Windows Update is a feature of Microsoft's desktop operating environments which allows the hapless user to keep their system up to date. It is a convenient and (most importantly) highly non-technical conduit for hardware drivers and software patches. However, as it is motivated by evil, there are some cons as well as pros:

PROS

  • Easy to use (relatively speaking)
  • A one-stop shop
  • At least puts clueless computer illiterates in the running to apply patches

CONS

  • Uses Internet Explorer for its UI and therefore...
  • Requires all the huge security holes to be opened to operate. (Active Scripting, ActiveX, etc.)
  • Tries to peddle loads of gratuitous crap such as IE6 and "Still sucks compared to Winamp" Windows Media Player. Optional, but still a clear and present competition stifler.
  • It's really, really, really, really slow.
  • Only lets you grab one "major" patch/service pack at a time.
  • Do you like rebooting? How about dialogues with 'Do not restart my computer' greyed out so you can't tick them?
  • Sometimes puts back all the redundant icons* you have meticulously expunged from the desktop, start menu and toolbar.
  • Of course, you have to invoke it manually on each machine.
It claims it doesn't send any data back to Microsoft.

*Internet Explorer and Outlook Express-Route-To-Propogating-Email-Worms

Windows Update is a proprietary update mechanism for Microsoft's Windows line of operating systems.

For all versions of Windows 95 and up, anybody can visit the Windows Update website and download updates tailored towards their system. In this respect, Windows Update is much like the Linux equivalents of APT and Portage. However, Windows Update is purely for software patches: it does not allow the downloading of third party software.

Windows Update does not work like a normal web page: it works through Microsoft's ActiveX scripting model, which is why you are asked to install something on your first visit. Unfortunately, because the system works through ActiveX it is not available through browsers other than Internet Explorer, such as Mozilla Firefox, requiring users of these browsers to download .exe files manually from the Microsoft website, a painstaking and time-consuming process.

Upon installing the ActiveX control and entering the website, users are asked to scan for updates. They are then presented with a list of updates for their system organised into categories. These categories are:

  • Critical Updates - Essential updates related to security or bad functionality
  • Windows xx - Microsoft addons onto the Windows operating system, where xx is the Windows version.
  • Driver Updates - Updates to Windows certified drivers. This is not updated very often and does not have a very wide selection of drivers.

On selecting the updates they require using an HTML form, the user is taken to a confirmation page and eventually a standard Windows window pops up showing download status and completion. When the updates are completely downloaded, they are automatically installed. While they are downloading, the user cannot use Internet Explorer to browse to other websites: they must open up another browser or create a new window, otherwise the download will fail.

On Windows XP it is no longer necessary to go to the Windows Update website regularly, as the OS downloads updates automatically in the background, but prompts before they are installed.

Prevent viruses, worms, etc when using Windows Update the first time

Many critics of Windows XP (and Windows 2000, and any version of Windows that uses Windows Update) say that connecting to the Internet to use Windows Update immediately exposes it, and all of its unpatched bugs, to exploitation within about twenty minutes.

While that's not far-fetched, given how many worm-ridden machines are run by irresponsible lusers, there is a very simple way to avoid exploitation while using Windows Update.

  1. If on broadband (Cable modem or DSL), buy a hardware firewall.
    Most Internet sharing devices have built-in firewalls that act as one-way doors to the Internet. You can go out to the net, but people on the net can't get back in. For less than $100.00 (Canadian, one time) you can get better protection than any "software firewall" can provide, and without renewing subscription costs. Even for a single computer, it's well worth the investment.
  2. If on dial-up, turn on the built-in Internet Connection Firewall on your dial-up connection.
    Windows XP as first released comes with a silent firewall program already installed. Make sure you turn it on! Sadly, AOL dial-up users can't use it.
  3. Use Windows Update Only until it says it's done.
    Don't do any production work, don't check e-mail, don't surf any other web sites, until Windows Update tells you that you don't need any more critical updates.

That's it, really. Get behind some kind of firewall and patch your system first. After that, start using the tools included in Windows XP, such as Automatic Updates, to let the system keep itself updated.

Other routine precauctions include: Use the hardware firewall at all times, create a Limited User account for yourself and do your production work there, stick with applications and devices Designed for Windows XP, and (as The Register is fond of saying) wear a regulation tinfoil hat.

Log in or registerto write something here or to contact authors.