Tech Shakedown #5: Microsoft justifies Vista's forcing of unwanted reboots
Summary: Two weeks ago, I posted a ZDNet Technology Shakedown video showing how, after downloading and installing some updates, Windows Vista initiated a forced reboot of itself without allowing me the option to postpone that reboot. The options were there.
Two weeks ago, I posted a ZDNet Technology Shakedown video showing how, after downloading and installing some updates, Windows Vista initiated a forced reboot of itself without allowing me the option to postpone that reboot. The options were there. But they were inaccessible. I was critical of the experience because the odds are pretty good that a user of Windows Vista could be in the middle of doing something important with their PC that can't be delayed because of a forced reboot. For example, they could be participating in a realtime online conference of some sort (eg: with something like WebEx). Or what if the user was under the gun to get something done by a certain deadline? I can't possibly count with two hands how many times I've had something that takes 30 minutes to do, but only 15 minutes to do it. In situations like that, I'd most certainly blow a gasket if my operating system forced a reboot of itself.
Anyway, that video caused quite a stir and judging by the responses both in the comments area and in my e-mail, a lot of people asked for the gory details, many in hopes of proving that it was my fault rather than a design flaw in Windows Vista. At the very least, since many ZDNet readers weren't seeing the same behavior in their Vista-based systems, it merited further testing and investigation with Microsoft. As you can see in the video attached to this blog, I reproduced the testing conditions and was able to determine the single gating factor that controlled whether or not the option to delay a forced reboot is available to an end-user of Vista. Furthermore, I was able to confirm the behavior with Microsoft who sees this not as a bug, but as a feature of Vista. In other words, Vista behaves this way by design: a decision I find troubling given the sort of interruption it can lead to.
So what in my configuration of Windows Vista was the culprit? It's the fact that I was logged into Vista as a standard user instead of an administrative user. According to Microsoft, if the administrator of a system (even a stand alone system that's not joined to some organizational domain) has set Windows Update to automatically download and install updates (as I have) and a reboot is required for those installations to complete themselves (not always the case), that reboot will be a forced one with no opportunity to postpone if you're logged into Windows Vista as a standard user.
A lot has been written about the differences between administrative and standard users in Windows Vista. As can be seen from the partial screenshot below, Vista's user interface strongly recommends that users of Vista be standard, and not administrative users (continued below).
When logged into Windows Vista as a standard user, the likelihood that the user or any malware that inherits the rights of that user can do serious damage to the operating system is greatly reduced, if not completely eliminated. When logged-in as a standard user, doing anything that requires system-level access also requires the entry of administrative credentials. Even if you're logged in as an administrative user, Vista will prompt you to bless any operation (ie: modifying a user account, installing/uninstalling software, etc.) that could potentially affect sensitive areas of the system.
In trying to keep my systems as secure as possible, I try to heed Microsoft's advice. I've set my systems (XP and Vista) to automatically update themselves and, in the case of Vista, I've been running my systems as a standard user (and have recommended the same to ZDNet's readers). But, as Microsoft explained to me, in so doing, I've subject myself to the forced reboot phenomenon.
In a dialog involving several back-n-forth e-mails, a Microsoft spokesperson responded to my original inquiry as follows:
What happened [in my case] was that [Vista's] Automatic Update (AU) had downloaded updates and was ready to install them at the scheduled 3am time [the time I have Windows Update scheduled to run]. [You] shutdown the system without installing the updates. Upon turning the machine on, AU realized that the scheduled install was missed and so the install was initiated (immediately starting the install vs. waiting for the next schedule time is controllable by policy). Starting the installation as soon as possible is the safest and most secure default. The install of the update required a reboot in order to complete the installation and secure the machine. Because an administrative user had configured the machine to automatically stay up to date, the reboot is not postpone-able by a non-admin. Allowing a non-admin to override an admin’s wish is not the right default for security sake. This behavior is also controllable by policy to allow a non-admin user to interact with Windows Update.
So yes, what [you] experienced is by design and justifiable as it does not allow a non-admin to go against the wishes of the administrative user. And again if running as a non-admin is his normal mode of operation, then there are policies which can be set to tweak behaviors more to his liking.
I was a bit confused by this response, mostly because my machine wasn't joined to an organizational domain through which central policies regarding standard user access to administrative functions are normally implemented. The note is written as though Vista provides some policy-setting feature that can grant standard users whatever administrative access they need to change the settings of Windows Update. I couldn't find an easy way to do this. Via a subsequent round of e-mails, that spokesperson explained:
Local policy can also be configured for non-domain joined machines. This is done through gpedit.msc. this will only exist on [Vista's] business [versions] and Ultimate. setting the regkeys directly is described in the WSUS deployment guide.
