Microsoft to force Windows updates?

[Steve]

Excerpts from Ed Foster's Gripelog -

===================

It's a depressing irony, but the creep who wrote the Blaster worm may
very well have done Microsoft a tremendous favor. After all, what
better argument could the folks in Redmond have been handed to do what
they've always wanted to do - namely, force users to accept automatic
Windows updates.

Earlier this week, the Washington Post quoted Mike Nash, Microsoft
corporate vice president, as saying the company is "looking very
seriously" at requiring at least home users to have their operating
system automatically updated when Microsoft sends out a fix. Another
Microsoft security official was quoted as saying that having home and
small business users automatically receive and install software fixes
"would help the safety of a lot more customers."

As the Blaster worm demonstrated, what Microsoft is saying is quite
true. Security would most certainly be enhanced if everyone
automatically received the fix when one is available for a known
security hole. But at what cost?

Even if Microsoft's motives were as pure as the driven snow, one price
that would be paid comes from the tendency of Windows updates to break
things. Windows is simply not a robust platform, and it has the added
vulnerability of being used in a multitude of diverse environments
filled with ill-behaved applications and devices.

Few business users choose to install Windows updates now without
carefully testing them first, and the prospect of Microsoft making
changes to the OS on its own would cause a rebellion. No doubt that's
why Microsoft officials for the time being are only talking about
forcing home users and small businesses to get automatic updates.

What could be an even bigger price tag on automatic updates is the
fact that you'd get them whatever Microsoft's motives are in sending
them out. Given the ability to make changes to the software whenever
they please, would Microsoft restrict themselves to only providing
critical security updates? I don't think so, and Microsoft's biggest
fans probably wouldn't either.

Remember, from the day XP was introduced, the Microsoft's license
agreements have given it the right to make automatic updates to the
operating system. So far, Microsoft has kept Windows Updates
voluntary, but Redmond lawyers were planning long ago for the day it
wouldn't be.

Remember also that the type of automatic downloads the EULA language
usually refers to are updates of DRM (Digital Rights Management, or
Digital Restrictions Management, depending on your point of view)
modules in the OS. The ability to instantly put copy protection on any
Windows system whenever it wants would be a dream come true for
Microsoft. Not only could Microsoft then function as the restrictions
manager for its own software, but for other software companies and
eventually perhaps even the movie and recording industries as well.
Automatic Windows updates could therefore lead to all manner of usage
restrictions on a variety of product and services.

As we've all learned from the war on terrorism, security is a funny
thing. The dangers in not having enough security are all too real, but
there are also dangers in letting the need for security overrule all
else. The terrorist who sent out the Blaster worm might have thought
it would harm Microsoft, but its real victims are Windows users who
will have to choose between too much security and too little.

 

[Jerry Park]

One thing you fail to note. Since this is about security ....

If my OS vendor can change my system at will -- so can anyone else who
chooses to pose as my OS vendor. Wonderful security there ...

 

[Will Denny]

....and those that didn't install the Security/Critical updates - automatically or manually when offered - have now found themselves in deep doo-doo. Luckily some of the MS-MVPs - too many to mention - have managed to help these poor unfortunates. MS don't make updates available just for the sheer Hell of it - not like your posting. I'm still trying to find a sensible question in it - or is it a general dig at MS - as a lot of postings ATM are - the posters not really knowing the 'ins and outs' of a specific problem.

Will

 

[Testy]

A properly firewalled computer in combination with a good ant-virus and a
lot of common sense, is not in dire need of updates.

Testy

....and those that didn't install the Security/Critical updates -
automatically or manually when offered - have now found themselves in deep
doo-doo. Luckily some of the MS-MVPs - too many to mention - have managed
to help these poor unfortunates. MS don't make updates available just for
the sheer Hell of it - not like your posting. I'm still trying to find a
sensible question in it - or is it a general dig at MS - as a lot of
postings ATM are - the posters not really knowing the 'ins and outs' of a
specific problem.

Will

 

[BananaPannaPoe]

They already have an autoupdate program that keeps you updated.
WAKE UP!

 

[Ogden Johnson III]

A properly firewalled computer in combination with a good ant-virus and a
lot of common sense, is not in dire need of updates.

Thing is, the people most likely to have properly firewalled computers
with good antivirus protection, and who have good common sense in
their computing practices, are also those that, if they use Windows,
are most likely to keep their Windows security/critical updates
up-to-date.

