Are forced automatic updates in software a good thing?
December 11, 2007
Yesterday, I went to my local internet provider to complain about an issue with my internet connection. I went in to see this guy making a cup of coffee. Then he sat down in front of his PC which was running windows XP. As I explained my issue, he opened internet explorer and below his address bar were three toolbars (Yahoo toolbar, MSN toolbar, and some other one). I directly thanked myself I was running Firefox on Linux. I finished explaining my issue and he picked up the phone to make a phone call. While he was on the phone, internet explorer froze so he minimized it and opened Firefox. Then he started mumbling that he has to use this other program most of the time because Internet Explorer keeps hanging. Then I noticed that it was the old Firefox 0.8 (the first Firefox release after it was rebranded). I thought to myself “Firefox 0.8?? This guy must be missing a huge amount of security updates.” Then he finished the phone call and told me that my issue will be resolved in less than 5 minutes. I thanked him and as I stepped out, I asked him: “Do you like Firefox?” He answered: “What’s that?”. Then I said: “Nevermind” and Ieft.
It amazes me how many people out there are running unsupported and possibly insecure versions of their software. I realize that windows, being ‘the operating system for the masses’, is designed so that any inexperienced user including someone’s secretary can manage fine but users should be aware of the dangers of running out of date software.
Firefox 2.0 featured a built-in automatic update mechanism which I think is enabled by default. Had that person been running Firefox 2.0, he would have been automatically updated to 2.0.0.11. Firefox 2.0 is just like windows xp service pack 2 which was the first release to have Windows update enabled by default. This means there are still a lot of people out there running windows xp gold edition without a single security update. Since sp2 needs to be installed for a windows XP computer to get updates, this leaves the blame solely on the user. Most windows users simply don’t care much for maintaining their computers.
Some software like Sun’s JRE have built-in services that periodically check for updates and notify users that they should be updating their software. But from my experience, Joe Average is going to ignore those notifications.
This brings me to my question. If a software company offers free security updates, should it force them on the users because it knows better? If not, what would be the alternative solution?
