Improve Security by Patching Windows

You might assume that when you buy software, you're getting a finished product, something that's been carefully tested and perfected. In reality, software companies often treat their customers like guinea pigs; they test the software on you.

Software is sold in a mostly finished state, allowing companies to spend money from sales to fund further development. Just about all software is flawed, and these flaws can range from small bugs that affect a tiny proportion of consumers to problems that spell catastrophe for all who use the software.

In the summer of 2003, flaws were discovered in Windows that had escaped notice for years. By exploiting them, hackers could gain complete control over computers and read information, install software, or delete files. Someone with even a modicum of technical expertise could write programs, called worms, that would invade affected computers and make copies of themselves, replicating mindlessly like a virus.

As predicted, the worms appeared and generated media attention as they caused problems around the globe. Networks slowed and computers crashed while corporate system administrators and home users alike frantically worked to find a solution.

But some people weren't affected by the worms. They weren't merely lucky, they were prepared. By the time the worms appeared they had sealed the hole in Windows.

How did they do that? How did they even know they needed to do that?

Finding Software Patches, Bug Fixes, and Updates

Since software isn't finished before it is shipped, software companies continually offer bug fixes, security patches, and new features. But they usually aren't mailed to you. You have to go looking for them.

Software updates generally can be found by going to the software manufacturer's Web site:

Step 1

Visit a software maker's Web site.

Step 2

Click on something like "Support."

Step 3

Click on something like "Software updates" or "Downloads."

Step 4

Find the updates you need for the software you have.

Step 5

Download the updates and install them.

While this isn't so hard to do, it's enough of an annoyance that most people don't do it.

Using Windows Update and Automatic Updates

Microsoft makes it particularly easy to apply software updates to Windows via the Windows Update Web site. All you have to do is open Internet Explorer:

Step 1

Visit the http://windowsupdate.microsoft.com/ page.

Step 2

Click "Scan for updates."

Step 3

After the updates are found, click "Review and install critical updates." You might have to restart afterwards.

That's much easier than trying to figure out what you need. But there is an even easier way to update Windows: the Automatic Updates feature.

The Automatic Updates feature enables your computer to automatically download and install software patches. It comes with Windows XP, and it is available as an update for Windows 2000 and Windows ME.

To view the settings for Automatic Updates:

In Windows 2000 and Windows ME:

Step 1

Click on Start

Step 2

Choose Settings

Step 3

Choose Control Panel

Step 4

Click on Automatic Updates

Step 5

In Windows XP:

1. Click Start
2. Choose Settings
3. Choose Control Panel
4. Choose System
5. Click Automatic Updates

In the Automatic Updates control panel, you'll find the following options:

• Notify me before downloading updates, and notify me again before installing them on my computer.
• Download the updates automatically, and notify me when they are ready to be installed.
• Automatically download the updates, and install them on schedule that I specify.

In most cases, the third option will be best. Doing this will help ensure that your computer is immune to many new viruses and intrusion attempts. If people had used this setting on their computers, they would not have been affected by many recent worms.

Limitations of the Automatic Updates Feature

Unfortunately, using the Automatic Updates feature won't solve all your security problems. Some updates, such as new versions of Internet Explorer, or Windows Service Packs, cannot be installed automatically. They must be downloaded and installed separately via the Windows Update Web site. Because of this, your computer may be vulnerable after a Microsoft service pack (sort of a collection of updates and bug fixes) is released. It is important to visit the Windows Update Web site periodically even if you have Automatic Updates turned on.

Windows 98 cannot use Automatic Updates, but a similar utility called Windows Critical Update Notification is available. It will automatically check for updates on the Windows Update Web site and let you know when patches are available for download.

Keep in mind that the Windows Update Web site and Automatic Updates only patch vulnerabilities in Windows. They do not apply patches to other Microsoft products such as Word, Outlook, or Excel. To update those products, you must visit the Microsoft Office Update Web site.

Some non-Microsoft products such as QuickBooks and Norton Antivirus include the ability to automatically download and install updates from the Internet. But for most other software, you must visit the maker's site and search for updates on your own.

Establishing a Security Strategy

On Windows computers I am responsible for, I usually set updates to download and install automatically at 3:00 a.m. I leave computers running at night so they can perform this task and other automated maintenance, such as defragmenting hard drives and downloading antivirus updates. This strategy works well for computers that are always connected to the Internet. Computers that have to dial in over a phone line can use it too, however. Your computer must be set to automatically dial out to the Internet when

Computers that have a dial-up Internet connection can employ a different strategy. It is possible to configure a dial-up Internet connection to start automatically in the middle of the night in order to install updates. This might be difficult or undesirable for some reason, however. So for dial-up users it is usually better to choose the "Notify me before downloading updates" option on the Automatic Updates control panel. Then, you can download patches while you are online. Do be aware that this can take some time, however. So start the process and go to lunch.

Installing updates is a chore. There's no doubt about that. But it is an important chore. If you don't apply updates to your system, you could be infected by a virus or a worm. That's bad for you, and it's bad for everyone else on the Internet. Because when that happens, your computer spreads the worm or virus, or someone could use your computer to attack others. Fortunately, tools like Windows Update, Office Update, and the Automatic Updates control panel make obtaining and applying patches easier.

More Information About Windows Updates