Question: What's worse than buggy software? Answer: Patches and upgrades that make things even worse. This is a dilemma critical to many applications. How should we cope with the untold millions of computers that are constantly subjected to penetrations, viruses, worms, and other nasties that exploit a steady stream of security weaknesses and flaws? Is finessing, coercing, or even forcing users to install updates a solution, or just an invitation to further aggravation and potential disasters?
The underlying problem is obvious. Much commercial software is a mess on the inside. Get past the flashy graphics and the fancy user interfaces, and you frequently descend into a nightmarish realm of twisted spaghetti-like code that might better belong in a Salvador Dali painting. One recurring type of software security bug, buffer overflows, dates back to the dawn of computing, but only recently are we seeing some serious attempts to limit this vulnerability systemically.
Meanwhile, Microsoft sends forth a stream of patches intending to correct what it designates as "critical" security flaws in its systems, applications, and even its own previous patches. Microsoft certainly isn't alone when it comes to software flaws, but as the massively dominant desktop system vendor, its software and support decisions tend to have much more influence on most consumers, businesses, and other organizations than those of other firms.
Microsoft has expressed continuing concerns about user behavior, seeming to say, in essence, "If we could just find some way to get users to install each and every patch forever, the bugs in our software wouldn't really matter so much." This seems somewhat akin to a vampire, after having bitten your throat and transformed you into one of the living dead, pointing out that vampirism really isn't so bad as long as you get plenty of blood every night and stay out of the sun.
Many computer users pay little if any attention to the issues of security bugs. They take the unfortunate but understandable view that if something seems to be working adequately, don't try to fix it. In the security realm, this can indeed be a very dangerous attitude.
On the other hand, many expert computer users (particularly those using Microsoft products) don't ignore patchesthey're simply terrified of them. Too often, installing seemingly innocuous "fixes" into working systems results in instability, crashes, or even total unusability. Interactions between patches and other software, particularly already-installed third-party packages, can result in widespread disruption to both application and system software. And often there's no going back without total system restores. For example, Microsoft patches have often been incapable of being effectively removed in case of problems. Microsoft has now announced the move to (more organized) monthly aggregated patchesbut has already had to issue additional interim patches to patch their monthly patches!
For a time, it was reported that Microsoft was considering the possibility of forcing virtually all users of Microsoft's systems to accept its Internet-delivered updates. More recently, there's been talk about changing the defaults for "home user" systems to automatically accept Microsoft-provided critical Internet-delivered patches, unless specifically instructed otherwise by users. Not only is it unclear how to accurately delineate this "home users" category, but there may be in such a segregation an ominous attitude: that it's somehow less serious to screw up home users' computers than those of businesses and other more well-heeled customers. This would be an unacceptable outcome.
Widely deployed automatic updating systems for PCs could carry with them another very real and serious riskthe possibility of hackers cracking the Internet-connected update mechanisms, either at the user systems themselves or at central servers, then using them as convenient portals for their own nefarious payloads. Weaknesses in autonomous updating environments (and we know from experience that there almost certainly will be weaknesses) could provide yet another endless series of opportunities for worms, viruses, and other software nightmares.
Users (and/or system administrators, as appropriate) have the need and right to fully control their own computers. No particular class of users should be subjected to defaults considered too risky for another group, nor should we need to risk having our operational systems sidelined by possibly unstable vendor patches that may do more damage than the original bugs. A plethora of patches will never be a substitute for true quality software.
©2003 ACM 0002-0782/03/1200 $5.00
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.
The Digital Library is published by the Association for Computing Machinery. Copyright © 2003 ACM, Inc.