(Originally posted Wednesday, June 12, 2013)
Today it occurred to me that an idea I had long ago, that I wrote about many times and nagged Microsoft to implement, that they refused to do for reasons which I understood but did not sympathize with, well they have done it in Windows 8. But not because of anything I said.
My idea, the first incarnation of which I first wrote about for eWEEK in 2007, was that Microsoft should open up Windows Update to 3rd parties to offer updates. The obvious candidates were programs like Adobe Acrobat and Flash which were emerging at the time as major malware platforms. (I’m pretty sure I had this idea much earlier, maybe 2005, but didn’t write about it till this column.)
Microsoft politely declined to respond to my suggestions. Off the record people told me that they couldn’t accept the liability of distributing other people’s updates. There’s something to this, and so I modified it in a later column (which I can’t find at the moment), that what Microsoft should open up is just interfaces to Windows Update: They don’t need to host anyone else’s updates, they just need to allow programs to register at install time with the system to pull updates from a location at the ISV using Windows Installer protocols. In this way, if users are set up to use Windows Update, they will at the same time update, through the ISV, all applications registered with it.
All this would have been a good idea. There is still a problem of old 3rd party applications on systems where Windows itself is up to date, with Java still the biggest problem.
But in Windows 8 things are different. Microsoft adopted the app store model (that Apple and Google stole from me without attribution). In this model, the Store keeps track of which apps you have installed, what versions you have, and what updates there are for them. You can update them individually or update them all through the store. It’s easy and logical.
The app model also standardizes both installation and uninstallation, which is something Microsoft has repeatedly declined to do on their own. Back in the early 90’s when they designed Win32 would have been the perfect time for it; they weren’t yet worried about pissing off the government by foreclosing a software market, but it just wasn’t the Microsoft way. The Microsoft way was to make installation, like everything else, programmable.
20-something years later things couldn’t be more different. Once again following Apple’s model, Windows 8’s app installation, uninstallation and updates are under the thorough control of the OS, as is everything else in the Modern UI. They may be throwing out the baby with the bathwater here.
But back to updates: At least this goes a long way to eliminate a major source of security problems on conventional, i.e. pre-Modern Windows platforms: vulnerable, out of date applications. I’m not sure how much the system nags you if you leave old apps un-updated; I’ve never left them that way.
Now this only applies to the new Modern UI apps, not the old Win32 applications and services, so there’s still a problem there. (Actually, I’m pretty sure it only applies to apps, but I should check with Microsoft about that. If you know otherwise please post a comment below.)