Main Area and Open Discussion > General Software Discussion

Should MS open up Windows Update to 3rd parties?

(1/5) > >>

Josh:
Here is a question I have been wondering about since the XP days.

With Windows update, you have a system which allows you to patch Windows, Office and various other MS apps all in one central place. My question to you is this, Should MS allow 3rd parties to submit application updates to their service for updating via Windows Update?

I could see this being VERY useful, especially for ma and pa who do not care about updating applications (I ran into a system recently running adobe reader 5).

What do you think?

This post was inspired by Betanews (Source)

Eóin:
I'm actually working on a limited type of auto updater now. I would have loved if it could integrate into Windows Update but there doesn't seem to be such an option.

That said I have found integrating Windows Update into my application is quite easy, MS expose a complete COM interface to the Windows Update Agent together with excellent documentation and examples.

My intention now is to replace Windows Update and offer the user a single location for both installing MS updates together with 3rd party ones. As it is, I'm finding the application progressing quite well.

f0dder:
I really don't know.

It would definitely be great to receive updates for 3rd party programs from a single (and trusted) source with plenty of bandwidth, and not having a zillion different applications wanting to use their own auto-update tools and call-home checks... but I wonder if it would be feasible.

40hz:
The single biggest barrier is one of trust. How well do you trust the 3rd party not to do something evil? And how much responsibility do you want to take for distributing something you didn't write yourself?

For that reason alone I don't see mothership Microsoft hosting 3rd party application updates on their servers. AFAIK they only do that for hardware drivers from the big players they actively partner with (i.e. Intel,ATI, etc.). And from what I've been told, those driver updates were already approved for distribution in the OS before they showed up on the update site.

Incorporating MS updates into you own updater faces a similar problem. How well does your customer trust you to secure clean and uncompromised copies of Microsoft's patches? And how much liability are you willing to risk to do so. That's why many installers redirect you to Microsoft when you need a Windows component even though the terms of distribution may not require it.

FWIW, I always abort an install that says I'm missing a Microsoft component when it offers to install it or redirect me. I quit, go to microsoft.com (it's actually a cached WSUS mirror on my own server) install whatever I need, then launch the app installer again.

Maybe I am a little paranoid about these things. But I don't think I'm that much alone in being this way. I've avoided a lot of headaches by staying on the side of caution.

I've only had one time where I had a system taken down by something rogue. It didn't sneak past me. But it did seriously screw up the machine. And all this happened following a silent redirect off a tech support website I had been visiting for years. (They'd been hacked and didn't know it.)

But that was just that one time.

And since I go back to DOS, that's a pretty good track record.

So a little paranoia ain't necessarily a bad thing.

Works for me at any rate.  
 :)

Stoic Joker:
+1  :Thmbsup:

Navigation

[0] Message Index

[#] Next page