Microsoft cures can be worse than the software problem

Face it, most of us are bad about following through on everyday chores. Left to our own devices, we don’t make those dentist appointments or back up our computers, even though we know we shoyuld. So software that takes care of doing things for us automatically is often a good thing. For instance, most antivirus software has progressed from reminding us that it’s time to get the latest virus definition files to simply (after we give it permission once) going ahead and getting the updates on a regularly scheduled basis and updating our computers as needed.

Ever since Windows 98, Microsoft has included a Windows Update feature. One click takes a user to a Microsoft website where their computer is scanned and the user is presented with a customized list of free updates. Some, labeled ‘critical updates’ are defined by Microsoft as must-haves, patching outstanding security or performance issues. Others are feature improvements that a user might want but can pass on if they prefer.

(You can check in anytime you want at http://windowsupdate.microsoft.com)

Recent Microsoft operating system versions took this one step further; users of Windows XP can choose to have Windows Update operate automatically in the background. Users can opt to have it simply inform them when there are updates available, download all updates automatically but ask for permission to install them, or go all the way, downloading and installing updates whenever Microsoft makes them available.

Like updating your virus definitions, this can be a very good thing. It must have been very frustrating for Microsoft last year, for instance, when the Code Red virus rapidly spread amongst computers running Microsoft’s web server software; Microsoft had released patches that prevented just this sort of attack six months earlier, but far too many network managers hadn’t bothered installing the patches on their servers.

Not everyone should set their computers to automatically connect to Windows Update and download the latest patches. Certainly, computers connected to a large enterprise network shouldn’t; that would just be an unneeded drain on the company’s Internet bandwidth with thousands of users connecting to download the same files.

And sometimes an update can cause more problems then it cures. Microsoft has had its share of that sort of problem lately. For instance, security patch 811493 was rated by Microsoft as ‘important’ for users of Windows NT, 2000, and XP. As a result, millions downloaded it. And many of them found their newly-patched systems running much slower. The slowdowns were worst for users of Windows XP Service Pack 1 who also ran anti-virus software that are set for ‘real time scanning’, checking every file as it is opened. Eventually, Microsoft recognized the problem and stopped distributing the Windows XP patch, promising a fixed version.

Their suggestion in the meantime? Users noticing slowdowns should either uninstall the patch (exposing their systems to whatever problems it was supposed to cure) or turn off their virus protection (exposing their systems to virus infections). A new and presumably improved version may be available as you read this, but we have no guarantee that it will be problem-free.

Some people are turning off Windows XP’s auto-update feature. (Right-click My Computer, pick Properties from the popup menu, and go to the Automatic Updates tab). Then, when they hear that updates are available, they wait a week or so, letting others be their lab rats. Of course, that means needing to be proactive and searching out all this information.

It’s not a good situation; Windows isn’t alone in having security problems, but with its large mass of users, it’s the platform most likely to be attacked. And if you can’t trust the cures, what’s a user to do?

Update: A new version of security patch 811493 is available on the Windows Update site. As of the moment (June 9, 2003), no problems have been reported with it.