Is it wrong not to upgrade software?
With the software we have today, from browsers to even just random applications that do unique things, they're affected by updates as with operating systems. Everyone would know by now that updates sometimes break things rather than fix them, or add in changes that are completely unnecessary. But I question if it's right to think this and therefore not update anything, even if the developers behind them say they're "critical" for security and what else.
To start, I've decided not to accept any .NET Framework update that throws at me each month and now, I'm doing the same for Firefox (and so everyone knows, I use the ESR version). The reason why I'm going with such notion is that out of curiosity, I installed 78 ESR and already I had one nitpick about it... the address bar. Why does it have to be slightly bigger when I select it? And why do I have to click away from it twice after I've used it? As a result, I've downgraded back to 68 ESR and made it so that the browser doesn't get automatically updated when its lifecycle ends (although it came to that today).
I also refused to update VirtualBox when I had it as it required a brand new installer, which was over 100MB, downloaded each time unless that's been changed since then and more recently Any Video Converter even when I got notified of updates for it too much, and had the option to skip new versions I'm told about (as the one I have, 7.0.2, is absolutely fine).
Hope I'm not the only one feeling this way, even about how I'm dealing with Firefox now. I could've even had this stagnate at 52 ESR if I wanted.
To start, I've decided not to accept any .NET Framework update that throws at me each month and now, I'm doing the same for Firefox (and so everyone knows, I use the ESR version). The reason why I'm going with such notion is that out of curiosity, I installed 78 ESR and already I had one nitpick about it... the address bar. Why does it have to be slightly bigger when I select it? And why do I have to click away from it twice after I've used it? As a result, I've downgraded back to 68 ESR and made it so that the browser doesn't get automatically updated when its lifecycle ends (although it came to that today).
I also refused to update VirtualBox when I had it as it required a brand new installer, which was over 100MB, downloaded each time unless that's been changed since then and more recently Any Video Converter even when I got notified of updates for it too much, and had the option to skip new versions I'm told about (as the one I have, 7.0.2, is absolutely fine).
Hope I'm not the only one feeling this way, even about how I'm dealing with Firefox now. I could've even had this stagnate at 52 ESR if I wanted.
Comments
There are some tools I use that are not regularly updated and generally they don't get updates unless I run into a problem with them. At which time, I'll try updating it to see if it resolves the issue. But it's not because I don't want to update those tools, it's generally because I wasn't aware they had updates and they don't prompt to update. Also, they tend to be things I don't use very often or things that are pirated and getting updated versions require obtaining new keys, which is sometimes difficult to track down.
When the app does prompt for updates and I decline, it's usually because I'm just trying to get something done and don't have time to bother with an update. Three apps that come to mind that do this are notepad++, winscp, and mkvmerge. I have nothing against updating them, I'm just usually busy when they want to update.
Even a well meaning developer and a small program can accidentally break critical functionality. When users call in complaining they can't get their work done, who is going to get the blame? The developer(s) who made a mistake, or you for loading an untested piece of software in to the system? Keep in mind there is no shortage of blame.
As we know, not all developers are well meaning. Increasingly the problem is not that the new version can't add A+B due to a coding mistake, but rather they have changed EVERYTHING around just for the sake of change. This means it may not run at all without changing hardware or software dependencies. This means you may waste months re-learning a user interface for an application you only use for 5 minutes every two years. This means you may have to sit through advertisements just to add A+B. This means all of your actions are logged, sent back to the mothership, aggregated, and used to incriminate you. Sigh. Then they finally pull the plug on the very ability to add A+B because they are too busy supporting the new UI, advertising engine, and telemetry systems, but the lame excuse is that only "old" people want to add A+B.
Unfortunately, now thanks to web browsers and the way idiots handle data, you have people running around yelling "All old stuff is insecure! Pollywannacracker!".
It is true that security issues are a serious problem. But the cost of changing software should always be weighed carefully.
