Microsoft's apparent plan to automatically update its own Windows Store apps is drawing praise from security experts.
"Auto-updating apps ... improve security and are great for anybody that does not have their own update or patch management solution," said Wolfgang Kandek, CTO of Qualys, in an email reply to questions.
"People just don't want to deal with [updating software], nor should they have to," added Andrew Storms, director of security operations at Tripwire's nCircle.
Kandek and Storms were reacting to reports Monday that the next version of Windows 8, code named "Blue" by Microsoft and thought to be formally dubbed Windows 8.1, will automatically update Microsoft-made apps designed for the tile-based "Modern," ne "Metro," user interface (UI).
The WinBeta blog was the first to note the auto-updating when it examined a recently-leaked build of Windows 8.1, saying that the PC powered by the still-unreleased upgrade had received silent updates to several Modern apps via the Windows Update service.
Currently, Modern apps bundled with Windows 8 and Windows RT, or those later installed by users, must be updated manually: Customers receive an alert when an app update is available, but must still steer to the Windows Store, the official download market for all Modern apps, to retrieve and install the update.
That hands-on model runs counter to long-standing Microsoft philosophies regarding software updating and patching, which hold that the less asked of users, the safer they are. The most prominent example of that outlook is the Windows Update service and its by-default enabling of Automatic Updates, which silently downloads and installs fixes, patches and even additional features to the operating system without user interaction.
If WinBeta's claims are accurate and automatic updating of Microsoft's Modern apps makes it into the final of Windows 8.1, customers will be safer, the experts contended.
For Storms, automatic app updates fit nicely with Microsoft's previously-announced plans to issue Modern app patches on the fly, not only on the monthly Patch Tuesday. "It's a reflection of where Microsoft is heading," Storms said. "Their internal philosophies [regarding updates] are starting to change because it's a transition time for them."
WinBeta provided no evidence that third-party Modern apps would also be updated automatically, hinting that Microsoft will hew to tradition, and reserve Windows Update for its own software.
Consumers may generally consent to automatic updates, but enterprises have historically balked at modifying company machines without compatibility testing to make sure new code doesn't break existing applications or workflows. Businesses have also often blocked upgrades sporting new features for fear of increased employee training costs or a sudden flood of calls to the help desk.
But corporations should rethink those conservative practices and get with the program, argued Kandek.
"While I believe some enterprise shops will want to control this update process in a tighter way, many companies will be better off letting machines -- at least workstations -- auto-update and trust the built-in and battle-tested update mechanism to keep machines up-to-date as long as they are connected to the Internet," he said.
Kandek cited instances where corporate IT has already been cut out of the update loop, including employee-owned devices such as Apple iPads and iPhones, and Android-powered tablets and smartphones, and browsers like Google's Chrome and Mozilla's Firefox, both of which rely on silent updating services.
"Windows 8.1 is just another example of that tendency [toward auto-updating in the enterprise]," Kandek said.
Storms was more cautious, if only because of a recent episode where a flawed Windows patch crippled an unknown number of Windows 7 PCs with the infamous "Blue Screen of Death" and constant reboots.
"I think at some point every app that is not cloud-delivered will end up being 100% auto-updating," Storms said. "If it weren't for the BSOD-related patch from Microsoft last month, we'd have a good history lesson to tell here. Sadly, there is always going to be something that breaks."
Microsoft has not revealed a release schedule for Windows 8.1, saying only that it plans to deliver updates more frequently. Most analysts and pundits, however, expect Microsoft to preview Windows 8.1 at its BUILD developers conference June 26-28, and ship the upgrade to customers later this summer or in the fall.
This article, Security pros cheer hint of hands-off updates in Windows Blue, was originally published at Computerworld.com.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.
See more by Gregg Keizer on Computerworld.com.
Read more about windows in Computerworld's Windows Topic Center.