Microsoft's decision to deliver Windows Live Essentials 2011 as an important update to some users, didn't fall well with some security researchers, who liken the practice to adware and spyware behavior.
Windows Live Essentials is a suite of Microsoft programs related to the company's Live services platform. It is comprised of applications used for emailing, instant messaging, Web content publishing, photo sharing and other tasks.
On October 20, the software giant announced
that the newly released Windows Live Essentials 2011 will be delivered as a "recommended update" to users who have at least one of its components installed.
By recommended update, the company meant that it will appear under "Important Updates" on Windows Vista and 7; Windows XP users will not receive it.
Pedro Bustamante, a senior research advisor at Panda Security, decries this decision and considers the behavior unethical.
"It seems Microsoft is reverting to using WU to push unwanted software, kinda like what adware, spyware and rogue software does.
"I guess if you can’t convince users to download and install your software the next best thing is to push it down their throats whether they like it or not. Nice move MSFT!
" the security expert writes
We've researched how this update is shipped ourselves and there are a few interesting aspects that we think are worth pointing out.
First of all, the update only appears in the "important updates" list if the user has Microsoft Update enabled.
Microsoft Update is not the same thing as Windows Update (WU) and does not come enabled by default.
Users have to manually go to a special website, check a box and allow this additional component to install.
Afterward, they will also start receiving updates for other Microsoft software, aside of the operating system itself, such as Microsoft Office of Windows Live Essentials.
Secondly, if users have the "install updates automatically" option selected, which is both the default and recommended setting, Windows Live Essentials 2011 will automatically download, but it will not install.
This behavior is confusing, because it is not what the update setting implies (automatic install) and it is more reminiscent of another option called "download updates, but let me choose whether to install them."
Finally, if the user chooses to manually trigger the installation of the automatically downloaded package, the first screen gives them two options.
One is to install all Windows Live Essentials 2011 components and the second is to only update the already installed components, in our case Windows Live Messenger.
None of these options are selected by default and the user can't simply hit "Next." They have to consciously choose which option they want.
Mr. Bustamante points out that if the update is unchecked when initially offered, it will re-appear in the list later. This is true, but not only for this particular update.
To prevent a particular update for appearing in the future, users have to right click on it and select "Hide." Whether this is a deceptive practice or not, can be debated.
However, this is how Windows Update has worked from the beginning and is not a technique specifically used to make the Windows Live Essentials 2011 download persistent.
We agree that Microsoft's decision to ship Windows Live Essentials updates in one big package, instead of individual updates for each component, might not be the most transparent and fortunate approach.
We also think that some of the choices regarding the update procedure are confusing. After all, when people choose for something to automatically install, they expect it to automatically install.
But, in the end, users are clearly given the chance twice to avoid installing all of the Windows Live Essentials 2011 components, which is what Mr. Bustamante appears to be concerned about.