In my opinion, most software based security flaws are a symptom of larger design flaws that no one is willing to address. Such as building everything including the kitchen sink in to a web browser or OS.
I hate to say it, but I probably did my part to help contribute to this problem. Back in the day I loved to download the latest Mozilla and Firefox nightly builds. But I am/was an actual software tester. I felt I was helping Mozilla by testing, catching bugs as soon as a change was made, and filing bug or crash reports. Getting access to "new features" was only a secondary concern, and mostly limited to testing.
Apparently there were enough people who did this that Mozilla decided to start doing rapid releases. Unfortunately, I believe many of them were downloading nightly builds for the wrong reason, usually to get access to buggy new features.
Quite frankly, EVERYONE should be using the ESR Extended Support Release builds, unless they consider themselves software testers.
What is really unethical is how these days "security upgrades" are used as an excuse to push unwanted garbage to users.
A security upgrade should NEVER, EVER, EVER break anything, change visible functionality, get in your way, or remove functionality. If this were the case, then there would simply never be a reason for not installing security fixes.
But as most here are painfully aware, this is seldom the case.
Every time I have to "update" something, I cringe and wonder how I am going to get raped up the ass now. Am I going to get advertising now? Will I have to buy all new hardware? Will I have to change other software to make it happy? Will it break other software? Will I have to waste time learning a new user interface designed by some managers 5-year old daughter? Is it going to start sending all my personal information back to the vendor? Are they bringing back Clippy? Will I now have to be locked in to some online service bullshit just to use it? Will I have to change everything around to get it to do what I need again? Will it even do what I need at all? If I am lucky, it is just going to be massively slower. Will they at least ship me a bottle of lube so it doesn't hurt as much?
So, yea, the security parrots will keep bitching, but unless this madness ever stops, they can shove it up their own colorful feather laden asses.
It used to be that OSes like DOS, Windows 3.1/95/98/ME had NO security whatsoever. I've worked extensively with those, and I am painfully familiar with how to mitigate security issues with these OSes. It's not as easy, but these techniques are still applicable to newer systems. It is mostly a matter of being careful about where you bring in data, what data you expose to other programs, or allowing data out, and periodically checking the integrity of the system. Heck, I remember when the entire internet was mostly unfirewalled, you could poke at any port on anyone's computer (oh, look, I see another idiot who installed Microsoft Personal Web Server for Win98 and all its exploits). Most of the time, it is just about not doing dumb stuff.
As for security, you can certainly go overboard with it, but that's because you pretty much have to. Especially if you work for a large business. You don't really have a choice in the matter because you have to pass audits and meet compliance requirements.
Never underestimate how dumb a user can be.
I am very happy not to be a security developer. Half the security issues I have seen have taken the form of a user might try to do something and it might be bad and the requirement was to prove it was impossible for a user to do something bad. The security auditing team does not need to concern themselves with minor details like ensuring the user can actually do their job.
As pretty much everybody knows here by now, I use Windows 2000 (or older), Office 2000, Cool Edit Pro 2.1, and various other old software pretty much daily. Why? Because it works and does exactly what I need it do.
I have many reasons to not upgrade. For example, the newest version of Adobe Audition is missing features that Cool Edit Pro 2.1 has, AND I would be locked into a paid subscription that requires an Internet connection to activate. It would also mean that I'd have to upgrade to Windows 10, which is slow, bloated, and doesn't work with my sound card. So I'd have to buy an expensive new sound card as well (I use a professional model). I'd also need the 64-bit version of Windows 10 to make use of my 16GB of RAM (whereas 2000 with PAE enabled can use all of it), which means that I'd lose the ability to use any 16-bit software.
Much of the internal parts of my network are old. They just work. And I've had no problems with security. I know how to secure my network, and I've not had a virus since 2006. HOWEVER, anything that directly faces the Internet does get regular security patches.
I would recommend keeping web browsers updated as much as possible, or at least blocking advertisements somehow. I use AdGuard DNS for this, tied in with my Windows DHCP/DNS server, so anything on my network has ads blocked automatically.
