Microsoft ponders automatic patching

In the wake of a widespread Internet worm, Microsoft Corp. is weighing options to get more users to secure their computers, including automatically applying security patches to PCs remotely, the company said Thursday.

“We are looking at a range of options to get critical updates on more systems, from finding ways to encourage more people to keep their systems up to date themselves to where it is done automatically by default for certain users,” said Matt Pilla, senior product manager for Windows at Microsoft.

Microsoft does not plan any immediate changes to the way it delivers security patches, but the company also does not intend to wait until the release of its next operating system to improve it, said Pilla.

“This is a priority for us. I think there are a lot of things we can do during the Windows XP time frame to help people make their PCs more secure,” he said. The successor to Windows XP, code-named Longhorn, is expected to be out in 2005 or 2006.

Microsoft currently delivers software patches through its Windows Update Web site and through update software in Windows XP, Windows 2000 and Windows Me. The software does not download and install patches by default, but asks a user to select from various options, including just alerts when an update is available.

“Giving the user the ability to control auto update is important to us,” Pilla said. “One of the things we are working on is a balance between keeping systems up to date and giving users the control over their systems.”

Microsoft on July 16 issued a “critical” security update that fixes a serious security vulnerability in Windows. The company urged customers to patch up. Many apparently ignored the warning, the Blaster worm that started spreading weeks later was able to infect hundreds of thousands of computers by taking advantage of the vulnerability.

Russ Cooper, surgeon general of TruSecure Corp. and moderator of the popular discussion list NTBugtraq, is one of the most outspoken critics of Windows Update. Nevertheless, he is all for automatically delivering security updates.

“I think it is a great idea, they should have done it ages ago,” he said. “We will scrutinize the way they do it. I applaud them for willing to be put under such a microscope for something they believe the world does not trust them to do.”

Microsoft has no choice, it has to take patching in its own hands, said Rob Enderle, principal analyst at Enderle Group in San Jose. “They absolutely have to create a program where patches are applied automatically,” he said.

People worried about giving Microsoft control over their systems should weigh the alternative, Enderle said. “People really don’t want to give Microsoft access, but if they don’t then the patches don’t get applied timely. It is about relatives, do folks trust Microsoft more than they trust a hacker?”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now