The facts of life are that each time something like msblaster jumps
off, we find the internet hampered by virus-driven traffic because
thousands upon thousands of machines, run by people who should
certainly know better [IOW, not just your Grand-Uncle Ben nor your
Great-Aunt Mary, who barely know how to turn their computer on],
*don't* use protective measures like proper firewalls, up-to-date
virus protection, or taking advantage of MS-provided patches.

I have found that, after a high-degree of initial skepticism and
careful toe-dipping, that using the Auto-update feature of WinXPPro,
properly configured to ask permission both before downloading and then
before installing, to keep current with critical/security updates is
neither sinister, intrusive, nor privacy-compromising. For reasons of
my own, I have not chosen to, nor has auto-update tried to foist on
me, install XP SP1. However, MS has, separately, issued every
critical/security update that was included in SP1. IOW, I've gotten
the crucial stuff without having to deal with fluff before I'm ready
to.

OJ III

 

[helmsman]

Excerpts from Ed Foster's Gripelog -
===================
It's a depressing irony, but the creep who wrote the Blaster worm may
very well have done Microsoft a tremendous favor.

Maybe it's time to dump this crap and get a Mac. It may also be time
to treat the terrorists like terrorists before they take out a nuke
plant and execute them.

After all, what
better argument could the folks in Redmond have been handed to do what
they've always wanted to do - namely, force users to accept automatic
Windows updates.

Every one of these bug, worms goes after M$. My next machine WILL be a
Mac! Fact.

 

[Shaun Marolf]

A properly firewalled computer in combination with a good ant-virus and a
lot of common sense, is not in dire need of updates.

Testy

Absolutely correct and the real issue of the blaster worm was simply that.
Port 135 (RPC) certainly isn't needed nor desired for use in a corporate
environment anyway so why did so many IT managers leave it open? The bulk of
home users who got hit by it were newbies or simply unaware of how their
system was configured. I don't use automatic updates but I do keep my system
up to date. I would rather have something break on my network and spend a day
or two fixing it than spending a week trying find and flush an infection. I
run a firewall in full stealth mode that is intelligent enough to let my
users and me use the services we connect with and reject everything else, I'm
not talking about ZoneAlarm either, I use a Linux system as the Firewall
between myself and the Internet. Common sense is the most important aspect to
good security.

--Shaun

 

[Steve]

The facts of life are that each time something like msblaster jumps
off, we find the internet hampered by virus-driven traffic because
thousands upon thousands of machines, run by people who should
certainly know better [IOW, not just your Grand-Uncle Ben nor your
Great-Aunt Mary, who barely know how to turn their computer on],
*don't* use protective measures like proper firewalls, up-to-date
virus protection, or taking advantage of MS-provided patches.

I agree with you about AV and firewalls. But there's a legitimate
question about the risk/reward ratio in downloading MS patches which
have caused numerous problems in the past. And there are certainly
issues involved in force-feeding patches...

 

[Bruce Chambers]

Greetings --

Personally, I prefer John Dvorak's solution: require all computer
owners to get a license.

http://www.pcmag.com/article2/0,4149,1224343,00.asp


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

Excerpts from Ed Foster's Gripelog -

Snipped....

 

[Rick]

The facts of life are that each time something like msblaster jumps
off, we find the internet hampered by virus-driven traffic because
thousands upon thousands of machines, run by people who should
certainly know better [IOW, not just your Grand-Uncle Ben nor your
Great-Aunt Mary, who barely know how to turn their computer on],
*don't* use protective measures like proper firewalls, up-to-date
virus protection, or taking advantage of MS-provided patches.

I agree with you about AV and firewalls. But there's a legitimate
question about the risk/reward ratio in downloading MS patches which
have caused numerous problems in the past. And there are certainly
issues involved in force-feeding patches...

I spent 4+ years migrating companies from Netware to Windows NT4
and Win2K, and now in the past three years most of my jobs have been
migrating companies from NT4/2K to Linux, BSD and other *nix flavors.
Seems corporate America has finally had enough of the Gates/Ballmer
merry-go-round: constant security problems, forced software audits,
service packs that haven't been properly tested, trying to keep their IT
staffs trained on a half-dozen Windows versions, etc etc.

From what I can see, at least for business/server use the trend is away
from MS and towards open source software. IMO it's a healthy switch.

Rick

 

[Will Denny]

Hi Bruce

Does that mean if one person owns 4 PCs only one license is needed? A bit heavy on 'National Security' - I thought.

Will

 

[Tim Miser]

They already have an autoupdate program that keeps you updated.
WAKE UP!

Maybe YOU should wake up. The article is about forcing automatic updates.
The current system of automatic updates is optional and can easily be turned
off.