I could opine for several more pages regarding the restriction of this facility to the Business and Ultimate versions of Vista or the fact that making these policy adjustments is far easier said than done (editing the registry is not for the faint at heart). But, in these case, it's better to see the forest from the trees. I can see where, if an IT manager at some organization says "thou shalt update your systems according to our rules and not yours," the affected systems and their users may, for corporate security reasons, be subject to forced reboots. I'm not sure if such a policy would make a lot of friends in userland. But business IT departments can and do set such company wide policies.
But in the case of individual users on their systems that are not joined to some domain or subject to some organizational update edict, a forced reboot without the option to postpone seems rather harsh. When configuring Windows Update, either when Vista is "burned-in" for the first time during the out of box experience or later (through the Tools menu in Internet Explorer), the user interface does not adequately communicate that automatic updates means "forced reboot" as well for standard users. Since many users of Vista will have earned their Windows chops on Windows XP, their expectation (since most ran XP as administrators.... running XP in standard user mode was pretty much impossible) will be that they'll have the opportunity to delay such reboots and that offering that option to postpone updates is simply part of the rubrick of updating Windows (as it appeared to be in XP).
At the very least, as stated in the video above, the option to postpone an update installation should be available to standard users who are prepared to supply administrative credentials as a part of the same escalation process that takes place when standard users attempt other tasks that require administrative access.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Remember David...
Or you can move to another system and own your PC AND do with it as YOU wish WHEN you wish! ]:)
Please explain
What system will allow a standard user account to cancel an administrator initiated reboot? Show me that system and I'll show you a system with a [b]severe[/b] security flaw.
You do realize that any rational reasons you may have for hating Microsoft's EULA are completely discredited when you bring it up in discussions that have nothing to do with EULAs, right? To suggest that standard user accounts should be able to [i]own your PC AND do with it as YOU wish WHEN you wish[/i] is ridiculous and certainly isn't true on any of my Linux boxes. How about yours?
Don't get me wrong, the default settings in this case aren't correct. The default settings are the ones that must change. However, Vista carried out those default settings in the most secure manner possible and that is a [b]good[/b] thing that has nothing to do with Microsoft's EULA. Again, you do yourself and your "cause" a disservice by bringing this up here.
Feels like I am talkin' to
talking to talking to?
Jeez, dude, learn how to write, and learn that just 'cause you like Linux DOESN'T mean everyone else does, or that some of us want to change. Do we try to make you use Windows? No. Give us the same common courtesy, please.
No one is trying to make you use anything
The fact is Linux does not need to reboot after installing security patches, nor does it need to reboot after updating any of the 1000s of applications that can be installed along with the OS.
So there is never a case where the non root user needs to abort a forced reboot.
Rebooting after installing security patches is a Microsoft Windows only phenomenon. You are free to put up with that sort of behaviour from your OS, or change, as you choose.
Oh and stop being so damned defensive when someone points out one of the many flaws in the Windows OS, you, after all, have chosen to use it, warts and all.
It's not even a flaw, though...
You are so wrong on so many counts I don't know where to begin.
How does Microsoft have control? By having made a choice that the ABM crowd disagrees with? You might have a point if Microsoft didn't allow you to change it.
"The fact is Linux does not need to reboot after installing security patches, nor does it need to reboot after updating any of the 1000s of applications that can be installed along with the OS."
It does for any operating system files that are in use at the time the patch is installed. On my Solaris (yes, I know we're talking about Linux but the concept is the same) systems there are many security patches that will not install until the system is rebooted. This is the default policy but can be changed.
"So there is never a case where the non root user needs to abort a forced reboot."
Sure there is. Put the following in a shell script and run it from cron every night at 3am:
yum -y update
reboot
If I'm a non-root user using the system at the time I am not given the opportunity to abort the reboot.
"Rebooting after installing security patches is a Microsoft Windows only phenomenon."
Wrong. It applies to all operating systems.
"Oh and stop being so damned defensive when someone points out one of the many flaws in the Windows OS, you, after all, have chosen to use it, warts and all."
Nothing wrong with pointing out the warts when they're real. As it is this is an imaginary "wart". A decision made by Microsoft that the ABMers have decided to label bad and run with so they can, once again, attempt to show how superior other operating systems are.
I run Mandriva and Windows
It's irrelevant whether I schedule the Windows update for some time when I'm not using the machines or not, the fact is the machines needs a reboot after every update. If I happen to be working on a Windows desktop at the time the update takes place it will want to reboot. The Windows Servers naturally also want to reboot - the production server which runs ASP.NET web applications naturally shuts down at the most inconvenient time (any time on the server is inconvenient)
On the other hand my Linux servers rarely need to be rebooted. Most of the time I can install updates on my desktop while I'm working and not even notice. Occassionally an application I'm working on will shutdown and restart (that's happened to me 3 times in the last 2 years), and carry on as if nothing has happened.
