Microsoft is tweaking its Windows Update service with Windows 8, and is trying to limit the number of restarts for consumers and small business users to one per month. Also, instead of the current 15-minute warning that a reboot is required, users will have three days to choose the most convenient time to update their PCs. In businesses, where IT administrators set group policies to prevent automatic restarts, users will get a notification on their log-on screen to tell them that a restart is required. This notification will remain until a restart is performed.
Farzana Rahman, the group program manager of the Windows Update group, has outlined Microsoft's plans in a post on the Building Windows 8 blog: Minimizing restarts after automatic updating in Windows Update. Microsoft's planned changes are based on many billions of items of data, but the company may adapt them in response to feedback.
"Windows Update is one of the largest services on the Internet by several measures," says Windows boss Steven Sinofsky. It's also one of the most successful. It "currently updates over 350 million PCs running Windows 7 and over 800 million PCs across all the supported Windows platforms," says Rahman. "There are actually many more PCs updated by WU indirectly if you account for our Windows Software Update Server, and for those machines (or customers) that do all updates manually for any number of reasons."
With roughly a billion PCs using Windows Update, and more than a dozen batches of updates every year, the service has proven astonishingly reliable. This has encouraged its adoption to the point where 89.30 percent of Windows 7 users now have auto-updates enabled, and only 4.88 percent never check for updates.
Limiting Windows restarts
Restarts (reboots) have become a greater annoyance for a number of reasons. These include the much greater stability of Windows Vista and Windows 7 compared with Windows XP (reboots may be rare and crashes almost non-existent), and the increased use of mobile computers that are turned off much of the time. Instead of updates being installed automatically at 3am, while they're asleep, users are faced with the need to update when they resume work in the morning.
Where users have chosen to have updates installed automatically, they should, of course, be installed without their intervention -- and that includes a reboot. If they do not want to change their behaviour, they should change the setting.
Rahman says that with Windows 7 users:
"The majority of automatic update users (39 percent) are updating when they shut down their systems. For these users, there is no automatic restart because the system can complete all steps of the installation during shutdown. This is the least disruptive experience for users, and so we do want to 'hitch a ride' whenever we can on user-initiated shutdowns instead of inconveniencing users with a separate restart."
However, Windows Update exists for two reasons. First, it is intended to help protect users from malware by patching security holes in their systems. Second, it helps to stem the incidence of malware by providing a sort of "herd immunity" that helps prevent malware from growing virally. Rahman says:
"There is one exception to the rule to wait for the monthly security release [before forcing a restart], and that is in the case of critical security update to fix a worm-like vulnerability (for example, a Blaster worm). In that case, WU will not wait, but will go ahead and download, install, and restart automatically. But this will happen only when the security threat is dire enough."
No third party software updates
One bugbear is not being addressed, which is the use of multiple update programs by suppliers of third party software. Today, the majority of critical threats to Windows PCs are not due to security flaws in Windows but holes in software from Adobe, Apple, Oracle (Java) and other suppliers. Their updates are irregular and frequently intrusive. As Rahman says:
"People clearly find the experience with multiple updaters on the system less than optimal (and we agree!). Each application updater gives you a different experience, you have to remember to go visit each updater to install updates, you never know when or how updaters will run and what they might do, and so on. People would like one updater for the entire system."
However, Microsoft is currently unwilling to take this on. The high take-up of Windows Update is based on the fact that "they trust the quality of updates distributed by WU". Bundling in updates for third party programs might diminish that trust.
For those users who have problems knowing when or how to update third party software, there is a very convenient solution (for the programs it covers). I recommend, and use, Secunia's Personal Software Inspector (PSI). This scans your Windows hard drive, lists the applications that need updating, and provides a link to each update. Using PSI also means you don't have to run numerous separate updaters.