Windows 8 Looks to Ditch the "Zombie" Security Restarts of Windows 7
November 15, 2011 4:38 PM
comment(s) - last by
Windows 8's Automatic Update will now always give you time to save and won't interrupt your gaming/movies
It's 3 a.m.; do you know what your PC is doing? Well, if it's a Windows 7 machine, it may be in the process of automatically restarting. Microsoft pushes out security updates the second Tuesday of each month, but other critical updates can land at off times. For those who forgot to save their work the evening before, they are often in for the rude surprise.
I. Windows Update Automatic Mode -- Boon to Security, Bane to an Unlucky Few
blog, Microsoft Corp. (
) engineer Farzana Rahman, writing with Windows Division President Steven Sinofsky, explains how Microsoft hopes to eliminate this problem in the upcoming Windows 8 release.
Automatic updates are a very important thing as they allow Microsoft to deliver important trusted content like security patches that a user might never go out and install on their own. With over a billion Windows PCs in the wild, Microsoft is under an immense amount of security risk, risk that is mitigated by the Automatic Update program.
Ms. Rahman shares 89.3 percent of Windows users opt to use automatic update. She comments, "That’s 90% of the total user base telling us to automatically install updates without showing any notifications, or asking for confirmation."
That might not be entirely accurate -- a lot of users simply don't understand what exactly auto update is and what the ramifications of turning it on and off are. But the important message is that a lot of people have Automatic Update turned on -- whether or not they know it.
The benefit is seen in Microsoft's metrics for one important update, which showed -- despite internet connection variability -- 85 percent of users downloading and installing the update within three days. A three-day turnaround means that Microsoft can quickly target malware threats and be guaranteed that its actions will take effect across a large amount of its installs.
Install rate v. days for a critical patch. [Image Source: Microsoft]
Interestingly, Microsoft indicates that while 31 percent of updates in computers with Windows Automatic Update turned on are installed interactively, the majority of users instead rely on shutdowns.
Microsoft says the "best case" scenario occurs in the 39 percent of updates that install alongside user shutdowns. Microsoft has tried to squeeze its updates in this Windows. Ms. Rahman writes, "This is the least disruptive experience for users, and so we do want to “hitch a ride” whenever we can on user-initiated shutdowns instead of inconveniencing users with a separate restart."
II. Toning Down the Auto Reboots
To remedy this Microsoft is making some important changes to Windows Update Automatic (WU Auto) with Windows 8.
Time to Save Your Work
WU Auto will now only restart your locked machine after you log in, preventing restarts on locked machines overnight
WU Auto will now give you a big message on login informing you that you have 15 minutes to save your work.
If programs are running (active use) and you're logged in when the restart order rolls in, you will be given the same message.
No Interruption to Media
In presentation mode
Watching a fullscreen movie
Playing a game
Your machine won't attempt the restart until you're done.
An important issue not really explained here is whether third-party movie players (in fullscreen mode) are supported, and similarly whether third-party slide presentation software (like Open Office Impress) will be caught by this check.
Less Updates and New Login Warnings
The auto restart is now changed to once a month, barring critical security updates. Important stability updates and their ilk will no longer force restarts at other times of the month.
The update day, as always is the second Tuesday of the month and the time is 3 a.m. in the user's selected time zone.
For users with WU Auto enabled, you'll now be informed by a message at the bottom right corner of the login screen how many days remain until the big shutdown and restart day.
These users will see a message that reads "Your PC will restart in [X] days to finish installing security updates."
For users with WU Auto disabled, you'll get similar messages, instead informing you about whether you need to download or install important updates. For these users -- who represent roughly 5.82 percent of the total Windows 7 install base, a message "Important updates are ready to be installed." will display.
Clicking the power button beneath the message for either WU Auto on or off, allows the user to manually choose "Update and shut down" or "Update and restart".
