Microsoft Windows, updates, reboots, and the principle of least surprise

It’s been a while since I’ve ripped on Microsoft, which I was reminded of after seeing Matt Mullenweg’s recent blog entry about Windows and it’s horrid habit of rebooting to install updates, without specifically being told to do so. This wouldn’t be nearly as bad, if Matt didn’t link to a blog entry he wrote six years ago describing the same exact thing which at the time cost Matt quite a bit of unsaved work. (At the time of this earlier entry, Robert Scoble was working for Microsoft and apologized to Matt in his blog. By the way, this is something I suspect would never be allowed from a Microsoft employee now, and looking back at it, I’m a bit surprised Robert got away with it.)

Now, most people would think Microsoft would listen to their customers(*) and fix what is widely perceived as a bug, even if it was originally an intentional design decision. Especially after someone as high-profile as Matt has blogged about it, now twice. For the uninitiated, here’s what Matt is talking about in those entries:

  • The Windows Update tool downloads its updates and installs them. There are three options: manually download and install, automatically download and manually install, or automatically download and install.
  • At the conclusion of the install, if one of the updates requires a reboot (which, given this is Windows we’re talking about, is almost always the case), a dialog box pops up with the option to “restart now” or “restart later” with a timer. Originally, this timer was 5 minutes; I think it’s been changed to be longer (15 minutes?).
  • “Restart later” just means the dialog box pops up again some time later. I’ve never measured how long it is, I just know it keeps nagging until you reboot, and there is no way to select “go the #%&$@ away, I’ll reboot when I damn well please.”
  • “Restart now” does what it says.
  • If no action is taken when the timer expires the system reboots. This is almost never what the user (who is in effect Microsoft’s customer) actually wants.

This last bit is why people like Matt write blog entries like that one. This is also why people like me quit running Windows at all. My first choice for a new PC is “one without Windows on it.” My second choice is “one I can wipe the Windows install from as soon as I get it.” (I’ve been stuck using a Windows XP system enough to know this is how it worked as of that version. I quit using Windows at the first opportunity, for reasons that should be obvious. No PC that I actually own has run any version of Windows since 2002 April, which is now over eight years ago.)

The reason the timed reboot is such a disaster is that it violates the principle of least surprise (also called the principle of least astonishment). A computer user expects the computer to stay running absent a specific command to reboot. (I’m being generous here, given this is Microsoft Windows in question, an operating system not exactly known for its stability.)

In addition, Microsoft puts scary warnings in the Windows Update component which encourage users to select “automatically update.” From Matt’s post:

I can’t reconcile that it was due to a feature of an operating system, a feature I was told to turn on to stay safe, and a feature that bugs you when it isn’t activated. I trusted the computer because of the improvements to stability Microsoft had made in XP and SP2. Trust like that is slow to build and easy to break.

Now, Ubuntu gets it right (or at least did as of 9.10; I lack the experience with 10.04 to confirm). Most updates do not require a reboot. Those that do (new kernel versions), pop up the dialog box once. Yes, that’s right, once. If you say you would prefer to reboot later, the dialog box is gone for the rest of the session. The only bad part of this is that hibernating is broken from that point forward until you reboot and you just have to know this from experience. Since Ubuntu’s Update Manager is relatively unobtrusive (it pops up once per day if dismissed) this effectively becomes a non-issue. If you don’t use hibernating mode it’s not an issue.

Anyway, my point is that it’s inexcusable for Microsoft to allow what most users consider a horrid bug in place all this time, especially given a competing operating system shows how it should be done. I don’t know the right way to fix this in Microsoft’s world. I do know defaulting to a reboot after a time delay is not an acceptable answer to the majority of computer users (note, that’s computer users in general, not just PC users or Windows users). Then again, maybe the answer lies in not requiring a reboot after just about any system update. I’m not holding my breath waiting for Microsoft’s fix for that one, though.

(Note: When I refer to Microsoft’s customers here, I refer to the end users of Windows. I know technically Windows is usually sold to OEMs like HP, Dell, Compaq, Gateway, etc. but they aren’t really the customer here. It is the end user that Microsoft ultimately aims to please.)