October 15th, 2007
What's really broken with Windows Update - Trust
On Friday I posted briefly about yet another potential problem with Windows Update (my ZDNet blogging colleague Mary Jo Foley covered the issue in greater detail here and here). Initial investigations of PCs at the PC Doc HQ 
have turned up no leads but I have discovered something else that broken about Microsoft Windows Update mechanism - trust.
The overall impression that I get as someone who deals directly with the company is that Microsoft believes that it is right and anyone making a fuss is ultimately wrongSee, here’s the problem. To feel comfortable with having an open channel that allows your OS to be updated at the whim of a third party (even/especially* Microsoft … * delete as applicable) requires that the user trusts the third party not to screw around with the system in question. This means no fiddling on the sly, being clear about what the updates do and trying not to release updates that hose systems. While any and all updates have the potential to hose a system, there’s no excuse for hiding the true nature of updates and absolutely no excuse for pushing sneaky updates down the tubes. Over the months vigilant Windows users have caught Microsoft betraying user trust on several separate occasions and this behavior is eroding customer confidence in the entire update mechanism.
I have no doubt that an automatic update mechanism is an important feature of any modern operating system. Windows isn’t alone in having this kind of mechanism - both Mac OS X and Linux distros ship with similar features. Having the ability to automatically push critical security updates to vulnerable PCs keeps us all that little bit safer. Problem is, each time an incident that erodes confidence in the mechanism is reported, more people decide to pull the plug on updates and decide that it’s better to take their chances against the hackers and cyber criminals. This is a bad thing all round.
What bothers me more than the specific issues themselves is the attitude that Microsoft seems to take to reported issues. The overall impression that I get as someone who deals directly with the company is that Microsoft believes that it is right and anyone making a fuss is ultimately wrong. This doesn’t give me any confidence that the message that change is needed has been received and understood. I’ve had reassurances that there will be greater transparency in future, but I’ve yet to see any progress made here. Let’s have a little less conversation and a little more action people.
Some people feel that stealth updates and pushing WGA to users under the guise of a security update is paving the way for all sorts of nasty and restrictive DRM mechanisms to be pushed down the system. While I personally don’t take this view, it’s easy to see where these extreme ideas come from.
Personally, given the critical role that Windows Update plays in keeping the Windows ecosystem safer, I think it’s time for someone to come forward and claim responsibility for the mechanism, what’s pushed through it and how this is done. Something needs to be done to rebuild user confidence in the system.
Thoughts?
Adrian is a technology journalist and author who has devoted over a decade to helping users get the most from technology. He also runs a popular blog called The PC Doctor. See his full profile and disclosure of his industry affiliations
Want to get in touch? Got a tip? Feel free to drop me a note! I ALWAYS respect anonymity. I'm also on Twitter (@the_pc_doc)
Right to Reply: Should any industry representatives wish to comment on any posts on Hardware 2.0, I will be happy to publish their reply verbatim on this blog.
Subscribe to Hardware 2.0 via Email alerts or RSS.
