Should MS open up Windows Update to 3rd parties?

[Josh]

Here is a question I have been wondering about since the XP days.

With Windows update, you have a system which allows you to patch Windows, Office and various other MS apps all in one central place. My question to you is this, Should MS allow 3rd parties to submit application updates to their service for updating via Windows Update?

I could see this being VERY useful, especially for ma and pa who do not care about updating applications (I ran into a system recently running adobe reader 5).

What do you think?

This post was inspired by Betanews (Source)

[Eóin]

I'm actually working on a limited type of auto updater now. I would have loved if it could integrate into Windows Update but there doesn't seem to be such an option.

That said I have found integrating Windows Update into my application is quite easy, MS expose a complete COM interface to the Windows Update Agent together with excellent documentation and examples.

My intention now is to replace Windows Update and offer the user a single location for both installing MS updates together with 3rd party ones. As it is, I'm finding the application progressing quite well.

[f0dder]

I really don't know.

It would definitely be great to receive updates for 3rd party programs from a single (and trusted) source with plenty of bandwidth, and not having a zillion different applications wanting to use their own auto-update tools and call-home checks... but I wonder if it would be feasible.

[40hz]

The single biggest barrier is one of trust. How well do you trust the 3rd party not to do something evil? And how much responsibility do you want to take for distributing something you didn't write yourself?

For that reason alone I don't see mothership Microsoft hosting 3rd party application updates on their servers. AFAIK they only do that for hardware drivers from the big players they actively partner with (i.e. Intel,ATI, etc.). And from what I've been told, those driver updates were already approved for distribution in the OS before they showed up on the update site.

Incorporating MS updates into you own updater faces a similar problem. How well does your customer trust you to secure clean and uncompromised copies of Microsoft's patches? And how much liability are you willing to risk to do so. That's why many installers redirect you to Microsoft when you need a Windows component even though the terms of distribution may not require it.

FWIW, I always abort an install that says I'm missing a Microsoft component when it offers to install it or redirect me. I quit, go to microsoft.com (it's actually a cached WSUS mirror on my own server) install whatever I need, then launch the app installer again.

Maybe I am a little paranoid about these things. But I don't think I'm that much alone in being this way. I've avoided a lot of headaches by staying on the side of caution.

I've only had one time where I had a system taken down by something rogue. It didn't sneak past me. But it did seriously screw up the machine. And all this happened following a silent redirect off a tech support website I had been visiting for years. (They'd been hacked and didn't know it.)

But that was just that one time.

And since I go back to DOS, that's a pretty good track record.

So a little paranoia ain't necessarily a bad thing.

Works for me at any rate.  
 

[Stoic Joker]

+1 

[SKA]

Monogamy (just MS) preferred to polygamy(all ISVs messing with your PC)

This may well lead MS / ISVs "to charge users" for Windows Update , who will do this  for free ?

SKA

[Renegade]

The single biggest barrier is one of trust. How well do you trust the 3rd party not to do something evil? And how much responsibility do you want to take for distributing something you didn't write yourself?

-40hz (February 07, 2011, 01:50 PM)

+1

It would be just nutty for MS to allow other ISVs. Autoupdate viruses? Hmmm... too risky.

There are enough autoupdater components out there already, so there's no need for Windows update to be used by anyone except MS.

[f0dder]

Renegade: the whole point would be getting rid of all those FSCKING LAME "so ein ding mussen ich auch haben" 3rd-party auto-update tools, and have one centralized & stream-lined process to handle all updates. It would be very++ nice for the end-users.

[Ath]

Renegade: the whole point would be getting rid of all those FSCKING LAME "so ein ding mussen ich auch haben" 3rd-party auto-update tools, and have one centralized & stream-lined process to handle all updates. It would be very++ nice for the end-users.

-f0dder (February 08, 2011, 02:54 AM)

Isn't that where DCUpdater comes in and fills a niche? All can conform to that standard as it's quite easy to setup and use. Maybe the UI could use a little W7 sauce to make the Apple fanboys using Windows a bit less unhappy, but it has a pretty much the same use-scheme as Windows Updates already.

[f0dder]

Isn't that where DCUpdater comes in and fills a niche?

-Ath (February 08, 2011, 03:07 AM)

DCU is better than every DoCo tool by different authors having their own autoupdater, but it's still Yet Another Autoupdater when viewed in the bigger picture...

[Renegade]

Renegade: the whole point would be getting rid of all those FSCKING LAME "so ein ding mussen ich auch haben" 3rd-party auto-update tools, and have one centralized & stream-lined process to handle all updates. It would be very++ nice for the end-users.

-f0dder (February 08, 2011, 02:54 AM)

No disagreement there. I just can't see MS doing it. The risk is simply too high.

It would be a major initiative to verify vendors, and would be costly for them. Who would opt in? Not sure.

It would be nice to see better updates though.

[f0dder]

Yes, the problem is that each and every update would have to be verified by MS, which would be quite a burden, and would slow down updates. Either that, or updates would only be from very big vendors.

[Carol Haynes]

Not sure about software updates but major vendor driver updates would be nice.

One of the things that really annoys me is that MS update supplies crappy out of date drivers and often tries to push them over proper manufacturers drivers.

It would be good if MS just did quality control on manufacturers drivers and issued those rather than the limited and out of date versions they often offer.

Having said that the biggest problem with any 3rd party involvement with MS is one of cost. MS likes to screw as much cash out of its 'partners' as possible* and you can bet your life that if they did open up to 3rd party they would put some mechanism in place to force all updates through their system which would kill off small developers.

*

rant

I am miffed that I have a MAPS subscription with MS and stupidly opted to pay to have DVDs delivered at some exorbitant price rather than download and burn your own DVDs. So far this year they have only sent out 2 DVDs (which I didn't want or need) and haven't sent out any 64 bit copies of Windows 7 since it was released - so I have to download those and burn them despite paying for physical delivery. What a ripoff!

[Josh]

MS Supplies WHQL certified drivers. Vendors do not spend the time/money to WHQL drivers and those are the ones which typically cause issues with the OS (I SAID TYPICALLY, I know many have had no problems). The liability issue comes into play here again, do we release something to WU that we have not certified?

[Carol Haynes]

MS might supply WHQL drivers but they are often feature limited and on more than one occasion recently I have had to recover a computer where MS have supplied a driver that bricked a system (well at least introduced a BSOD screaming cycle).

Vendors such as nVidia seem to supply WHQL drivers (at least when they release final non-beta drivers).

[40hz]

@Carol - thanks for that bit of news on the MAPS w/DVD option. I just renewed and opted for the cheaper "no media" subscription. I had a niggling concern I might have been too thrifty for my own good in doing so. But seeing your comment made me feel much better about my decision to do without those (apparently nonexistent) DVD sets.   

[Carol Haynes]

Yes - they were supposed to send out 4 mailing a year but in the past 12 months they haven't really released much and what they have released they haven't bothered to send the media packs. It beggars belief that they won't send out Windows 7 64-bit in DVD format !!

[Stoic Joker]

I've still got several stacks of CDs from the MSDN subscription stacked around my office that I haven't had time to deal with...and we went digital delivery 2 years ago...

I can still get anything I need is short order, and locally store (.iso) copies of things I use often. It works out great...and takes up no space at all!

[Carol Haynes]

It works out great...and takes up no space at all!

-Stoic Joker (February 08, 2011, 11:26 AM)

You are right of course - I just object to wasting my bandwidth on downloading DVD images when I have better things to do. Its fine when you super fast internet access but when it takes half a day per file ...

[40hz]

It works out great...and takes up no space at all!

-Stoic Joker (February 08, 2011, 11:26 AM)

You are right of course - I just object to wasting my bandwidth on downloading DVD images when I have better things to do. Its fine when you super fast internet access but when it takes half a day per file ...

