Microsoft cures can be
worse than the software problem
by Alan Zisman (c) 2003 First published in
Business in Vancouver ,
Issue #711 June 10-16, 2003 High Tech Office column
Face it, most of us are bad about
following through on everyday chores. Left to our own devices, we don’t
make those dentist appointments or back up our computers, even though
we know we shoyuld. So software that takes care of doing things for us
automatically is often a good thing. For instance, most antivirus
software has progressed from reminding us that it’s time to get the
latest virus definition files to simply (after we give it permission
once) going ahead and getting the updates on a regularly scheduled
basis and updating our computers as needed.
Ever since Windows 98, Microsoft has
included a Windows Update feature. One click takes a user to a
Microsoft website where their computer is scanned and the user is
presented with a customized list of free updates. Some, labeled
‘critical updates’ are defined by Microsoft as must-haves, patching
outstanding security or performance issues. Others are feature
improvements that a user might want but can pass on if they prefer.
(You can check in anytime you want
at http://windowsupdate.microsoft.com)
Recent Microsoft operating system
versions took this one step further; users of Windows XP can choose to
have Windows Update operate automatically in the background. Users can
opt to have it simply inform them when there are updates available,
download all updates automatically but ask for permission to install
them, or go all the way, downloading and installing updates whenever
Microsoft makes them available.
Like updating your virus
definitions, this can be a very good thing. It must have been very
frustrating for Microsoft last year, for instance, when the Code Red
virus rapidly spread amongst computers running Microsoft’s web server
software; Microsoft had released patches that prevented just this sort
of attack six months earlier, but far too many network managers hadn’t
bothered installing the patches on their servers.
Not everyone should set their
computers to automatically connect to Windows Update and download the
latest patches. Certainly, computers connected to a large enterprise
network shouldn’t; that would just be an unneeded drain on the
company’s Internet bandwidth with thousands of users connecting to
download the same files.
And sometimes an update can cause
more problems then it cures. Microsoft has had its share of that sort
of problem lately. For instance, security patch 811493 was rated by
Microsoft as ‘important’ for users of Windows NT, 2000, and XP. As a result, millions downloaded it. And many
of them found their newly-patched systems running much slower. The
slowdowns were worst for users of Windows XP Service Pack 1 who also
ran anti-virus software that are set for ‘real time scanning’, checking
every file as it is opened. Eventually, Microsoft recognized the
problem and stopped distributing the Windows XP patch, promising a
fixed version.
Their suggestion in the meantime?
Users noticing slowdowns should either uninstall the patch (exposing
their systems to whatever problems it was supposed to cure) or turn off
their virus protection (exposing their systems to virus infections). A
new and presumably improved version may be available as you read this,
but we have no guarantee that it will be problem-free.
Some people are turning off Windows
XP’s auto-update feature. (Right-click My Computer, pick Properties
from the popup menu, and go to the Automatic Updates tab). Then, when
they hear that updates are available, they wait a week or so, letting
others be their lab rats. Of course, that means needing to be proactive
and searching out all this information.
It’s not a good situation; Windows
isn’t alone in having security problems, but with its large mass of
users, it’s the platform most likely to be attacked. And if you can’t
trust the cures, what’s a user to do?
Update:
A new version of security patch 811493 is available on the Windows
Update site. As of the moment
(June 9, 2003), no problems have been reported with it.