Auto-updates: Is It Just Me…?

I just came across yet another security discussion, in which at least one poster emphasized the importance of auto-updates as a means of keeping a system protected. Here’s the response I added:

I couldn’t agree less. Auto update is a huge vulnerability. It’s literally a welcome mat for some third party to shove software into the bowels of your system. That third party may be both trustworthy and technically competent… but there is no guarantee that it will remain so over time, and no likelihood that you’ll know if and when it becomes untrustworthy or incompetent.

Ironically, far from “getting it right,” [as the previous poster had suggested] Microsoft provided the best-ever example of the auto-update fallacy, when it mis-used the mechanism to shove Windows Genuine Advantage (WGA) onto systems around the world. WGA is not a ‘feature’ that any user would want. It gives Microsoft extra control over your PC, and opens the possibility of false positives that could literally require you to buy a new copy of Windows. No, the problems are not frequent… but the point is that whether an update is to your benefit or not, you gave up the right to complain about it when you enabled (failed to disable) the service.

I’m still waiting for someone to hack the auto-update feature. What better mechanism could their be, for installing malware? Even if Microsoft’s auto-update service happens to be secure (a big if), there are probably lots of others on your system by now, some of which you’re probably not even aware of.

It’s your system, do what you think is best. But on my gear, all auto-update services remain in the OFF position.

Am I being unreasonable? Paranoid? I don’t think so. I have never seen any compelling advantage to automatic updates. If the software is so crappy it can’t work without constant updates, I’ll just pass on it entirely. On the other hand, if there are substantial changes, I will inevitably want to assess them before allowing them on my equipment. I don’t give anyone carte blanche to enter my front door, and I can’t see why I should be less stringent with my electronic devices.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: