Monday, September 17, 2007

Whose computer is it?

It looks like Microsoft has been updating Windows XP and Vista systems without the computer owners' knowledge or consent:

Over the last few weeks, without user approval, Windows Update has updated nine small executable files in both Windows XP and Windows Vista. "I did not download this and my Windows Update is still not set to automatic," a poster named Engle wrote on a Microsoft discussion board. "This has got me really puzzled." Both eWeek Labs and Windows Secrets report that they have confirmed cases of Windows Update downloading and installing an update without permission.

The updates in question actually updated Windows Update's own software. If Windows Update doesn't update itself, it stops functioning properly and is not able to recognize when new updates are available, according to Microsoft.
The issue isn't whether these updates are benign - they were.

Nor is it security, although that is of course a concern. Were this functionality to become exploitable by black hats, they'd be able to install malicious software on Windows machines with even less difficulty than they have faced so far, and that has been a level of difficulty they have been able to overcome. Updates are digitally signed, and there's no such exploit available at the moment, in fact it's theoretically difficult to achieve.

No, the real issue is who owns your computer, Microsoft or you. These updates could have been flagged up by a user alert that explained the situation and recommended they be installed. The idea that your operating system allows another company to install software arbitrarily, at their instigation, without your knowledge is only acceptable if you have absolute faith in the present and future goodwill of that company and its inheritors.

That's the sort of faith demanded by supporters of things like compulsory national DNA databases. It's not something I, for one, am willing to grant.

Although I'm a Linux user and advocate, I recognise that even the most user-friendly distributions, like Ubuntu, are problematic in some respects. The Ubuntu/Gnome network configuration tool, for example, is crap in a completely mystifying way - the underlying ifconfig command is completely robust and to develop a graphical interface that sometimes requires a reboot before a new configuration takes effect must have required a special level of incompetence. The Linux implementation of the printing subsystem CUPS can only be seen in its true, awful, light when you reflect that this also underlies Apple's OS X printing, where it works perfectly. Licensing problems with things like media codecs intrude to an annoying degree. Some distributions apparently believe that a modern workstation can function without technologies like Flash and RealPlayer.

Nonetheless, for most hardware configurations, Linux just installs seamlessly, works fine and offers a huge range of cost-effective software. But if you don't want to use that, there's always the Rolls Royce of personal computers - anything by Apple.

I don't trust Microsoft and I'm not willing to use their products. I don't understand why anyone is.

Via Schneier.


Anonymous said...

I thought you were a FreeBSD user and advocate.

Now that I can respect. Although I guess that is showing my biases.

Peter Risdon said...

I am, but I use Linux on my laptop and don't advocate the use of FreeBSD for workstations for the non-technical.

Anonymous said...