A service from Red Gate

in
Home SQL .NET Exchange Opinion Blogs Forums About
Sign in | Join | Help
Home Blogs Forums
Blogs Home > Bart > Why Automatic Software Updates Suck

Bart

Software Engineer - Red Gate Software

Why Automatic Software Updates Suck

Published Tuesday, August 28, 2007 4:48 PM

Or, why doesn't the Red Gate "Check for updates" service automatically download and install software updates?

Disclaimer: everything in this post represents my view only and does not necessarily coincide with the viewpoint of Red Gate Software Ltd. On the other hand I'm not trying to be deliberately contrary, I'm just saying don't take this as the official company line.

So why am I writing about this? Well somebody recently asked me about it and to be honest the entire topic makes me quite grumpy, so I thought, what the heck, I may as well post an opinion. Maybe somebody will have something intelligent to say on the topic.

"Check for Updates" first appeared in a Red Gate product around two years ago, or maybe a little longer, and when it was first mooted we did indeed consider an automated solution. I mean it sounds great. Users just get a little notification and then the update is downloaded and installed and they never even have to visit your website. It's a technocrat's wet dream... or is it? You see three years ago I was all for this, I was one of the people who was saying, "Hey, look we can just automate this whole process and make it really easy for our users, and won't it be great?" And I was disappointed at what I saw as the limited scope and vision of the proposed "update service", which we now have. I mean all it does is tell you when an update is available and take you to the corresponding web page when you click on the link for the update. And you even have to click on the menu item yourself: it won't even check automatically and give you a nice little flashing notification or anything. I mean, how much of a token effort is that?

Well let me tell you, three years of InstallShield, Paint Shop Pro, Quicktime, iTunes, and Steam update notifications later, not to mention Real Player (or whatever it's called these days), and all the others, it's very clear to me that we soooo did the right thing. I think I've now managed to disable most of them, but these things all pop up their own update reminders with their own home-rolled update solutions. Of course, I now don't get any updates, which is also really a part of the problem.

Here's an example. You're in the middle of writing some code in Visual Studio, in the zone as it were, and suddenly up pops the most unnecessarily large dialog box in the history of computing telling you that updates are available for Quicktime and iTunes. So I'm having a chat with my colleague Andras this morning about case-sensitivity and binary collations in SQL Server over at his desk, and he's showing me around some code in SQL Compare, and up pops that chuffing dialog, which he said something very rude to and then dismissed with a contemptuous click of the mouse.

I felt like writing a letter along the lines of, "Dear Apple, Whilst I think you make cool computers, and the iPod is very funky, there are no words in the English language to express how much I never care that a Quicktime update is available..."

Not only do these things have their own special way of rolling out updates, but whereas with Windows you can install SUS so you only download updates once and then push them out to client machines on your network, with Installshield et al each and every client goes and downloads the updates individually, and if you've got a hundreds or thousands of clients what's that going to do to your bandwidth and internet connectivity? (For obvious reasons, this is probably less of an issue with Steam.)

In short, it sucks.

Really badly.

And I'm not anxious to contribute to this problem.

Honestly, all third party software update services need to be dumped in room 101: seriously, pick any two word phrase in the English language where the second word is "off", followed by an exclamation mark, and apply it to yourselves. Really, you all suck.

I also don't think we're anxious to roll our own full blown Windows Update style technology that doesn't suck, and that we'll then have to support and patch, and assign valuable (and expensive) development resources to, when Microsoft already have a perfectly good solution.

Which brings me on to my next point, which is that nowadays I believe it's possible for ISVs to roll out updates using Windows Update, which sounds a whole lot more sensible to me:

  • You only get one montly update notification as part of the standard Windows Update functionality, unless of course you've configured it to check more or less often.
  • You can use SUS so you only download each update once.
  • Windows Update works really quite well and sucks a whole lot less than everybody else's solutions.
  • You don't have 53 different "agent" applications of varying degrees of half-arsedness sitting in your system tray or running on startup, that poll their respective vendors for updates, and sometimes display their popup notifications simultaneously above the system tray.

One downside is that you have to trust that Microsoft won't do something nefarious with your application, like, for example, reverse engineer it, after you make it available via Windows Update. Frankly though, if they wanted to do that they could just download it from your website in the first place. Or just buy a licensed copy. It's not like they don't have the money.

On a more serious note I think these issues might put it out of reach for a lot of companies, which I think is a shame:

  • I can't help thinking you probably have to jump through a lot of hoops to get updates for your application accepted for distribution via Windows Update. Probably too many hoops to make it viable for small to medium ISVs due to the overhead in terms of staff time required. Maybe there need to be different levels of certification.
  • It might cost a lot, and again this might put it out of reach for small to medium ISVs. On the other hand given the amount of software that's out there, expecting Microsoft not to charge for it at all seems more than a little unreasonable.

I'll admit I'm being somewhat idealistic here, but wouldn't it be great if there were some way to keep all your software up to date using a single mechanism rather than having a different method for every vendor? And whilst it's not often that I play the Microsoft fanboy, why not Windows Update? As I've already said: it works, and whilst there are many ways in which I'm sure it isn't perfect, it seems a lot less imperfect, and a lot better thought out, than everybody else's solutions.

Maybe there is something else out there: I could probably live with Windows Update and one other update service, but not half a dozen. Or ten. Or more.

There, I feel calm and rational again now. :)
by Bart Read
Filed Under:

Comments

 

david.buckingham said:

I'm with you 100%.
August 28, 2007 12:41 PM
 

Adam Machanic said:

The worst is updaters that have the "OK" or "Continue" buttons selected, so if you happen to be typing and hit Enter right as the thing pops up, you've just told it to go ahead and start the update.

This is a serious problem with Microsoft's own Windows auto-updater, which pops up and bugs you again and again until you reboot (if it wants a reboot to occur), and will not go away.  And if you're "in the zone" and you don't want to reboot, too bad, it will keep popping up.  This kept happening to me until the day I was coding something and the mouse happened to be in just the right place, the thing popped up, I happened to click, and -boom- my machine rebooted and I wasn't even given the option to save my work first.  Never again.
August 28, 2007 8:46 PM
 

RobertChipperfield said:

I'm with you on the ten-million-update-checkers thing, but I'm not sure using the whole of Windows Update is necessarily the right solution. What would be nice, IMHO, would be some way of hooking into the WU client architecture but not requiring any hosting from MS.

So, something like the ability to add another URL to the list of things WU checks. That way MS doesn't have to bear the burden of hosting everyone's updates, companies don't have to jump through so many hoops, and so on.

There's no reason I can see that this couldn't still work with SUS if designed correctly, though I say that without the first hint of a clue how SUS actually works.

Admittedly you lose a bit on the bandwidth over everything being checked with a single central provider (MS), but you could see that sites could provide an aggregation service so you're not having to hit too many servers to do it.

You still get the benefit of a unified, consistent, and probably resource-light (compared to 50 individual apps) client side, and retain a lot of the flexibility you get with individual clients.
August 29, 2007 3:08 AM
 

Bart Read said:

Hi Adam, couldn't agree more. Oddly enough I'd forgotten about the Windows Update restart nag box, which is extremely annoying. You might find this useful:

http://www.simple-talk.com/community/blogs/bart/archive/2006/08/10/1589.aspx

It'll get rid of the nag dialog on XP although I've no idea if it would also work for Vista. I suspect probably not but couldn't say either way for sure.

The other prime offender I'd forgotten is good ol' Adobe Viewer, which pops up an update dialog every time you want to view a PDF document online, or indeed open it as a standalone app, even if you installed the very same update on the previous occasion it notified you. I've observed this obnoxious behaviour on three separate machines over the past two or three years. I know it's free, but amongst other things Adobe use it as a tool to market their other products. Fair enough, but this kind of annoying behaviour isn't really much of an advert.

And Rob, that's a great idea. Sidesteps the whole issue of approval from Microsoft, but still allows you to use the one update service. It should also be possible to work some way of syncing your updates with Microsoft's patch Tuesday so that users only install updates once a month. The SUS issue may be more complex because you'd have to add the URL for every piece of software installed on your corporate network somehow or other, although it'd probably be possible to tweak the client to tell the SUS server about new products. On the other hand I can see network and system admins having kittens about any and every piece of software being able to automatically tweak their SUS configuration because it opens up whole new avenues of carnage for writers of virii and other such malicious software.
August 29, 2007 5:47 AM
You need to sign in to comment on this blog

About Bart Read

I've had a few jobs since graduating, but for the last four years I've been settled at Red Gate Software in Cambridge, UK. Over that time I've worked on a wide range of products, both as a developer and as a project manager, including 18 months on SQL Prompt; right now I'm finishing up with ANTS Profiler 4, which we think is going to be amazing - hopefully you will too.
  Opinion Home

  Opinion Pieces (98 articles)

  Geek of the Week (39 articles)

  Tony Davis - Editor (6 articles)

  Phil Factor (41 articles)

  Damon Armstrong (8 articles)

  Douglas Reilly (40 articles)

  Adrian Furnham (1 articles)

  Claire Brooking (1 articles)

  Richard Morris (36 articles)

  Tim Gorman (1 articles)

  Jesse Liberty (5 articles)

  Sarah Blow (1 articles)

  Anna Larjomaa (1 articles)

  Gaidar Magdanurov (2 articles)

  Regular Columnists (1 articles)

  Ben Hall (2 articles)

  Blogs Home
<August 2007>
SuMoTuWeThFrSa
2930311234
567891011
12131415161718
19202122232425
2627282930311
2345678
A SysAdmin's Guide to Change Management
 In the first in a series of monthly articles, ‘Confessions of a Sys Admin’, Matt describes the issues... Read more...

Exchange: Recovery Storage Groups
 It can happen at any time: You get a request, as Admin, from your company, to provide the contents of... Read more...

Build Your Own Virtualized Test Lab
 Desmond Lee explains the fundamentals of building a fully functional test lab for Windows Servers and... Read more...

Rendering Hierarchical Data with the Treeview
 It sometimes happens that Web Server controls that visualize data don't quite fit with the way that... Read more...

SQL Server 2008: Performance Data Collector
 With Performance Data Collector in SQL Server 2008, you can now store performance data from a number of... Read more...