The automatic update services that many software companies offer with a hidden risk: that the update may contain a hidden cargo that may take over your computer, disable your software, and/or monitor everything you do on the Internet.
These functions may (or may not) be acknowledged in the voluminous "end use licensing agreement" (EULA) that you must agree to abide by to install the update.
Microsoft is one of the worst offenders in this regard, and the security update it sent out a few days to Windows XP users contained a hidden cargo—a surreptitious upgrade to Internet Explorer 7.0.
Chances are, when you saw Microsoft’s gold shield patch icon appear on your desktop a few days ago, you simply clicked on it. When you did, you were presented with two choices: the standard, automated update (Microsoft’s "recommended" choice) or the customized update, which gives you the opportunity to see what Microsoft wants to actually install on your PC.
I always opt for the customized update, because I don’t trust Microsoft, or any other software vendor, to be acting in my best interests. And, sure enough, lurking in the automatic update, was the hidden cargo of IE 7.0.
Not all users were as fortunate as I was. Millions of PC users who chose the quicker "recommended" option discovered that Internet Explorer 7.0 had been scrumptiously installed in the update. And many of them found to their dismay that the new program refused to work.
For those users, IE would crash every time it was launched, without any explanation. Nor was there any assistance offered on how to deal with the problem. (Fortunately, it’s possible to uninstall IE 7.0—here’s the link to learn how: http://support.microsoft.com/kb/927177/en-us.)
Automatic update features like the one Microsoft uses represent an attempt by software companies to seize control of your computer. With high-speed, "always-on" Internet connections, I view automatic updates as a necessary evil, but they require you to trust your software vendor not to deliver hidden cargo or disable your computer for nonpayment, breach of contract or other presumed infractions.
And just in case you think I’m just picking on Microsoft—I’m not. Other companies are just as bad. For instance, back in September 2005, users of Yahoo’s instant messaging (IM) software discovered that the default installation scrumptiously installed many other programs as well. They received Yahoo’s "highly recommended" Internet telephone service along with an updated interface that let them chat, blog, swap photos or call someone online at the click of a mouse. They also got Yahoo’s Search Toolbar with anti-spyware and anti-pop-up software, desktop, and system tray shortcuts. Finally, the installation altered their home page and auto-search functions to point to Yahoo by default. Once again, to avoid these changes, you had to choose the "custom" installation, overriding Yahoo’s "recommended settings."
My recommendations? First, avoid automatic updates, if you can. If you must have them (and I think automatic updates for the security nightmare that is Windows XP is essential) be sure to choose a "custom" installation.
Second, begin switching away from companies whose products are so poorly designed that automatic updates are required. For instance, I never use Internet Explorer, unless there’s absolutely no alternative. Instead, I use Firefox (http://www.mozilla.com/en-US/firefox). Unfortunately, a few online services work ONLY with IE, although the number is thankfully declining.
