Monday, May 28, 2007

Who has the Right to Perform Updates on your Computer and how Important are they?

These days, it seems that just about everyone feels that they have the right to update your computer automatically and for the least important applications.

But the questions need to be asked;

  1. Exactly how critical is the update and what will happen if I don't do it?

  2. How much testing has been done on the impact of this update on the applications I like to run?

  3. What is the update doing to my startup?

  4. Who gets to decide the timing and what warning is given?

  5. What will the application do to my network?

I'm not going to attempt to answer these questions in this post. I'm basically just going to whinge and then post updates as I get my policy in order. At the moment, I don't know what the best answers are.

The Microsoft Whinge
Microsoft used to provide only important security updates as "critical" but they are now putting out all sorts of unwarranted updates, like Internet Explorer 7, via the automatic distribution system.

The really annoying thing about Microsoft's update strategy though, is that they believe that they have the right to reboot your PC without your permission just because you don't seem to be doing anything much at the time.

I often leave my PC running overnight to do big things, such as download large files, convert pictures to DVD with fancy fades etc. In Microsoft's view, I'm not using my PC (keyboard and mouse), so it's alright to reboot.

There's worse though, much much worse.. I've left the automatic update on the recommended settings on servers just to see what will happen... Microsoft thinks nothing of rebooting the domino server just to put an IE update on it. I don't even use IE on my servers but Domino really needs to run 24x7.

I've also seen the Microsoft update reboot a server in the middle of a backup job.

Needless to say, I've turned it off on the servers I care about but now there are some serious considerations at work as to whether or not we need to turn it off on all our PCs as well.

Other Update Culprits
Microsoft isn't the only one, there are lots of other update culprits too with probably the worst of these being;

  • Sun Java
    Aside from being overly interactive and very slow to update, the sun Java update has one particularly nasty flaw. I've never seen "good" come from it. In other words, I've never had an instance where something that didn't work, suddenly started working after the update. Of course, I've seen plenty of things go the other way - for instance, I can no longer remotely manage our Symantec Firewall from my PC. Luckily, I have another un-updated PC I can use. This update should certainly be stopped.

  • Anti-Virus (Symantec and McAfee)

    Last Thursday, McAfee decided to do an automatic update to their personal firewalls. There were a number of side-effects. The update blocked most applications, including those previously given authorization, from the internet. It forced users to reboot, sure, it did give them a Yes/No choice but it also prevented any access to the file servers (bad luck if you had open files). Finally, it reset everything back to an "untrusted network" status. The timing was very unfortunate as Thursday was our "Board of Director's meeting day" and everyone was in a rush. It basically meant that I had to drop everything to deal with the problem - and it took all morning.

    Although the update was messy, at least it worked. We ditched Symantec about a year ago because it was deploying updates which failed regularly. From the look of the news, this is still happening - Article: Anti-virus cock-up paralyses millions of PCs (thanks Anna for the link).

    So should Anti-Virus updates be turned off - certainly not - but there has to be a better way of testing them first. I'll be contacting McAfee today (hopefully) and will post some results (if I get them) here.

  • Adobe Acrobat

    Adobe should win some kind of award for the worst deployment mechanism for updates. Where else can you find an update system that wants to reboot in the middle of an update and then continue installing. Also - why do they keep trying to sneak extra bandwidth hogging software in? Photoshop LE? Yahoo Toolbar? Come on, if we wanted it we would go get it ourselves. You should certainly remove the automatic Acrobat update utility from your computer. It doesn't serve any useful purpose as far as I can see.

  • RealPlayer

    Unlike its nice brother Quicktime, RealPlayer loves to be automated and loves to be updated. I don't play a lot of realplayer stuff but I've noticed that it refuses to play files and wants to update almost every time I use it. Unless you absolutely need to access Realplayer things, this belongs OFF your system - not the updates, the whole application. If you do need to run it, go through the preferences and file association with a fine toothcomb, nearly everything is NOT what you would want. Oh, and get it out of startup.

Mucking Around with Startup
This post is getting long, so I'm not going to worry about covering startup here suffice to say that you should get your hands on Mike Lin's excellent Startup Control Panel Applet and start blowing unnecessary things out of startup. I'll explain how to identify things in another post, but for the moment, consider removing the following from startup;

  • Adobe Acrobat Speed Launcher

  • Adobe Acrobat Assistant

  • Quicktime Tasks

  • iTunes Helper

  • RealPlayer

  • Sun Java Update Sched

  • CD Burner Utilites (like Nero)

  • MS Messenger unless you use it

  • Spyware - such as anything starting with WhenU

You don't need these applications in startup, they add a lot to the load-time of your computer. If you need Acrobat, you can start it (or it will start when you open a PDF file) - you may need to wait a few seconds, but better to lose a few seconds there than during startup every time. The same applies for most of the other applications.

No comments: