I have written about if before: updating programs on your computer – if you’re not using a Linux distribution, that is – is a total and utter mess. On Windows and Mac OS X, there are roughly four ways of updating applications. The application notifies of new updates, and then downloads them when you click ‘yes’, the application updates from within the application itself, or the application requires a special update program running in the background. These are all quite annoying, since they interfere with your workflow (as opposed to, say, running “apt-get upgrade” every morning). The fourth method is the official vendor channel, Windows/Microsoft Update in Windows and Software Update in Mac OS X. Paul Ellis argues that to alleviate the mess, Microsoft should open up Microsoft Update for everyone else – and similar arguments are made concerning Apple’s Software Update.
Ellis explains:
Why not open this up for any program on your system? This could be another feature to help differentiate Windows Vista or Windows 7 from the competition (OS X or Windows XP). This would also address one of the pain-points to “boxed” software that web applications don’t have.
While the idea seems quite logical and practical, there are a number of serious problems with this proposal. The biggest problem has to deal with infrastructure and the technology to support it: how on earth is this going to work? Ellis argues against a system where Microsoft hosts 3rd party files (like Linux distributions do), so we would need a system where 3rd party vendors and developers notify Microsoft of an update or a new version, and Microsoft would then have to notify all the users that installed this application. Not only would this cause a massive tangle of red tape, it would also cause major delays for getting updates out the door – not something you’d want when the update in question fixes a major security hole.
Another issue is that of sheer size. The pool of 3rd party applications for Windows is large, really, really large. There are a lot of applications and utilities out there that are written and maintained by small groups of people, or maybe even by just one individual, maybe even in their free time, for fun – how would Microsoft ever get all these applications to update via Microsoft update? The end result would be that 99% of the Windows applications still wouldn’t work with Microsoft Update.
Effectively, you would be creating a fifth method of updating applications, instead of consolidating the others: 3rd party applications that are updated via Microsoft Update. You would not make the updating process less complex at all – you would only make it even less pleasant.
Until everyone sits down and really starts discussing about changes in the way we currently manage our software, we will be stuck with the mess we have today.
Linux big advantage has always been maintenance, but it can archive this with the open-source nature of the Distribution.
It doesn’t have to be such a big deal…
Can’t microsoft just implement an infrastructure into windows and then provide an api so that third party apps can use windows update to connect to third party servers? This would be very much the way 3rd party repositories would be added in any linux distro.
The obvious security problem would be malware using the service to do nasty things, but that would be no different to the way things are now. The advantage with a centralized app is that updates can be blacklisted/whitelisted by a downloading a list from microsoft OR by user intervention for more obscure but user trusted apps.
Unfortunately even with this architecture in place many wouldn’t bother simply because in windows land there is never any consistent framework, api or will to follow the ONE consistent way even from within microsoft itself let alone 3rd party.
Edited 2008-07-30 22:47 UTC
I don’t know how much of a concern malware should be, because if you have malware running on your system already they can do whatever they want. They can make it install new software or even update existing software already.
This really is no different than adding additional repositories in Linux.
You’re probably right…But I still think having a centralized blacklist/Whitelist ability is useful for users (who might not entirely trust an app for whatever reason). Also Allowing a user to whitelist an app for updates shifts responsibility from microsoft to the user for maintainance of any given app and makes certification a lot simpler by not making it mandatory
Edited 2008-07-30 22:54 UTC
There is a slight difference. It has been revealed that “updates to Windows update” can be made to install automatically on a Windows machine regardless of the settings of that machine. Such an update does not “ask permission” … it just downloads & installs.
This amounts to “push technology” … this is also known as a “back door”.
http://en.wikipedia.org/wiki/Backdoor_(computing)
Once you have a mechanism to allow automatic “updates to Windows update” to be installed & run on a Windows system without the machine owners knowledge or consent, then of course that further provides a mechanism to install anything at all on a Windows system without the machine owners knowledge or consent. (All you have to do is update Windows update, make the updated Windows update then download & install whatever you want, and finally you can even put Windows update back the way it was and hope that nobody has noticed).
You don’t get such a thing on a Linux system. Updates are alerted via a deamon running in the system tray … but you then have to manually click on the system tray icon, and enter the system root password before even the available updates are shown to you. After that you have to manually confirm again that you want to install the indicated updates.
Anyway … the fact that Windows update is actually a backdoor means IMO that it is unlikely that Microsoft will allow other third parties to use it.
Adding third party repositories for each application starts to suck pretty quick. Maemo Linux is trying to get all third party package maintainers to move there stuff to the official “extras” repo for the same reason.
