Where do we want you to go today?

davorg on 2004-07-14T09:21:40

It seems that all of the Windows PCs here are configured to automatically accept updates from Microsoft (and, yes you can debate the wisdom of that). It also seems that Microsoft just pushed an update to them.

All of the Windows users were simultaneously presented with a dialog box that said "Your updates have been installed successfully. To complete installation you must restart your computer. Do you want to restart your computer now? Yes/No".

But the "No" button was disabled.


We're on the road to nowhere.

nicholas on 2004-07-14T11:07:57

simultaneously presented with a dialog box

Presumably this was a modal dialog box that stopped the machine from doing anything else? So you can't save any work?

Does this mean that if you leave unattended Windows server machines in this autoupdate mode, you might find that your (mission critical) services have stopped working, and when you go to investigate you find that the machine is hanging waiting for an answer to this question? When even a forced immediate reboot would have been less damaging to your overall service level

Re:We're on the road to nowhere.

zatoichi on 2004-07-14T12:13:53

If you are using automatic updates on "mission critical" Windows servers you should be fired in the first place!

Re:We're on the road to nowhere.

babbage on 2004-07-15T16:43:05

Surely the real problem here is not "automatic updates", but "mission critical Windows servers", no?

As brave as it is to do automatic updates, willfully lagging behind is surely worse, isn't it? As the guy at my job who seems to have been given the task of keeping all the Windows desktops up to date, there's just no way I have time to run around to several dozen desktops every few days when yet another massive Windows / IE vulnerability is exposed & patched and do all the other, not-quite-so-soul-sucking parts of my job as well.

You could use automatic updates but require manual intervention to install them, but most users have neither the interest nor the expertise to evaluate these as they come along: if you're lucky they'll just install every update (in which case you may as well have made it automatic to begin with), and if you're unlucky they'll go ignored and you have to go around and do everything manually anyway.

What's the bigger evil? Bravely bleeding edge updates (and enough spare time to work on other things), or bravely lagging behind updates (and opening yourself up to all kinds of attacks)? It's a judgement call either way, but I think there's a strong case to be made for doing things automatically.

Then again, there's an even stronger case for not running Windows on Servers That Matter, but that's a whole different issue :-)

To me the best approach is something like OSX's softwareupdate command, or equivalent like RedHat's up2date, which can be run remotely & scripted. That way, one person can reasonably evaluate each patch, and if it works, can in a centralized way roll it out to as many machines as necessary. If there's a good way to do this on Win2000 and WinXP machines, I'm unaware of it.

Re:We're on the road to nowhere.

davorg on 2004-07-14T13:52:13

Presumably this was a modal dialog box that stopped the machine from doing anything else?

To give them (some) credit, it was a modeless dialog box. But it was a modeless dialog box that insisted on being in front of all other windows on the screen. so it _looked_ modal.