-Tim

 

[Tim Miser]

....and those that didn't install the Security/Critical updates -
automatically or manually when offered - have now found themselves in deep
doo-doo. Luckily some of the MS-MVPs - too many to mention - have managed
to help these poor unfortunates. MS don't make updates available just for
the sheer Hell of it - not like your posting. I'm still trying to find a
sensible question in it - or is it a general dig at MS - as a lot of
postings ATM are - the posters not really knowing the 'ins and outs' of a
specific problem.

Will

---

I think part of the issue is that when XP was released, it was touted as the
most secure OS ever. Arguably, that has not been true. However, if you
ever do a clean install of XP before applying the updates, time how long it
takes XP to start up, and then time how long it takes IE to start up. Then
install the updates and see the huge difference in the speed of your system.
It really is sad to see those updates make such a huge negative impact in
your system performance because if not for this issue, I would be all in
favor of these updates.

-Tim

 

[Will Denny]

What the heck is that going to solve? It's not the machine, it's the OS.
Why dump the hardware when there's nothing wrong with it? You can always
switch to linux if you feel that strongly about this issue. -Dave

Linux - that 'OS' is a bigger laugh than my mother-in-law 'passing wind' into a trombone.

Will

 

[PCyr]

See Below...

--
Check out http://www.kellys-korner-xp.com for amazing tweaks and fixes

Member of "Newsgroups are for everyone" (Perdita X. Twitt is a
self-appointed, self-righteous, ruthless, bitchy net-cop too!)

Email address is fake to prevent SPAM.
Real email address is pcyr2000 AT hotmail DOT com
Change the obvious to the obvious.
------------------

Maybe it's time to dump this crap and get a Mac.

Macs are very user-friendly, and very secure. But they are very pricey, and
of no use to power users. Plus, most software isn't written for mac. And
you can't configure them as much, hardware and software.

It may also be time
to treat the terrorists like terrorists before they take out a nuke
plant and execute them.

I'm glad you don't make the decisions. I hate terrorists, but we can't go
around killing people. Lock them up, and throw away the key. Of course,
this is a very conterversial issue, so let's not get into that.
It's their choice wheather to update or not. That statement is just
ignorant. Plus, Updates are there for a reason. My computer ran smoother
after installing SP1

Every one of these bug, worms goes after M$. My next machine WILL be a
Mac! Fact.

Good for you. As well, they go after Windows because they were written for
windows. Why? Because most people use Windows, so it'll infect more
people.

And if Apple is sooo great, then why does MS have to give them money to keep
them in business.

 

[PCyr]

Big issue. The fact is, just like with counterfeit money, people find ways
to get around the security issues.

--
Check out http://www.kellys-korner-xp.com for amazing tweaks and fixes

Member of "Newsgroups are for everyone" (Perdita X. Twitt is a
self-appointed, self-righteous, ruthless, bitchy net-cop too!)

Email address is fake to prevent SPAM.
Real email address is pcyr2000 AT hotmail DOT com
Change the obvious to the obvious.
------------------

 

[Mike Mueller]

Hi Will,
You should have 1 license per OS family. If you have an
ME license, you automatically are licensed for 98 & 95.
You don't a license to drive a car, only if you drive on the
streets. Same applies here; you can own and use a computer,
just need a license if you network.

Mike



: Hi Bruce
:
: Does that mean if one person owns 4 PCs only one license
: is needed? A bit heavy on 'National Security' - I
: thought.
:
: Will
:
: message :: Greetings --
::
:: Personally, I prefer John Dvorak's solution:
:: require all computer
:: owners to get a license.
::
:: http://www.pcmag.com/article2/0,4149,1224343,00.asp

 

[kurttrail]

Linux - that 'OS' is a bigger laugh than my mother-in-law 'passing
wind' into a trombone.

That's why even MS uses Akamai Linux servers to protect their web site
from DoS attacks! LOL!

I guess MS is protecting their web site with your mother-in-law's farts!

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.kurttrail.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"

 

[kurttrail]

Hi

All users have a 'License' to use XP (or one version of
Windows) - they don't own that copy of XP ( or any
other version of Windows).

"'Copies' are material objects, other than phonorecords, in which a work
is fixed by any method now known or later developed, and from which the
work can be perceived, reproduced, or otherwise communicated, either
directly or with the aid of a machine or device. The term 'copies'
includes the material object, other than a phonorecord, in which the
work is first fixed." - http://www4.law.cornell.edu/uscode/17/101.html

Maybe Will needs to take a look at Copyright Law!

When I passed my
driving test - I could drive any car, not just the one
that I passed my driving test in - case scenario?

What state was that in? The state of confusion?!

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.kurttrail.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"