Finally, if you're worried about security, just be careful. Don't use unpatched things to browse spammy sites, download random "virus scanners", or open random e-mail attachments from people you don't know. Don't use an admin account unless you have to. Most of the security problems are caused by the users themselves.
Best you had was a dial-up connection a fraction of a fraction the most garbage internet today has. 56Kbps? Woah. Not a thing. Best you got is probably a #####bps modem you don't know what to do with. Maybe the fancy enterprises had StarLan or a coax network across their systems. But you didn't. Especially not to global network.
When you bought a software, the support you had was a phone call. A trip to the vendor. Maybe even write a letter. And most of the time a waiting game for a response.
When things broke it was up to you to fix them yourself. Maybe you could get a fix on a physical medium in the mail a week or so if you paid postage if that was an option. Or maybe the response was "don't do that again."
Nonetheless, this was the ancient times. A connection was a luxury.
Software needed extensive testing to do the best they can to anticipate because heavens know what you can do to fix a major bug creating a PR disaster because there's no fast, economical method to get fixes out to ever single customer. Even then it was more economical to just release a new version to the market that advertises that bugs was fixed. If you could get updates to issues, and cheap, you wanted it. And in Microsoft's case, they couldn't release dozens of fixes on physical medium at a time. That'd take world supply of floppies and CDs for each and every update. And that was the theory behind Service Packs. Put a mass collection of updates on a CD or a floppy set and distribute that for a minor fee.
Enter the internet, cloud computing and all that fancy mumbo-jumbo. Fixes can be downloaded and applied automatically in seconds. Why do extensive testing when users can just file a bug report, we'll fix it, and push it to their machine? Why do we need to invest in testing labs when we can have users do it for us? And there is the flaw.
When you have millions of reports filing in, how do you filter them? You can't do it by hand. It would take months to read all those reports ranging from "bring muh aero back" or "stop muh trakung" to "Major corruption issue related to storage spaces." You instead have AI that you program up to do the best and even then what gets to the developers from that winds up missing a whole lot of the point because AI isn't perfect either.
Software isn't tested as extensively as it was. Updates are released more rapidly to fix issues as fast as possible. But even those updates aren't tested as they were before because of how rapid they've become.
Should you avoid every single update on the market forever? No. That's outrageous. But at the same it's not a grand idea to let the system download and install updates every single day either. As a home user, you have leeway. You know how you work, what you do, and take steps to mitigate foreseeable risk. Enterprises have to anticipate everything from dude tethering his phone to the computer to get around web-filters to see his porno, to girl trying to e-stalk her ex to whatever you can think of has probably happened at an enterprise somewhere.
There's a fancy update delay system I recommend doing. I think I already told how I work. Read up on the updates. Don't install them on launch. Wait a week or so after they've been in the wild to see any potential issues that arise. And if Windows 10 forces it down your throat, hope you got a backup.
It's how I used to work with patch Tuesday. Every week I'd be installing the past week's after a little research, unless they were urgent fixes.
Also, rather unrelated but I still use Office 2010 on my system and next month would be the final month of updates for it. Obviously after that, it would be most vulnerable but I'm not too bothered, as I don't make much use of Office software anyway (and when I do, it's mostly with Excel and Access). Then again, I still have FrontPage 2003 even though Office 2003 ended support seven years ago.
EDIT: Another minor gripe I have with 78 ESR is that Japanese text looks weird, because of different fonts being used (one using Microsoft YaHei and the other Meiryo, when they didn't use this before as I believe MS PGothic was used last time if I recall correctly). Tried changing the font for the language but to no effect (and I even refreshed the pages too). Waterfox seems to have this as well, but at least that doesn't have links on pages with certain letters not underlined (and why did that "change" proposed in the first place... links are now unsightly to look at that way). Yeah, I seem to find fault with everything these days. Don't mind me. Also, I might be wrong but Waterfox seems to have a built-in ad blocker, because I saw ads seemingly "blocked" without me having to bring back uBlock Origin. Strange, but if that's the case, then that's awesome.
One day it's going to be "Windows 365" and you'll have to pay a monthly fee to use your computer or you have "limited functionality mode."
They have done this before - Windows XP Home Edition for Subscription and Prepaid Computers!
Oh I can imagine it now. Somebody giving a presentation in 2025:
Notification: Your Office 365 has now expired. We will now exit the program and bring up the activation prompt for you to renew it.
Your One drive subscription has also now expired, renew now or we'll delete files to fit the reduced capacity.
Windows 365 subscription has now expired. You will now be logged off. Upon next login you will have "reduced functionality mode" which allows you to purchase a new subscription online or enter your card information.
You know what, it's good to know there are people who have similar ideas.
But I will say from past experience with office 365, they warn the shit out of you when your subscription is about to be cancelled, and they retain data for a while as well with repeated notices that they're going to delete it on a certain date. So, no, you're not going to be in the middle of a presentation when they suddenly cut you off. And if you are, it's because you've ignored many, many warnings. Also, they do automatic payments, so as long as the card is good, there's no danger if anything expiring.
Now, back to my gripe with Firefox 78 ESR... I hope there's a way to fix the Japanese font displayed on web pages and of certain characters not being underlined and if so, I suspect it'd be done under
about:config
. I recently brought this up under the Firefox Reddit but so far, no response.If no joy on that however, not even if upgrading to Firefox 81 would be the solution, then Pale Moon is the only way to go (and yes, I did say Waterfox but decided against it recently).
As for updating software,I would recommend it for all applications connected to the internet in production use. Yes, there are undisclosed security problems in new software, but the nice thing about auto-updating (at least on long-term versions) is that it can be fixed quite soon, without having to wait weeks or months. The disclosed ones, however, can easily be exploited on out of date but still used OSes (There's a certain one with a version number of 5.1) tl;dr try to upgrade internet-connected software if you are not using it for novelty.
The current subscription models are that while subscribed, updates are free or reduced prices, and you keep the software after the subscript ends.
To updating software. It can hurt but it's more often better to have the more recent thing.
There will be no such thoughts permitted. The World Congress will proclaim that those who use or think of using operating systems (as well as hardware that is more than 14 months old) that are not Windows 365 are insubordinate terrorists (the War on Insecure Tech!). So I'll get a trip to the electric chair before I can express my opinion anyway.
The unfortunate problem is that major subscription-based companies (such as Adobe) do not follow that model.
For instance, when your subscription runs out yes you can still "use" the program. But feature usage is severely limited and you can expect to run into "your license does not allow this action." This was the major concern with those of use who had a perpetual license to Substance Painter. If we "upgraded" to the new subscription, our work would essentially become view-only once the subscription runs out. Adobe now holds your, YOUR, work hostage if you don't pay the ransom. And therefore, your work is no longer your work.
Supscription models for software are really, really stupid. Can I pay for software *once* and not have to keep paying you?
What companies write in their EULAs and other contracts, do not necessarily stand in court. It is illegal to advance things that clearly circumvent laws. For example, the 'reverse engineering' clause does not stand in court.
In point, the nature of Microsoft's EULA has never been tested in court. It has come to court a number of times, but they caved in each time so that their ways might not be challanged. Selling used licences has been contested in court. It is not a breach of copyright, since the licence to copy that copy and to transfer that licence with its copies is not an act governed by copyright law. It has to deal with rights after first sale.
The lack of variation in shades is poor. The lack of decent separation is poor. Keep trying to look like chrome which is already a poor UI. And make sure to ditch those sharp corners because you may cut yourself!
When they added advertising to the new tab page, I already gave up on them.
I nuked Pocket long ago, the only reason it exists is that Mozilla needs more money (because fewer people use Firefox, and so their CEO can buy more personal cruise ships)