Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Security Updates on Automatic Update

Security Updates on Automatic Update

  • Comments 2
  • Likes

I basically like the blogosphere. It is a way to express an opinion without having to worry (too much) about censorship. The disadvantage is that there are people who present things as “facts”, which are simply wrong. This happened Thursday on ZDNet.

I stumbled across an article called It's time for Microsoft to supply ALL patches to All users. In a long article Adrian Kingsley-Hughes claims that we do not supply Security Updates to pirated copies of Window – which is simply wrong. Now, let me put a few things straight, but let’s start with the basics:

We basically use different channels for distribution of updates/tools/software:

  • There is a Download Center where me make all the updates as well as fixes, tools, feature packs, documentation etc. available to the public.
  • There is Microsoft Update: This is the webpage or the tool you use (depending on the OS) you use to manually check for drivers, updates etc. including Security Updates.
  • There is Automatic Update: This is the environment, where you tell Windows to automatically check for updates and either download or install them.

Besides these different channels we have different content: Security Updates of different criticality, drivers, paper, etc.

So, to clarify this here: If somebody committed the criminal act of stealing our software (called piracy) we deliver critical Security Updates via Automatic Updates. You will not be able to access Microsoft Update and the Download Center with non-genuine – stolen – software but you get the critical security updates via Automatic Update! This is, where Adrian is fundamentally wrong.

Now, we can debate where somebody who has deliberately stolen our software dares to switch on Automatic Update. Let me make two statements in this regard:

  1. In this special case we do not care whether you stole it or not. The only data going back to Microsoft is anonymous data about e.g. your OS version, Service Pack etc. as we need to know that in order to tell you what is available.
  2. I would not find any other way to deliver updates than through Automatic Updates without giving pirates the opportunity to get access to all the free content they definitely do not deserve to get.

We do not do this to protect the pirates but to protect the ecosystem!

I hope this clarifies the statements Adrian made

Roger

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment