear tension here, in that the security side of MS is pushing to secure Windows from a relatively genuine perspective, while the bean-counter driven side of the company is pushing ROI. The efforts of the latter frequently undermine the ability of the former to achieve their goal, by maintaining the essentially untrustworthy status of the company, and you can never be sure whether, or to what extent, the latter are overruling the former.

It may however be that you're confident that all your software, including all of the entertainment content of your system, is legal, and you fully agree that Microsoft has a right to audit you, and to install patches to keep your/their software secure. Do you then trust Microsoft to automatically download and install those patches without asking you first?

Next reason - of course you don't. Microsoft has a long and inglorious record of producing updates that break more things than they fix, patches cause unexpected failures of other software components, and some updates (thank you, Redmond Duplicitious Snake Division) switch off useful old stuff that somebody in there wants you to stop using. Do you honestly believe that anybody within Microsoft responsible for producing patches is going to wager their grandemother's life on their latest effort not breaking anything? Of course you don't, so they don't entirely trust themselves either.

Which brings us on to a reason for Microsoft not going the whole way initially. It's currently just about conceivable that Microsoft could clean up its security update operation to the extent where they largely did what they said on the tin, and where breakages were largely isolated and minor, and to be fair this is mostly the case already. But it's not when it comes to more general updates, and sane souls within Microsoft will point to the potential PR disaster of crippling ten of millions of machines in one night and argue for the procedure to be ringfenced at security updates. Personal security updates.

But doing that properly isn't just a matter of Microsoft solemnly binding itself to security, and promising not to happily ski down the slippery slope at some point in the future when it thinks the coast is clear. We've heard from Solomon Binding in the past, and don't trust him either. We're probably talking about a free-standing security update system here, nothing to do with Windows Update, nothing to do with shotgun licence changes and nothing to with Microsoft's financial security. And - here's a novel one - it ought to be accompanied by a sort of green kryptonite licence, where rather than establishing its rights over you and the software it turns out you only thought you bought, Microsoft establishes rights for, and makes guarantees to, you.

Nah, couldn't happen. And even if it did we probably wouldn't trust them anyway. But we're like that. ®


Other stories you might like

  • Despite global uncertainty, $500m hit doesn't rattle Nvidia execs
    CEO acknowledges impact of war, pandemic but says fundamentals ‘are really good’

    Nvidia is expecting a $500 million hit to its global datacenter and consumer business in the second quarter due to COVID lockdowns in China and Russia's invasion of Ukraine. Despite those and other macroeconomic concerns, executives are still optimistic about future prospects.

    "The full impact and duration of the war in Ukraine and COVID lockdowns in China is difficult to predict. However, the impact of our technology and our market opportunities remain unchanged," said Jensen Huang, Nvidia's CEO and co-founder, during the company's first-quarter earnings call.

    Those two statements might sound a little contradictory, including to some investors, particularly following the stock selloff yesterday after concerns over Russia and China prompted Nvidia to issue lower-than-expected guidance for second-quarter revenue.

    Continue reading
  • Another AI supercomputer from HPE: Champollion lands in France
    That's the second in a week following similar system in Munich also aimed at researchers

    HPE is lifting the lid on a new AI supercomputer – the second this week – aimed at building and training larger machine learning models to underpin research.

    Based at HPE's Center of Excellence in Grenoble, France, the new supercomputer is to be named Champollion after the French scholar who made advances in deciphering Egyptian hieroglyphs in the 19th century. It was built in partnership with Nvidia using AMD-based Apollo computer nodes fitted with Nvidia's A100 GPUs.

    Champollion brings together HPC and purpose-built AI technologies to train machine learning models at scale and unlock results faster, HPE said. HPE already provides HPC and AI resources from its Grenoble facilities for customers, and the broader research community to access, and said it plans to provide access to Champollion for scientists and engineers globally to accelerate testing of their AI models and research.

    Continue reading
  • Workday nearly doubles losses as waves of deals pushed back
    Figures disappoint analysts as SaaSy HR and finance application vendor navigates economic uncertainty

    HR and finance application vendor Workday's CEO, Aneel Bhusri, confirmed deal wins expected for the three-month period ending April 30 were being pushed back until later in 2022.

    The SaaS company boss was speaking as Workday recorded an operating loss of $72.8 million in its first quarter [PDF] of fiscal '23, nearly double the $38.3 million loss recorded for the same period a year earlier. Workday also saw revenue increase to $1.43 billion in the period, up 22 percent year-on-year.

    However, the company increased its revenue guidance for the full financial year. It said revenues would be between $5.537 billion and $5.557 billion, an increase of 22 percent on earlier estimates.

    Continue reading

Biting the hand that feeds IT © 1998–2022