April 8th, 2025

The Goldilocks zone of software stability

I’ve learned that the enterprise product support folks talk about the “Goldilocks zone” of software stability. Sometimes, their enterprise customers are running software (particularly anti-malware software) that hasn’t been updated in years. That’s too old. Sometimes, their software was updated just a few days ago. That’s too new. In between is the Goldilocks zone, where the software is old enough to be stable, but not so old that it’s obsolete.

The name “Goldilocks zone” is a reference to the English fairy tale of Goldilocks and the Three Bears. In the most common version of the story, a young girl stumbles into an unoccupied home and finds various items in sets of three. The first item in each set is bad in some way (too hot, too soft), the second item is bad in the opposite way (too cold, too hard), and the third item is just right.

Anti-malware software in particular is prone to the Goldilocks effect because they often do sketchy unsupported things with the operating system, so the longer it’s been since you updated it, the more likely that changes to the operating system have invalidated or at least partially invalidated the assumptions under which they were written. Furthermore, anti-malware software is under enormous time pressure to respond to new threats, so the changes may have been rushed out without broad enough testing.

On the other hand, all software is at risk of running into problems immediately upon release because it’s hard to test against every possible end user configuration.¹ As the saying goes, no plan survives first contact with the enemy.

¹ Another possibility is that the change didn’t have enough bake time.

Topics
Other

Author

Raymond has been involved in the evolution of Windows for more than 30 years. In 2003, he began a Web site known as The Old New Thing which has grown in popularity far beyond his wildest imagination, a development which still gives him the heebie-jeebies. The Web site spawned a book, coincidentally also titled The Old New Thing (Addison Wesley 2007). He occasionally appears on the Windows Dev Docs Twitter account to tell stories which convey no useful information.

10 comments

Discussion is closed. Login to edit/delete existing comments.

  • Joe Beans

    Anti-malware software IS the malware. It’s a universal backdoor just like Windows Update, an intolerable security risk.

  • Joshua Hudson

    Counter-evidence:

    Living Windows 3.1 software has stability beyond normal. This is due to the fact the unstable software died out already leaving only the stable.

    • alan robinson

      What living win 3.1 software is there anymore? You can’t even run win16 code anymore on modern (64 bit) CPUs.

      • Joshua Hudson

        You have no running 16 bit code anymore.

        I have cross-mounted hard disks with VMs running 16 bit code that do useful work.

  • alan robinson

    Some win32 stuff has been broken over the years, particularly shell related APIs. But even so, you are right it’s the most stable gui api known to man, at least one that’s os native.

    Given how things are going that’s probably a reason to expect it to be killed off sooner rather than later 🙁

  • Andreas Rejbrand

    The title made me think about stable platforms.

    That's something I talk quite a lot about, because there is one computing platform that beats all competition by huge margins: Classic Win32 (which is typically 64-bit these days, but still).

    I have been programming (in Delphi) for Win32 since the late 90s, and I find it truly amazing that the apps I wrote back then still run perfectly on Windows 11. And the programming techniques and APIs have not changed much either; in fact, the GDI painting that my 90s app did back then still works the same way in Windows 11.

    Compared to...

    Read more
    • Jan Ringoš · Edited

      My sentiment exactly.

      It's just sad that Microsoft tries to keep reinventing new and new APIs and frameworks, and then abandoning them, when the great stable multiplatform one is right under their noses. Too bad there's probably only Raymond here left at Microsoft, out of all the programmers who could maintain and potentially extend this layer.

      Should Microsoft ever decide to un-abandon Win32 and do some substantial improvements on this layer, I'm offering to work on it FOR FREE.
      I even have a wish list, but let's make some proper Common Controls vNext, rework Dark Mode properly, fix Fibers and AVX, etc....

      Read more
    • IS4

      I agree, this is something I was thinking about just yesterday. What’s even more fascinating is that with Wine, these apps can even be run on Linux, a system known to have issues running binaries compiled elsewhere.

    • alan robinson

      I'd guess that Microsoft almost single-handedly created this phenomenon, with windows itself.

      Also, at least for Windows the goldilocks "zone" keeps on getting older and older. I've given up hope Microsoft will release a "good" windows to replace w11 before w10 is killed for good, but if I had my real choice I'd be back on 7 today.

      Of course it's not clear that the Goldilocks zone can be objectively measured; much of it seems subjective; eg some people actually seem to like windows 11. But the lack of enthusiasm to upgrade in the face of w10 (or...

      Read more
  • Mark Cresswell

    I recall Goldilocks broke into a house with three Bears. Each bear liked their porridge at a specific temperature. The Father Bear liked it hot, the Mother bear liked it cool and the baby bear liked it midway which was ‘just right’ – so Goldilocks ate the baby bear’s porridge. In reality, the three bears would have eaten Goldilocks as a second course to their meal.