Latest Post | Last 10 Posts | Archives
Previous Post: What do you want for free? Do users have to pay up to complain?
Next Post: Quick thoughts on the (possible) demise of OpenSolaris
Posted in:
Anyway, I'm sure it's not the end of the world, but it's probably infuriating to many readers nonetheless. Firstly -- to my readers -- I apologize for overlooking this..."feature" of the .NET Framework security update. Secondly -- to Microsoft -- this is a great example of how not to convince people to trust your security updates.Krebs is right: It's not the end of the world. But it seems like a violation of user trust to monkey with a third-party program -- and top it off by making it difficult to remove the extension without editing the Windows Registry. By using the update mechanism to sneak software onto the system, Microsoft is telling security conscious users to be suspicious of updates and to deploy them only after they've been widely vetted, or choose a more trustworthy vendor. As a Linux user, it makes little difference to me what Microsoft does via Windows Update --users on openSUSE and other Linux distros can see exactly what updates will do to their system: Down to the source code, if they choose to take the time. But, failing a source code audit, Microsoft could at least provide a full disclosure of the packages and features modified when a user runs Windows Update. Without that, users should be wary indeed of trusting Microsoft's updates -- and missing a trust relationship for security updates, users should be wary of running Windows in the first place.
posted by Joe Brockmeier
May 31, 2009 @ 6:42 pm
Previous Post: What do you want for free? Do users have to pay up to complain?
Next Post: Quick thoughts on the (possible) demise of OpenSolaris
WordPress Mobile Edition available at alexking.org.
powered by WordPress.
