Microsoft Update Product Team Blog

Latest happenings, developments, and news from the MU product team...

How Windows Update Keeps Itself Up-to-Date

How Windows Update Keeps Itself Up-to-Date

  • Comments 121
  • Likes

There have been some questions raised about how we service the Windows Update components and concerns expressed about software installing silently. I want to clarify the issue so that everyone can better understand why the self-updating of Windows Update acts the way it does.

 

So first some background:  Windows Update is designed to help our consumer and small business customers (customers without an IT staff) keep their systems up-to-date.  To do this, Windows Update provides different updating options:  1) Install updates automatically, 2) Download updates but let me choose whether to install them, 3) Check for updates but let me choose whether to download and install them, and 4) Never check for updates.  Our goal is to automate the process wherever possible so that we can increase the likelihood of a system being secure and up-to-date, while giving customers the flexibility to control how and whether updates are installed.   The reasons for this are both philosophical and practical.  Philosophically, Microsoft believes that users should remain in control of their computer experience.  Practically, customers have told us that they want to have time to evaluate our updates before they install them.  That said, and to the benefit of both customers and the IT ecosystem, most customers choose to automate the updating experience.

 

So what is happening here?  Windows Update is a service that primarily delivers updates to Windows. To ensure on-going service reliability and operation, we must also update and enhance the Windows Update service itself, including its client side software.  These upgrades are important if we are to maintain the quality of the service.

 

Of course, for enterprise customers who use Windows Server Update Services (WSUS) or Systems Management Server (SMS), all updating (including the WU client) is controlled by the network administrator, who has authority over the download and install experience.

 

One question we have been asked is why do we update the client code for Windows Update automatically if the customer did not opt into automatically installing updates without further notice?  The answer is simple: any user who chooses to use Windows Update either expected updates to be installed or to at least be notified that updates were available.  Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications.   That result would not only fail to meet customer expectations but even worse, that result would lead users to believe that they were secure even though there was no installation and/or notification of upgrades.  To avoid creating such a false impression, the Windows Update client is configured to automatically check for updates anytime a system uses the WU service, independent  of the selected settings for handling updates (for example, “check for updates but let me choose whether to download or install them”).   This has been the case since we introduced the automatic update feature in Windows XP.  In fact, WU has auto-updated itself many times in the past.

 

The point of this explanation is not to suggest that we were as transparent as we could have been; to the contrary, people have told us that we should have been clearer on how Windows Update behaves when it updates itself. This is helpful and important feedback, and we are now looking at the best way to clarify WU’s behavior to customers so that they can more clearly understand how WU works.  At the same time, however, we wanted to explain the rationale for the product’s behavior so our customers know what the service is doing:  WU updates itself to make sure it continues to work properly.  We are also confident that the choice to use Automatic Updating continues to be the right choice.

 

Before closing, I would like to address another misconception that I have seen publically reported. WU does not automatically update itself when Automatic Updates is turned off, this only happens when the customer is using WU to automatically install upgrades or to be notified of updates.

 

Providing and maintaining the WU service is important to enable us to service our customers and help them maintain safe, more secure and reliable computers.  We take this responsibility very seriously and we are proud of the impact that Windows Update has had to help users with safety security and reliability over the years. Updating the client has been and remains a critical piece to this approach.

 

We appreciate the feedback and I hope that this post helps you to understand the situation and our strategy.

 

Nate Clinton

Program Manager

Windows Update

Comments
  • A real and big Thank You for setting "the other reports" into perspective!

    Bye,

    Freudi

  • Microsoft updates Windows without users' consent: http://windowssecrets.com/comp/070913/ » Confirmation

  • Op verschillende sites kwam ik vandaag verhalen tegen over Windows Update. Het Update team geeft uitleg...

  • Es gibt schon seltsame Zeitgenossen, die nach Jahren entdecken, wie Windows Update bzw. der Windows Update Agent ("die Windows Update-Software") funktioniert und daraus eine riesen Story zu machen versuchen. Ähm, vielleicht sollte ich zunächst einmal

  • Thank you for coming forward with an answer about this issue.  It is appreciated.  

    However, you're asking yourself the wrong questions, and thus coming up with the wrong answers.

    You're asking yourself what you think people are expecting from automatic updates, and then using your own biased preferences towards the full automatic update experience to flavour your answer.

    The question you're not asking yourself is "why do users choose to disable the automatic installation?"  There are several answers, but the most common is probably "because Microsoft makes mistakes".  Some recent examples, off the top of my head:

    - the "human error" that borked Windows Genuine Advantage for a weekend

    - KB937061, currently out on Windows Update, which will be re-installed indefinitely on anyone's machine who has installed Visual Studio 2005 without Crystal Reports.

    Should we expect Microsoft to be infallible?  No, we shouldn't.  They are people after all.  But choosing when to install items gives us the option to check the blogosphere for issues, avoid installing something during a critical project phase, etc etc.  And by taking the liberty of installing items without asking, you are asserting that you are infallible.  Which, obviously, you are not.

    Automatically installing Windows Updates patches violates our trust.  I can guarantee you that anyone that specifically chose to disable automatic installations would rather have to choose to install the new Windows Update patch, even if it meant missing out on further notifications until that was done.

    God forbid the Windows Update system was compromised.  A false "Windows Update" patch could be pushed to all systems that could install a rootkit, erase harddrives, etc etc etc.  The Windows Update client, when the "don't install with asking" option is selected, should not have the capability to install *anything* without asking.

    I hope you update your policies in this regard.  And then update your software so that consentless upgrades are not even technically possible.

    In the meantime, I will be disabling automatic updates entirely on all my machines, and hoping that actually works as promised.

    "Trusted computing", indeed.

  • With all due respect, it's a steaming load of marketing drivel that you have to force an update or users will never be notified of updated again.

    Users could be notified that updates are available, specifically, the WU update.  They might not receive notifications of other updates, but so what?

    The situation I am describing is *exactly* the same thing as happens with a out of the box XP SP2 install, you see a WU update available and nothing more.  Once you install WU, you see the dozens of other updates available.  Works great in theory, and in practice.

    There is absolutely no excuse for updating executable code on a customer's machine when the customer has selected a choice of "but let me choose whether to install them".  Period.  Full stop.  No exceptions.

    Personally, I hope this hits the justice department and/or a class action lawsuit to punctuate the importance of giving users control over their own computers.

    Worse, a lot of us IT geeks have been working very hard at getting paranoid end users to pick the "Check for updates" or "Download updates" options rather then "Never check" for users who want to feel in control of their machine.  I finally won my dad over a couple months ago, until then he would just hit WU manually when it occurred to him (every six months or so, on average)

    I can guarantee he will probably never choose anything other then "Never check" because of this little episode, and I also don't really feel the need to try to change his mind either.

    For my part, I'm behind a WSUS server, so I don't have to personally deal with this yet, but it does make me wonder if there isn't a flag somewhere in an update that will preapprove updates on a WSUS server too -- I'm not far from turning off automatic synchronization and just synchronizing when I happen to remember and have time to observe the results.

  • Nate Clinton a program manager for Windows Update has posted the details on the " Silent" update

  • Good Evening,

    I do not blog, but the Trust Issue and Microsoft pushing the envelope again by "pushing out" Windows Updates without the individual owners knowing or being informed of this is what I believe is a "major" trust issue that needs to be addressed by the appropriate parties.

    Our Personal Computers are rightfully "OURS", not Microsoft’s, and by performing an action to “Our” computers without having any form of user notification on "OUR" personal computer, not yours, is a major issue of trust....along with what I believe legal issues.

    I would also believe that corporations and medium to small companies, would also be concerned. What if this update caused issues with their IT operations and businesses systems?  IT departments were not prepared or notified prior to these updates....

    It is not like Microsoft has “not had” Patch issues before....2006 there was somewhere in the area of 6 bad patches I believe, and a few the year before...One of which caused issues and MS released a “Re-Patch” to address the Dial-Up functions of Windows Dialer. I had experience this while working for a large Italian automotive company here in the US, and behold the US government division that handles emission standards and compliance had also experience this issue on a large scale.

    So with this issue and these words in mind, I believe Microsoft has some Public Relations matters to address, and believe this would be in their best interest to do so, while also changing their practices….in stealing a Microsoft common term, “Best Practices”.

    To me, this matter puts Microsoft on the same “trust level” as the Spyware or Root Kits that that have been installed by publicly known companies software and hardware products, as with such companies as “Sony”.

    Regards,

    Longtime concerned Microsoft client, and user.

  • Your post misses the point. If I have the setting enabled to be notified of updates I expect to be notified of ALL updates.

    Your post is makes it even worse because it shows your disregard of your customers when your business interests conflict and when you think you know better than your customers.

    Your problems with WGA and other updates has shown you are not perfect.

    I'm a paying customer (well, maybe not in the future as you've violated my trust) and I expect to be treated with respect.

  • Find out what Social News Sites are discussing this post over at metagg.com

  • Thanks for the explanation. I am as quick as anyone to question the motives of any company (or individual for that matter) and in this case it really seems to me that some folks are up in arms over this issue with little cause.

    No software is perfect but I have been very impressed with XP and auto updates. I appreciate the ability to keep my system updated with little effort on my part and take advantage of most automatic update style features for XP, and also for other OSes and applications. In my opinion the small risk of getting a bad update is vastly outweighed by the risk of being behind the curve, since most updates improve stability or security.

    Anyways, just one man's opinion. Thanks for the info.

  • Thanks for the attempt at clearing things up, yet still you seem to miss the crucial aspect of this issue. you cite the reason

    "Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates ...   That result would not only [FAIL] to meet customer expectations but even worse, that result would lead users to believe that they were secure even though there was no installation and/or notification of upgrades"

    So you are telling me that there is no possible way to notify people before the update, maybe in the form of a pre-update stating that windows update will be updated automatically.

    The point is not what you fixed or why you updated, the point is the method in which you went about doing it.

    You believe that sneakily updating your system is meeting customer expectations??

    " In fact, WU has auto-updated itself many times in the past."

    Thanks for that, just curious how many other windows files have been secretly updated in the past?

    A letter of apology is required on this issue I believe, not only have you lost the trust of everyone using your OS, but you still have not apologized only justified. Intrusion into MY computer in an unacceptable practice.

    You have lost my trust and my respect,

    I am off to check what's new in the world of Linux.

  • Thanks for the attempt at clearing things up, yet still you seem to miss the crucial aspect of this issue. you cite the reason

    "Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates ...   That result would not only [FAIL] to meet customer expectations but even worse, that result would lead users to believe that they were secure even though there was no installation and/or notification of upgrades"

    So you are telling me that there is no possible way to notify people before the update, maybe in the form of a pre-update stating that windows update will be updated automatically.

    The point is not what you fixed or why you updated, the point is the method in which you went about doing it.

    You believe that sneakily updating your system is meeting customer expectations??

    " In fact, WU has auto-updated itself many times in the past."

    Thanks for that, just curious how many other windows files have been secretly updated in the past?

    A letter of apology is required on this issue I believe, not only have you lost the trust of everyone using your OS, but you still have not apologized only justified. Intrusion into MY computer in an unacceptable practice.

    You have lost my trust and my respect,

    I am off to check what's new in the world of Linux.

  • There's been some discussion in the community regarding Windows Update "updating" itself

  • Well, I'm glad others have been diplomatic in stating thier opinions, that way I don't.

    YOU BLOODY BETTER KEEP YOU HANDS OFF MY SYSTEMS WHEN I'VE TURNED OFF AUTOMATIC UPDATES OR I'LL HAVE YOUR FRIGGEN HEAD IN A VISE IN FRONT OF A JUDGE!!!!!

    MAN, I'M SO STINKING PISSED I COULD STRANGLE YOU!!!!

    JESUS CHRIST!!!!

    ZERO TRUST OF YOU ANYMORE! I'M SETTING THE WHOLE MICROSOFT IP RANGE TO UNREACHABLE ON MY ROUTERS!!!!!

    DUMB IDIOTS STUPID NERDS!

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment