'Hidden' update button

[Guest]

I can't find any comment about this (maybe I've been looking in the wrong
places), but I can't find any discussion of the update button.

It seems odd that it's so hidden away, lurking behind the 'about' button,
which seems a distinctly non-intuitive place to expect to find it. It's an
important button, (I use it most days), and if there's anyone out there
reading this stuff, I'd like to place my request for a nice fat update button
stuck boldly on the main page.

 

[Tom Emmelot]

Hi Alan,

no need for it is on automatic update, so check for updates is no need for.

Regards >*< TOM >*<

Alan D schreef:

 

[Guest]

no need for it is on automatic update, so check for updates is no need for.

Regards >*< TOM >*<

Well, I see that Tom, and thanks for the suggestion. But even so, just
before doing a scan, I like to check for updates. Also, Defender is still
very much a beta and I've already encountered issues with it, and I want to
check what it does myself because I don't really trust it yet. I don't feel
ready to rely on its automatic updating.

 

[Guest]

Hello Alan,

Windows Defender definitions have come out, on average, slightly more
frequently than once a week (Tuesday &Thuerday)--most frequently, once a week.

Suggest you set Automatic Updates to: Download updates for me, but let
me choose when to install them. You can check/change these settings from
the Automatic Updates tab from the System control panel ªpplet

 

[robin]

I disagree because alot have automatic updates shut off and like to do
manual updates for their OS, so a clearn update button would be a help.
robin

 

[Guest]

Defender has been designed to perform its duties as quietly as possible in
the background, only requiring the users interaction in cases where a human
decision is required. This includes updating, since having millions of users
constantly pushing the 'Update' button quickly becomes a Denial of Service
situation for the update servers.

For these reasons, the update button was purposefully hidden away so only
those really looking would ever find it. The most interesting thing is that
even if you click the button, it simply invokes a request to the Windows
Update process to perform an update check when time is available. It also
locks out the update button until the current request completes and the About
dialog box is closed and re-opened.

So as you can see, this is a purposeful choice and not likely to change,
though you can argue about it to your hearts content. Much of how Defender is
designed seems counter-intuitive to the average user who wants to be 'in
control'. However, in cases such as this the user isn't 'always right', so
decisions have been made based upon the realities of what's best for
protection of the user and the community as a whole.

Eventually, as the real bugs are worked out and everything just starts to
work as it should, most users will forget that Defender even exists, until it
pops up to notify them something has happened. This is exactly the purpose
and promise of computers, which are meant to do the work for you, not the
other way around.

Bitman

 

[Guest]

:
alot have automatic updates shut off and like to do

manual updates for their OS, so a clearn update button would be a help.

I'm kind of on Robin's side of the fence here, although the real problem is
that there is so much conflicting advice on offer. I've read so many
recommendations to turn off automatic updates and do it manually that I've
tended to go with that. So I've set Windows to notify me when updates are
available; then I check what it is that's on offer, and try to decide what to
download and when.

Judging from what Bitman says, however, it sounds as though the manual
update button on Defender isn't really what it seems to be - so my perception
of trying to regain an element of control is an illusion!

 

[Guest]

So you can understand better why the Windows Updates (WU) and Automatic
Updates (AU) are involved, I'll explain a bit further.

First, Windows Updates have been replaced by Microsoft Updates (MU), which
adds the ability to perform MS Office Updates on client PCs. Automatic
Updates are simply the automation of these manual (WU & MU) systems combined
with the ability to perform an automatic system reboot at a preset time.

Hidden behind all of these systems are the Background Intelligent Transfer
System (BITS) and Windows Installer 3.1 services, which actually perform the
download and installation of updates. These are key services, because they
allow the detection, transfer, and installation of updates to occur even when
a 'Limited User Account' with no Administrator privileges is logged in, or in
fact when no one is logged in at all.

Scary what that button is allowing you to request, isn't it? But the idea
that you've ever really got control of the software in your PC is always an
illusion, exactly because everything in a computer is an illusion, absolutely
none of it is 'real', but rather a representation of reality. It would be
extremely simple to create a program that appeared on the surface to be
performing as you request, while in the background is performing an entirely
different operation. It is only the trust that has been built by your use of
Windows that causes you to believe that 'What You See Is What You Get'.

This is simply a brief overview of how this update system works and ignores
the actual technical details, so you can see how far removed you really are
from understanding its inner workings. It should, however, impress upon you
the level of technical sophistication built into the systems Microsoft has
created to protect you and help you realize that those deriding these systems
are usually hacks at best and malware purveyors at worst.

As for 'deciding' which updates to download and when, by what criteria do
you make this determination? Who has been making these recommendations, and
by what criteria are they determining what to tell you to download and when?
This entire situation is grounded in the potential for failures within
updates, but what can you really do to predict, prevent, or resolve such
issues if they should occur?

This is one of the many fallacies found in the state of the art of computing
today. That an individual can really know and protect himself from such
problems within the complex systems that Windows Operating Systems have
become. However, with the fact that many critical updates are released to fix
issues which are either already well known to malware writers or will have
'Zero-Day' exploits written to take advantage of them, it's risky to wait to
install them simply on the chance they might fail. The probability of a
failure of a particular update on your PC is generally far less than the
chance that your PC may be attacked using one of the exploits it's designed
to prevent, and grows quickly with time.

The only people benefited by not keeping your PC as current with updates as
possible are those attempting to gain control of it for their own purposes.

Bitman

 

[Guest]

The only people benefited by not keeping your PC as current with updates as
possible are those attempting to gain control of it for their own purposes.

Thanks. Yes, I see this. And I also appreciate the scariness helplessness of
the situation you describe, which I agree makes it kind of absurd to insist
on asserting the little bit of control that I have.

Nevertheless, when I'm working I've always found it disconcerting,
distracting, and even slightly panic-inducing, whenever Windows pops up a
flag telling me to install some updates it's just downloaded automatically. I
feel more at ease with my present arrangement, which merely notifies me that
there are some updates available - and I can mentally register that fact, and
then go and sort it out at a more convenient time (which is usually very soon
afterwards - just not this moment now). What you're telling me is that this
is a psychological issue, not a genuine computer issue ..... and I guess I
have to agree.

 

[robin]

i agree with some of your points about not keeping the computer updated with
security updates but some of them you really do not need depending on your
situation.
For example: if you Never plan to network and there is a security patch for
those who network you really do not need this patch. If you ever decide to
network then you can always install the patch if needed.
You really only need the critical security patches, the important or
moderate ones are really only if you are experiencing problems or have
nothing better to do and you decide to install those too and then you need
to just "pray".
Also alot of these updates as we have seen in the past cause major problems
on some computers and alot like to wait and see what others are experiencing
before they update.

Also it is better to update one at a time and check out your system and make
sure everything is working before you go and put on another one. When you
put all of them on at once by letting "automatic updates" do it you have no
idea which one might have caused your problem especially if you just
installed "13" of them.
One of my clients installed the one update that involves the Windows
Explorer one and after he rebooted it hosed his whole network and all his
icons disappeared. Luckily he only did this one, imagine if he did all 13 at
once, now that would have been a headache uninstalling each one to see which
one did this. We had to call Microsoft to get this fixed, none of the
online suggestions worked.

That is why there should be a visible button to do an update so you can
decide to just update for WD at that time and wait a day or two for others.
There will be no earthquake if you wait a day or too before doing the rest
especially if you have a firewall going, antivirus software and
spyware/malware software.
robin

 

[Guest]

That is why there should be a visible button to do an update so you can
decide to just update for WD at that time and wait a day or two for others.
There will be no earthquake if you wait a day or too before doing the rest
especially if you have a firewall going, antivirus software and
spyware/malware software.

The whole of your post explained, far better than I'd managed to do, why I
feel it's best to keep whatever limited control I can. One update at a time
seems like eminent sense to me, and it also seems to feel safer to do it that
way. Thanks Robin.

 

[Guest]

If your PCs are Internet attached, any update related to networking whether
LAN or WAN can increase remote attack risk, so by implication it would need
to be installed.

Though the basic idea of one update a day seems sound, this implies that the
13 updates you mentioned would take a minimum of 13 days to install. The
probability that exploits would be in the wild two weeks after release is
quite high and this assumes you remember and maintain this pace. As long as
Critical Updates occur first, however, it does mitigate much of the risk.

Allowing the updates to download and waiting to install at a quieter time
really does make sense, but even recent issues with some updates on some PCs
have taken weeks to be published, so the risk of infection is still much
higher if you wait for this kind of response. Few make the kind of commitment
required to check for such information anyway, so for most it's simply better
to install as soon as possible, or it will simply be forgotten. Many home PC
techs I've discussed this with have often found users with dozens of
uninstalled updates waiting, even with indicators flashing in the
Notification Tray, which are my major concern.

