Helping people with computers... one answer at a time.

Windows Update Automatic will update itself, even if you've turned automatic updates off. How bad a thing is that?

Listen:
Download the mp3

Transcript

This is Leo Notenboom for askleo.info.

Earlier this week the Windows Secrets newsletter broke the news that "Microsoft updates Windows without users' consent". This has a lot of people very upset as they infer the absolute worst from this blunder.

Let's look at what's really happening before we jump to any rash conclusions.

Windows has been shown to update only one very specific part of itself, the Windows Automatic Update component itself, regardless of whether you've elected to enable automatic updates.

That's all.

Yes, it's proof that Microsoft could update anything at any time.

But you know what?

  1. that's nothing new. If you didn't already realize that they could then you haven't been paying attention

  2. they didn't. They updated the updater, nothing more.

Now I could make a case that updating the updater itself is an extremely important scenario and that it should happen regardless of the setting of the automatic update selection. But I won't, because whether this technology should or should not be updated just isn't the issue.

The issue isn't even about whether you "own your own machine" as some have made it out to be. That's a red herring.

The issue here is transparency plain and simple.

There's no reason that this behavior should not have been officially documented somewhere. Anywhere. Microsoft knows that it's under a microscope regarding what's perceived as stealthy, user-UNfriendly behavior. There's simply no excuse for not being transparent about this.

Microsoft should have seen this coming, and prevented it: not by altering the behavior (though to do so with an obscure setting makes sense for several reasons), but simply by documenting "hey, this is what happens, and this is why we think it's important that it does".

Yes, even then the paranoid would still be crying foul, but at least then the discussion would be about the merits of the specific behavior and not about wondering what else Microsoft is doing without telling us.

As I've mentioned before, I know for a fact that Microsoft is full of passionate people who are truly concerned for their user's experience, and are working hard every day to make the best possible product. Yes, sometimes boneheaded mistakes get made, and when you're under the microscope that Microsoft is, they're going to get noticed in a big way.

But as mistakes go, and there's no doubt it was a mistake, the furor about this one is much ado about very little.

I'd love to hear what you think. Visit askleo.info and enter 11845 in the go to article number box to access the show notes, the transcript and to leave me a comment. While you're there, browse over 1,200 technical questions and answers on the site.

Till next time, I'm Leo Notenboom, for askleo.info.

Article C3150 - September 16, 2007 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

10 Comments
Mary
September 16, 2007 7:16 PM

This latest episode of Microsoft employing stealth technology doesn't really surprise me. MS is the same company that decided to question the legitimacy of its users by implementing WGA. Any company that hides things from its customers is suspect in my opinion. I haven't been able to find any comments from Microsoft, either. If it's really just an update to the installer, why all the secrecy? Makes no sense, unless there's something more to it. Conspiracy theories, anyone?

Simon
September 17, 2007 3:22 AM

> If it's really just an update to the installer, why all the secrecy?
> Makes no sense, unless there's something more to it.
> Conspiracy theories, anyone?

Meh. In these sort of situations, I tend to go by Hanlon's razor (http://en.wikipedia.org/wiki/Hanlon's_razor): "Never attribute to malice that which can be adequately explained by stupidity".

I find it far more likely that, say, whoever realised that there was a security hole or whatever in Windows update and coded and pushed out the fix wasn't authorised to post the documentation or something and was defeated by the paperwork required; than that it was all some great conspiracy. It's a huge, badly-managed corporate bureaucracy; as company size increases, the probability of things like this happening tends to 1, and they don't get much bigger than Microsoft.

(Plus, in a company of X hundred thousand employees, eleven levels of management, and a number of anonymous bloggers; exactly how long do you think it would remain a secret if ot *was* a conspiracy?)

Ray
September 17, 2007 3:38 AM

Yes; for two reasons, one personal, one not.

I have a PC with a hard drive that contains nearly 1TB of data. The drive is backed up incrementally once a day, fully every few months. A compressed full backup with verification of the drive contents takes about 48 hours. The PC's OS is Windows XP and the machine is connected to the Internet with automatic updates turned off. (Windows Update is run manually once a week.) Serendipitously, the update in question was applied while a full backup was in progress. The update itself wasn't the issue, it was the automatic restart afterwards. Obviously the backup was corrupted.

On a wider scale, isn't this the update associated with the recent Skype outage? After restarting, so many machines attempted to log on to Skype simultaneously, the servers handling logins crashed. An unintended Microsoft DOS attack? I depend on Skype and was unable to log in for over a day.

(Note on a related and irritating behavior of Windows Update. Even if updates are selected, downloaded, and installed with the user's consent, if an update requires a restart, it's very difficult to postpone. Windows asks if it's OK to restart now and will keep asking every few minutes as long as the responses are negative. Ignoring the question results in a forced restart.)

The whole situation seems arrogant on Microsoft's part.

Ken
September 17, 2007 6:54 AM

If the update to the updater were that critical, why not do it "the right way"? The next time your computer goes for updates (automatic or manual), there is only one update available -- the new updater. Until you have the new updater, no other updates are available.

They've certainly done that in the past, at least with the manual update. The first thing the manual update does is check that you have the latest ActiveX control for the updater. If you don't have it, you don't get updates.

Now, I agree that this is probably stupidity and/or arrogance, rather than malice. But the fact is, there are plenty of corporations and government agencies that don't allow _any_ software to be installed without being checked out first.

While the "only" problem that Ray ran into was a corrupt backup, imagine the possible consequences of a forced reboot on some critical server at the wrong moment. (And the backup servers reboot as well, at the same time, for the same reason.)

