To hell with updates, make file management less painful.
The next version of Microsoft's Windows operating system will introduce changes that are designed to make automatic updates less disruptive by eliminating popup notifications and reducing the number of times machines must be restarted. In a blog post published on Monday, Microsoft Program Manager for the Windows Update Group …
Oh, sorry, did you miss that? It was in XP... ;-)
Win 7 does drive me nuts on several fronts, not being allowed to share you own drive is insane. I can understand why they would want to prevent people sharing the entire C drive on security grounds, but I have all my personal files on the D drive, and I'm not allowed to share D, no I have to share all the folders separately... Grrrr!
Windows shares all drives by default. I have just checked my Win7Pro install and I can indeedy see C$ and D$ as shares. Fair enough, you need to know a password for an admin account (or of a local user who is admin). But the fact remains - all your content is on the network for anyone to (potentially) see.
Compare that to other operating systems that actually implement security.
Just because you mark your drive as able to be shared doesn't then hoist all the information on it and started it streaming around some magical highway just waiting for someone to pick bits off it to decrypt at their leisure.
Your drive stays in the same place but gives someone with appropriate authority to access and view the files - similar security to most remote login systems that require just passwords to access a machine - whether it is PC, MAC or Linux.
Make up your mind. EITHER you don't need to know an admin account password, OR your content isn't available for just anyone to see. Based on my experience of every version of Windows ever, my guess is on the latter.
By the way, those "other operating systems" you speak of aren't terribly secure either if you make a habit of dishing out passwords to accounts with root (or sudo) privileges.
Also by the way, in case you want to scaremonger in other forums, there's also an ADMIN$ share that steers hackers directly to the Windows directory, just to catch out sneaky people who install to somewhere other than C:\WINDOWS.
The original commenter's point was that sharing is done by DEFAULT. And this is a security problem, especially, given the very bad Windows users ' security habits , such as, poor or empty psswds, and their multiple reuse.
>>you make a habit of dishing out passwords to accounts with root (or sudo) privileges.
Not sure what you're talking about, however, if a superuser is allowed to login, like on FreeBSD (Debian , maybe Fedora etc) , yes indeed shh-server lets you login as root by default. Ssh-server is not installed by default though. These systems require a little more experienced user, Whereas Ubuntu desktop has sudo by default. Compare it with the Windows.
Jeebus H Christ people! The sharing is only done *BY DEFAULT* in a domain environment, where your administrators should looking after security for you. It can be easily disabled via group policy if you don't have confidence in your password policies.
If your NON DOMAIN installation has the C$ D$ etc shares, someone has done something twonky as this is not the behaviour out of the box. And if you are confident in your nerd ability, you are able to share the entire drive (any drive, including C) via the advanced sharing button.
Any behaviour outside of this has been caused by either an administrative policy (if it's a work PC you don't own), the OEM, yourself, someone else who has accessed your PC, or some third party software.
It really narks me when people blame their own ignorance on Microsoft/Google/Apple whoever the whipping boys happen to be.
>>t really narks me when people blame their own ignorance
Microsoft is making money on ignorance, it personally promotes and nourishes it in their own users. Stuff (especially) crappy is easier to sell this way.
I did not realize it, but the article now cleared it up for me again.
Microsoft has not to this day implemented any painless rare-reboot updates in their OS. They still do not offer any (at least security) updates for the third-party software. This also contributes to insecure nature of the Windows Operating System. (Nor they offer any convenient secure software repository akin to most if not all GNU/Linux or *BSD ports)
The only way to insure boyancy for Redmond is by staying dirty and ugly monopoly. Hence they shouldn't be hated or despised but condoled.
“This means that your PC will only restart when security updates are installed and require a restart,” she wrote. “With this improvement, it does not matter when updates that require restarts are released in a month, since these restarts will wait till the security release.”
Ok a few things I'm alittle lost on here, and the worst part is that I have read El Reg for years and this actually confuses me.
1) Arnt the restarts required to allow for updating of core files that need to be patched, which are unable to be patched while the system is using them?
2) In the line of security (which isnt very good with Windows but meh, ill go with it), wont this allow for vulnerabilites to be exploited for potentially upto a month before said updates are finally applied?
3) How any of this better? While restarts can be a pain in the ass with Windows it's not really that big of a turn off for me. So WTF is microsoft thinking...well plotting to make money off this? Making people see how vulnerable Windows really is to exploits and zero-day hacks so they can start pushing people to pa for their unSecurity nonEssentials?
All I can say to this decision is wow. Just wow.
This post has been deleted by its author
Nice operating system it is, to require a reboot for every Outlook (security) update? This would sound ridiculous on GNU/Linux, BSD's or other non-perverted OS's.
Interesting, that after all these annoying requirements to force reboots many millions of Win servers remained unpatched for some time before they picked up conficker.
This post has been deleted by its author
Not everyone has high speed. Some may be stuck with dial-up. They need to allow for that condition and make design decisions that won't drive people to violence.
