Malware… or how to make Windows XP Suck Less in 5 minutes

gpedit.msc lets you fix Windows Update
gpedit.msc lets you fix Windows Update in Windows XP making it even more better than Vista.

One thing I haven’t seen any coverage of in reviews of Windows 7 is whether basic OS behavior has been reformed. But I found the answer here:

In prior versions of Windows, updates requiring a reboot would pop up a dialog box requesting that the user reboot his machine every number of specified minutes. This dialog box was changed to allow the user to select a longer period of time (up to 4 hours) before being prompted again. The revised dialog box also displays under other applications, instead of on top of them.

From the¬†Wikipedia entry on Windows Update — emphasis mine

(I love this entry. Much of it is so obviously written by Microsoft Marketing — yeah yeah go go ASP.NET. And no mention of the Blaster¬†worm which nearly took down Microsoft’s update mechanism along with a substantial portion of the world’s Windows boxes.)

There’s a doohickey in the bowels of Windows XP (spoiler alert!) that lets you block what I believe to be the single most annoying features of Windows Update, which is the warning dialog requesting that you restart your computer (I’ve had to reboot my Windows XP SP3 desktop PC three times for updates in the last few days). It’s not mentioned in the official documentation, because this only covers getting to the control panel and choosing whether you’d like to be starved, beaten, or have electrodes attached to your genitals.

I’m guessing that the kinds of people who review Windows releases are the kinds of people who know how to configure it to be less annoying. This is a huge blind spot (kind of like the “UNIX is easy because the commands are all just two letters” approach to usability that dominated computer science until about 1995): most users, including me until five minutes ago, are living with Windows XP’s “out of the box” behavior, and that behavior is — essentially — worse than malware.

The default (and recommended) behavior of Windows XP is to update your computer automatically and without asking, and after the update is finished to reboot the computer quitting out of every program on the way — force-quitting if necessary. This is basically a slow motion “controlled” hard crash that Windows does to you with frightening regularity in the interest of keeping your computer up-to-date, and the main benefit of this being, supposedly, to protect you from malware which could cause your computer to crash or lose data. Who needs malware if you’re running Windows?

But the best behavior aside from ignoring updates that you can configure Windows XP to adopt is to nag you every 10 minutes with a system-wide modal dialog box requesting you to restart.

OK, I’ve wasted three minutes of your time, here’s the actual fix…

In order to disable this behavior, you’ll need to Start > Run… gpedit.msc, drill down through Administrative Templates / Windows Components / Windows Update and then enable and configure “No auto-restart…” and “Re-prompt for restart…”. This will give you what is — I’m taking a wild guess — the single biggest improvement to Windows in Vista and Windows 7. It’s certainly better than anything I’ve found listed here. (Of those, the “nag-free system tray” seems like the next best … remember how Windows fanboys were raving about how great Windows notifications were only a few years ago? Now they’re raving about being freed from them.)

Windows Vista — according to the quoted snippet — fixed this problem. I didn’t notice because Windows Vista is so infernally annoying across the board that minor things like Windows Update being less annoying apparently left no impression. Please note that — as far as I can tell — the recommended option is still to hard crash your computer at 3am.

Apple’s Security Issues

Rixstep is one of the most intelligently critical Mac-centric (well, originally NeXT-centric) websites around. Here’s their latest commentary on Apple’s security issues — an issue they’ve been railing about for years.

Now, I’m not about to switch to Windows for the superior security of Vista (which, if anything, is more vulnerable to social engineering attacks, which are by far the biggest threat*), but it would be nice if Apple closed some of the glaring holes before there actually are some real world exploits.

Note: * all the remote attacks to which Mac OS X is vulnerable are in essence going to require a social engineering approach to work in the first place. Whether it’s getting a user to visit a web page with a specially crafted QuickTime movie, or getting a user to download a trojan, the point is getting the user to do something. Vista screws up its warnings by crying wolf so often that the chance of a user inadvertently clicking “yes” at a critical juncture is much higher, and this is something CanWest et al don’t measure.