Why an operating system should be updated without your permission or almost?
The recent attack of ransomware carried out by WannaCry has raised a new debate on computer security, and among the questions that the attack has generated is who was responsible for the cyber attack : Microsoft for not influencing the publication of the patch, or the users for not applying it.
The truth is that activating a system of automatic and forced updates has been something that has always given many headaches to software companies, which have tried to use that scheme without success. Those mandatory updates would solve problems like the one that has affected us with WannaCry, but not all are advantages with those updates without permission.
The launch of Windows 10 was controversial because of the way in which Microsoft tried to force the upgrade to the new version of Windows. That disaster caused not only criticism of users, but also lawsuits for a process that ended up losing data to some of them.
Those decisions also extended to the way in which system updates worked. Things changed a lot compared to previous versions of the operating system: Microsoft no longer let us select what to update and what not , and we were in a process in which patches, improvements and drivers are downloaded and installed at the same time. The only parameter we could control was the time when we would restart the computer to activate the changes.
There were other measures that tried to alleviate the criticisms. The most relevant, that of caring for users with limited connections or payment (“metered”) in which the consumption of data carries charges. Microsoft relieved – though not completely – those automatic downloads in those cases, even allowing WiFi networks and Ethernet networks to be treated in this way.
Only Chrome OS dares with silent updates
The update policy imposed by Microsoft is the clearest example of the dilemma faced by all software developments, large and small. In recent times the developers of operating systems have ended up opting for schemes in which the updates are detected and downloaded automatically and then “encourages” the user to apply these updates by installing them and restarting the computer. This is usually necessary in both Windows and macOS in the Desktop SSOO. In this article we focus on these platforms, although much of the speech is valid for mobile platforms such as iOS or Android.
Other platforms approach this issue in a radically opposite way. On the one hand we have Chrome OS, the operating system of Google that stands out precisely for the “silent” downloads of updates that are applied without the operating system asking us anything. A small icon appears in the taskbar as an information, and from it we can simply decide if we want to restart the computer to apply those updates immediately. Otherwise, the system will update the next time we restart without further ado.
In Chrome OS it is also possible to manually “force” updates if we are impatient, but as with the Chrome browser we have different levels of updates depending on the rush we have to have the latest of the latest. Channels (Stable, Beta and Dev) give us access to new developments in the development, beta or already stable, and anyone can decide what kind of updates you want to receive.
The Google platform is enviable in that management of updates, which provide security and are also very informative – there is a blog dedicated to it – other operating systems do not provide much information on the news – and the company also maintains precise details about the deadlines of support for each machine based on this operating system.
Google, as always, takes care of everything to rid its customers of these much-needed tasks . You can do it thanks to the architecture of an operating system with a different conception: almost everything based is based on the browser and the “application store” is the only simple method to access new tools (web). Does that remind you of something? Exactly: it is a little scheme that Microsoft wanted to continue with its newly introduced (and criticized) Windows 10 S.
The other great protagonist of this market, Linux, is equally exemplary, although from another perspective: the control and options. Although it is possible to automate the updates, the user is always at the controls, and it is normal that he is the one who can proactively search and apply updates with the package management systems of the distributions.
The position is totally opposite to Google with Chrome OS, and as in other sections Linux returns control to the user. The architecture of the system also stands out for not requiring reboots: in the vast majority of cases, the updates are installed and applied immediately, and at most it will be necessary to restart services (with interruptions of only a few seconds in the worst case) to take advantage of its advantages and new benefits.
The fundamental advantage: safer and more efficient systems
Operating systems such as those developed by Microsoft have long been trying to make their operating system more secure, something difficult if when a security patch is detected and corrected, users do not apply it. That is the main argument of these automatic and “forced” updates, but there are other benefits, of course:
- Vulnerabilities (almost) under control: although we will never be completely sure, this type of system is in charge of keeping all the components of the operating system up to date, something that in fact should also extend to applications that like Adobe Flash have served for years. of entry to the malware. That Windows is updated in a transparent and direct way makes sure that every time Microsoft corrects a problem our team receives that correction and free us from possible mistakes or forgetfulness if we control the process manually.
- Less fragmentation: as with iOS, forced updates help reduce fragmentation, and avoid conflicts since it is based on the assumption that all users are updated to the latest version, which benefits both the latest security improvements as practices, efficiency or even components that are necessary to implement new features in the future.
- Always up to date: one of the pillars of Windows 10 is its conversion to a software as a service (SaaS) model in which we forget a little about the versions (although we are still talking about compilations) and we have a scheme similar to that of a Linux distribution with rolling release philosophy : these distress are updated continuously and there are no different versions with successive numbering that are actually practically the same. Automatic updates guarantee us to always enjoy the latest of the latest, and to do so without having to worry about anything. Another good example of that approach is, again, Chrome OS.
Obvious disadvantages in the loss of control
The implementation of a system of automatic and mandatory or forced updates also entails some important disadvantages, and in fact all of them have succeeded in making companies like Microsoft continue to take advantage of a notification scheme to give that control to the user. Among those arguments are the following:
- Business users: applying updates to thousands of jobs can entail a great risk for companies, since these updates can conflict with other software components used in daily operations. This is what makes these updates to companies in a gradual way and that the collateral effects of that update in a small group of machines are evaluated first.
- Beware of my bandwidth: although in developed countries many users enjoy flat connection rates that allow downloading large amounts of data without problems, in other scenarios and regions these forced updates could end up with the quota available to users. In the Sidney Morning Herald they told the case of users of the Cook Islands, who paid about 40 euros to achieve a 3.5 GB monthly quota in 2015, but also stressed that in Windows 10 the P2P system that also “borrows” The bandwidth of users for updates does not help in those cases.
- Conflicting updates: none of the great ones of the technology can foresee everything, and to force updates would suppose to do it with all the consequences. Although these updates usually go through a strict testing phase, unexpected conflicts can appear. In fact they appear, as happened when Windows 10 was released, with a security patch (KB3074681) that caused the file explorer to “hang” or with a KB3081424 that caused constant reboots of the computer. Although we put Microsoft as an example, these problems can arise (and arise) in other operating systems, both desktop and mobile.
- Loss of control: this is for many the key argument of that Microsoft philosophy. The control and options provided by Microsoft do not reach the level of those of the Linux distributions, but of course they go far beyond what OSX / macOS offers. Although there are opinions of all kinds and each scheme is defended by its users in a forceful way, a scheme with forced automatic updates means that we have to sacrifice part of the control we used to have. We do it to gain security, true, but the price may be too high for some users and environments.
The debate, therefore, remains open: do you think that the new orientation of Windows 10 S can therefore be adequate to improve security? Is there an ideal solution for the update policy? Difficult questions that not even the big ones have managed to answer in a totally satisfactory way for all its users.