S
Steve
Excerpts from Ed Foster's Gripelog -
===================
It's a depressing irony, but the creep who wrote the Blaster worm may
very well have done Microsoft a tremendous favor. After all, what
better argument could the folks in Redmond have been handed to do what
they've always wanted to do - namely, force users to accept automatic
Windows updates.
Earlier this week, the Washington Post quoted Mike Nash, Microsoft
corporate vice president, as saying the company is "looking very
seriously" at requiring at least home users to have their operating
system automatically updated when Microsoft sends out a fix. Another
Microsoft security official was quoted as saying that having home and
small business users automatically receive and install software fixes
"would help the safety of a lot more customers."
As the Blaster worm demonstrated, what Microsoft is saying is quite
true. Security would most certainly be enhanced if everyone
automatically received the fix when one is available for a known
security hole. But at what cost?
Even if Microsoft's motives were as pure as the driven snow, one price
that would be paid comes from the tendency of Windows updates to break
things. Windows is simply not a robust platform, and it has the added
vulnerability of being used in a multitude of diverse environments
filled with ill-behaved applications and devices.
Few business users choose to install Windows updates now without
carefully testing them first, and the prospect of Microsoft making
changes to the OS on its own would cause a rebellion. No doubt that's
why Microsoft officials for the time being are only talking about
forcing home users and small businesses to get automatic updates.
What could be an even bigger price tag on automatic updates is the
fact that you'd get them whatever Microsoft's motives are in sending
them out. Given the ability to make changes to the software whenever
they please, would Microsoft restrict themselves to only providing
critical security updates? I don't think so, and Microsoft's biggest
fans probably wouldn't either.
Remember, from the day XP was introduced, the Microsoft's license
agreements have given it the right to make automatic updates to the
operating system. So far, Microsoft has kept Windows Updates
voluntary, but Redmond lawyers were planning long ago for the day it
wouldn't be.
Remember also that the type of automatic downloads the EULA language
usually refers to are updates of DRM (Digital Rights Management, or
Digital Restrictions Management, depending on your point of view)
modules in the OS. The ability to instantly put copy protection on any
Windows system whenever it wants would be a dream come true for
Microsoft. Not only could Microsoft then function as the restrictions
manager for its own software, but for other software companies and
eventually perhaps even the movie and recording industries as well.
Automatic Windows updates could therefore lead to all manner of usage
restrictions on a variety of product and services.
As we've all learned from the war on terrorism, security is a funny
thing. The dangers in not having enough security are all too real, but
there are also dangers in letting the need for security overrule all
else. The terrorist who sent out the Blaster worm might have thought
it would harm Microsoft, but its real victims are Windows users who
will have to choose between too much security and too little.
===================
It's a depressing irony, but the creep who wrote the Blaster worm may
very well have done Microsoft a tremendous favor. After all, what
better argument could the folks in Redmond have been handed to do what
they've always wanted to do - namely, force users to accept automatic
Windows updates.
Earlier this week, the Washington Post quoted Mike Nash, Microsoft
corporate vice president, as saying the company is "looking very
seriously" at requiring at least home users to have their operating
system automatically updated when Microsoft sends out a fix. Another
Microsoft security official was quoted as saying that having home and
small business users automatically receive and install software fixes
"would help the safety of a lot more customers."
As the Blaster worm demonstrated, what Microsoft is saying is quite
true. Security would most certainly be enhanced if everyone
automatically received the fix when one is available for a known
security hole. But at what cost?
Even if Microsoft's motives were as pure as the driven snow, one price
that would be paid comes from the tendency of Windows updates to break
things. Windows is simply not a robust platform, and it has the added
vulnerability of being used in a multitude of diverse environments
filled with ill-behaved applications and devices.
Few business users choose to install Windows updates now without
carefully testing them first, and the prospect of Microsoft making
changes to the OS on its own would cause a rebellion. No doubt that's
why Microsoft officials for the time being are only talking about
forcing home users and small businesses to get automatic updates.
What could be an even bigger price tag on automatic updates is the
fact that you'd get them whatever Microsoft's motives are in sending
them out. Given the ability to make changes to the software whenever
they please, would Microsoft restrict themselves to only providing
critical security updates? I don't think so, and Microsoft's biggest
fans probably wouldn't either.
Remember, from the day XP was introduced, the Microsoft's license
agreements have given it the right to make automatic updates to the
operating system. So far, Microsoft has kept Windows Updates
voluntary, but Redmond lawyers were planning long ago for the day it
wouldn't be.
Remember also that the type of automatic downloads the EULA language
usually refers to are updates of DRM (Digital Rights Management, or
Digital Restrictions Management, depending on your point of view)
modules in the OS. The ability to instantly put copy protection on any
Windows system whenever it wants would be a dream come true for
Microsoft. Not only could Microsoft then function as the restrictions
manager for its own software, but for other software companies and
eventually perhaps even the movie and recording industries as well.
Automatic Windows updates could therefore lead to all manner of usage
restrictions on a variety of product and services.
As we've all learned from the war on terrorism, security is a funny
thing. The dangers in not having enough security are all too real, but
there are also dangers in letting the need for security overrule all
else. The terrorist who sent out the Blaster worm might have thought
it would harm Microsoft, but its real victims are Windows users who
will have to choose between too much security and too little.