During the run-up to Blaster, in the period when we all expected an exploit to strike any minute, I was visiting friends. They had one computer, a Windows XP Home box, with only an AOL dial-up line. One night I went online to check the latest sports scores, my curiosity got the better of me— and I just had to check Windows Update. Oops! Forget anything else, this was going to take a while.
If you dont pay regular attention to patching Windows, then you could easily find yourself with tens of megabytes of downloads to install. And if you have only one phone line, dont expect the phone to be ringing for a long time. Over two consecutive nights, I set their machine to download patches until morning and that basically did the job. Still, a couple of extra downloads were necessary because the installations needed to be done separately.
At the same time, its worth noting that there were still options available on the Windows Update site, such as the .NET Framework, that I didnt choose to install because these programs are unnecessary for such users. Now, I knew to make that choice, but I dont think my friends could have.
While broadband is spreading rapidly, there are still a whole lot of folks who use dial-up, and many who have no broadband options available. Because the slow connections make it impractical for dial-up users to stay up to date on security patches, its highly likely that a large percentage of them are out of date. This situation is a continuing security problem for all internet users and businesses.
Broadband customers have a plethora of features to customize their patching experience. Automatic Updates will check for available updates from Microsofts site and download them in the background, letting you know when they are available for installation. You can even schedule the system to install downloaded updates at some predetermined time, say 3 oclock in the morning.
However, there is no way to schedule the system to go out and retrieve the updates, which can be installed at some point. The closest thing to a workable solution for dial-up users is to leave the connection on at all times and then use Automatic Updates to eventually download what you need.
It occurred to me that one way to make things easier for dial-up users, and even broadband users in many cases, would be to issue periodic update CDs. Imagine a disc with all of the updates on it and a program, it could even be written in Windows Script Host, to check a system for which updates need to be installed, apply them in the correct order and even reboot in between. Such a program would not be hard to write.
Microsoft could charge a trivial amount for the discs but it would be better just to give them away and encourage users to pass the discs around when they were done. At that point youd still need to check Windows Update for recent additions, but its unlikely youd have an unbearably long download time. In fact, the CD could launch Windows Update at the end of its script. I often set up computers for testing and a disc like this would be a great convenience. But think of how much easier it would make life for dial-up users.
I recently put this suggestion to Microsoft and their response basically avoided the whole issue. Why wouldnt the company want to offer such a CD, assuming thats the motivation behind their stonewalling?
Some might suggest that such an update CD would make it harder for Microsoft to check if youre running a pirated copy of Windows. Perhaps there are better reasons, and I might know them if Microsoft had offered them.
Security Supersite Editor Larry Seltzer has worked in and written about the computer industry since 1983.
More from Larry Seltzer