it's the day after the second Tuesday of the month. I know that the
second Tuesday of each month is now Windows critical updates day.
However, I know that I am safe because I have the automatic update
setting turned on.
Of course, I wasn't safe and here are ten reasons why the Windows
Update process (which is very laudable) will drive even the most
diligent and well-intentioned Microsft customers to hurl epithets
1. The Windows Update URL Could Be Just a Little Easier to Find.
I love this. Like anyone else who uses the Internet on a regular basis,
I know that I should always be able to find the Windows Update (or at
least be redirected to it) by typing in http://www.windows.com or
http://www.microsoft.com/windows/. No one can memorize the actual URL
for Windows Update. In fact, if you want to choose a strong,
uncrackable password, there are few better choices that the URL for
Windows Update. Put it in your Favorites? Ha-ha-ha. No website in the
history of the Internet has ever changed URLs of pages more often and
with fewer redirectors than Microsoft.com. Finally, how about keeping
the link to Windows Update in a prominent place where I can find it
instead of moving it around all the time? I know the page looked
different a couple of days ago. Why not keep it like it is today?
2. How about Making “Automatic” mean Automatic? If I turn
on Automatic Updates, shouldn't I be safe in assuming that when I
connected to the Internet last night and this morning the updates would
be loaded and installed? Here's a suggestion: make the Automatic Update
at least as persistent as the damn Windows Messenger, which one again
has return to haunt me after I thought I tracked it down and finally
got it out of my startup menu. The Windows Messenger team might talk
with the Windows Update team and share some tips.
3. Inconvenience Me for Using Good Security Settings. Ready
to get started? Oops, need to give permission for an ActiveX control to
run. I wouldn't have to be inconvenienced if I took a more risky
approach to security. Here's an idea: inconvenience the people who
don't use good security practices, not the ones who do. Suggestion:
make it really easy to find and set up a setting that will permit only
the Windows Update Active X controls to run without a prompt.
4. A 3.8 Megabyte Download? Does nayone really wonder why so
many home users are running unpatched versions of Windows. Memo to
Microsoft: either provide broadband with the purchase of Windows or
make patches available in formats that are friendly to dial-up users.
As many people have pointed out recently, a visit to your parents often
involves installing Windows updates and other security updates. Has
anyone calculated how long it takes on a dial-up line to download all
Windows XP critical updates?
5. Adding Insult to Injury – the Five Minute Installation.
The updates(s) are downloaded and the installation begins. All but the
foolhardy wait for the installation to complete before doing anything
else. I have a reasonably fast computer and the installation took
roughly five minutes.
6. Don't Let Me Walk Away and Do Something Else. Three times
ZoneAlarm asked permission to allow what seemed to be the same program
to access the Internet, even though I checked the “remember this
setting” box. Nothing more fun than walking away for a short break and
then finding that the installation process has barely begun when you
return because you needed to give a permission or check a box in a
7. Make Me Reboot. I knew it was coming, but I remained an
optimist. Great choices: close up everything that I've been working on
or continuing to work in an unsafe OS.
8. Make Me Feel Like You Are Punishing Me For Delaying the Reboot.
I really do know that these two things are probably unrelated, but why
did I lose a blog post I was working on (admittedly I should know
better than this) when IE would not connect to the Internet when I
tried to save the post right after I chose not to reboot immediately?
Why is FireFox not the answer? 1. As best as I can tell FireFox's
pop-up blocking or something else keeps me from using the formatting
and URL buttons in Movable Type. 2. You can try to run Windows Update
through a browser other than IE – I'll watch. In fact, I did try it and
the page would not display.
9. Don't Give Me Any Reassurances. The reason I chose not to
reboot was because I was afraid something wacky might have happened
when I did. How about a little message that says “update successful and
everything is working great” that promptly displays when I reboot?
10. Microsoft Isn't the Only One. I actually like many
things Microsoft does and take some criticism because I do. My beef is
that they continue to make it too difficult to be a good customer. I
have a whole list of others I could pick on, but they didn't make me
lose a blog post today. It's not really fair to criticize FireFox yet
on “customer service” issues, but jeez Louise there is a lot of work
that needs to be done before that's a 1.0 product. McAfee – thank you
for setting up your updates so I can't download them directly from your
site with either IE or FireFox even when I turn off pop-up blockers
like you tell me. There are others – you know who you are.
Look, here's my point of view. Microsoft works hard on fixing
security problems. That's a good thing. I'd like to be happy in the
Microsft desktop world because, well, because that's where I happen to
be. The last project I feel like taking on now is a full conversion out
of the Microsoft world. I'm not sure anyone is ready yet to see how the
Open Source model will work for security patches when Open Source apps
come under the same intense and frequent attacks as Windows does. We
got a taste of that in the past week when a security hole was
identified and fixed in Mozilla/FireFox. (Note to FireFox – consider
making it clear on the download site that by downloading the newest
version and installing it I did in fact patch the problem).
It's hard to be careful out there. Maybe we should be working on ways to make it less difficult.
Coming soon: I question why when I set up Outlook to prompt me if
someone requests a receipt that I have received his or her message that
the default behavior is to turn back on automatic responses for all
messages. I certainly believe that I have only authorized a response to
a selected message. Could that be why I suddenly got more spam until I
noticed that the default setting had been changed, primarily because I
saw outgoing messages being sent when I knew that I wasn't sending any?
Maybe spammers sending messages asking for receipts were getting
validation that my email address was active and I inadvertently undid
all the benefits of my “safe” email practices? Ironically, I noticed
this after I gave a talk on spam prevention where I told people to turn
the automatic response setting either to “off” or “prompt,” so my
audience didn't get to play “laugh at the expert.”
The morale of the story: when I lost a blog post, somebody is going
to get criticized and the more significant I feel the loss is, the less
likely it is that I'll be criticizing myself. And, yes, not only have I
heard of SharpMT, I have actually installed and used it. Unfortunately, not earlier today. Will I learn a lesson? Who knows. [DennisKennedy.blog]