Windows Patches and the Dial-Up Problem

By Larry Seltzer  |  Posted 2003-09-12 Print this article Print

Automatic Updates makes the Windows patch problem tolerable, but only for users with broadband connections. Patching Windows on a dial-up connection is brutal. Security Center Editor Larry Seltzer points to some helpful tools, while observing that Microso

During the run-up to Blaster, in the period when we all expected an exploit to strike any minute, I was visiting friends. They had one computer, a Windows XP Home box, with only an AOL dial-up line. One night I went online to check the latest sports scores, my curiosity got the better of me— and I just had to check Windows Update. Oops! Forget anything else, this was going to take a while. If you dont pay regular attention to patching Windows, then you could easily find yourself with tens of megabytes of downloads to install. And if you have only one phone line, dont expect the phone to be ringing for a long time. Over two consecutive nights, I set their machine to download patches until morning and that basically did the job. Still, a couple of extra downloads were necessary because the installations needed to be done separately.

At the same time, its worth noting that there were still options available on the Windows Update site, such as the .NET Framework, that I didnt choose to install because these programs are unnecessary for such users. Now, I knew to make that choice, but I dont think my friends could have.

While broadband is spreading rapidly, there are still a whole lot of folks who use dial-up, and many who have no broadband options available. Because the slow connections make it impractical for dial-up users to stay up to date on security patches, its highly likely that a large percentage of them are out of date. This situation is a continuing security problem for all internet users and businesses.

Broadband customers have a plethora of features to customize their patching experience. Automatic Updates will check for available updates from Microsofts site and download them in the background, letting you know when they are available for installation. You can even schedule the system to install downloaded updates at some predetermined time, say 3 oclock in the morning. However, there is no way to schedule the system to go out and retrieve the updates, which can be installed at some point. The closest thing to a workable solution for dial-up users is to leave the connection on at all times and then use Automatic Updates to eventually download what you need.

It occurred to me that one way to make things easier for dial-up users, and even broadband users in many cases, would be to issue periodic update CDs. Imagine a disc with all of the updates on it and a program, it could even be written in Windows Script Host, to check a system for which updates need to be installed, apply them in the correct order and even reboot in between. Such a program would not be hard to write.

Microsoft could charge a trivial amount for the discs but it would be better just to give them away and encourage users to pass the discs around when they were done. At that point youd still need to check Windows Update for recent additions, but its unlikely youd have an unbearably long download time. In fact, the CD could launch Windows Update at the end of its script. I often set up computers for testing and a disc like this would be a great convenience. But think of how much easier it would make life for dial-up users.

I recently put this suggestion to Microsoft and their response basically avoided the whole issue. Why wouldnt the company want to offer such a CD, assuming thats the motivation behind their stonewalling? Some might suggest that such an update CD would make it harder for Microsoft to check if youre running a pirated copy of Windows. Perhaps there are better reasons, and I might know them if Microsoft had offered them.

Security Supersite Editor Larry Seltzer has worked in and written about the computer industry since 1983.

More from Larry Seltzer
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel