Linked by Thom Holwerda on Wed 30th Jul 2008 21:56 UTC, submitted by peskypescado
Windows I have written about if before: updating programs on your computer - if you're not using a Linux distribution, that is - is a total and utter mess. On Windows and Mac OS X, there are roughly four ways of updating applications. The application notifies of new updates, and then downloads them when you click 'yes', the application updates from within the application itself, or the application requires a special update program running in the background. These are all quite annoying, since they interfere with your workflow (as opposed to, say, running "apt-get upgrade" every morning). The fourth method is the official vendor channel, Windows/Microsoft Update in Windows and Software Update in Mac OS X. Paul Ellis argues that to alleviate the mess, Microsoft should open up Microsoft Update for everyone else - and similar arguments are made concerning Apple's Software Update.
Thread beginning with comment 325077
To read all comments associated with this story, please click here.
Client side app only?
by _txf_ on Wed 30th Jul 2008 22:44 UTC
_txf_
Member since:
2008-03-17

It doesn't have to be such a big deal...

Can't microsoft just implement an infrastructure into windows and then provide an api so that third party apps can use windows update to connect to third party servers? This would be very much the way 3rd party repositories would be added in any linux distro.

The obvious security problem would be malware using the service to do nasty things, but that would be no different to the way things are now. The advantage with a centralized app is that updates can be blacklisted/whitelisted by a downloading a list from microsoft OR by user intervention for more obscure but user trusted apps.

Unfortunately even with this architecture in place many wouldn't bother simply because in windows land there is never any consistent framework, api or will to follow the ONE consistent way even from within microsoft itself let alone 3rd party.

Edited 2008-07-30 22:47 UTC

Reply Score: 5

RE: Client side app only?
by peskypescado on Wed 30th Jul 2008 22:48 in reply to "Client side app only?"
peskypescado Member since:
2008-07-08

I don't know how much of a concern malware should be, because if you have malware running on your system already they can do whatever they want. They can make it install new software or even update existing software already.

This really is no different than adding additional repositories in Linux.

Reply Parent Score: 2

RE[2]: Client side app only?
by _txf_ on Wed 30th Jul 2008 22:52 in reply to "RE: Client side app only?"
_txf_ Member since:
2008-03-17

You're probably right...But I still think having a centralized blacklist/Whitelist ability is useful for users (who might not entirely trust an app for whatever reason). Also Allowing a user to whitelist an app for updates shifts responsibility from microsoft to the user for maintainance of any given app and makes certification a lot simpler by not making it mandatory

Edited 2008-07-30 22:54 UTC

Reply Parent Score: 3

RE[2]: Client side app only?
by lemur2 on Thu 31st Jul 2008 12:30 in reply to "RE: Client side app only?"
lemur2 Member since:
2007-02-17

I don't know how much of a concern malware should be, because if you have malware running on your system already they can do whatever they want. They can make it install new software or even update existing software already.

This really is no different than adding additional repositories in Linux.


There is a slight difference. It has been revealed that "updates to Windows update" can be made to install automatically on a Windows machine regardless of the settings of that machine. Such an update does not "ask permission" ... it just downloads & installs.

This amounts to "push technology" ... this is also known as a "back door".

http://en.wikipedia.org/wiki/Backdoor_(computing)

Once you have a mechanism to allow automatic "updates to Windows update" to be installed & run on a Windows system without the machine owners knowledge or consent, then of course that further provides a mechanism to install anything at all on a Windows system without the machine owners knowledge or consent. (All you have to do is update Windows update, make the updated Windows update then download & install whatever you want, and finally you can even put Windows update back the way it was and hope that nobody has noticed).

You don't get such a thing on a Linux system. Updates are alerted via a deamon running in the system tray ... but you then have to manually click on the system tray icon, and enter the system root password before even the available updates are shown to you. After that you have to manually confirm again that you want to install the indicated updates.

Anyway ... the fact that Windows update is actually a backdoor means IMO that it is unlikely that Microsoft will allow other third parties to use it.

Reply Parent Score: 4

jabbotts Member since:
2007-09-06

Adding third party repositories for each application starts to suck pretty quick. Maemo Linux is trying to get all third party package maintainers to move there stuff to the official "extras" repo for the same reason.

I think MS offering an open API that learns a different source for each updatable program will get messy very quickly. MS would really need to open up the centralized Windows Update to non-MS products but that means hosting programs and updates for things directly competing against Office and such.

It would be a benefit to the Windows end user though more than a few of the anti-MS camp members will be threatened by the prospect of loosing the repository competitive argument.

I benefit from it on the *nix side and wouldn't find it unwelcome for my Windows boots but I think there are too many conflicting business interests in the win32/win64 paranah tank.

Reply Parent Score: 2