Security pros cheer hint of hands-off updates in Windows Blue
App auto-updating fits Microsoft's philosophy that silent patching is smart, say experts
Computerworld - Microsoft's apparent plan to automatically update its own Windows Store apps is drawing praise from security experts.
"Auto-updating apps ... improve security and are great for anybody that does not have their own update or patch management solution," said Wolfgang Kandek, CTO of Qualys, in an email reply to questions.
"People just don't want to deal with [updating software], nor should they have to," added Andrew Storms, director of security operations at Tripwire's nCircle.
Kandek and Storms were reacting to reports Monday that the next version of Windows 8, code named "Blue" by Microsoft and thought to be formally dubbed Windows 8.1, will automatically update Microsoft-made apps designed for the tile-based "Modern," née "Metro," user interface (UI).
The WinBeta blog was the first to note the auto-updating when it examined a recently leaked build of Windows 8.1, saying that the PC powered by the still-unreleased upgrade had received silent updates to several Modern apps via the Windows Update service.
Currently, Modern apps bundled with Windows 8 and Windows RT, or those later installed by users, must be updated manually: Customers receive an alert when an app update is available but must still steer to the Windows Store, the official download market for all Modern apps, to retrieve and install the update.
That hands-on model runs counter to long-standing Microsoft philosophies regarding software updating and patching, which hold that the less asked of users, the safer they are. The most prominent example of that outlook is the Windows Update service and its by-default enabling of Automatic Updates, which silently downloads and installs fixes, patches and even additional features to the operating system without user interaction.
If WinBeta's claims are accurate and automatic updating of Microsoft's Modern apps makes it into the final of Windows 8.1, customers will be safer, the experts contended.
For Storms, automatic app updates fit nicely with Microsoft's previously announced plans to issue Modern app patches on the fly, not only on the monthly Patch Tuesday. "It's a reflection of where Microsoft is heading," Storms said. "Their internal philosophies [regarding updates] are starting to change because it's a transition time for them."
WinBeta provided no evidence that third-party Modern apps would also be updated automatically, hinting that Microsoft will hew to tradition and reserve Windows Update for its own software.
Consumers may generally consent to automatic updates, but enterprises have historically balked at modifying company machines without compatibility testing to make sure new code doesn't break existing applications or workflows. Businesses have also often blocked upgrades sporting new features for fear of increased employee training costs or a sudden flood of calls to the help desk.
But corporations should rethink those conservative practices and get with the program, argued Kandek.
- Microsoft plans to patch critical under-attack IE bug next week
- Microsoft reaches RTM milestone for Windows 8.1 update
- OS upgrades: Cheap is better than pricey, free is better than cheap
- No special treatment for China on XP, patches end April 8 in the PRC, too
- Microsoft ships Office 2013 SP1 the old-fashioned way
- Microsoft's 'go-low' play puts Windows revenue on the line
- Steven J. Vaughan-Nichols: Windows 7 lives!
- Users mock Microsoft for asking their help on XP-to-Windows 8.1 upgrades
- Microsoft concedes Windows 8.1 needs more for mouse, keyboard customers
- Microsoft tries to jumpstart cheap Windows devices with license price cut
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Taking Windows Mobile on Any Device Taking Windows applications mobile has many advantages, but the process of identifying a solution is complex. Learn how to solve this complex problem...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Windows White Papers | Webcasts