Lastly IT administrators who disable WU Auto for their enterprise users, will now have their users presented with a "Your PC needs to restart to finish installing security updates." message on the login screen. The users are offered equivalent options to the home users via a power button.
In Win. 7's implementation of Windows Update, you can actually turn off automatic restarts by:
Clicking the Windows button
Typing "regedit" in the search bar
Navigating to "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"
Selecting to creat a new 32-bit DWORD value named "NoAutoRebootWithLoggedOnUsers"
Set the new variable to 1.
However, Windows Update's automatic restarts are a natural and (relatively) healthy process that prevents user procrastination from crippling the security of the Windows platform. With its changes, Microsoft appears to be on the right track to making WU's "Automatic" less destructive when it comes to forced restarts.
To the end user that means less headaches and more peace of mind.
III. What About the Third Parties?
Ms. Rahman also tossed in an interesting note in the conclusion, stating that some customers have expressed interest in programs (e.g. games, etc.) having the chance to send users patches via Windows Update. She comments that this isn't feasible because of the risk of sacrificing the trust of WU if a destructive update (be it unintentional or intentional) slipped through.
[U]sers have also told us that they trust the quality of updates distributed by WU and hence are comfortable with choosing to automatically update their systems. We would not want to do anything that might reduce trust in the system by encouraging people to take on this management task manually and exposing their PCs to potential vulnerabilities for even short times.
Through WU and the “Microsoft Update” option (opt-in) we also offer updates for Microsoft products and for 3rd-party device drivers, with a common set of setup tools for each. All of these updates are carefully screened, and must adhere to the Windows conventions for updates regarding rollback and recovery, and overall system impact.
This seems like a smart line of thinking. Some updates -- like
a recent AntiVir Guard update
-- have had unintended destructive effects on Windows machines. The last thing Microsoft needs -- given the already precarious position of being the world's biggest OS maker and hence the world's biggest target -- is to be blamed for the issues caused by negligent third-parties, which would be the likely scenario if Windows Update delivered the offending patch.
On the other hand, she points out that Microsoft's upcoming Windows Store -- which will deliver Metro styled apps in Windows 8, similar to App Store in OS X -- will offer developers that ability to send out automatic updates. The key here, appears to be that Microsoft is happy to provide developers with a sound update framework; they just want to keep it separated from the base operating system updates for reputation and trust purposes.
pops up in 2012
and will be the first Windows operating system refined for multi-touch tablets. Thus far
the beta program
has been a big success, like its Windows 7 predecessor.
This article is over a month old, voting and posting comments is disabled
RE: Microsoft aka Monopoly
11/16/2011 8:52:07 AM
This is only an issue for people who don't know how to get into the UEFI configuration menu and turn off secure boot. If someone is that ignorant of computer hardware, they're not going to be using Linux anyway.
Anyone who wants to dual-boot Windows 8 with any other OS, can do. You can either turn off secure boot or you can buy a PC/build a PC without that capability built in. Either option will then allow you to dual-boot Windows and any other OS, just as you can currently.
If, on the other hand, you have some serious beef with Microsoft as a company, you could just not buy a PC with Windows on it and only use an OS from a developer that you like.
Options on PCs are not difficult, so long as you are not a moron.
RE: Microsoft aka Monopoly
11/16/2011 9:40:03 AM
No, that's exactly the point - there is no option to turn it off. Microsoft is requiring that it cannot be turned off. You cannot turn off secure boot, ever. The only thing you can do, is load additional boot encryption keys - if the hardware vendor allows it, and has written their UEFI code to allow it.
But how much you wanna bet that Microsoft will give these hardware makers $ incentives $ to not allow it.
RE: Microsoft aka Monopoly
11/16/2011 9:59:26 AM
No, that's exactly the point - there is no option to turn it off.
Stop reading 3 month old propaganda.
It will be up to the OEM to decide, Microsoft has NO REQUIREMENT that secure boot cannot be disabled. Their only requirement is that it must be on to boot into Windows 8.
