And thereby leaving millions of unpatched machines vulnerable. We just went through that with Android. No thanks. I think a more reasonable answer lies in Microsoft taking a better/different approach to Q/A.
It used to work fine pre-Win-10 where they gave you the updates and let you install them when the time was right for you. This stubborn obsession with the idea that no sane user could possibly have anything more critical in their life than installing whatever code comes out of your hands instantly is just nuts.
pre-Win-10, Windows was also considered the most bug-infested zombie-farm around.
idea that no sane user could possibly have anything more critical in their life than installing whatever code comes out
The problem is when you examine user behavior, they inexplicably seem to have something more critical than installing updates, 24/7/365. Which is how bot farms begin.
They need to give you the choice on whether to update or not. If you choose not to they should just maybe give you a warning on every launch and leave it at that.
Afaik you can still configure it this way in Pro and higher skews using the group policy editor. And it's not like they didn't try the "asking the user" thing before. It's just that many users will happily keep dismissing any kind of warning that doesn't immediatly make their computer stop working forever. That's just no longer something that's acceptable for a machine connected to the internet.
We're talking about herd immunity from viruses here. Imagine that there were a new deadly pandemic every few days. Should a human being, at that point, be allowed (by the social norms of their society, by law, whatever) to refuse to receive once-daily "vaccination updates"?
Here’s maybe a less-fraught analogy: say you have an autonomous car. Assume that the car’s autonomous-driving algorithms prevent it from hitting a person or another car no matter who’s driving, but don’t prevent it from, say, knocking down a telephone pole, or colliding with one of the support posts holding up a bridge.
Now, do you have the right to own and drive this autonomous car around on public roads, if you’ve modified the car to be an “open server” where anyone can anonymously connect to it from anywhere on the Internet and drive it around?
And, if not, then what’s the difference between that modification, and knowingly driving the car when it has an unpatched vulnerability allowing people to do the same?
And if you find that there is no difference, then what’s the difference between a vulnerable car that can DDoS physical infrastructure, and a vulnerable PC that can DDoS virtual infrastructure?
The missing part of your analogy is that in a safety-critical scenario like that, there's no way that the update to the car would be delivered alongside a change to make the UI go dark at night or a completely-rewritten version of the entertainment system. The second something went wrong with such a bundled update, the manufacturer would be annihilated by regulators around the world and/or by a collapse in consumer confidence.
MS could deliver security updates separately to feature changes but chooses not to.
The Tragedy of the Commons is that well-publicised incidents like this (and the trend of updates to consumer software, supposedly under the guise of enhancing security, to bring about significant changes in appearance and behaviour) make people less, not more, inclined to defer updates to all software with the result that developers feel the urge to strong-arm users into updating.
This is a completely disingenuous analogy. While both cases do involve a tragedy of the commons, in the autonomous vehicle example there is an additional immediate and severe risk of bodily injury or death to a human.
The only justifiable reason for updates to be forced in the example with the vehicle is the physical danger that could otherwise result, and that simply doesn't exist in the example with the home computer. To my mind, the line of thinking you are engaging in here is a perfect example of the rampant authoritarianism that seems to be so rife in the computer security community these days.
That's a ridiculous analogy. What if vaccines really did have a high probability of causing autism? Would you still argue that they should be mandatory?
How about if there not only was no FDA approval process for the vaccines, but the pharma company itself didn't bother testing them?
Because that's Windows Update in a nutshell. Every couple of months somebody breaks into my house in the middle of the night, even though I locked my doors and windows and posted a no-trespassing sign, and pokes me with a needle... and I'm supposed to just sit there and take it in the name of "security."
Two separate issues: if you first agree that herd immunity from an infinite stream of "zero-day pandemics" would require daily vaccinations, then you would turn around and demand that there be laws about what these vaccinations must be composed of, and how they be tested, to de-risk them as much as possible.
Imagine what the FDA already does, and then imagine that they were verifying a drug that would be given to every person in the country. There'd be a crazy strenuous verification system for that.
Imagine what the FDA already does, and then imagine that they were verifying a drug that would be given to every person in the country. There'd be a crazy strenuous verification system for that.
And that's a big part of the problem. Not only is there no 'FDA' to test these patches -- nor should there be -- but the manufacturer evidently doesn't test them either. They fired their QA personnel a few years ago, so that's now our (unpaid) job as users.
Even worse, there are some indications that this particular bug was discovered and reported by insider program members and actively ignored by the company.
Windows Update is apparently the team where Microsoft employs their B- and C-level players and managers. That's not OK. If you're going to insert yourself forcefully into everyone's critical path, you'd better know what you're doing.
I remember a memorable comment here that went something like "Windows updates are like vaccinations that have a high chance of making you blind, grow an extra ear, or turn your skin green."
Besides, if you look at what sorts of vulnerabilities they're actually patching, the majority of them require local access anyway; remotely-exploitable-by-default ones (fortunately) tend to be few and far between.
The point of herd immunity is to protect people that can't be vaccinated. Even if you would force people to be immunized, it wouldn't be necessary to apply the same to computers. Vulnerable computers can't rely on herd immunity, and you'll have botnets whether or not updates are mandatory.
I was alive and working in the dark ages where the majority of the world did not patch their OS, and we should not be clamoring to go back just because occassionally the the light hurts our eyes.
I'm much happier in a world where only those that put in the effort to research how to block updates and then go through the steps can do so. They are much more likely to encounter info on how they should really think about what they are doing, and whether there are alternatives or partial solutions that achieve most their needs without being as extreme.
Please don't ruin the little bit of herd immunity we've built up.
How does that solve the issue described in the comment you're replying to? Are you comfortable leaving potentially critical remote vulnerabilities exposed for a whole month?
While you can argue it might be nice to have the option to keep the older backup, it’s also kind of a handy feature that I can restore to latest OS and not have to spend time installing updates myself, my data conveniently seeded into the latest software.
At any rate, iCloud is not “backup” in the traditional sense, it’s really “cloud sync” for user data. In that context it’s not really surprising that connecting a new device to iCloud and restoring pulls the newer OS version, given you never really backed up the OS data at any point.
