Epidemic security flaws

Automatic updating is becoming very widespread on the Windows platform at the moment, particularly with security software such as firewalls and antivirus. I will wholeheartedly agree that many users simply don’t have the time and/or inclination to learn how or why to initiate updates manually, so they are at risk without automatic updates. Additionally, the average user probably wouldn’t know or care that an update is going on. Even if a popup appears saying “update complete”, many users have tunnel vision or myopia, so they just won’t notice it.

Unfortunately, painting all users with the same brush leads to a big security flaw…

I am something of a gamer, having recently purchased a lovely new gaming rig. I am often playing or programming software which has 3 major requirements:

  1. exclusive use of the screen
  2. maximum use of system resources
  3. maximum use of Internet connection

Automatic updates are the bane of my existence!

(1) A simple “update complete” popup appearing on the screen will (at best) temporarily disrupt my game as the program struggles with the jump from full screen to windowed mode. At worst, it crashes the game and loses my progress. Non-gamers may scoff at the frustration this causes, but imagine if your hobby is gardening and a stray dog digs-up your begonias.

(2) Updates are system-intensive, which reduces the resources I have available for the game. That can reduce framerate, increase lag (for online play), and severely impact hard disk access times. Even when an update isn’t in progress, there’s often lots of little programs constantly checking for updates, which eats into processor time.

(3) Downloading the updates really reduces my Internet connection performance. That can increase lag in a multiplayer game, making it less reliable and less enjoyable.

The Security Flaw

So where is the security flaw I promised? It’s in the fact that most security software provides absolutely no option for temporarily disabling automatic updates, or even turning off the popup-notifications. The only way to avoid gaming disruptions is sometimes to deactivate the security software completely. (Even then, you get popups remining you that you’re not protected.)

This problem is rife, and I think it exists largely because the people making the software are not taking account of all their users (or ‘stakeholders’, to use a UCD term). It is also simply the nature of Windows software — the lack of structure and standard development practice in the OS means software updating is a total free-for-all mess. That’s partly a legacy problem due to Microsoft’s past short-sightedness, and partly a reflection on the decline of the average software developer’s competence.

Leave a Reply

Your email address will not be published. Required fields are marked *