Open Letter to Microsoft—a Follow-Up

Thank you all for your responses to last week’s open letter to Microsoft. (If you didn’t see my letter calling for OS-specific update Web sites last week, you can find it at )

Respondents' job titles run the gamut from consultants like me to developers, administrators who support small and midsized businesses, and enterprise folks who manage networks with tens of thousands of machines. I even heard from a couple of IS directors and a CTO. Obviously, the need for a Web site that contains a comprehensive list of OS-specific updates and associated downloads crosses every customer base, from the single-server shops to multinational corporations with networks that span the globe. I know that we're a global community, at least conceptually, but I was amazed by the number of countries represented as I perused the responses. I heard from readers in Denmark, Holland, Norway, Sweden, Finland, Belgium, Russia, Bulgaria, Germany, Greece, Columbia SA, the UK, Hong Kong, Australia, the United States, and Canada.

Everyone who responded agreed strongly that we need OS-specific update Web sites, and many mentioned that such an idea would apply equally well to every major product a vendor offers. Developers fight a nasty battle when they have to code around bugs, so timely information about and access to bug fixes is critical. One developer commented, "It's one thing to have to support and work around buggy code. It's another thing entirely to have its vendor tell me to jump through hoops so that its product works as promised/specified." And if you code around a bug and your customer installs the bug fix before installing your software—look out.

One reader's comment sums up much of your feedback: "Having a single site to search for updates and fixes seems like the least that Microsoft could do." And I really enjoyed this one: "As a person who had to get three credit card refunds in 3 days, I'm with you on this open letter!"

I received a couple of suggestions that would add value to OS-specific update sites. One reader suggested dividing code fixes into two categories: a bug group for updates that correct a known bug and a feature group for updates that add something new. With such a division, we’d have much better information for maintaining bug-free systems without having to add features we don’t need. I like this idea, but I know that it’s difficult to come up with rigid guidelines about whether an update is a bug or feature. I suppose Microsoft could add other categories, such as Both, Neither, and Maybe, to classify code patches that aren’t obvious.

Another reader suggested that Microsoft place a disclaimer on code updates to absolve itself of liability. Before you could download an update, you would first have to agree to a disclaimer containing a "use at your own risk" or "no lifeguard is available with bug fix" message.

I also liked the suggestion that Microsoft provide a utility to help us manage security hotfixes. Using a master list of published security hotfixes, such a utility would evaluate the current installation—including the OS and major applications—and recommend the security patches to install to make a system current.

Unfortunately, I didn’t hear from anyone at Microsoft, perhaps because responding from a Microsoft address might be construed as "politically incorrect." Nevertheless, I suspect that even Microsoft employees would benefit from access to one source for all available OS updates and downloads.

Also, we didn’t generate enough feedback to make a strong case for improvements in the OS support structure. As I mentioned last week, millions of us must need access to this information. If we want this message to carry some weight, we need a large response. Spread the word. Tell your friends and colleagues about this issue and encourage them to respond directly to me at [email protected]

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.