Windows System Security Updates

It seems
like every day a security-notice comes across my desk informing the community
of yet another browser security hole, exploit or travesty uncovered. It has
always been easier to breach security than to create it; too many variables
to cover everything. While Microsoft nay-say-ers bark about the shortfalls of
security efforts, when other systems are brought into the limelight and gain
a more prominent user base, security holes never fail to be discovered in them
as well. Recently however the problem wasn't a security hole, but security fix,
issued by Microsoft, which when installed made programs like Office and Outlook,
as well as IE virtually unusable. If you had that fix installed automatically,
then head back over to the Microsoft update area, and get the fix for their
fix.

Microsoft isn't alone in sending out updates that do more damage than the original
problem, McAffee a few months ago sent out a virus update that tagged programs
and data files as viruses, and removed those programs and datafiles from the
computer. That was fun. With problems like this it is tempting to begin to ignore
the security warnings and to fail to install the updates, because they can be
such a hassle. This of course is not a great method either, there are better
measures.

First thing we want to do is to have the updates downloaded, but we want to
choose the time when they are installed. By going to Start->Control Panel
and opening the Security Center, we can get into the Automatic Updates option
area. Here we want to set the option to "Download updates for me, but let
me choose when to install them" This allows us to do some proactive research
before installing an update, and in doing so we will also learn more about our
computer system.

Once the Security Center informs us that there are

Updates
ready, we want to view those updates and do some research, to see if we want
them or not. Some updates are for software we don't even use, such as Excel.
I don't use it, so I don't want an update that is only for Excel, or Outlook
or the many other programs I don't and won't be using. Some of these updates
are for systems I use, but I don't want to install these without first checking
the Internet community to see if any problems have been reported.

To see a list of these updates we are going to have to choose the Custom Install
option. While the other option is "Recommended" it is not the best
option for us, because it won't even tell us afterwards what was installed.
So even if you are going to get lazy some day in the future, and just install
everything, still check the list over so you can see what is being installed,
then choose "Okay".

Once we have our list, we look for the Update
ID Numbers. These are going to be listed at "KB873352" or something
of that general format (usually in parentheses). If there is not an Update
ID, we'll search for the title of
the update given on the list. Opening our web browser our first stop is over
to the Microsoft
TechNet area, and search for our update number, to see if anyone has posted
a problem with the update. We can also check the
TechNet Blogs Area for the same thing. Both are good to check, because
each has different information sometimes.

Once we've done that we head over to Google, searching for +"KB873352",
we are looking for anyone complaining about the update, or any news services
talking about the update. These are going to show up in Blogs and Forums for
the most part. We are not going to spend a great deal of time here, we just
want to scan the first 15 or so search result headlines and see if anything
jumps up at us.

The fewer
unnecessary updates installed the better. For example, in my view of the Automatic
Update window we can see that there is an update for the WordPerfect 5.x Converter
listed; I don't need that, I never deal with WordPerfect documents. There is
also one for the Access 2002, again I don't use Access, and never will (I'm
a bit of a snob with databases), so won't install that update either.

Now, before we continue, we want to set a Restore Point. If you read a previous
article of mine, here on D-A-L then you know all about these, but if you
haven't, then you want to go to Start->All Programs->Accessories->System
Tools->System Restore. We are going to Create a Restore Point. Name it something
like, Before the Updates, and click on Create.

System Restore makes a restore point for the System, not the whole computer.
System files changed by the update can be restored to what they were before
the updates if our computer starts acting funny after the update. It is documented
that this is done by the system automatically before any update is installed,
but I've been witness to enough times that this wasn't the case, or the restore
point didn't hold, or something went wrong, that I'm willing to suggest to you,
do it manually.

Now, we know what updates we are going to get, and why, and we have a restore
point. We've also checked to see if any problems have been reported regarding
these updates. At this point, we can tell the System Update tool to go ahead
and install the updates. The utility will dutifully warn us that the updates
we have unchecked will not be installed... and then install what we asked for.

I would be my advice never to use a software package that demands that you
update before you can continue to use it ... mandatory updates and updates that
"just happen" in the background can be a problem. That would be my
advice, but I don't follow it myself. My AVG Virus protection program updates
automatically. I allow my QuickBooks program to update automatically and I've
set Skype to do it as well. I understand the time issues involved in keeping
our computers updated, and automatic updates are a nice feature, when they work
as advertised.

For the system however, I strongly suggest the settings I've described here,
and taking a morning out every month to go through the updates as I've laid
out, or resign yourself to possibly being down for a day or two (if you are
lucky) while a fix comes out for a maverick update which was installed automatically.