Ray
September 18, 2007 4:24 PM

I thought about this some more and decided to add two more cents, the last I promise.

Whenever an entity, be it a government, business, religious group, individual, etc., is given or takes extraordinary powers, those powers are eventuality abused, always, with 100 percent certainly, without exception. The current uproar over warrantless wiretapping is a case in point. While I have no problem with those charged with protecting us listening in on the conversations of terrorists, does anyone doubt that such a precedence can and will be expanded in the future?

Apparently Microsoft gave itself the extraordinary power to modify the operating system of our Windows based PCs without our knowledge or consent. Even though I was detrimentally affected by the recent update, to me the question “Did Microsoft go too far this time?” does not apply to that update, but instead to the revelation that Microsoft has this power at all.

David Cary
September 21, 2007 7:24 PM

While I am a very private person, and don't like spam, viruses, government intrusions, etc., here is what I think about Updating the Updater.

If I have Windows, then I have purchased their system, and trust that they have the best system for my needs and money. And I want them to give me all the free updates to what I have PURCHASED, that they have.

Technology changes faster than women change shoes, so it SEEMS it would go without saying that I wanted to keep up with the latest fixes, patches, and security.

If I did NOT trust Microsoft, which I know could no doubt hack into my computer anytime it wanted, and do anything it wanted, then who can I trust?

Trust. It boils down to TRUST. If Microsoft had proven in the past that it was UNtrustworthy, which it has not, then there would already be legal issues, etc.

There comes a time when we have to trust our policemen, our soldiers, our ministers, our doctors, AND the Big IT guy, Microsoft.

If I truly did not trust Microsoft, then I would block Microsoft's website on my computer, and then I would not have to worry about it.

I do believe they could have sent out emails, bought a few ads, gone on the Tech Talk Shows, etc., and been upfront about what they were going to do, and when, and why. It would have been very wise, and proactive in dealing with the privacy issue.

I do think it has been a lot of blow over something that we more or less BOUGHT when we bought their system, and checked the "I AGREE" box when we bought or installed it. We were SAYING we read it. If someone wants to say they checked the "I AGREE" box, but did not read the fine print, then whose problem is it?
David Cary
Lake Charles, LA.

p.s. I enjoy your emails and articles.

SEH
September 21, 2007 8:22 PM

Leo, I've read your article, and I’ve been scanning the intelligent responses to your comments and the responses to the responses, etc., and am impressed with the thoughts expressed, and the fervor exhibited therein.

However, a comment of yours ("Yes, it's proof that Microsoft could update anything at any time") goes (almost) to the heart of the matter.

If I may, without taking Microsoft’s side (Heaven forbid!), one very small, overlooked fact needs to be pointed out. As I was often told at negotiating tables for a major corporation many times not too long ago...

“It isn’t your software”.

All you purchased when you bought your respective copies of MS software (XP, Office, etc.) was a ‘License to use' on one or more CPUs.

Microsoft holds the ownership rights to the product, and the right to modify it in any manner it sees fit, and update yours in any manner it may see fit.

If anyone wants to challenge this in court, be my guest.

Was the decision to carry out the update of the updater in this manner, unprofessional? Yes. Was there some form of managerial paranoia at work in the back ground here, perhaps. Microsoft’s management might be becoming a little war-weary, and actions like this can begin to ‘slip through the cracks’ in a shell shocked internal decision/risk assessment process.

To any Microsoft employees out there who might read this. If this was a mistake, act internally and demand your management acknowlege it - openly and with sincere apologies. if it wasn't....

Fooled once, shame on me. Fooled twice, shame on you.

I, for one, am not too old to migrate to a competitor's operating system.

Sefu Binta
September 23, 2007 2:24 PM

This is disturbing in the least. I have kept my updater disabled for ever. I have always been a conspiracy theorist and am suspicious about who is greater the govt or Microsoft. Which can access your system when they really wanted to. This seems to be a clue. With all the other losses of freedom, I too may look for a way to make my computer my own.

Bryan
September 24, 2007 6:40 AM

I don't have a problem with Microsoft's updater updating itself. What I really dislike it the whole windows update process. It is much too clumsy and even if you do run updates on a regular basis their updater is upgraded way too often which of course requires that it update itself before you can get in and even see if your PC is up to date. The other thing they could streamline is the two options that are listed when you first get in. I'm talking about the screen that comes up with two buttons labeled "Express" and "Custom" where the button labeled "Express" has the word "Recommended" next to it. How stupid is that... A single work leaves many users of Windows thinking nothing under the "Custom" update section is important enough to worry about or that it doesn't apply to them. Microsoft has forgotten that not every computer user is an expert or has the time to keep up with what Microsoft is up to.

The system needs to be changed to eliminate that first screen and go directly to a page displaying every available update - using a priority scale of some type so users can see what items are highly recommended down to those items that are optional.
The other thing most people don't realize is Microsoft's main priority for running the update site isn't so we will all keep our PCs up to date. That falls secondary to the fact that Microsoft wants a way to keep checking your Windows License to make sure you aren't running stolen software. Many of the updates are available through the support site and are much easier to download and install without going through the Windows Update runaround.
Take a look at Windows Upadate and Vista and it looks like usability is starting to take a back seat to perceived "more important" priorities at Microsoft lately!

vincent
September 28, 2007 7:24 AM

"But as mistakes go, and there's no doubt it was a mistake, the furor about this one is much ado about very little."

Except for the fact that now it seems the update is causing problems for certain XP users who repaired their windows installations.
Read more here: http://blogs.zdnet.com/hardware/?p=817

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.