The only time I've had to reboot any Linux box is after a kernel update, and that doesn't happen all that often. Any other update occurs and it's business as usual.
Microsoft has control because either they have decided, or because of poor design on their part, that your computer must reboot itself aven for trivial (or what would be trivial on my Linux systems) updates.
It's most definately a wart, and a rather large one.
No, Linux doesn't require a reboot.
Imagine that: a script that runs that EXPLICITLY reboots your machine rebooting your machine. What a concept. That's like suing Ford because you got a speeding ticket. After all, it was Ford's fault you told the car to go 100 MPH, right?
What were you trying to prove by that? Try it without the reboot command in the second line and maybe you'd have a point. The problem, of course, is that you wouldn't have to reboot, thereby defeating your own purpose. You knew that when you wrote it.
You do hold a high regard for simpletons
su -
And not sign your life and unborn children to redmond.
How can EULA possibly have nothing to do?
computer, when EULA is EXACTLY what
disallows one to use their computer as they
see fit?
Talk about rational! You make no sense at
all.
What does the EULA have to do with user
accounts? Doesn't even mention user
accounts. It don't care WHO you are or what
kind of user you are, you have no rights (if
you use Microsoft software). It belongs to
Microsoft and Microsoft is the boss. Have
you ever even read it?
Quoted directly from a supplemental EULA:
"Microsoft retains all right, title and
interest in and to the OS Components. All
rights not expressly granted are reserved by
Microsoft........ MICROSOFT DISCLAIMS ALL
WARRANTIES WITH RESPECT TO THE OS COMPONENTS
AS FOLLOWS: DISCLAIMER OF WARRANTIES. TO THE
MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW,
MICROSOFT AND ITS SUPPLIERS PROVIDE TO YOU
THE OS COMPONENTS, AND ANY (IF ANY) SUPPORT
SERVICES RELATED TO THE OS COMPONENTS
("SUPPORT SERVICES") AS IS AND WITH ALL
FAULTS; AND MICROSOFT AND ITS SUPPLIERS
HEREBY DISCLAIM WITH RESPECT TO THE OS
COMPONENTS AND SUPPORT SERVICES ALL
WARRANTIES AND CONDITIONS, WHETHER EXPRESS,
IMPLIED OR STATUTORY, INCLUDING, BUT NOT
LIMITED TO, ANY (IF ANY) WARRANTIES, DUTIES
OR CONDITIONS OF OR RELATED TO:
MERCHANTABLE, FITNESS FOR A PARTICULAR
PURPOSE, LACK OF VIRUSES, ACCURACY OR
COMPLETENESS OF RESPONSES, RESULTS,
WORKMANLIKE EFFORT AND LACK OF NEGLIGENCE.
ALSO THERE IS NO WARRANTY, DUTY OR CONDITION
OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION,
CORRESPONDENCE TO DESCRIPTION OR
NON-INFRINGEMENT. THE ENTIRE RISK ARISING
OUT OF USE OR PERFORMANCE OF THE OS
COMPONENTS AND ANY SUPPORT SERVICES REMAINS
WITH YOU. EXCLUSION OF INCIDENTAL,
CONSEQUENTIAL AND CERTAIN OTHER DAMAGES. TO
THE MAXIMUM EXTENT PERMITTED BY APPLICABLE
LAW, IN NO EVENT SHALL MICROSOFT OR ITS
SUPPLIERS BE LIABLE FOR ANY SPECIAL,
INCIDENTAL, INDIRECT, PUNITIVE OR
CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING,
BUT NOT LIMITED TO, DAMAGES FOR: LOSS OF
PROFITS, LOSS OF CONFIDENTIAL OR OTHER
INFORMATION, BUSINESS INTERRUPTION, PERSONAL
INJURY, LOSS OF PRIVACY, FAILURE TO MEET ANY
DUTY (INCLUDING OF GOOD FAITH OR OF
REASONABLE CARE), NEGLIGENCE, AND ANY OTHER
PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING
OUT OF OR IN ANY WAY RELATED TO THE USE OF
OR INABILITY TO USE THE OS COMPONENTS OR THE
SUPPORT SERVICES, OR THE PROVISION OF OR
FAILURE TO PROVIDE SUPPORT SERVICES, OR
OTHERWISE UNDER OR IN CONNECTION WITH ANY
PROVISION OF THIS SUPPLEMENTAL EULA, EVEN IF
MICROSOFT OR ANY SUPPLIER HAS BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES.
LIMITATION OF LIABILITY AND REMEDIES.
NOTWITHSTANDING ANY DAMAGES THAT YOU MIGHT
INCUR FOR ANY REASON WHATSOEVER (INCLUDING,
WITHOUT LIMITATION, ALL DAMAGES REFERENCED
ABOVE AND ALL DIRECT OR GENERAL DAMAGES),
THE ENTIRE LIABILITY OF MICROSOFT AND ANY OF
ITS SUPPLIERS UNDER ANY PROVISION OF THIS
SUPPLEMENTAL EULA AND YOUR EXCLUSIVE REMEDY
FOR ALL OF THE FOREGOING SHALL BE LIMITED TO
ACTUAL DAMAGES INCURRED BY YOU BASED ON
REASONABLE RELIANCE UP TO THE GREATER OF THE
AMOUNT ACTUALLY PAID BY YOU FOR THE OS
COMPONENTS OR U.S.$5.00. THE FOREGOING
LIMITATIONS, EXCLUSIONS AND DISCLAIMERS
SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED
BY APPLICABLE LAW, EVEN IF ANY REMEDY FAILS
ITS ESSENTIAL PURPOSE."
If you can't read too well, as you
apparently cannot, this tells you that you
have zero rights and Microsoft has ALL
rights.
Hasta La Vista
well
It seems to me that it says that MS is not liable for any damages caused by the OS (more or less). It doesn't really say I have no rights, and since the Constitution is still valid (for now), I think I do have a few left.
Just curious, who is liable if Linux causes any damage?
What part of?
interest in and to the OS Components. All
rights not expressly granted are reserved by
Microsoft......."
do you NOT understand? If Microsoft "retains
all rights", what rights does that leave
you, unless they are "expressly granted"? Do
you see and rights expressly granted to you?
Or are you another one who doesn't read too
well?
missing the whole rigths issues
The issues is that MS made a bad decision to reboot the pc w/o user intervention.
Where is all the links?
their customers? You must have missed the
part (if you ever even read your EULA, which
you obviously didn't or you wouldn't be
talking such nonesense) where Microsoft
denies You (the user) the right to sue them.
I didn't lease a car.
The issue is not that Microsoft made a bad
decision, and I don't give a flip about
rebooting. The issue IS, if you use
Microsoft's software, you have no rights, as
far as Microsoft is concerned.
You can give your money to Microsoft and use
their crapware all you want, but you have no
more right to spread false doctrine than
Microsoft gives you. If you think Microsoft
gives you any rights, please copy and paste
the applicable portions that give you the
rights, or at least a link to it.
You can't comprehend what you read...
It also means you can't reverse engineer and CHANGE the software. You can add anything you want to it, but can't CHANGE their code. This is the same as MOST PROGRAMS YOU BUY. Obviously, there a few that have something a little different, but that is the standard. Microsoft's EULA has 0 to do with the freggin' ability of an standard user to override an administrator.
DUH. The EULA DOES give you full rights to the software. It DOESN'T give you rights to STEAL the code. DUH. I am tired of people not knowing ANYTHING about comprehension of legal agreements.
Total agreement
...if you're running STANDARD user mode, YOU HAVE NO RIGHT TO DO WHATEVER YOU WANT! Period.
There are limits in standard mode...I don't understand how hard that is for people to comprehend??? And for those that make the "argument" that the "forced" reboot should not be made an option for individuals that run in the default user mode...you're absolutely right--IT'S NOT A OPTION because the default mode is ADMIN, not STANDARD! Freakin' duh, people...how the hell do you think that you can have the right to tell Vista what it can and can't do, and you ain't even the Admin? Hmm...ok?
Sorry to sound blunt or nasty about it, but c'mon really now--all of you "standard" user out there are really complaining about something that you technically have no right to change/override. As so many have tried (unsuccessfully it seems)--including MS response to David--to drill into your brains is that standard users have no power to override the decision of the admin user (whether you're both users or not, Vista doesn't know that and thus treats every standard users equally).
Plain and simple I think, if you don't like it then either switch back to your admin account (if you are both) or make your standard into a admin
"make your standard into a admin"
It is quite possible to make a fully-functional OS that doesn't take a heavy-handed approach to nonprivileged users. I've seen it with my own eyes. In fact, I'm using one right now. Of course, my OS comes from Provo, not Redmond. The fact is that Microsoft screwed the pooch and instead of fixing the problem is trying to spin it as if it's a desirable feature. IOW, business as usual.
I know a lot of young punks
can tell them anything either.
One of my grandsons likes to use stupid nics
like madaxkiller too, but I have explained
to him that such things are not smart and
makes a good impression on no one. He is at
least smart enough to listen to advice from
his elders.
Microsoft is proud of you. You give them
your money and you don't know which end is
up. You are the kind of customer that
Microsoft loves. Maybe, someday, they will
give you a pat on the back and an attaboy.
Meanwhile, don't break your arm patting
yourself on the back. Microsoft won't pay
your hospital bill (which you will see if
you read your EULA).