Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Friday, February 17, 2006

Automatic Updates from Microsoft

If you're a regular reader you know, I'm not a big fan of automatic updates. I like to take a wait and see approach to make sure new bugs aren't introduced in an update. Sometimes obscure bugs don't show up during testing but when a large group updates the results can be surprising.

Lately, I've had to go with a hurry up and get the update immediately on the Tuesdays when Microsoft releases their security updates. In the past, it hasn't been unusual for serious security flaws to be found in Windows but there wasn't a rush to update.

What has changed? The bad guys are quick to take advantage of these flaws and are quickly releasing threats into the wild. Programming examples of exploits are being posted so anyone can learn how to use them. We're starting to see web sites using security holes within 24 hours of a security alert being issued. While IDS programs like WinPatrol will catch the attack, traditional security programs will miss them.

Last month it was the zero-day WMF Exploit. This week Microsoft is patching a number of exploits including MS06-005:Vulnerability in Windows Media Player....

 Microsoft Security Bulletin Summary for February, 2006 will describe the 5 Important updates and 2 Critical updates released in just the first two weeks of the month.

I'm still not a fan of auto-updates but I do recommend regularly going to Windows Update which is available on the Internet Explorer Tools menu or in some cases right on the Start Button menu.
Windows XP users have an option that I like under the Windows Security Center. I recommend the option "Notify me, but don't automatically download or install them." When notified you can then review the need for updates before installing.

Update: Thanks to Susan Bradley and the Windows Secrets Newsletter for this tip.

Whenever a problem is caused by a security patch, it's a free call to Microsoft. The number to start with is 1-866-PC-Safety.  Other numbers and information available at http://support.microsoft.com/?pr=SecurityHome


Share on Facebook


1 Comments:

Anonymous Anonymous said...

Thank you Bill. Your post gave me the idea to check my admin account again. Sure enough there was another update notice.

Interestingly it was one I have tried to install 2 times before and each time it had said it was done.

This time I double checked my history and sure enough it had failed to previous two times.

This time it took.

Hope you and Cindi are having a nice time.

11:51 AM  

Post a Comment

<< Home