In association with heise online

26 May 2009, 09:29

My wish list for Windows 7: updates for everything

by Jürgen Schmidt

It is universally accepted that outdated programs with known security vulnerabilities represent a serious problem, but almost every Windows computer I've come across recently has at least one such point of entry for spies of all kinds. The reason for this is not lazy users, but primarily Windows, which makes it much too difficult for users to keep their software up to date.

Anyone who's ever had to restore a poorly maintained Windows system to a secure state will know what I am talking about. Microsoft updates are usually already installed or can quickly be installed, but that's just the start – Adobe Reader, Java, Quicktime, and after all that you've still forgotten perhaps three essential programs. Without the aid of extra tools it's an almost hopeless undertaking. It gets even worse if you want to ensure that in future this will occur more or less automatically. You have to check the update mechanism for every single software vendor – assuming they even have a halfway decent update mechanism. Sun, Apple, Mozilla: they all have their own way of doing things, added to which Adobe alone, with both Reader and Flash, has at least two ways.

If this is to change, Microsoft needs to take action. Why does Windows tell me about Internet Explorer 8, but not about the new version of Adobe Reader, which fixes a critical security vulnerability that is already being actively exploited? I expect a modern operating system to offer me a system which allows me to keep all the programs installed on my computer up to date.

This is not exactly rocket science either, indeed it would be fairly simple to implement – every decent application registers itself with the operating system on installation and indicates which program should be used to un-install it. What's to stop them from registering a URL which Windows could check to see if a new version was available, using the Background Intelligent Transfer Service to download available updates economically in the background? (Whilst I'm at it, BITS is a really cool system service which I'd also like to see in Linux &c.)

This would still, of course, require software vendors to actually use this interface, but I am entirely confident that they would quickly do so. Firstly, it requires a minimum of effort on their part and saves them the effort of implementing an update mechanism themselves – which most do reluctantly, if at all. Secondly, "Works with Windows Update" would be an easily checked sign of quality, which customers would quickly learn to value.

There is likely to be very little resistance from customers – indeed they are likely to welcome it. No-one's going to miss the chaos of the current system. They will still be able to define when and how updates should be installed in the Security Centre. The latter would then finally work as you would expect it to, in that it would include not just Microsoft software, but all installed applications (as has been the case for years with Linux distributions).

If there was one security-related feature I could choose to have in Windows 7, it would be simple, integrated updates for all Windows programs. What would your one security wish be? Join the debate on our forum.


Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit