For some people who ran Microsofts January 2007 security and products updates, including me, clicking on the familiar gold shield icon was not much different from getting suckered into opening an e-mail message infected with a virus or a worm Trojan.
Thats because unless you checked before you clicked, you were unwittingly giving permission for Microsoft to install Internet Explorer 7.0. And in too many cases, users are experiencing application crashes or Web site incompatibilities that are rendering IE 7 and your computer useless for Web browsing.
I found that IE 7 totally refused to work on my home machine. It crashed every time I launched it, without a single message or word on what caused the problem. I was left angry and frustrated, thinking that I was effectively cut off from the Web and all my favorite links unless I could figure out a quick way to dump IE 7 and safely restore version 6.
Since as far as I knew, IE 7 had permanently overwritten my IE 6 installation, I felt no initial confidence that I could restore my machine to its previous configuration.
As a result, Microsofts misguided attempt to get people to upgrade to IE 7, whether they wanted to or not, has likely caused lasting mistrust of the latest version of the browser. It certainly has for me.
Microsoft Watch Editor Joe Wilcox covered the positive and negative experiences people reported they had with IE 7.
Clicking on that gold shield patch icon has become a monthly chore for millions of PC users around the world who are assured that doing so will reduce the chance that their machines will be compromised by malware attacks.
Many of them, being trusting (or gullible) souls like myself, will click on that update without checking the inventory of what will actually be loaded on our machines.
When you click on that icon you are presented with two options, the standard, automated update, which Microsoft tells you, is the “recommended” choice, or the customized update, which actually gives you a chance to choose which updates you want to install on your machine.
Unless you click on the customized update, Microsoft gives you no obvious notice that you are installing IE 7. If you run the “recommended” automated update and then reboot, you will discover to your surprise, if not horror, that Microsoft has installed IE 7.
My reaction, after serious irritation at the effrontery of being suckered into installing IE 7 against my will, was strong apprehension about how it would perform on my PC. I was not in a rush to try IE 7 on my personal machine because I had heard that some users were reporting incompatibility problems.
I was generally happy with the reliable performance of IE 6 with all my related bookmarks and applications. I had pretty much resolved, as I usually do in these cases, to take my time upgrading to the new browser until Microsoft had more time to work the kinks out of it.
Its quite likely that I would have never voluntarily upgraded to IE 7 until the long distant day when I decided to upgrade to Vista. That might not happen until the usual cycle of planned obsolescence forced me to buy a new home PC. I can be a real Luddite when it comes to technology upgrades.
Despite my position as an editor for a technology trade journal, I never acquire the latest gadget just for the satisfaction of having the next new thing. My thrifty New England attitude dictates that if your old equipment still works, dont replace it.
The irony is that since IE 7 refused to work on my PC, I launched Mozilla Firefox so I could go to the Microsoft Web site to troubleshoot the problem. There I learned I could simply run the Windows application removal utility to uninstall IE 7 and the system would restore my original IE 6 installation with all my favorite links. Click here to find the Microsoft Web page that explains how to uninstall IE 7 on your computer.
The solution was quick and simple, but the irritation was enormous. Microsoft decided it would use the security patch process to sneak IE 7 onto the desktops of millions of PC users.
If it was going to try this tactic, it should have at least made sure that the installation was so reliable that it would work virtually every time. Microsoft has likely set back IE 7 adoption by months at least for the people who experienced these problems.
Microsoft Watch also raised the question on what caused ActiveX vulnerabilities to increase in 2006, the year Microsoft completed and released IE 7.
I know that I was prepared to make a permanent switch to Firefox if I found that I could not restore my IE 6 configuration. I may yet make greater use of Firefox just to reduce my dependence on Explorer.
Its significant that Microsoft apparently hasnt tried a similar trick with its corporate customers who are much more particular about how and when they upgrade to any new application. The cries of outrage directed at Redmond would have been a lot louder and more anguished.
There is no question that thousands of Windows XP users like myself have successfully or even deliberately installed IE 7 and are pleased with the new browsing features it gives them. But why does Microsoft believe it must treat its customers like children and trick them into installing a new application? Its like parents tricking babies to swallow bitter medicine by mixing it with some applesauce.
Its bad enough that the Internet allows Microsoft to reach out and touch our computers whenever it decides to do security and application updates. Yes, its true this is the most efficient way for Microsoft to patch its software. Without the Internet, prompt distribution of security updates would be impossible.
Then there are those annoying automated prompts that pop up every time one of your applications crashes, asking whether you want to send a notice to Mother Microsoft, telling her what bad things those nasty applications did to crash Windows. You are never far from the comforting arms of Microsoft.
But the security update channel shouldnt be used by Microsoft to launch marketing experiments on its customers. Nor should the patch mechanism be used to spring new products on users without their full knowledge and acceptance.
There should be a further examination of this process to see whether Microsoft is violating the terms of its antitrust agreements with state and federal governments by using the security patch channel as a sly technique to head off competing applications from the PC desktop.
As for myself, I will forever approach future “security” updates with great caution. “Fool me once, shame on you. Fool me twice, shame on me.” Editors note: We corrected this column to clarify the reference to the Microsoft Watch post on the apparent increase in ActiveX vulnerabilities.
John Pallatto is a veteran journalist in the field of enterprise software and Internet technology. He can be reached at [email protected]m.