Hacker News new | ask | show | jobs
by collectively 3131 days ago
Do for their own good? I see this as for the collective good, as most of the people hurt by unpatched software are NOT microsoft but people, small businesses, and the victims of the resulting botnets.

Obviously if you know what this is you can turn it off.
2 comments
userbinator 3131 days ago
The decision should ultimately be up to the user.

This sort of subtle authoritarianism in the name of "security" is quite frankly extremely disturbing, and the companies are using it to force what they want by bundling plenty of other highly disruptive and completely-non-security changes too. I could go into a more political direction here, but looking at some of the other changes that have happened to society in general lately, I'm not surprised at all. Disappointed, but not surprised.

link
collectively 3131 days ago
I mean, I’d rather just not have internet connected devices at all. But the internet is a commons, and people who don’t patch ruin it for everyone.

But, there’s a difference between auto update by default and forced updates. And there’s, again, the option of buying the same thing with no internet connection—pretty much nothing you own needs to be connected to the internet at all.

link
marksomnian 3131 days ago
The issue with having an off switch is that non-tech-savvy people will blindly follow some instructions to disable it and will get caught by a major security vuln.

Case in point: when Chrome throws a TLS error, you could type "danger" to bypass it, but they had to change it because businesses started teaching users to bypass errors blindly.

Not exactly apples to apples, but similar enough in my mind. If users blindly disable updates, they won't be updated when there's a major security patch.

link
Trav5 3131 days ago
A good reminder that if a software company is given enough trust to auto update, keeping that trust us important. Seems the big boys have been breaching that trust a lot lately.
link
collectively 3131 days ago
This is true. But i’m ok with stupidity hurting individuals—at least in terms of compromise—i’m less ok with default settings being potentially insecure one day.
link