Pardon me for not being estute on pushes and patches, but… When it comes to patches, say MS patches or Macafee updates, must your home PC always have to go retrieve these pushes (usually on a regular schedule), correct? But, can such pushes ever be automatic (speaking strictly of home computers, now)? In other words, does the end-user always have to go ping some server for the patch, or do patches sometimes get pushed to home PCs automatically from some distant server?
There’s more to this question, but let’s start here.
I’m not an IT guy, but everything I’ve seen can be set up to automatically check for updates (as well as download and install it), but I’ve never seen anything, on the consumer level, that pushes updates.
For home machines, the typical setup is to let the client machine check for updates from the publisher’s server periodically and download / install the update. There’s a few advantages to doing it that way:
The publisher doesn’t have to keep an up to date list of every machine that has the software installed.
Home machines can be disconnected or switched off so it’s easier to have the updating mechanism run on the home machine itself and run whenever it’s convenient.
The big one: it’s much harder to secure a machine that allows itself to be updated remotely, or even just accessed remotely, and for that reason and others most home networks are set up to disallow any remote connection by default. Bypassing that security usually requires more technical know how than a home user is willing to learn.
When all the machines are under the control of a single organization - like in a server environment, or in a large set of workstations managed by an IT department - it’s fairly common to have “pushed” updates. It’s usually simpler to set up pushed updates than “auto-updates” in these environments, often it’s more important to update all the machines to a new version quickly and/or in a coordinated fashion, and the “remote access security risks” can be easily avoided or contained when you’re managing all of the machines and the network they’re running on.
You might be able to have an update program that is always running and listening on a given port. In that case, the remote server could alert your update program and cause it to spring to life, but I think that’s the closest you will ever get to having an update “pushed” onto your computer.
Exactly. The manufacturer does not track and push, it waits for pulls.
The problem is that home routers have one single address on the internet; the use NAT (Natural Address Translation) to make it look like all your home machine activity comes from that one address - ie. two machines with internet explorer open, the rest of the world might thing it’s one machine with 2 windows open. The trouble is, this is one-way. If something comes unsolicited from the internet, say a magical push software update - which machine is the home router supposed to forward it to? You can in fact program this into your router - ie. set up a web site, forward port 80 http to that PC, but only to 1 machine; the rest of the world does not know about multiple PC’s behind that router.
On a corporate network, even behind a firewall, all the PC’s can see one another. Things like a “push” happen because the pushing controlling server can see each PC individually by address. A PC runs an RPC (Remote Procedure Call) service, and another machne with the right user/password authority can initiate programs - including ones residing elsewhere on the network. Thus, a turn-on PC can be made to update itself even if the update program is not installed or running on the PC. Many enterprises also allow for remote login to your PC’s.
Obviously, the RPC service is one good example of why a home router between the PC and the internet is a good idea. Besides bad program vulnerabilities, there is always the possibility that someone could try remotely logging in with the dictionary of 100,000 common passwords.
The root of the problem is that, to get a push, you need a persistent connection between the PC and whoever is doing the update. You could have something listening on the PC like dzero’s post, but the vendor would need to keep track of every computer so they know where to send the update (what if it’s a laptop that can connect anywhere and have any random IP address?). Then they have to keep trying if the update doesn’t succeed. It’s a lot of work and money for no gain.
And of course, this assumes every user goes through the setup hassle md2000 described.