Microsoft to force Windows updates?

Excerpts from Ed Foster's Gripelog -

===================

It's a depressing irony, but the creep who wrote the Blaster worm may
very well have done Microsoft a tremendous favor. After all, what
better argument could the folks in Redmond have been handed to do what
they've always wanted to do - namely, force users to accept automatic
Windows updates.

Earlier this week, the Washington Post quoted Mike Nash, Microsoft
corporate vice president, as saying the company is "looking very
seriously" at requiring at least home users to have their operating
system automatically updated when Microsoft sends out a fix. Another
Microsoft security official was quoted as saying that having home and
small business users automatically receive and install software fixes
"would help the safety of a lot more customers."

As the Blaster worm demonstrated, what Microsoft is saying is quite
true. Security would most certainly be enhanced if everyone
automatically received the fix when one is available for a known
security hole. But at what cost?

Even if Microsoft's motives were as pure as the driven snow, one price
that would be paid comes from the tendency of Windows updates to break
things. Windows is simply not a robust platform, and it has the added
vulnerability of being used in a multitude of diverse environments
filled with ill-behaved applications and devices.

Few business users choose to install Windows updates now without
carefully testing them first, and the prospect of Microsoft making
changes to the OS on its own would cause a rebellion. No doubt that's
why Microsoft officials for the time being are only talking about
forcing home users and small businesses to get automatic updates.

What could be an even bigger price tag on automatic updates is the
fact that you'd get them whatever Microsoft's motives are in sending
them out. Given the ability to make changes to the software whenever
they please, would Microsoft restrict themselves to only providing
critical security updates? I don't think so, and Microsoft's biggest
fans probably wouldn't either.

Remember, from the day XP was introduced, the Microsoft's license
agreements have given it the right to make automatic updates to the
operating system. So far, Microsoft has kept Windows Updates
voluntary, but Redmond lawyers were planning long ago for the day it
wouldn't be.

Remember also that the type of automatic downloads the EULA language
usually refers to are updates of DRM (Digital Rights Management, or
Digital Restrictions Management, depending on your point of view)
modules in the OS. The ability to instantly put copy protection on any
Windows system whenever it wants would be a dream come true for
Microsoft. Not only could Microsoft then function as the restrictions
manager for its own software, but for other software companies and
eventually perhaps even the movie and recording industries as well.
Automatic Windows updates could therefore lead to all manner of usage
restrictions on a variety of product and services.

As we've all learned from the war on terrorism, security is a funny
thing. The dangers in not having enough security are all too real, but
there are also dangers in letting the need for security overrule all
else. The terrorist who sent out the Blaster worm might have thought
it would harm Microsoft, but its real victims are Windows users who
will have to choose between too much security and too little.

One thing you fail to note. Since this is about security ....

If my OS vendor can change my system at will -- so can anyone else who
chooses to pose as my OS vendor. Wonderful security there ...

Steve wrote:
Excerpts from Ed Foster's Gripelog -

===================

It's a depressing irony, but the creep who wrote the Blaster worm may
very well have done Microsoft a tremendous favor. After all, what
better argument could the folks in Redmond have been handed to do what
they've always wanted to do - namely, force users to accept automatic
Windows updates.

Earlier this week, the Washington Post quoted Mike Nash, Microsoft
corporate vice president, as saying the company is "looking very
seriously" at requiring at least home users to have their operating
system automatically updated when Microsoft sends out a fix. Another
Microsoft security official was quoted as saying that having home and
small business users automatically receive and install software fixes
"would help the safety of a lot more customers."

As the Blaster worm demonstrated, what Microsoft is saying is quite
true. Security would most certainly be enhanced if everyone
automatically received the fix when one is available for a known
security hole. But at what cost?

Even if Microsoft's motives were as pure as the driven snow, one price
that would be paid comes from the tendency of Windows updates to break
things. Windows is simply not a robust platform, and it has the added
vulnerability of being used in a multitude of diverse environments
filled with ill-behaved applications and devices.

Few business users choose to install Windows updates now without
carefully testing them first, and the prospect of Microsoft making
changes to the OS on its own would cause a rebellion. No doubt that's
why Microsoft officials for the time being are only talking about
forcing home users and small businesses to get automatic updates.

What could be an even bigger price tag on automatic updates is the
fact that you'd get them whatever Microsoft's motives are in sending
them out. Given the ability to make changes to the software whenever
they please, would Microsoft restrict themselves to only providing
critical security updates? I don't think so, and Microsoft's biggest
fans probably wouldn't either.

Remember, from the day XP was introduced, the Microsoft's license
agreements have given it the right to make automatic updates to the
operating system. So far, Microsoft has kept Windows Updates
voluntary, but Redmond lawyers were planning long ago for the day it
wouldn't be.

Remember also that the type of automatic downloads the EULA language
usually refers to are updates of DRM (Digital Rights Management, or
Digital Restrictions Management, depending on your point of view)
modules in the OS. The ability to instantly put copy protection on any
Windows system whenever it wants would be a dream come true for
Microsoft. Not only could Microsoft then function as the restrictions
manager for its own software, but for other software companies and
eventually perhaps even the movie and recording industries as well.
Automatic Windows updates could therefore lead to all manner of usage
restrictions on a variety of product and services.

As we've all learned from the war on terrorism, security is a funny
thing. The dangers in not having enough security are all too real, but
there are also dangers in letting the need for security overrule all
else. The terrorist who sent out the Blaster worm might have thought
it would harm Microsoft, but its real victims are Windows users who
will have to choose between too much security and too little.

....and those that didn't install the Security/Critical updates - =
automatically or manually when offered - have now found themselves in =
deep doo-doo. Luckily some of the MS-MVPs - too many to mention - have =
managed to help these poor unfortunates. MS don't make updates =
available just for the sheer Hell of it - not like your posting. I'm =
still trying to find a sensible question in it - or is it a general dig =
at MS - as a lot of postings ATM are - the posters not really knowing =
the 'ins and outs' of a specific problem.

Will

"Steve" wrote in message =
...
=20
Excerpts from Ed Foster's Gripelog -
=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D
=20
It's a depressing irony, but the creep who wrote the Blaster worm may
very well have done Microsoft a tremendous favor. After all, what
better argument could the folks in Redmond have been handed to do what
they've always wanted to do - namely, force users to accept automatic
Windows updates. =20
=20
Earlier this week, the Washington Post quoted Mike Nash, Microsoft
corporate vice president, as saying the company is "looking very
seriously" at requiring at least home users to have their operating
system automatically updated when Microsoft sends out a fix. Another
Microsoft security official was quoted as saying that having home and
small business users automatically receive and install software fixes
"would help the safety of a lot more customers." =20
=20
As the Blaster worm demonstrated, what Microsoft is saying is quite
true. Security would most certainly be enhanced if everyone
automatically received the fix when one is available for a known
security hole. But at what cost? =20
=20
Even if Microsoft's motives were as pure as the driven snow, one price
that would be paid comes from the tendency of Windows updates to break
things. Windows is simply not a robust platform, and it has the added
vulnerability of being used in a multitude of diverse environments
filled with ill-behaved applications and devices.=20
=20
Few business users choose to install Windows updates now without
carefully testing them first, and the prospect of Microsoft making
changes to the OS on its own would cause a rebellion. No doubt that's
why Microsoft officials for the time being are only talking about
forcing home users and small businesses to get automatic updates. =20
=20
What could be an even bigger price tag on automatic updates is the
fact that you'd get them whatever Microsoft's motives are in sending
them out. Given the ability to make changes to the software whenever
they please, would Microsoft restrict themselves to only providing
critical security updates? I don't think so, and Microsoft's biggest
fans probably wouldn't either.=20
=20
Remember, from the day XP was introduced, the Microsoft's license
agreements have given it the right to make automatic updates to the
operating system. So far, Microsoft has kept Windows Updates
voluntary, but Redmond lawyers were planning long ago for the day it
wouldn't be. =20
=20
Remember also that the type of automatic downloads the EULA language
usually refers to are updates of DRM (Digital Rights Management, or
Digital Restrictions Management, depending on your point of view)
modules in the OS. The ability to instantly put copy protection on any
Windows system whenever it wants would be a dream come true for
Microsoft. Not only could Microsoft then function as the restrictions
manager for its own software, but for other software companies and
eventually perhaps even the movie and recording industries as well.
Automatic Windows updates could therefore lead to all manner of usage
restrictions on a variety of product and services. =20
=20
As we've all learned from the war on terrorism, security is a funny
thing. The dangers in not having enough security are all too real, but
there are also dangers in letting the need for security overrule all
else. The terrorist who sent out the Blaster worm might have thought
it would harm Microsoft, but its real victims are Windows users who
will have to choose between too much security and too little. =20
=20
=20


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/2003

A properly firewalled computer in combination with a good ant-virus and a
lot of common sense, is not in dire need of updates.

Testy

"Will Denny" wrote in message
...
....and those that didn't install the Security/Critical updates -
automatically or manually when offered - have now found themselves in deep
doo-doo. Luckily some of the MS-MVPs - too many to mention - have managed
to help these poor unfortunates. MS don't make updates available just for
the sheer Hell of it - not like your posting. I'm still trying to find a
sensible question in it - or is it a general dig at MS - as a lot of
postings ATM are - the posters not really knowing the 'ins and outs' of a
specific problem.

Will



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003

They already have an autoupdate program that keeps you updated.
WAKE UP!

"Steve" wrote in message
...

Excerpts from Ed Foster's Gripelog -

===================

It's a depressing irony, but the creep who wrote the Blaster worm may
very well have done Microsoft a tremendous favor. After all, what
better argument could the folks in Redmond have been handed to do what
they've always wanted to do - namely, force users to accept automatic
Windows updates.

Earlier this week, the Washington Post quoted Mike Nash, Microsoft
corporate vice president, as saying the company is "looking very
seriously" at requiring at least home users to have their operating
system automatically updated when Microsoft sends out a fix. Another
Microsoft security official was quoted as saying that having home and
small business users automatically receive and install software fixes
"would help the safety of a lot more customers."

As the Blaster worm demonstrated, what Microsoft is saying is quite
true. Security would most certainly be enhanced if everyone
automatically received the fix when one is available for a known
security hole. But at what cost?

Even if Microsoft's motives were as pure as the driven snow, one price
that would be paid comes from the tendency of Windows updates to break
things. Windows is simply not a robust platform, and it has the added
vulnerability of being used in a multitude of diverse environments
filled with ill-behaved applications and devices.

Few business users choose to install Windows updates now without
carefully testing them first, and the prospect of Microsoft making
changes to the OS on its own would cause a rebellion. No doubt that's
why Microsoft officials for the time being are only talking about
forcing home users and small businesses to get automatic updates.

What could be an even bigger price tag on automatic updates is the
fact that you'd get them whatever Microsoft's motives are in sending
them out. Given the ability to make changes to the software whenever
they please, would Microsoft restrict themselves to only providing
critical security updates? I don't think so, and Microsoft's biggest
fans probably wouldn't either.

Remember, from the day XP was introduced, the Microsoft's license
agreements have given it the right to make automatic updates to the
operating system. So far, Microsoft has kept Windows Updates
voluntary, but Redmond lawyers were planning long ago for the day it
wouldn't be.

Remember also that the type of automatic downloads the EULA language
usually refers to are updates of DRM (Digital Rights Management, or
Digital Restrictions Management, depending on your point of view)
modules in the OS. The ability to instantly put copy protection on any
Windows system whenever it wants would be a dream come true for
Microsoft. Not only could Microsoft then function as the restrictions
manager for its own software, but for other software companies and
eventually perhaps even the movie and recording industries as well.
Automatic Windows updates could therefore lead to all manner of usage
restrictions on a variety of product and services.

As we've all learned from the war on terrorism, security is a funny
thing. The dangers in not having enough security are all too real, but
there are also dangers in letting the need for security overrule all
else. The terrorist who sent out the Blaster worm might have thought
it would harm Microsoft, but its real victims are Windows users who
will have to choose between too much security and too little.




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003

"Testy" wrote:

A properly firewalled computer in combination with a good ant-virus and a
lot of common sense, is not in dire need of updates.

Thing is, the people most likely to have properly firewalled computers
with good antivirus protection, and who have good common sense in
their computing practices, are also those that, if they use Windows,
are most likely to keep their Windows security/critical updates
up-to-date.

The facts of life are that each time something like msblaster jumps
off, we find the internet hampered by virus-driven traffic because
thousands upon thousands of machines, run by people who should
certainly know better [IOW, not just your Grand-Uncle Ben nor your
Great-Aunt Mary, who barely know how to turn their computer on],
*don't* use protective measures like proper firewalls, up-to-date
virus protection, or taking advantage of MS-provided patches.

I have found that, after a high-degree of initial skepticism and
careful toe-dipping, that using the Auto-update feature of WinXPPro,
properly configured to ask permission both before downloading and then
before installing, to keep current with critical/security updates is
neither sinister, intrusive, nor privacy-compromising. For reasons of
my own, I have not chosen to, nor has auto-update tried to foist on
me, install XP SP1. However, MS has, separately, issued every
critical/security update that was included in SP1. IOW, I've gotten
the crucial stuff without having to deal with fluff before I'm ready
to.

OJ III

"Testy" wrote in news:OJt6jAMaDHA.2344
@TK2MSFTNGP09.phx.gbl:

A properly firewalled computer in combination with a good ant-virus and a
lot of common sense, is not in dire need of updates.

Testy

Absolutely correct and the real issue of the blaster worm was simply that.
Port 135 (RPC) certainly isn't needed nor desired for use in a corporate
environment anyway so why did so many IT managers leave it open? The bulk of
home users who got hit by it were newbies or simply unaware of how their
system was configured. I don't use automatic updates but I do keep my system
up to date. I would rather have something break on my network and spend a day
or two fixing it than spending a week trying find and flush an infection. I
run a firewall in full stealth mode that is intelligent enough to let my
users and me use the services we connect with and reject everything else, I'm
not talking about ZoneAlarm either, I use a Linux system as the Firewall
between myself and the Internet. Common sense is the most important aspect to
good security.

--Shaun

Ogden Johnson III wrote:
The facts of life are that each time something like msblaster jumps
off, we find the internet hampered by virus-driven traffic because
thousands upon thousands of machines, run by people who should
certainly know better [IOW, not just your Grand-Uncle Ben nor your
Great-Aunt Mary, who barely know how to turn their computer on],
*don't* use protective measures like proper firewalls, up-to-date
virus protection, or taking advantage of MS-provided patches.

I agree with you about AV and firewalls. But there's a legitimate
question about the risk/reward ratio in downloading MS patches which
have caused numerous problems in the past. And there are certainly
issues involved in force-feeding patches...

Greetings --

Personally, I prefer John Dvorak's solution: require all computer
owners to get a license.

http://www.pcmag.com/article2/0,4149,1224343,00.asp


Bruce Chambers

--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH


"Steve" wrote in message
...

Excerpts from Ed Foster's Gripelog -

Snipped....

"Steve" wrote in message ...
Ogden Johnson III wrote:
The facts of life are that each time something like msblaster jumps
off, we find the internet hampered by virus-driven traffic because
thousands upon thousands of machines, run by people who should
certainly know better [IOW, not just your Grand-Uncle Ben nor your
Great-Aunt Mary, who barely know how to turn their computer on],
*don't* use protective measures like proper firewalls, up-to-date
virus protection, or taking advantage of MS-provided patches.

I agree with you about AV and firewalls. But there's a legitimate
question about the risk/reward ratio in downloading MS patches which
have caused numerous problems in the past. And there are certainly
issues involved in force-feeding patches...

I spent 4+ years migrating companies from Netware to Windows NT4
and Win2K, and now in the past three years most of my jobs have been
migrating companies from NT4/2K to Linux, BSD and other *nix flavors.
Seems corporate America has finally had enough of the Gates/Ballmer
merry-go-round: constant security problems, forced software audits,
service packs that haven't been properly tested, trying to keep their IT
staffs trained on a half-dozen Windows versions, etc etc.

From what I can see, at least for business/server use the trend is away
from MS and towards open source software. IMO it's a healthy switch.

Rick