Patchers Demand Security Updates Only

Spread the word.  If you want to put in your blog site a campaign to showcase that you too are sick and tired of prechecking of software installers that are included in security updates. 


Put this code below into your blog site (in Community Server it’s in the News section) to showcase that you have had it with vendors that are sneaking software onto consumer machines in the guise of security updates.


=====start here=====
<a href=”http://www.bleepingcomputer.com/blogs/mowgreen/index.php?showentry=1564″><img src=”http://imk3xq.bay.livefilestore.com/y1p1UoWJx5pbfw0Eua0Ybyw20g4Nb3NSaNwtb57Dy3ITBVUguIg513j_SoQHAjUuLg0RuhDZVbD8AMTDiUbDfNb92wldtgJuOGU/banthechecksmall.PNG” alt=”[Security updates should only offer Security updates]” title=”Let's get vendors to stop offering toolbars and extra software with Security Updates” border=”0″ /><br /><br />
=====stop here=====


It will resolve into that red banned check logo you now see on the left side of the blog and point to Steve Wechsler’s campaign to stop vendors from doing this.


 As Bill Sanderson said it best (inspired by Steve Wechsler) …. “It’s time for security folks to come to a united front on this issue–Microsoft is guilty as well, with their toolbar installs pre-checked on certain Java updates.

In addition to an update process which is technically secure–(I think the community is pretty clear on this)–the process needs to be one consumers can trust–and that trust is violated when non-security related updates or add-ons are offered as part of what is fundamentally a security update process.

Microsoft’s own update process does this well.  We need to convince the competition that they don’t need that crutch to get their product out there.”
 


6 Thoughts on “Patchers Demand Security Updates Only

  1. Rosewood on July 31, 2009 at 8:15 pm said:

    I am right there with you but just FYI, if you get the JRE from java.sun.com (instead of java.com) you don’t get the toolbar prompt on install nor on update.

  2. I am SO on board!

  3. Joe Raby on August 1, 2009 at 11:06 am said:

    “Microsoft is guilty as well, with their toolbar installs pre-checked on certain Java updates”

    Huh?

    Since when did Microsoft go back to offering Java?

  4. “Microsoft’s own update process does this well. ”

    I’m sorry, but the whole IE8 as a critical update (and IE7 before that) makes me say that Microsoft is as guilty as anyone.

    Oh yeah and what about the secret Firefox Plugin inside of a .Net update? That turned out to cause a security hole in Firefox.

    I would love for security updates to be about security only, but I’m a realist, and as long as marketing departments see them as a way to partner up and earn money, we will be in this same boat.

    The only way we would be able to affect things is to stop using the software in question (all of it) and then we wind up nowhere.

  5. bradley on August 3, 2009 at 8:55 am said:

    They would argue that IE8 update is a security update as it increases the security of the browser. It is prechecked so it will fall into the bucket of ‘how about not pushing it in front of our noses quite so much’.

    The .net update didn’t cause a security hole in Firefox, but that entire .NET patch fiasco should have gotten some .NET PM laid off or fired.

  6. Savior Self on August 13, 2009 at 11:50 am said:

    “The only way we would be able to affect things is to stop using the software in question (all of it) and then we wind up nowhere.”

    Actually that’s a bass-ackwards approach because then the peeps who do this type of unethical piggybacking would just piggy back on what becomes popular next. The real way to effect change is to have our lawmakers in Washington pass some effective bills for the President to sign into law.

Post Navigation