OK, it’s the day after the second Tuesday of the month. I know that the second Tuesday of each month is now Windows critical updates day. However, I know that I am safe because I have the automatic update setting turned on.
Of course, I wasn’t safe and here are ten reasons why the Windows Update process (which is very laudable) will drive even the most diligent and well-intentioned Microsft customers to hurl epithets toward Redmond.
1. The Windows Update URL Could Be Just a Little Easier to Find. I love this. Like anyone else who uses the Internet on a regular basis, I know that I should always be able to find the Windows Update (or at least be redirected to it) by typing in http://www.windows.com or http://www.microsoft.com/windows/. No one can memorize the actual URL for Windows Update. In fact, if you want to choose a strong, uncrackable password, there are few better choices that the URL for Windows Update. Put it in your Favorites? Ha-ha-ha. No website in the history of the Internet has ever changed URLs of pages more often and with fewer redirectors than Microsoft.com. Finally, how about keeping the link to Windows Update in a prominent place where I can find it instead of moving it around all the time? I know the page looked different a couple of days ago. Why not keep it like it is today?
2. How about Making “Automatic” mean Automatic? If I turn on Automatic Updates, shouldn’t I be safe in assuming that when I connected to the Internet last night and this morning the updates would be loaded and installed? Here’s a suggestion: make the Automatic Update at least as persistent as the damn Windows Messenger, which one again has return to haunt me after I thought I tracked it down and finally got it out of my startup menu. The Windows Messenger team might talk with the Windows Update team and share some tips.
3. Inconvenience Me for Using Good Security Settings. Ready to get started? Oops, need to give permission for an ActiveX control to run. I wouldn’t have to be inconvenienced if I took a more risky approach to security. Here’s an idea: inconvenience the people who don’t use good security practices, not the ones who do. Suggestion: make it really easy to find and set up a setting that will permit only the Windows Update Active X controls to run without a prompt.
4. A 3.8 Megabyte Download? Does nayone really wonder why so many home users are running unpatched versions of Windows. Memo to Microsoft: either provide broadband with the purchase of Windows or make patches available in formats that are friendly to dial-up users. As many people have pointed out recently, a visit to your parents often involves installing Windows updates and other security updates. Has anyone calculated how long it takes on a dial-up line to download all Windows XP critical updates?
5. Adding Insult to Injury – the Five Minute Installation. The updates(s) are downloaded and the installation begins. All but the foolhardy wait for the installation to complete before doing anything else. I have a reasonably fast computer and the installation took roughly five minutes.
6. Don’t Let Me Walk Away and Do Something Else. Three times ZoneAlarm asked permission to allow what seemed to be the same program to access the Internet, even though I checked the “remember this setting” box. Nothing more fun than walking away for a short break and then finding that the installation process has barely begun when you return because you needed to give a permission or check a box in a pop-up window.
7. Make Me Reboot. I knew it was coming, but I remained an optimist. Great choices: close up everything that I’ve been working on or continuing to work in an unsafe OS.
8. Make Me Feel Like You Are Punishing Me For Delaying the Reboot. I really do know that these two things are probably unrelated, but why did I lose a blog post I was working on (admittedly I should know better than this) when IE would not connect to the Internet when I tried to save the post right after I chose not to reboot immediately? Why is FireFox not the answer? 1. As best as I can tell FireFox’s pop-up blocking or something else keeps me from using the formatting and URL buttons in Movable Type. 2. You can try to run Windows Update through a browser other than IE – I’ll watch. In fact, I did try it and the page would not display.
9. Don’t Give Me Any Reassurances. The reason I chose not to reboot was because I was afraid something wacky might have happened when I did. How about a little message that says “update successful and everything is working great” that promptly displays when I reboot?
10. Microsoft Isn’t the Only One. I actually like many things Microsoft does and take some criticism because I do. My beef is that they continue to make it too difficult to be a good customer. I have a whole list of others I could pick on, but they didn’t make me lose a blog post today. It’s not really fair to criticize FireFox yet on “customer service” issues, but jeez Louise there is a lot of work that needs to be done before that’s a 1.0 product. McAfee – thank you for setting up your updates so I can’t download them directly from your site with either IE or FireFox even when I turn off pop-up blockers like you tell me. There are others – you know who you are.
Look, here’s my point of view. Microsoft works hard on fixing security problems. That’s a good thing. I’d like to be happy in the Microsft desktop world because, well, because that’s where I happen to be. The last project I feel like taking on now is a full conversion out of the Microsoft world. I’m not sure anyone is ready yet to see how the Open Source model will work for security patches when Open Source apps come under the same intense and frequent attacks as Windows does. We got a taste of that in the past week when a security hole was identified and fixed in Mozilla/FireFox. (Note to FireFox – consider making it clear on the download site that by downloading the newest version and installing it I did in fact patch the problem).
It’s hard to be careful out there. Maybe we should be working on ways to make it less difficult.
Coming soon: I question why when I set up Outlook to prompt me if someone requests a receipt that I have received his or her message that the default behavior is to turn back on automatic responses for all messages. I certainly believe that I have only authorized a response to a selected message. Could that be why I suddenly got more spam until I noticed that the default setting had been changed, primarily because I saw outgoing messages being sent when I knew that I wasn’t sending any? Maybe spammers sending messages asking for receipts were getting validation that my email address was active and I inadvertently undid all the benefits of my “safe” email practices? Ironically, I noticed this after I gave a talk on spam prevention where I told people to turn the automatic response setting either to “off” or “prompt,” so my audience didn’t get to play “laugh at the expert.”
The morale of the story: when I lost a blog post, somebody is going to get criticized and the more significant I feel the loss is, the less likely it is that I’ll be criticizing myself. And, yes, not only have I heard of SharpMT, I have actually installed and used it. Unfortunately, not earlier today. Will I learn a lesson? Who knows.