In a recent column, I suggested that Microsoft issue CDs periodically to update Windows systems. And I was overwhelmed by the response. This topic struck a chord with people on dial-up and broadband connections alike.
To recount the idea, Microsoft has made the update process very easy and automatic for broadband users, but the sheer size of the updates involved makes the use of Windows Update on a dial-up connection unbearable. As a result, large numbers of dial-up users make do with out-of-date versions, and their unpatched systems undoubtedly are attacked without mercy.
Microsoft called me to say that Windows Update and Automatic Updates do what they can to make things easier for dial-up users. For example, Automatic Updates, when set to automatically download available updates, will use only unused bandwidth; in other words, if any other process needs to use the Internet connection, Automatic Updates gets out of the way. Furthermore, if you are in the middle of one of these automatic update downloads and are disconnected for whatever reason, upon reconnection, it will continue the downloading from the disconnected point. It doesnt have to start over again from the beginning.
While helpful, these measures dont change the fact that dial-up users will be downloading an awful lot of the time if they use Automatic Updates.
In addition, Microsoft wasnt clear whether all updates that someone might want, such as new versions of DirectX, are downloaded through Automatic Updates, or if they also need to check Windows Update periodically for such software. But Microsoft is right that its still worth using Automatic Updates as a dial-up user, if we accept the fact that Microsoft doesnt compact their updates. Just try to leave the system connected when youre not using it, assuming that you dont need the phone line for something else, perhaps speech.
Microsofts still not interested in issuing update CDs, but they do, as many of you pointed out, send out Service Packs on CD for a fee (about $10). But Service Packs can get out of date very quickly, so they are no substitute for an update CD program that keeps systems current. Besides, should they really be concerned with covering the costs of keeping their customers secure?
At the same time, a few of you disagreed with me. Here are a few of the comments:
According Engineer Mary Ubach, the solution to the update problem will only come with widespread deployment of broadband. She said focusing on dial-up users doesnt solve the problem.
Now, I certainly agree with Ubach that the update CD is what engineers call sub-optimal, however, interim measures are still warranted, given the large number of Windows users on dial-up connections and in the expectation that that number will still be substantial for the forseeable future.
Scott Bekker, who writes elsewhere about Windows issues, made the excellent suggestion that these update CDs should be available as a Web download, probably as a .ISO file. That way, those of us with fast connections and CD burners could make our own copies to pass around. This would radically cut Microsofts costs for administering such a program, and make it more acceptable for them to charge a nominal fee for shipping out a physical medium.
An anonymous vounteer for the American Red Cross described their network with 13 systems sharing a dial-up connection, and what a struggle it is to download large updates successfully for all of them. The unreliability of the process forces them to stop and restart many times but they dont have the resources to have a broadband connection.
David Chernicoff made a point that even people with fast connections would want a CD and I wished I had said that myself. Whenever I set up a new system for testing I have to go through a tiresome period of updating it to be current, hogging all my bandwidth in the process. Other readers said that they are always concerned, while running Windows Update on a new system, that they are exposed and vulnerable on the network until the updates are downloaded and applied. The Update CD would let them update the system while offline.
Jim Painter said he was outraged when the brand new Dell PC he bought required "24 patches with a size of 34 MB!" Thats a go-watch-a-movie-sized download even for a lot of broadband users.
Related to this last point, C. Marc Wagner at Indiana University in Bloomington, suggested that if running Windows Update for critical updates was done conspicuously at the end of Windows setup and presented as part of the setup process, users would wait for it and accept it. I bet that OEMs would fear that this would give a bad OOBE (Out Of Box Exprerience), but sometimes you must take your medicine.
Finally, Jack Carollo, among others, suggested that any consolidated update CD from Microsoft should also include the updates for Office and any other popular products. Reports suggest that Microsoft is working on such a consolidation for Windows Update now, so perhaps this disc could include application updaters, as well.
After all the comments I received, I like this idea more than ever. More than just the unlucky dial-up audience could use it, but even experts with fast connections have a need for such CDs. For the price of keeping it available and up-to-date, Microsoft could effect a meaningful improvement in the security of Windows users. I hope they reconsider.
Discuss this in the eWEEK forum.
eWEEK.com Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
More from Larry Seltzer