[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <412A54D7.8010309@sdf.lonestar.org>
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: Windows Update
Michael Schaefer wrote:
> It looks like windows update requires Automated Updates to be set to
> automatic startup, but does not require the process to actually be
> running...
>
> So the statement that they are "required" is obviously false.
>
> As a work around, I can manually change the startup status, do the
> windows update, then change the startup status back to manual.
>
>
> Seriously annoying, but doable.
>
>
It's a little bit more than seriously annoying, though. It represents a
very poor design choice.
Obviously, if this setting change works, it means that the automatic
update client is not actually necessary to install patches from
windowsupdate. I could see the service requirement *if* Microsoft were
piggybacking the installation code off of the client in an effort to no
longer rely on installing the code with an ActiveX control, however what
this demonstrates is that the only reason to do this check is strictly
to ensure that automatic updates is running.
This is either a bug or a very poor design choice.
If the idea is to ensure that everyone has automatic update running,
then it's going fail. The people who are getting their updates from
WindowsUpdate are not the people you generally need to worry about
getting their patches -- it's the people who don't know about
WindowsUpdate and who don't have automatic update running that you have
to worry about.
What I'm saying is that warning people is good; blocking people is bad.
It's kind of like not letting someone get a medical checkup if they
don't check their blood sugar everyday. It hurts people more than it helps.
-Barry
Powered by blists - more mailing lists