Dell has already stated they will support turning it off (sounds like HP has too), and BIOS makers have already passed on this information to OEM's aswell.
It won't be in the best interests of OEM's to ship PC's that do not have an option to turn secure boot off, especially when you consider the effort to implement such a thing would be minimal, and not including it could actually negatively impact sales in certain cases.
Unless MS is paying off all the OEM's (which I can pretty much assure you is not the case, anyone pretending that MS can pull off such a thing are kidding themselves), what incentive do OEM's and manufacturers have to not include an option to turn it off? Why would they impose limits on their own products which could easily negatively impact sales?
RE: Microsoft aka Monopoly
11/16/2011 10:28:55 AM
Yes, there is.
Microsoft have never said they will force OEMs to have no option to disable secure boot. This was all assmptions made by people when the secure boot feature was first announced. Those assumptions were quickly refuted by Microsoft.
Microsoft don't care if you dual-boot your PC with Linux. They only care that you buy Windows. If you are dual-booting a PC running Windows 8, Microsoft already have your cash and couldn't care less if you use another OS on that PC as well.
As for offering incentives to OEMs to make them not support control of secure boot, remember how well that went for Intel? They did it, got caught, got taken to court and were sued for anti-trust violations. MS have been down that route before, they're not wanting to go down it again - especially over something that offers no benefit to them.
Just remember; there's no benefit to Microsoft stopping a minority of people from dual-booting alongside Windows. If you've already got Windows, Microsoft have made their money. Dual-booting with Windows does not stop Microsoft making money.
RE: Microsoft aka Monopoly
11/16/2011 2:55:24 PM
That is actually as wrong as you can get. Go read almost every article and it states that Microsoft has NO REQUIREMENT to whether or not it can be turned off. It is 100% up to the OEM, or hardware vendor, as to whether or not it can be turned off. Until it's released, you also have no idea what percent will actually not.
"I'm an Internet expert too. It's all right to wire the industrial zone only, but there are many problems if other regions of the North are wired." -- North Korean Supreme Commander Kim Jong-il
Quick Note: Windows 8 Developer Preview Already Tops 500,000 Downloads
September 14, 2011, 6:08 PM
Ballmer: Windows 8 Will Land in 2012, Pop up in Tablets
May 24, 2011, 2:49 PM
AVG Update Cripples Users' Windows 7, Vista Computers
December 3, 2010, 10:28 AM
Microsoft's HD-500 ("Display Dock"), the Magic Sauce Behind Continuum
October 6, 2015, 5:30 PM
Quick Note: Windows 10 Hits 110 Million Devices, VMs
October 6, 2015, 4:30 PM
Windows 10 on Raspberry Pi, IoT Devices Sees Developer Debut
August 12, 2015, 2:41 PM
Sony Issues Bizzare "Do Not Update" Edict to VAIO PC Owners
August 11, 2015, 9:42 PM
Report: Over 25 Million Devices Upgraded to Windows 10... or Was It 67 Million?
August 7, 2015, 3:24 PM
EA Set to Milk the Star Wars Cash Cow w/ Video Games
July 31, 2015, 12:36 PM
Most Popular Articles
Why the U.S. Won't be Able to Ban Google's New Huawei Marshmallow Flagship Phone
October 3, 2015, 5:27 PM
Microsoft Band 2 Stays Focused on Fitness, Debuts Oct. 30, Priced at $249
October 6, 2015, 9:16 PM
Tag Heuer Admits Its $1,800 Smartwatch Was Inspired By Apple -- Price-Wise
September 30, 2015, 6:32 PM
Apple's First Fixes to iOS 9 Land w/ iOS 9.0.1 Release
September 23, 2015, 6:11 PM
Breaking Bad: How to Crash Google's Chrome Browser With Just 8 Characters
September 23, 2015, 11:08 AM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information