"Allowing restarts to occur without user interaction has helped us to rapidly update a major portion of the Windows ecosystem with critical updates. On average, within a week of releasing a critical update, 90% of PCs have installed the update," points out Farzana Rahman, the group program manager for Windows Update.
"On the other hand, this behavior of automatic restarts has some unintended consequences for the user. Restarts can occur without notice, and might occur monthly or even more often if there is an out-of-band update. This unpredictability can potentially result in loss of user data. Most of our automatic installs and the subsequent restarts happen at 3 AM, when users are not around to save any important work. We have heard a lot of painful stories of users coming back to their PCs in the morning to find that a restart occurred, and that some important data was lost. In other cases, the user doesn’t lose data, but needs to restart a job that they were in the middle of (for example, a long copy job)."
As great as the automatic updating is for Microsoft, they are obviously aware of the difficulties that users have been known to face following these events. And finally, they decided to do something about it.
According to him, the upcoming Windows 8 will hold off all restarts until the monthly security release - "Patch Tuesday", which is scheduled for the second Tuesday of every month.
"With this improvement, it does not matter when updates that require restarts are released in a month, since these restarts will wait till the security release," he says, and makes sure to note that exceptions to this rule will be made in case of a critical security update, when the threat is "dire enough".
The users will also be notified of the imminent restart of the computer 3 days before it. The message will persist until the moment of the restart (whether automatic or by user's choice), and will be located in the Windows login screen, from where the user can proceed directly to update and restart the computer by clicking the power button and selecting the option.
"If the PC has hit the three-day deadline and still needs an automatic restart, WU will only automatically restart the machine if there is no chance of losing the user’s data. That means, if you are not at your PC (i.e. it is locked), if you have applications running in the background, or if there is potentially unsaved work, WU delays the automatic restart until the next time you come back to your machine and log in. At log-in, you will be asked to save your work, and you’ll see a warning that the machine will be restarted within 15 minutes," shares Rahman.
The system will be a little different for IT administrators if they have set a policy to prevent auto-restart after automatic installs. They will not be faced with a 3-day countdown, but the message in the login screen will persist until the update and restart is executed.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.