Chapter 8: Keeping Windows Vista Patched and Protected

If you've ever purchased a new car, you may be familiar with the concept of a factory recall. In the automotive world, recalls occur when a flaw is found in a component, typically one that could impact the overall safety of the vehicle. When discovered, manufacturers issue a factory recall to all of the current owners of the specific make and model in question, allowing them to have the component replaced-typically at no charge.

In the world of operating systems like Windows Vista, processes similar to factory recalls also occur from time to time. For example, a new security flaw might be discovered that could allow another user to connect to your Windows Vista system, or remotely issue commands to make changes to its configuration. When these issues are discovered, Microsoft works to determine the cause of the problem, and then creates and issues a free fix that you can download and install to correct the issue. Unlike a factory recall, Microsoft doesn't ask you to bring your PC in for repairs. Instead, they provide you with the necessary details and tools, and ask you to fix it yourself. In the world of Windows Vista, these tools are software programs known as security updates and Service Packs.

Ultimately, you (and you alone) are responsible for ensuring that your system is adequately patched and protected from the latest security threats. If your Windows Vista system is properly updated, it's usually much less susceptible to the latest viruses, worms, and other security issues. Leave your system unpatched, however, and you run the risk of becoming a hacker's new best friend.

Thankfully, Windows Vista makes it easy to keep your system updated against the latest security threats. In this chapter you learn more about the functions of security updates and Service Packs, as well as how to keep your Windows Vista system updated and protected.

Windows Vista Security Updates

It has been estimated that Windows Vista was programmed using somewhere in the ballpark of 50 million lines of code. That's a mammoth undertaking to be certain, and one in which hundreds (if not thousands) of different programmers, analysts, and managers played a role.

Given the scope of such a project, it's not surprising that everything from small to more serious flaws will be identified in Windows Vista from time to time. Some of these flaws pose no real security risk, and are addressed at a later time. Others are more serious and demand immediate attention, resulting in the release of what are often referred to as patches, hotfixes, or updates.

In the world of Windows, security issues discovered after the initial release of an operating system like Windows Vista are addressed by way of fixes known as security updates and Service Packs. Both of these methods of addressing security issues are explored in more detail in the following sections.

Security Updates

A security update is a fix that addresses a single security issue on a Windows Vista system. Sometimes referred to as patches or hotfixes, security updates are periodically released, as required. When new and potential exploits are discovered, a team of programmers at Microsoft works to develop an update that addresses the issue, and then distributes the updated code in such a way that you can install it just like any other program.

Security updates for Windows Vista are normally released once a month (typically on the second Tuesday). Some months may pass without as much as a single Windows Vista update, while others may include 10 or more. In cases where the security risk is particularly time-sensitive-for example when infection from a new virus or worm is spreading rapidly-Microsoft may release a security update within hours of the news.

To help users understand the risk associated with a given issue, each security threat is assigned what is known as a severity rating. As a general rule, you should apply all updates marked Critical or Important or Recommended as soon as possible. Those with lesser ratings typically don't present as serious a risk.

Service Packs

Although a security update is a patch addresses a single security issue, a Service Pack is a comprehensive collection of updates bundled together as one large package. As a general rule, a Service Pack includes all security updates that preceded it, along with other minor fixes and feature improvements that have nothing to do with security at all. In this way, installing a Service Pack is effectively the same as updating to a more feature-rich and secure version of Windows Vista.

In addition to including all updates that preceded their release, Service Packs are also cumulative-Service Pack 2, for example, would include all updates originally provided with Service Pack 1. In other words, you can jump straight into installing Service Pack 2, even if you don't currently have Service Pack 1 installed.

Updating Windows Vista to the latest Service Pack version is highly recommended from a security perspective. If you choose not to install the latest Service Pack, your system could be missing one or more critical security updates, leaving it at risk.

Depending on how Windows Vista was originally installed on your computer, you may already have the most recent Service Pack installed (if applicable).

Here's how to determine which Service Pack (if any) is currently installed on your Windows Vista system: click Start → Control Panel → System. The Windows edition section of the System screen displays information about your Windows Vista edition followed by Service Pack details, if one has been installed. Figure 8-1 shows a Windows Vista system without any Service Pack installed (because none had been released at of the time of writing).

Figure 8-1: Use the System screen to determine which Service Pack (if applicable) has been installed on a Windows Vista system.