Put together a compliant browser, and a connection via port 80 to the Internet, and it is possible to patch your computer. However, it really is not as easy as it sounds. Microsoft Update uses ActiveX components and many organizations with high security requirements block the use of ActiveX components.
It is important to note that Windows Update and Microsoft Update are not the same services. Windows Update still exists as of this writing. In general, it is a good practice to use Windows Update when first bringing a computer online, and to convert to Microsoft Update after getting all of the high-priority updates installed. In this section, we use Windows Update and then install Microsoft Update.
The steps are pretty basic and standard for both Windows XP Professional and Windows Server 2003 operating systems. There are two ways to make the initial connection to Windows Update.
First, start the operating system, log into the operating system, and then click Start Windows Update, as in Figure 5-1. The second option is to open a browser and then click Tools and then Windows Update.
In both cases, the browser then connects to the Windows Update web site. If it is the first time that Windows Update has been run on the computer, it will request verification of the certificate for the web site and request verification that the ActiveX control should be allowed to run on the computer, as in Figure 5-2.
The browser prompts for the installation of the latest version of the Windows Update software. Click Install Now to proceed. The browser reports back that Windows Update is downloading and installing the software and will continue until the software has been completely downloaded and installed. After installation, the browser shows the latest Windows Update site, as in Figure 5-3.
Because this is the first time that the new version of Windows Update has been run, we recommend that you use the Express button to scan and identify any high-priority updates that are needed for the computer. The Custom button can be used as well; however, it is a best practice to get all of the high-priority updates installed first before downloading and installing other updates that can be found using the Custom option. One of the benefits of the latest version of Windows Update is that there is a choice when it comes to the Express or the Custom options. Other advantages include upgrades to the download software that will enable a download to resume from where it left off if it is interrupted, the ability to compress downloads for faster download times, and an upgrade that allows only the most recent version of updates to be provided in the results after scanning the computer. This means that the updates can be applied faster, and there is much less confusion about which updates should be applied. A good example is shown in Figure 5-4. The high-priority updates are shown in the list with critical security updates listed at the top. In all cases, it is possible to click the expansion button and get more detailed information about individual updates.
Another new benefit is that the existing Internet connection speed of the computer is used to help calculate the estimate provided for installing the selected updates. Clicking Install Updates in Figure 5-4 leads to the download and installation of all updates listed.
During the download and installation of the updates, the progress is shown in the browser, as in Figure 5-5. All downloads take place first, and then the installations follow. The progress is clearly shown during each step.
In many cases, especially with a new installation of a computer, Windows Update requires at least one restart. In most cases, it is likely that a few restarts will be needed to complete the installation of all high-priority updates. Windows Update does not request a restart unless it is absolutely necessary.
Once Windows Update has been used to get the high-priority updates installed and the computer is at least protected from those potential vulnerabilities, then it is a good time to install Microsoft Update. Figure 5-6 shows the web page in Windows Update and the option to upgrade to Microsoft Update in the right side of the screen in the News section. Click the hyperlink to start the upgrade process.
It is also possible to start the installation of Microsoft Update by going directly to the http://www.update.microsoft.com/microsoftupdate. Click the Start Now button in the first screen and follow the wizard. The first step is to review the license agreement. Click Continue and then click Yes to install and run the Microsoft Update ActiveX control if you are prompted to approve the installation.
At this point, you have the option to change the automatic updates settings by clicking the Change setting hyperlink, as in Figure 5-7.
Automatic Updates allows the computer to be configured to download and install new updates according to the day of the week (one option includes every day of the week) and the time of the day selected. The More Options button gives the selection of the following options:
Automatic (recommended): Automatically download and install the updates on the day of the week and the time specified. This is the recommended option.
Download updates for me, but let me choose when to install them: Download the updates and notify the user that the updates are ready for installation. This is not considered a good choice in most cases as users will then have to have the proper permissions to install software on the computer. This option leaves the choice of when updates are installed up to the end user.
Notify me but don't automatically download or install them: This option leaves even more choice in the end user's hands, as they will get notified that updates are available, but they get to choose when to download them (it could be at the worst time of the day) and when to install the updates.
Turn off Automatic Updates: This option can actually be a good option if there are other update applications available in the organization that do not use the Automatic Updates functionality.
Once the options are selected, select OK and the configuration will be set on the computer.
Microsoft has considered the needs of users other than just providing updates. The Microsoft Update web site has other important features. For example, a common request of auditors is for proof that updates have been installed and are being properly maintained. One of the options in Microsoft Update is the ability to review the update history of a computer, as in Figure 5-8.
Selecting the Review your update history option from the Microsoft Update web site takes you to a screen like Figure 5-9. It is easy to see what updates have been applied and when they were applied. It is even possible to print out the updates.
Once the computer is completely up-to-date, the Start menu should contain a shortcut to Microsoft Update, as well as the Windows Update shortcut, as shown in Figure 5-10. It does not matter which one is selected, however, as both will start the browser and connect to the new Microsoft Update web site.
The Microsoft Update web site is far from flashy, but it is very functional and very easy to use. Not only does Microsoft Update allow use of a manual process, with the Automatic Update component, it is possible to automatically download and install high-priority updates.
It is important to remember that while Microsoft Update does not replace Windows Update, it is a very nice upgrade in that it also provides updates for more than just the operating system. Once Microsoft Update is installed, both the Windows Update and Microsoft Update shortcuts on the Start menu will connect to the Microsoft Update site.
It is possible to revert back to Windows Update, if desired. Connect to the Microsoft Update web site and then select Change settings. At the bottom of the web page is a check box to Disable Microsoft Update software and let me use Windows Update only. While it is not recommended, the option is available.