I think MS offering an open API that learns a different source for each updatable program will get messy very quickly. MS would really need to open up the centralized Windows Update to non-MS products but that means hosting programs and updates for things directly competing against Office and such.
It would be a benefit to the Windows end user though more than a few of the anti-MS camp members will be threatened by the prospect of loosing the repository competitive argument.
I benefit from it on the *nix side and wouldn’t find it unwelcome for my Windows boots but I think there are too many conflicting business interests in the win32/win64 paranah tank.
Companies wouldn’t be interested in going through microsoft certification to get the update verefied. the 360 is a prime example of how much dev’s do to get the MS stamp.
would you rather spend time and money getting Microsoft to okay the update. or use your own internal testing and release it over the net?
I imagine that Apple may do it a different way but it could be more of the same.
Another thing would be that Microsoft would have to support those apps and i’m sure they’d enjoy the extra costs…
“i installed an update to firefox through windows update and it keeps crashing!!!”
“have you tried internet explorer? it’s awesome.”
*click*
I don’t see the problem… Microsoft just has to implement into Windows a table that any software vendor could use to list an update URL. Then each time you get connected to the Internet, Windows checks each update URL that is listed in the table, and check for available updates from third-party vendors. No need to charge or to verify anything. Microsoft wouldn’t have to support third-party apps, if it’s a standardised framework, any vendor could add an update entry. It’s not less secure than what we have now. Currently, if you have a virus, it doesn’t need such a system to download further remote malicious code.
Updates are a fringe benefit. I think what the article should really be getting at are the benefits of open, standardized, not-for-profit and peer reviewed software and their associated management and distribution systems.
Updates in this context are but an pleasant side effect. Wake up and smell the coffee.
Use the same method as Eclipse. During installation each program would register itself with the Update Program. Then when Update Program was run, it would go out to each site and check for updates.
This isn’t a very hard way to do things. It would leave the user with only having to run/schedule a single update program. MS wouldn’t need to cache all the updates nor would the programs have to by certified.
The list of update locations could also be managed via an utility to allow the user to see where updates are being pulled from.
This is also the same way some Linux distributions work.
and it worked great. There was a program called Cybermedia Oil Change that I used with Windows 95. I think MS bought the company maybe and turned it into Windows Update? Either way, the product was discontinued, and it handled all of this nicely, meaning Windows Updates, installed software updates, etc. It even handled updates from Creative and such for hardware drivers. I was pissed when it was discontinued. It came out in 1996 I believe, or close to it.
…in a way. In Leopard, they’ve opened up SU to printer vendors to deliver driver updates through that. Of course, that’s for the basic print functionality; it doesn’t help much for those with AIO machines.
Background Intelligent Transfer Service
http://en.wikipedia.org/wiki/Background_Intelligent_Transfer_Servic…
windows update uses it I belive
As far as I know any software can use it to provide auto-update. Ive seen a few MMOs give the option to use it to keep the client updated without having to start it
Its not as clean as using the windows update GUI (as you have to use the program you want to update to adjust BITSs settings), but the tools are there without having to have a specialized update tool for managing auto-updates
BITS is a download system – nothing more. All it gets you is the ability to download files.
The issue here isn’t that it’s hard to download updates. It isn’t. There are a hundred HTTP or FTP client libraries you could use to do that. It’s that there’s no central update mechanism, like the repositories approach used in most Linux systems.
Yes, you can write your own updater system, possibly using BITS to actually do the downloading. That still leaves you writing your own updater system, which can’t be managed using the same tools as Microsoft’s, has to be installed separately, and has to triggered somehow (running in the background, for example).
That’s what happens now, and why a typical Windows machine has half a dozen auto-update processes running at all times, and half the remaining programs have built-in auto-update mechanisms.
Why can’t a third-party application just register some kind of update channel with Windows Update, give it a public key so it can verify that the updates come from you, and let it handle everything for you. Even better – system administrators could then use Microsoft’s tools to distribute updates for all applications, not just Microsoft’s.
Basically Microsoft can’t allow this because Windows Update is a backdoor.
Microsoft can’t give third parties access to a backdoor mechanism to Windows … that is just asking for trouble. It would easily become even more of a security headache than the loophole that Windows Update already is.
This has been my #1 requested feature for a long time … see this post I made recently:
http://www.osnews.com/thread?322502
And while they’re add it, they should display a big-ass UAC style dialog box with a skull and crossbones icon whenever an app tries to place itself in the startup group!