-Carol Haynes (February 08, 2011, 11:37 AM)

+1! 

It's not quite that slow for me. But I still batch them a few at a time for overnight when I don't need something 'immediately.'

What I do miss, however, are some of those self-running sales demo/presentation disks and client assessment tools. You used to get those back when they still shipped MAPS in those nice plastic project binders along with hardcopy sales and tech info.

If less is more, we're definitely getting 'more' these days.

-----
Addendum: check out their new cloud services initiative when you get a chance. They're about to change the whole ballgame for the Partner Network with that move.

Like today's I Ching says:

Wèi jí Before Completion



Fire above the waters.
It is not yet over.
The Superior Man is careful to discriminate the nature of things
And put each in its proper place.

[Carol Haynes]

I have to confess I am not that interested in MS cloud services! Been badly bitten in the past with the community stuff they produced (ie. they lost all of my content and on complaining I got a shrug and couldn't give a damn episode). Also can't stand the way everything gets bound to Internet Explorer or you suffer from their oddities.

[Stoic Joker]

It works out great...and takes up no space at all!

-Stoic Joker (February 08, 2011, 11:26 AM)

You are right of course - I just object to wasting my bandwidth on downloading DVD images when I have better things to do. Its fine when you super fast internet access but when it takes half a day per file ...

-Carol Haynes (February 08, 2011, 11:37 AM)

+1! 

It's not quite that slow for me. But I still batch them a few at a time for overnight when I don't need something 'immediately.'

-40hz (February 08, 2011, 12:43 PM)

Me too. We have a T1 here at the office, which really ain't that fast by todays standards - But we need the guaranteed upstream for misc.. If I really gotta get something quick, I'll RDP into my home office and setup the transfer from there (and go grab it at lunch or on the way to where ever).

[mwb1100]

One thing Microsoft *should* do is provide a framework/interface/control panel for auto updates so that there's one place to go to manage these things.  Actually, MS should have done that a long time ago - back when they provided a standard place to go to uninstall.  They don't need to host the update, just provide a standard control panel to manage updates for installed software.

3rd parties could still decide to do things their own way (just like they can for uninstall), but there would be incentive for vendors to plug into the 'standard' way to manage updates.

It would be quite nice to be able to go to one place to be able to enable/disable auto updates, or manually launch update processes.  All those stupid little icons that insist they be allowed to show up in the notification area and those annoying pop-up messages can just go away since they'd have no reason to exist anymore.

A guy can dream, can't he?

[JavaJones]

mwb1100 hits the nail squarely on the head and said exactly what I was going to say. Provide an update management *system* that unifies it all in one place, provides mechanisms for security and verifiability (e.g. similar to how browsers work with certificates, encryption, etc.), but does not *host* anything nor specify or approve what apps can use the system. Just like the program manager, any app that's installed can show up there, maybe even make it a mandatory part of being installed in Windows just like an entry in program manager (or incorporate it into the same UI as an updates tab or something); apps that don't implement auto-update are free to simply list a web URL to download updates if they prefer.

So developers are free to use (or not use) it just like Windows program manager (install/uninstall), the sound or graphics APIs or, or newer stuff like voice synthesis and recognition APIs. These are all services the OS provides, but surely nobody (who is reasonable and not an idiot) blames Microsoft if the app they're using has a bad UI (displayed using Windows APIs), bad voice recognition support, or a crappy installer/uninstaller (I'm looking at you HP and big antivirus app manufacturers!).

I think what makes this less than a no-brainer "YES!" answer for everyone is the idea that app updates would be part of *Microsoft Update*. If they are instead simply displayed and accessible in a Windows control panel applet, does that not make huge amounts of sense? The very act of providing an API and control panel for this means many, many more devs would take advantage better updating functionality. Just as has been true with the many other APIs MS has provided over the years.

- Oshyan