Even for those with high speed, it may only be 1Mbps. Updates should not barge onto the network when the user has just started the machine. Windows could even enforce this on other applications. There should almost be a Bugger Off button to stop all network access except the ones requested by the user.
Or the user may be on a non-wired access system that costs 10p per kilobyte.
All of these should be auto-detected, or listed as settings, so that the disadvantaged user can get to the darn Tornado Warnings webpage before it's too late.
Sorry, been there, done that.
Promised in Windows 7 - quick boot, fast, optimized, secure. I'll perhaps grant it more secure, though I haven't had a virus in ages anyway. For the rest? Much promise, little delivery. I don't find Windows 7 much better than XP, which I liked well enough. And it certainly is a hog booting and shutting down for me.
Instead of all this cleverness with reboots, how about 2 "simple" changes:
#1 - figure out a way to not need reboots, at least most of the time. Linux does that, OS X does that, why can't MS? Sorry - MS is too busy doing ribbon interfaces.
#2 - identify clearly in advance which patches need a reboot, not just that lame "your system may need restarting". Does it or does it not? It's _your_ patch, guys.
Win7 started well but now it's as bad as XP. Seems like half the updates require a reboot. Worse still though are those that seem to need two reboots. XP and Win7 both have those now and again. Several times I've rebooted only to be told ten minutes later than new updates are available. It's madness I tells ya, madness!
I think you might be misunderstanding (assumption: OS X behave like GNUN/Linux and given the Unix heritage of both, I think this is a fair bet).
When a file on a Unix-like system is updated, it can be moved to a new inode (a point on the disc). Anything using the "old" file can carry on using the "old" inode and see that version. When the program closes and then opens, when it gets the file it will get the "new" inode and thus the new version. (This is not quite technically correct, but good enough for now).
The upshot is that you only need to reboot when some critical system (kernel, vital system service) gets file updates and needs to stop in order to grab the new files. Even then, there can be ways to restart critical systems and grab the update without doing a reboot.
Windows cannot do this as its file system works in a fundamentally different way.
There have been numerous times when I was following MS instructions for a particular task (eg relocate print spool folder) and their instructions include a reboot. Instead I just stop/start the related service (eg spooler) and everything goes fine.
They are just lazy and can't be bothered to test dependencies that way so they go with the nuclear option of always rebooting. It's just laziness and poor organization that led them to lose track of dependencies. 95% of the reboots can be handled by starting and stopping services and/or processes. A lot of other "required" reboots that involve reloading modified registry settings in HKCU can be done just by killing the shell and your running applications survive, you don't even have to log out. But MS will never tell you that.
“This means that your PC will only restart when security updates are installed and require a restart”
And this differs to current behaviour in what way?
Perhaps all the restarts we have at the moment are not necessary and are just there to provide a level of annoyance that is commensurate with the typical expectations of the befuddled users of microsoft products?
Linux has no centralised way of updating software, nor can it ever have one. GNU and it's ilk do provide such systems - "package managers" (apt-get, pacman etc.). Even these have limitations though. One must either have originally installed the software from the package managers, or installed it from some kind of approved package (e.g. ".deb") so that the package manager knows about it. If you are using software that you have just downloaded as a TAR or something, then it will not get updated unless you do it yourself. This is why GNU/Linux users are urged to use repositories rather than download random crap off the Interwebs like Windows users are. Repositories and their downloads are also often signed to prove that they are legit and thus not malware (it's not perfect though, nothing is).
However the package manager finds out about what you have installed, it will periodically check the version currently installed against the version in the repository. If the version in the repository is newer, that fact is remembered and at some point the user will be asked if they wish to download and install (or some job will update the system or whatever).
Once the download happens, things update and no reboot is required due to the way the file systems work. When an updated program closes, the next time it starts it will be running the new version. The only time you need to reboot is if Linux itself (the kernel) or an in-use module (e.g. graphics) gets updated. And even then you only need to update if you want to use the new version right now. Bar one message at the end and perhaps an icon changing, there is no nagging.
The actual details of the above will vary slightly from distribution to distribution, but the general ideas remain the same.
The point Microsoft make is that all the time the machine is not actually *using* the new files (i.e. file is in use, Windows could not update the file, or in the case of Linux, the file was in file, file was updated but isn't used until things using it restart) then the machine is vulnerable to the security problem that required the update. Like it or loathe it, Microsoft's way of actually trying to get the user to reboot so that the vulnerable files are used for as short a time as possible does seem sensible from a security point of view.
*sigh* The same is true on Windows as one is not forced to restart. I assume you are the same AC as before - you clearly do not know how non-Windows updates work, I suggest you do some research before commenting further.
In enterprise systems, one would be using some kind of management system (e.g. Puppet) to push and control updates (i.e. only applying them after testing them).
For office systems there would (should!) be a policy about when reboots happen to suck in the updates.
For home/end-user-controlled system - it's up to that user. In the vast majority of cases, simply bouncing the service (e.g. Samba) or stopping/starting the program is enough.
MS's way of doing it is, IMO, the worst one as it leads to people disabling the whole thing to stop the bloody nagging. I also despise the way Win7 sneaks in updates with little when I go to shut down. I want to know what the updates are and why they are being applied, I may have very good reasons for NOT wanting an update (e.g. compatibility with other systems).
This post has been deleted by its author
You write it then, if it's so easy.
A perfect, totally secure OS that's fully user-friendly and compatible with every piece of hardware and software created since 1995 that will be compatible with all future and software and never need updates, patches or fixes.
Away you go. Try to finish it in an hour.
What an idea! Let's just do things properly from the beginning!
Cars will no longer burst into flames after a crash!
Planes will no longer drop out of the sky due to failure!
Building will not longer fall down!
Bridges will no longer collapse!
Pencil tips will no longer snap!
Glass will no longer break!
DO IT RIGHT FIRST TIME! My god! It's a paradigm shift! You should patent that *RIGHT NOW*!!!! You'll be bloody minted you will!
What did no one think of this before? WHY?????????????
MS has already made it clear that Metro is meant to be a dimmed-down environment where rights are concerned. Considering how they're aiming on this environment /big time/ I don't think this news should come as a surprise. Not to mention the non-achievement (to a certain extend).
How hard is it to update something which people can only use in very restricted ways in the first place ?
I've said it many times on several threads already... I think Windows 7 is a very solid desktop OS and Office 2010 packs quite a punch as well. I guess I somewhat turned into a "microsoftie" where (small) business usage is concerned; Outlook + Business Contact Manager & the regular stuff (Word, Excel) can hardly be topped these days. IMO that is of course. But still; I sent a e-mail to a customer, and when I look into said customers history I can see that I sent that e-mail, can even open it when needed. No extras required. That stuff is invaluable for business usage ("I only got your emailed bill today. Chill bro; I'll pay, no problem" Click, click... "odd, I sent it 3 weeks ago?").
'Unfortunately' I think MS themselves are going to have a very hard time "topping" their own success here. Quite frankly, having tried the Win8 preview I think we're heading for "Vista revisited".
And stories like these ("Look at us, we're making things EASIER for you!") only add to that bias. Yeah; easier.. At what costs?
Give me back my AERO!
The only person in a position to decide what is critical is the user (be they an end-user of a sys admin). No one else. Often my PC site here 'idling' but as far as I am concerned Samba is a critical app as I am sat in front of the box watching a movie off the HDD.
If it chose then to reboot (which it wouldn't, but if it did) I'd be one pissed off geek.
If you update the kernel, you have to reboot. If you update a driver, you either have to be able to unload it (and stop using everything using that driver) or you have to reboot. If you update a low level library (e.g. libc equivalent), you will have to reboot or restart all your programs to start using it; if this is for security, you either reboot or have existing processes still potentially vulnerable.
This is a fact for Windows, Linux and most other operating systems. Very few have been able to update the kernel on the fly.
But Windows seems to be much more prone to *requiring* a full restart as opposed to other OSs. Even installing an entirely new app causes it to want to reboot (that might be a fault of the installer I guess).
Any idea what happened with KSplice? Not heard much about it after Oracle swallowed it.
What little Windows I still do is based in the XP world, but I find it extremely rude that MS decide when I should reboot my system, and nag me incessantly until I do it. Trickling down patches in the background is OK, as well as informing me when critical fixes should be installed, but when to implement them is my decision.
A question " where does exactly MS screw this up in their OS to constantly require reboots after every or most updates?" is still there. A similar question was asked by B. Gates about 10 years ago, it remains unanswered to this day. Crappy OS architecture, poor coding? My GNU/Linux (and any other good OS) for a comparison would ONLY require a reboot when the (security) update is applied to the KERNEL.
>>the changes are likely to come as good news for users who want fewer interruptions as they use their PCs to watch movies, play games or work.
Does this only concern the above-mentioned reboot stupidity, or the fact that a PC becomes unusable during the inst. process? If the latter is the case, this is even more ridiculous.
>>The bad news is that there are no plans for Windows Update to install security patches required by third-party applications.
OK, the good news that there are a free, open, more secure OS's available that have been doing it for ages. Just recently updated non-free ( as everyone knows, extremely buggy and crappy ) flashplayer by first getting a notification, clicking on the update applet, entering my password (actually did from the terminal via aptitude). Actually, any installation is done via similar interface (package manager) making it more secure less painful.
So, why do OEM's recommend Windows again?
"if the machine hasn't been shutdown or restarted by then and Windows Update doesn't detect any critical applications are running, it will automatically restart the machine."
Once again Microsoft forget that the PC sitting in my house is MINE - I decide when to reboot it. Maybe its not running what they consider to be critical applications but there might be a good reason why I've left it logged in and running something when I'm not around. The last thing I want is to come home and find that Microsoft have rebooted my machine and buggered things up for me.
"MS lawyers have not managed to get the patents approved for mechanisms that are used on other operating systems to ensure that the OS and applications are updated in a coherent manner. Once the patents are approved, we will sue the F/OSS operating systems into oblivion and then have a big PR campaign about the new paradigm we will have 'invented'".