Note that you mentioned your customer had to contact Microsoft to resolve
the situation, which is likely going to happen either way, since small
numbers of failures (hundreds) will almost always occur in any update
scenario. It generally requires failures in the thousands to consider the
re-release of an update, since there are 100s of millions performing them.
Even testing on a 'standard' customer PC may not protect from this, since
many issues are specific to certain combinations of software or hardware, as
some recent issues were.

I'm not saying you shouldn't be cautious and consider the timing of updates,
even those for Defender. However, in the case of Defender definitions, any
issues should appear quite obviously related to Defender operations and could
be easily mitigated temporarily by simply disabling either the individual
detection or Defender itself.

Nothing in the discussions here has made any sort of case for making the
manual Update button more visible. This is a personal decision and not
required since Defender will automatically perform an update check at regular
intervals including when a Dial-Up connection occurs or if selected, just
before a Scheduled Scan on any persistent Internet connection. Selecting
'Check for Updates' only requires three clicks from within the main Defender
GUI anyway.

Bitman

 

[robin]

you have your opinion I have mine but a button more visible to allow you
to update manually would be easier for "newbies" who are more causious on
what they put on their machines or even those experienced users. and I would
rather do one a day and find no problems then do 13 at once and find now my
computer is close to dead or worse and it takes me days to figure out which
one caused the problem and how to fix it.

robin

 

[JRosenfeld]

you have your opinion I have mine but a button more visible to
allow you to update manually would be easier for "newbies" who are
more causious on what they put on their machines or even those
experienced users. and I would rather do one a day and find no
problems then do 13 at once and find now my computer is close to dead
or worse and it takes me days to figure out which one caused the
problem and how to fix it.
robin

Since WD uses Windows Update, If you use manual update for your OS (as I
do), it's actually easier to go directly to Windows update, choose Express,
it will show when there is a WD update available. I don't find any need for
an additional way to update from within WD.

 

[Guest]

robin wrote: a button more visible to

:
I don't find any need for

an additional way to update from within WD.

Well, I definitely qualify for a 'newbie' badge. And my experience tells me
that in many pieces of software there are a thousand ways of ticking the
wrong box or pressing the wrong button so that I occasionally end up in a
mess and disable something crucial or enable something best left alone. I
check and double check, but sometimes it's really hard to be sure I've done
it right.

Now the whole ethos of Defender, as I understood it, is to make it
unobtrusive and very easy to use so that it doesn't keep asking me questions
I can't answer about things I don't know anything about. Great. I don't trust
it much yet, but eventually I may - so great. But I (and I suspect millions
of dimwits like me) have no difficulty in understanding a big fat button that
says 'Check for updates', and if it's there, I will click it often, and I
will KNOW my definitions are current.

Of course there will be thousands of clever and knowledgeable people who'd
find it unnecessary, but whether the button is there or not will simply make
no difference to them. I just want to say that it would make a difference to
me.

 

[Guest]

Actually, this is exactly the pointless waste of time that Microsoft is
attempting to avoid teaching another generation of newbies. There is
absolutely no reason that anyone should ever be required to press an
'updates' button again, since that's what the computer is there for in the
first place, to do the work. Obviously though this will be an uphill battle,
at least until a stable finished version of Defender has been available for a
few months. Reversing the tendencies of the anal-retentives and paranoids (I
include myself here) will be even worse.

The only way to make this happen will be to make it more difficult to access
the button then it's worth, so eventually most will simply give up. Beginning
to get the picture here?

Much of what has existed in the world of Windows in general and antimalware
in particular has been developed for geeks, the anal-retentives I mentioned
above. This was fine a few years ago when they were the primary users of
computers, but that's changed drastically over the last few years. Now, most
computer users are regular people who don't spend their lives worrying about
their computer's performance or protection, they simply want it to work!
Anitmalware is some of the worst, most difficult to understand and use
software that exists, precisely because it was designed for and by
techno-geeks.

Defender, along with Internet Explorer 7 and Windows Live OneCare (AV,
Firewall, backup and maintenance) were designed for these regular users. That
this isn't appreciated by the techno-geeks is an understatement, which the
complaints here and in the other related forums has shown. However, like the
executives at Microsoft who gave the initial order to make security simple,
many can see that this is exactly what must happen to make computers safe and
useful for the masses.

Along the way, much will be learned about what's really the best balance of
simplicty and ability and how to allow the addition of 'features' without
confusing the beginner. The tendency in the past was to add whatever a few
asked for, which obviosuly hasn't worked, so making these decisions based on
much tougher criteria is now an assumption.

For security products I believe the criteria are simple; does the added
feature really do anything to improve security or does it simply add
complexity, which always results in a reduction of true security? Based on
this criteria, the less buttons and features the better, as long as required
functions are supported. Since Automatic Updates, the preferred operating
mode, requires no button for updates, there's no need to have one easily
available. Making it available in a slightly less visible location allows
those who wish to 'force' an update for troubleshooting and other purposes an
available workaround.

Like the last few years were an agony of malware. the next couple will be an
agony of simplification. Though it will be painful, the value of the
resulting improvements will eventually lead to a better experience for
everyone, especially children and other newbies who require the most
protection and simplicity of use. Eventually, I believe we'll see the
application of something like an artifical intelligence that will be able to
assess your skill level and based on that and other criteria, tune the
interface to your abilities and preferences. First, however, we must set the
base line.

Bitman

 

[Guest]

Actually, this is exactly the pointless waste of time that Microsoft is
attempting to avoid teaching another generation of newbies. There is
absolutely no reason that anyone should ever be required to press an
'updates' button again, since that's what the computer is there for in the
first place, to do the work. Obviously though this will be an uphill battle,
at least until a stable finished version of Defender has been available for a
few months.

Well, we're going in circles now, so I'll drop out of this discussion. What
you say is very desirable, but you also say yourself that we don't yet have a
stable version of Defender. Frankly, I do not trust it yet, nor do I trust
myself to have established all the correct settings. An update button, as I
said in my earlier post, may well appear to be a pointless waste of time to
you, but it isn't to me, given the present state of Defender and my own state
of uncertainty.

Some of this stuff is very, very difficult to deal with. I have hardly any
grasp of what's going on, but I do know I've already had issues with Defender
that make me extremely uneasy about simply trusting that it knows best. I've
disabled its real time protection. for example. I want to give feedback on
this forum about what would have made it easier for me. And I want an update
button. Maybe not for ever; but here and now, I do.

 

[robin]

at this point, I would not put it on my clients computers unless all the
bugs are out of it.
Most of my clients are beginners and if something went wrong they would be
calling me and if i was not available at the time they would have a canary.
I still think the many System Restore points it sets needs to be fixed.
I can just see a client of mine screwing something up and I have to system
restore him back a month and find there is no system restore point to go
back to. that is not a good thing.
I have WD on two xp pro sp2 computers. One is setting restore points 3-4x a
day.
The other is setting them 1x a day.
Both totally different cpus
one is 4 yrs old that is the one it is setting them at 4x a day
1 is 6wks old- that is the one at 1x a day
sure i can go into the registry and make the fix but even I who is a bit
more knowledgable then most do not want to mess around with the registry and
most ppl would not even think to go look at system restore to see if it is
setting check points.
WD is suppose to be for all types of folkes from newbies to experineced,
like most spyware programs are built out there. None of them are setting
restore points 3+ a day. In fact Ewido which I have as one of mine, never
sets a check point.

After seeing all the bugs listed in here, and I have had a few of them
myself (yes I used advice in here to fix it) MS really needs to address
these issues or no one one will keep WD or download it and when it comes out
on Vista if it still has all these bugs, people will just shut it off or
uninstall it.
robin

 

[Joe Faulhaber[MSFT]]

Howdy all,

We're going to change this button, based on your feedback. In future UI
(we're testing it now), there is a menu item under "Help options" that says
"Check for updates". So it's not a prominent button, but far easier to
find than buried on help->about. You'll have to click the little arrow to
the side of the help icon to get there.

Further, in the next version of the WD UI, there's three phases of error in
the definition update cycle - detecting for new definitions, downloading
them, and installing them. We're learning that there's unique problems in
each phase, so this should help quite a bit. We're also doing all the
backend fixes we can to get signatures out smoothly, it's getting much
better, but it's not there yet. Because if we can't get you signatures,
what's the point, right?

But please do turn on automatic updates at home - the bad guys love to
reverse engineer our security patches.

Thanks for trying Windows Defender,
Joe

 

[Guest]

We're going to change this button, based on your feedback. In future UI
(we're testing it now), there is a menu item under "Help options" that says
"Check for updates". So it's not a prominent button, but far easier to
find than buried on help->about. You'll have to click the little arrow to
the side of the help icon to get there.

That's good news. First, because it's a good compromise; and second, because
we get feedback and can see someone is reading this stuff! Thank you! (In
which regard, some Microsoft comment about those zillions of Defender
checkpoints would be very, very helpful.)

the bad guys love to reverse engineer our security patches.

If someone could explain this I'd be grateful.