Windows OneCare, Automatic Updates, and Automatic Reboots
I've been beta testing Windows OneCare™ Live : "the all-in-one, automatic and self-updating PC care service aimed at helping consumers more easily protect and maintain their PCs to keep them running well."It integrates smoothly with Windows, consolidates firewall, antivirus, backup, and more. It's one of the better designed pieces of software I've used , and it puts the standard Windows security packages (Symantec, McAfee, etc.) to shame. I'm a thrifty consumer (readers of my blog will note my love of free software), and I think the price is very reasonable: the subscription price for up to three computers will be $49.95. If that seems pricey, consider that it does a lot more than the other antivirus packages, does it very well, and covers three computers. They're now in an open Beta period, so you can try it out free here.
I don't know if I'll use it, though. There's one usability flaw that drives me nuts. The system is set up to use a simple Green / Yellow / Red status to indicate the overall "health" of your system. The system is designed to make it simple to keep your computer healthy: get green stay green. Unfortunately, failure to allow Automatic Update to automatically install updates puts you in the Red penalty box, no questions asked. Since I don't enable automatic installation of critical updates, I'm always in violation of the basic assumption of the program - since I'm always ignoring my Red status, the system is a lot less useful as an indication of my system's health.
What possible reason could I have for disabling automatic install of Windows Updates? Well, Windows Updates often cause reboots, and I want to control when my computer reboots. No one should have that right but me. I don't reboot my computer every day; why should I? It takes a while to get all my applications running after a reboot. I'm a developer, so my applications are development environments, databases, web browsers, Virtual PC sessions, Explorer windows, and usually a half finished e-mail and blog post - I have 15 applications running right now with some sort of state. The applications you use in your daily work may be different, but let's agree that it takes some time to get things set up once you reboot. Even if you don't leave your computer running, Hibernation or Standby is much more efficient than shutting down at the end of each work day. Surprise reboots are a serious opponent to productivity since at best they require me to get back to where I was before the reboot, and at worst I lose whatever I was working on before the reboot.1
Update: I just noticed that Windows Updates violates the "Designed for Windows" logo requirements: "If you do require a reboot, you must prompt users and allow them the option of deferring the reboot."
Now, why should critical updates be allowed to reboot my computer without my permission when I'm away from my desk? If you stepped away from your desk for a few minutes and returned to find that a co-worker had unplugged your computer, you'd be upset, right? Why is it okay for Critical Updates to do this?
The party line answer to this question is that critical updates are critical, and must in installed immediately. This sounds good, but ignores the fact that Windows Automatic Update runs once a day at a totally arbitrary time. I know that the time of day is arbitrary, since I selected it when I enabled Auto Update. Automatic Update can only be configured to run at most once per day, and as rarely as once a week. Critical updates should be installed in a timely manner, but it makes no sense to say that Critical Updates must be installed the very second they are downloaded since they may have been downloaded as many as 168 hours after they were released.
So... how should this work? Let's ignore the fact that the OneCare and Windows Update teams may be in different buildings; let's just talk about the optimal user experience. How about this:
- Automatic Download of Critical Updates is required to stay green. That's no inconvenience to the end user.
- Uninstalled Critical Updates immediately put me in the Red until I install the update.
- (Optional Extra Credit) A time delay on either OneCare or in the Auto Update system that allows me to download Critical Updates and have some time to install them manually - maybe a time delay from 1 to 24 hours (defaulted to 18), or a specific time of day (defaulted to 11 AM). If I don't install within that period, they are automatically installed.
What are the arguments against this kind of feature?
- It's bad for user security
See my argument above about how the installation schedule is arbitrary, anyways. This may actually improve security by making it painless to participate in Automatic Updates.
- It's a power-user feature, and they're not our target audience
There's a simple workarounds if this was the case (make it an advanced setting), but the bigger problem is that the target audience may be too limited. OneCare is too compelling a product to target only novice users - this thing belongs on developer and corporate desktops. I can see an Enterprise server version that helps small IT shops keep a few corporate web, data, and file servers protected, patched, and healthy. Suprise reboots is a deal killer for these markets, and the enterprise desktop and server market has deeper pockets than the family computer market.
- It's confusing to the novice user
I don't think so. The experience I described above seems simple - guide the user to enable Automatic Downloads of Critical Updates, but if they choose not to automatically install them, don't put them Red. Turning Red when I have a downloaded but uninstalled Critical Update only makes sense with the Red = Action Required paradigm.
What do you think? Would this make a difference in your purchasing decision?
1 Ironically, the only application on my computer that survives reboots smoothly is Firefox, thanks to the SessionSaver extension. Windows Vista's Restart Manager will provide a mechanism for applications to be notified of reboots so they can save their state and be restarted after the reboot, but applications will have to include code to take advantage of this feature. Vista's supposed to require fewer reboots, too, but the point is that there will still be required reboots and applications that don't handle them well for several years to come.
UPDATE: So I'm not the only person this annoys. See the comments on this post on the Windows OneCare blog.