Windows patches may become automatic

In the aftermath of the MSBlast worm, Microsoft says it may be time to take more control of the Windows update mechanism.

Matthew Broersma Special to CNET News
2 min read
In the aftermath of the MSBlast worm, Microsoft says it may be time to change the way Windows updates its security patches by making the process automatic by default.

A Microsoft representative said the company is "giving strong consideration to enabling Auto Update by default in future versions of Windows," though the company has not yet committed to a time frame. If Microsoft decides to go ahead with the change, it could be implemented in "Longhorn," the code name for the next version of Windows expected to come out in late 2004.

Automatic installation of security patches might have helped prevent the recent MSBlast worm, which successfully attacked hundreds of thousands of PCs that had not installed a month-old patch.

Currently, automatic updates are available as an option. Microsoft executives said the company decided not to make the feature a Windows default with Windows XP after customer feedback that suggested people did not want Microsoft controlling their PCs.

Some security experts, even those normally suspicious of Microsoft, said automatic updates might be the best way to secure PCs--particularly those of home users and small businesses.

Bruce Schneier, co-founder of Counterpane Internet Security and a well-known Microsoft critic, came out in support of the suggestion, telling The Washington Post that it was a "trade-off that's worthwhile."

Market research firm Gartner said such a move could help average people who generally lack the time and IT knowledge to keep up with the latest patches.

But Gartner asserts that Microsoft must make some changes to its updating system before it can be trusted to install software automatically on people's PCs. Gartner said Microsoft must promise not to use the auto-update feature for anything but security patches and should allow a security review of the system by outside parties.

"A compromise of this comparatively new feature could have catastrophic results," Gartner's Terry Allan Hicks said in a statement.

Many people, particularly enterprise system administrators, like to evaluate patches before they are applied because patches can interfere with other software, or even cause system failures. In a well-known incident, Microsoft's Service Pack 6 for Windows NT crashed thousands of servers.

When the first Windows XP service patch appeared last fall, critics said the patch's terms of use gave Microsoft the right to check product versions and block some programs, although Microsoft insisted that no personal information would be collected.

This is not the first time Microsoft has wanted to change its software update mechanism. In June, the company said it planned to simplify its patch technology and to expand its automatic update service to include more products.

The software giant identified four areas in which it plans to make improvements over the next 12 months: patch quality; delivering information to its customers; broadening the number of applications supported by its automated update technology; and simplifying the way that patches are applied.

Matthew Broersma of ZDNet UK reported from London. CNET News.com's Robert Lemos contributed to this report.