September 13, 2007

Microsoft Updating Without Permission: When No Doesn't Mean No!

Greetings. Back in June of last year when I revealed that Windows XP was "secretly phoning home" as part of its Windows Genuine Advantage anti-piracy system, there was considerable furor.

A key question raised in that case was, "Whose computer is this really, anyhow?" That is, who has the right to ultimately control operations on a system -- the owner of the computer itself, or a software vender?

Unfortunately, it appears that Microsoft has not fully internalized the lessons of that controversy. Reports have been coming in that Microsoft Windows Automatic Updates (under XP and Vista) has been discovered to be updating its own components, irrespective of users' configuration settings requiring notification and manual confirmation before installation of any Microsoft-generated changes.

More specifically, if you are an ordinary user of Windows "Automatic Updates" (reportedly most large enterprise distribution configurations are immune to this issue), and have chosen the option that you do not want any updates installed without your specific pre-inspection and permission being granted first, updates to Windows Updates itself will still occur without your permission, and without your being notified that the activity has taken place. That is, it's a "stealth" installation.

The only sure way for most users to prevent these actions is to not run Windows Automatic Updates in any form, regardless of its option settings, and despite Windows aggressively urging you to re-enable this functionality.

Microsoft has just now blogged their explanation for this behavior, amounting to (in my words): "We believe that the updates in question are so important that we need to install them regardless of what user option settings actually were set in Automatic Updates."

This is utterly unacceptable. If there are crucial updates, and an Automatic Updates user has specified manual control over which updates get installed, the responsible course isn't to sneak the updates in under the radar "because they're important" -- even if they truly are crucial.

The proper procedure is to notify the user -- with big warnings in no uncertain terms as necessary -- that this is a key update, but you still allow the user to make the final decisions regarding installations as per their option settings.

This isn't a matter of paranoia or over-protectiveness. In many environments, there are major security, privacy, and legal concerns that impact the appropriateness of all software updating. While it could be argued that the best course for concerned users would be to not run Windows Automatic Updates at all, this is not always practicable. If nothing else, users must have confidence that the options they set regarding update installations apply to 100% of updates, in all situations and cases.

In a phone conversation with a Microsoft official about this issue earlier today, I got the strong impression that they genuinely believed that this update policy was in the best interests of users and the overall reliability of the Windows updating environment. I have no reason whatsoever to doubt their honesty in this regard, but as I pointed out then, good intentions, however laudable, must not be allowed override users' specified security, privacy, or other policy settings. If nothing else, "stealth" updates sow the seeds of doubt and feed conspiracy theories and larger concerns -- something that's in nobody's best interests.

Ultimately, this is really pretty simple. There are guys in orange jumpsuits serving hard time for not understanding what "no" meant in their personal lives, even though they thought that they knew what was best for a relationship late one night. Similar erroneous reasoning could apply to the software world as well, with comparably negative results.

No really does mean no. If users have indicated that they want to approve all updates before installation, this must be honored, in all situations. Don't try to slide a few things in via the backdoor just because you figure that they're important enough to override users' choices. Those computers are owned by the users, not by the software vendors, nor by Web sites or Web services for that matter.

Users must be able to maintain complete control of their systems if they (wisely) choose to do so. Rationalizations and associated operations that attempt to bypass such controls are unacceptable, potentially dangerous, and cannot be tolerated.

--Lauren--

Posted by Lauren at September 13, 2007 01:55 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein