We can see signs of a disturbing trend. Nowadays there is a built-in update process in almost every software product, and the automatic updates are essential for our devices’ security. The main driver to implement them was to be able to reach out quickly when vulnerabilities are discovered. And most users got the message. We understand the need for updates and let them be installed promptly.
This is great from security point of view. So I’m very sad to see increasing misuse of users’ trust in the updates.
Apple is making headlines right now with the “Error 53 scandal”. In short, upgrading to iOS 9 may brick your device, that is render it totally useless, if the new system detects that an unauthorized repair has been performed. The official reason is that Apple wants to protect the user’s data against attacks involving tampering with the device. The new functionality does however smell to high heaven. Apple has already a bad reputation for keeping its ecosystem closed and tightly managed, and this incident just feeds that reputation. It doesn’t take a genius to figure out that a move like this also benefits authorized Apple service companies over unauthorized.
Bashing Windows 10 is also popular right now. I’m not going into all the security and privacy issues here. But I think the way Microsoft is pushing out Windows 10 to users of previous versions is disturbing. Yes, the automatically distributed upgrade is convenient, if you want to upgrade. And as said, upgrading is usually good from security point of view. But people may have tons of valid reasons to postpone the upgrade, and this is where things get nasty. Several gigabytes are downloaded anyway and use up disk space in vain. Language in the upgrade dialog suggests you have to upgrade. And it starts all over even if you decline, clean up and disable the updates. Even worse, now the upgrade may even start automatically without your consent!
People are raging over these incidents because they cause major inconvenience and interferes with your ability to use a product you have purchased. But another at least equally severe side effect is that every case like this undermines peoples’ trust in update services. I bet people with a bricked iPhone will be hesitant to install new versions of iOS in the future. And my opinion about Microsoft’s update service has definitively changed while defending a touch-screen computer with Windows 8.1 from the upgrade. Yes, I have tried Windows 10 on it. No, it didn’t work properly so I had to roll back to 8.1.
So to conclude. Rapid updates are more important than ever. Therefore it is very sad to see companies misuse the update channels to roll out features and versions that are designed mainly to boost their own business. The outcome may be that people to a larger extent decline updates or try to block update systems that can’t be disabled. Permanent damage has been caused in that case.
PS. There’s some good news for people who want to stay on their previous Windows versions. There is a registry setting that can be used to prevent the upgrade. See MS Knowledge Base Article 3080351 for more details.
Image by Nick Hubbard
After F-Secure principal security consultant Tom Van de Wiele stepped into the #CyberSauna for the second episode of…
January 19, 2018