Windows Updates - avoiding the very occassional 'bad ones'
It doesn't happen very often, but when it does - it can be a disaster - the
latest was in July 2008 when an MS update caused ZoneAlarm to fail for
millions of users around the world.
The chaos was made worse by the fact that affected users lost access to the
Internet and therefore didn't find out that they were
'one of a million' -
they just had a 'broken' Internet and tried to resolve the problem as such.
If you don't understand some or all of the content of this page then click
here for a simpler approach.
Should you back up your WINDOWS SYSTEM or your DATA before applying updates?
Windows updates are normally every month - the 2nd Tuesday of each so that
millions of users and I.T. professionals at least have a regular date in their
diary when they know they should check and almost always act.
(Windows) updates will ALMOST always:
- Require a restart of the PC - so you mustn't hibernate (see Fast PC startup using no electricity)
next time you are leaving your PC. Indeed, if any of the updates are classified
as critical then you should re-boot the PC soon after installing them
and certainly by the end of that day
- Affect ONLY Windows software which should all be on your C: drive.
This was NOT the case in the Zonealarm incident described above but that is
a justification of the approach recommended on this page.
For anyone who has a PC that is critical to their DAILY life then I
recommend a SYSTEM*³ BACKUP BEFORE they apply Windows Updates or indeed ANY SOFTWARE
on their PC which they depend upon but especially anything which runs
automatically on their behalf. Note that the updates made to MOST AntiVirus
updates are 'Data Only' which means that their software is unchanged and as
such they are 99+% likely to be stable after such a (Data) update.
Backing up your Windows System is not like backing up your Data - the two
activities should be very, very distinct because the tools are completely
different as well as the purpose.
Personally I always use tools to backup Windows that I can run while Windows
is shut down - this gives me a 99+% guarantee that what I have backed up is
whatever state of the system that I closed down.
User data should not be affected by a Windows Update BUT you might want to
use the monthly schedule to prompt yourself to do a
DATA*³ BACKUP - i.e. back up your own data!
If your data is properly organised then you should be able to fit all of
your data onto even quite small (PAIR! of) memory sticks because all of your
'media' files such as MP3, Video, Pictures (JPG) should be backed up onto
(more than 1!) DVDs or CDs depending on how they are to be used for
viewing and/or listening.
Windows Update - what are the options and which are right for me?
If the screens you see below don't cause you any concern then you can
opt for a Windows Update option that gives you control over what is installed
Although the focus of this page is preventing problems there are also
times when you may want to delay the installation of something which Microsoft
have deemed 'essential' because you might want to make a full systems backup
for instance - just in case you really don't like the new feature(s).
A recent example is when MS made Internet Explorer release 7 (IE7) an
'essential' update and everyone who had automatic updates turned on had to
learn how to use the new version and also choose some settings before allowing
the user to research them on the Internet - not very user friendly.
Firstly you should click on the normal Windows Start button (or just press
the 'Windows Logo Key'
to the bottom left of your keyboard) and then
click on 'Control Panel', which is usually half way up the right hand column.
Then click on 'Security Centre'
This is the security centre of XP from Start -> Control Panel -> Security Centre.
This dialogue is not simple because the place that you click upon to
make changes is where it says 'Security Centre' at the BOTTOM of the page
as opposed to all of the status messages with similar text and the illusion
of clickable buttons that are prolific above the actual link to click.
If you are on Broadband there is little downside in leaving the updates
on the MS web site until you are ready to review, download and install them
typically within a 10-15 minutes period.
Bear in mind that updates often require a restart to become effective so
you MAY wish to choose a time and day when that is convenient and start
the download 20-30 minutes before you are ready to restart.
A 'reasonable' compromise between keeping up-to-date and avoiding the
very occassional problem caused by updates is to take the
'Download updates for me, but let me choose when to install them' option.
With THIS option you should wait until the update has had a chance to be
retrospectively 'nuked' by Microsoft if it is indeed a 'bad' one.
So waiting until the Thursday morning after an update would be a good
time to allow your PC to install the update and remember that it is
likely to want the PC to be restarted anyway.
If you are on dial-up then you would benefit from the downloading that can
be done whilst you are generally surfing, especially as it happens 'in the
background' without much disruption.
The only downside is that your choice about installing them is typically
'all or nothing' whereas you get a choice with the option described above
When there are updates to download you will be prompted by Windows - usually
by a 'balloon' notification in the icon area in the far bottom-right of your
monitor. You will then see the window to the left.
This window cannot be made to default to the 'Custom' setting so you have
to remember to select that every time you get this window.
This window allows you to be selective about the updates that you download
and gives you the control to avoid a bad update as long as you are aware
that there is one and you know which of them to deselect.
Obviously you click on 'Install' when you are happy that the (ticked)
list is what you want.
Please note that you fully SHOULD CLOSE DOWN your PC at the VERY
LEAST EVERY MONTH** and my normal recommendation is every week(end).
If you have now changed your settings from Automatic to something where
you have to 'opt-in' to the action being taken then you need two things:
- Remember that you will almost certainly need to
apply the updates sooner or later and even if you are a 'safe surfer'
then you are at risk for a little longer now
- Knowledge of when an update has got some potential downside!
To that end we are considering creating a distribution list of people who
would like to be notified of any likely problems with Windows Updates or
indeed more than likely - not the case!
If that would be of interest to you then please use the Contact us
page to tell us of your interest, OTHERWISE we suggest that you bookmark
as a basic method of discovering any large-scale, generic problems such
as the recent problems with Zonealarm.
For a very, VERY brief comment about the status of patches then
click here for a summary without details.
If you don't understand all or some of the content of this page
Obviously we can provide advice to suit your specific circumstances -
call 0844 884 2244*¹¹ from a landline and we will be happy to call you back
to find out what would be best for you.
If you want to take the best 'simple' option then
we suggest that you:
- Make a note of the telephone number(s) to call in case of service failure(s)
- there is a page
here with a few hints and a form that you can use
to document the contact details that you may need
- Bookmark the following page to
use when you have connectivity problems...
http://22.214.171.124 or call 0844 884 2244*¹¹
- Turn Automatic Updates ON - apply automatically - see the image above
- Make a note in your diary if it's easy to do so that every 2nd Tuesday
of the month is 'Patch Tuesday' and if the next time you restart (boot) your
PC after that you have a problem then you MAY want to refer to the page
of hints above as you MAY have been given an update from MS that has
caused the problem.
- Don't forget to restart rather than hibernate your PC (see Fast PC startup using no electricity)
the next time you close your PC after 'Patch Tuesday'
Notes to the above and any references
*³ System backup versus Data backup - what's the difference and does it matter?
Although computers mix up programs (a.k.a. 'the SYSTEM') and data on hard drives
as well as in memory they are fundamentally different in many respects which means
that backing them up has different criteria and circumstances.
As a user of PC applications you will be familiar with at least some different
types of FILES such as spreadsheets, e-mails, documents, pictures, music etc. -
all of these ARE DATA and to preserve them in event of failures you can make backups
of them as files and they are relatively portable to other PCs if that happened.
See Data/File backup - often if needed for a guide to backing up data and what you might want to back up
at the same time.
In contrast, most PROGRAMS (a.k.a. 'the SYSTEM')
are deliberately NOT PORTABLE because the author
(inc. Microsoft!) typically wants you to go through an installation process which
is an opportunity for them to charge you for a license to run it.
There are many other reasons claimed but mostly they are spurious, do a Google
"Portable Apps" XP - Apps is slang for Application programs - i.e. the useful
things that you want your PC to do! such as surf, e-mail, view pictures etc..
Windows itself is in fact thousands of programs inextricably glued together
in a manner which Microsoft wants - for mainly legitimate reasons - to stop you
from taking apart.
Because of this monolithic approach to assimilating programs into Windows the
whole of the Windows SYSTEM has to be treated as a single entity even though some
programs will claim some degree of viable separation.
Add the obvious complexity of making a copy of 'yourself' in real time this means
that neither Windows not any program running under it cannot guarantee to capture
an exact copy of itself 'on the fly' which is why the highest grade of backup is
still done using one of the lowest levels of technology in the case of DOS or
Linux (or variants) in some solutions to this problem.
The good news is that:
- As an end-user the technology is usually hidden from you in the shape of a Windows
application that initiates the backup (of the Windows SYSTEM) even though the real
work is only done while Windows is completely shut down.
- Unless you really depend on your PC on a day to day basis it isn't usually critical
for users to backup before Windows updates - i.e. monthly unless it happens to be a
Any NEW software to be added to a PC would probably justify a SYSTEM BACKUP even
if for no other reason to be able to restore the PC to the prior state if the software
proved to be either problematic or not fit for purpose.
- Many 'e-mail and surf' users survive with annual system backups after the initial
flurry when the PC is new and software is added in support of both end-users and the
hardware which they then want to attach to the PC
The only potential 'villans' in the above scenario are those companies which have
SOFTWARE which UPDATES ITSELF in a similar manner to Microsoft but without the caution
that Microsoft allows you to take in terms of:
- Your choice to ONLY take (SECURITY) CRITICAL updates as opposed to (a) recommended
or worse: (b) what THEY want to promote!
- The mechanisms by which you can control 'how' and 'when' the updates are
applied and with some degree of ability to remove updates that cause problems.
See Self Updating Software for the risks involved and prevention strategies that you can
employ to ameliorate them.
I hope the information above has been useful, let me know if not!
Any Comments, suggestions or corrections to: Contact us please.
This would be especially useful if the software environment you have is
different to mine and the headings, text or prompts are different.