It seems you mean something like AmiUpdate…
But personally I don’t see a benefit in all this. When the user needs to upgrade they can go to the web site and download the updated software, what is wrong with that?
option 1
open Windows Update, Update all
Option 2
open Widnows Update, update Windows and Office
open Mcafee update, update AV
open zonealarm update, update firewall
update adobe
update firefox
update gpu driver from vendor site
update audio driver from vendor site
…
…
…
…
I wouldn’t mind getting updates by Option 1 versus the current method in Option 2.
So you open every piece of software and check the “update now” button? What about software that doesn’t have an internal way to get updates? How would you know where to get it? Companies rearrange their download pages all the time. Most importantly, how would you know there EVEN IS an update!!! Do you have the web pages marked for EVERY SINGLE APP you have installed… do you check them often for security problems? … will your Girlfriend or Grandmother do that?
I think there’s varying degrees, from Microsoft hosting all the updates in Windows update directly, to building an apt-get style list of repositories anybody can add too. With Windows such a common target, Microsoft would obviously want to lock anything on their end down to only preferred versions (for them $$) and charge vendors for the space, like the hundred thousand dollar fees they charge for WHQL drivers.
A list of repositories would still get trashed when every spyware vendor put their stuff in there… and being able to MAKE spyware without user intervention is actually a FEATURE of Windows, not a bug… so any update service would be required to hide things to make Marketing happy… meaning it would be highly dangerous.
It would be nice to have a common interface, perhaps just add an “update now” button to the common developer templates and push people to fill it out? .. and keep it up on the developer’s end!
Microsoft allready have this feature in someway. Microsoft sell System Center Essentials or its bigger family members- which have a WSUS intergratet, one can deploy msi or exe installeres through these. So microsoft has the knowhow they “only” have to come up with someway to administer this, and I think this is where the idea falls apart.
updating programs on your computer – if you’re not using a Linux distribution, that is – is a total and utter mess.
That’s easy, then : just use GNU/Linux (like I and many other do).
Updates on Windows and OS X are a “total and utter mess”?
Let’s see … “Updates are ready for your computer” .. Click .. Click … done, or maybe a restart.
Gee, that was hard.
Linux updates: There are 3,400 bugfixes and security patches available for your system. … Click .. Click … ERROR: Depency failure. Or, … restart … X won’t startup.
For apps … updates are few and far between on Mac and Windows, because the apps are written by pros, not the snot-nosed “community”.
Yah. Windows and Mac have it all wrong.
Edited 2008-07-31 14:21 UTC
Rinse, repeat for Firefox. Rinse, repeat for Java. Rinse, repeat Photoshop. Rinse, repeat Notepad++. Rinse, repeat Miranda. Rinse, repeat, etc. etc. etc. etc.
It’s a total and utter mess. It has always been, and since all those OS developers and users are rusted stuck with 30 year old ideas about application delivery, it’s not going to get better anytime soon.
Hi Thom,
You assert that. But I do not find the evidence you present to be particularly convincing. Sometimes evolution is the right thing. Sometimes revolution is the right thing.
You want a revolution, I suspect.
Well, let’s watch how well WebKit does against Gecko. WebKit is reasonably revolutionary. I happen to be a WebKit fan, and also a Gecko fan, and am watching this competition with great interest.
Take Care,
Steve
Edited 2008-07-31 16:49 UTC
What’s revolutionary about WebKit?
It has a minor advantage (thats evolution) of being simpler to update, but that promise isn’t always going to be there as it gets larger. And it has nothing like XUL which is the basis for Miro, Songbird, etc.
Gecko is powering the Web’s current evolution, no one else.
Nay-sayers, Opera is brilliant but has no market share to encourage anyone. Safari is much in the same boat, and only has a few % share due to iTunes software updates (and that minor blip in the phone space called iPhone)
Actually IE, for all its faults, is powering the web on the client side. Sorry to say it, but honesty compels.
In the FOSS arena, Gecko currently has more market share, but less technical finesse. Like I say, let’s watch.
Edited 2008-07-31 17:46 UTC
IE 6 usage is in decline. The rate of uptake of Gecko-based browsers is higher than the rate of increase of IE 7.
According to W3Schools:
http://www.w3schools.com/browsers/browsers_stats.asp
IE 6 + IE 7 = almost static at about 54% of the total. IE 7 has only very recently taken over from IE 6.
Firefox is increasing and has hit 41%.
It is starting to get quite close now, and there is most decidedly no one browser “powering the web”.
OTOH, if you wanted to pick out any one browser to “target” for your webpage (given that these browser all interpret the same HTML differently to each other) … then Firefox is most decidely out in front as the browser to write for.
Sorry to say it, but honesty compels …
You are living in a fantasy world, Lemur2.
I wish I lived in it, too.
Quoting W3Schools numbers as being representative of general use is rather telling about your mindset, don’t you think?
I’m a big FOSS fan. But we must rely upon truth, and not upon clever deception, to attain our goals.
Edited 2008-08-01 04:32 UTC
The numbers reported are indeed very variable, depending on the agenda of the party doing the reporting, but the trends are quite consistent:
Here is a low estimate:
http://www.tgdaily.com/content/view/38653/113/
W3 counter has a mid-range estimate firefox @ 29% and IE @ 60%
http://www.w3counter.com/globalstats.php
The numbers are all over the place, really:
http://en.wikipedia.org/wiki/Usage_share_of_web_browsers
All of these counters differ wildly in the reported usage rates, but they all agree (more or less) on the trends in the figures.
Of course the actual count of firefox use in the US is lower than anywhere else.
The US is quite a bit backwards in many respects, I suppose. In my country, firefox usage rate is perhaps double what it is reported to be in the US …
…
… that is the world that I live in.
PS: Incidentally my own conclusions were: “IE 6 usage is in decline; The rate of uptake of Gecko-based browsers is higher than the rate of increase of IE 7; there is most decidedly no one browser “powering the web”; and if you wanted to pick out any one browser to “target” for your webpage then Firefox is most decidely out in front as the browser to write for.”
Those are all supportable in light of the trends regardless of what actual figures you decide to use.
IE 6 is declining. IE 7 is behind firefox, and not increasing as fast. Do the maths based on the TRENDs in the face of woolly figures like these.
Edited 2008-08-01 10:44 UTC
I can certainly agree that the trend has been toward increasing use of Firefox. Which is impressive, though it is, by no means, the most commonly used browser at this time. And I commend countries like Germany which have embraced it more heavily than some others. And as a citizen of the US, I can certainly agree that we are technologically backward in some very significant ways. (But just try to convince people here in Oklahoma that the US is not hands-down the greatest nation in the world!)
My point was, quite simply, that quoting W3schools was not an accurate reflection of the true state of affairs.
The .net answer is what is called “1-click deployment”.
Basically means you publish the application manifest on a site, which includes versions of all the assemblies. When the app runs, it hits up that site looking for any changes, if there are changes it syncs itself up with the latest version, only downloading the bits that are needed.
If you want to see it in action, check out scott hanselmans babysmash (the only public facing 1-click app i could think of) here http://www.hanselman.com/babysmash/download.htm
Good thing you didn’t have any 3rd party applications installed, eh?
That’s the funniest thing I’ve read all day. Pros. Hehehehe.
I can agree with the article, it is so much easier to keep my Ubuntu systems update to date as opposed to my Windows XP Pro system.
I’d imagine this idea – of centralizing software updates via the Microsoft OS update mechanism or similar – has been thought of countless times but rejected by software houses on commercial grounds.
There’s no upside in it. An outfit like Adobe loses a measure of independence and hocks itself to Microsoft. In turn Microsoft get the blame if something goes wrong with third-party software and expose themselves horribly to a ton of bricks from regulators. The regulators would be worried about Microsoft using its monopoly to extort fees from and force methods on competitors by way of software upgrade processes on Microsoft servers.
So the present system may be crap but I’d guess most big Windows outfits have decided it is the least bad crap.
Yes, Linux is way ahead in this regard. All I have to do is aptitude safe-upgrade and the job is done. If there are serious unresolved bugs in the new software, I will be given the chance to cancel the upgrade process. The whole thing has worked like a charm for several years now on the distro I use. And despite other posts in this thread, no the result is not full of dependency conflicts. It just works, and what’s more it works from servers I can trust not to be infected with malware or advertising rubbish.
“Microsoft should open up Microsoft Update for everyone else …”
Are you MAD? Microsoft Update?
Microsoft Update is a train wreck. God only knows what evil lurks there.
O-M-G! Think about what you are proposing dear man.
Off the top of my head I can think of several things much, much better, dependency-wise too.
Here, is a better solution, from some good folks.
AutoPatcher:
http://en.wikipedia.org/wiki/AutoPatcher
http://www.autopatcher.com/whatsautopatcher/
On the plus side it would speed up the migration away from windows
Why should we trust the closed-source product from “some good folks” more than Windows Update?