Reaction: Forced Updates

The controversy over Microsoft forcing upgrades on users is in the news again, as the EFF has posted an article once again about the forced upgrades to Windows 10, and the various data collection schemes Microsoft has put in place. I understand the concern, but… A couple of points to consider, starting with forced upgrades—

When I worked in customer support I sometimes wished we had forced upgrades (rather than paid ones, in fact). There are so many times someone doesn’t upgrade past an obvious bug. We would spend hours working around the bug because they didn’t want to upgrade. It probably cost the company I worked for millions of dollars in support a year so we could refrain from saying, “take two upgrades and call me in the morning.”

As an operator, I see the other side of this story—if I don’t need the upgrade, or I’m not hitting the bug, I shouldn’t need to upgrade.

The world of IoT—in fact, the world in which we live, where millions of machines are used as botnets without the knowledge of their owners—is pretty frightening without forced upgrades. I wonder how many millions of dollars a year machines with older software installed cost banks, governments, and other people on the ‘net, because they are perfect bots for large scale DDoS botnets?

My thought is this: If the machine lives behind a corporate IT department, there’s someone who’s supposed to be a responsible adult. Let the responsible adult make the decision. If the machine isn’t attached to someone who actually knows how to run a network, then it should be fair game for forced upgrades—if for no other reason than to protect the rest of the world. Another idea—if you turn off automatic updates, and your machine is used as part of a botnet to cause a financial institution millions of dollars in damages, they you get to pay for part of the damages. You might not have been acting willfully, but you were acting negligently, and you can still be held responsible for negligent acts that cause others measurable harm.