Since Microsoft products are in most hackers’ crosshairs, you should know how to keep your Windows clients safe from attacks. Of course you should have good antivirus and firewall protection, but to keep your system safe you need to update it regularly. So it’s important to understand how to patch and hot-fix a Windows operating system. Fortunately Windows Update does most of the work for you. With a little preparation, you can tighten up a typical Windows client with nothing more than a fast Internet connection. I’ll begin with some terminology and then describe how to prepare a system for updating.
Back up the system
Before you begin, make sure Windows XP Professional is ready for updating. You should have a high-speed Internet connection, because you’ll be downloading large updates from the Internet. Make an Emergency Repair Disk by going to Start | Programs | Accessories | System Tools | Backup. Once you open the Backup program, you’ll be presented with a wizard. Click the Advanced Mode link on the wizard and you’ll see the Backup Utility start page, as shown in Figure A. Click the button on the bottom of the dialog box labeled Automated System Recovery Wizard. The wizard will help you make a backup of your system.
|Use the Backup Utility in Advanced Mode.|
The Windows Update Web site
Go to the Windows Update site, which is located by default within your Start Menu, as seen in Figure B.
|Use the Windows Update Link in the Start Menu.|
Once you connect to Windows Update, you have to give permission for Microsoft to scan your machine for updates. It needs this permission so that during subsequent visits to the site you’ll only be shown the updates you need, not ones you don’t. Click on the “Scan for updates” green arrow, as shown in Figure C, and within a minute or two you’ll have a complete listing of updates your system needs.
|Connect to the Windows Update Site.|
This listing will differ with each and every visit you make. On your first visit you may be overwhelmed by the amount of information provided. After the first scan is complete, take a look at the left-hand side of your Web browser, as shown in Figure D.
|View the installation categories.|
You’ll find three categories of update listings:
- · Critical Updates and Service Packs: These keep your system protected with important bug fixes, software patches, and security updates.
- · Windows Updates: These update software packages like browsers and media players, or any other update that will enhance the system’s usability.
- · Driver Updates: These update hardware drivers you may be interested in.
If you’re going to do a full update to your system and aren’t merely looking to patch a single problem, you should install the service packs first and then install any remaining hot fixes that weren’t included in the service pack.
You can add and remove updates at will using the Add and Remove buttons, as shown in Figure E. When you’ve finished choosing your updates, let them install, and reboot the system when asked.
By clicking on the View Installation History link in the Other Options section of the Windows Update Web site, you’ll get a complete installation history of update installations for your PC. As shown in Figure F, you can see what was installed and whether it installed successfully.
Automatic updates and tracking
The Windows Automatic Updating feature allows you to specify the schedule that Windows follows to install updates on your computer. You can configure this feature through the Automatic Update Control Panel Applet. This program will download everything for you and alert you when you need to install it. It’s a matter of preference, but I prefer to do this on my own, without the applet’s help.
Whichever method of updating you choose, there are a couple of ways to keep track of the updates and service packs you’ve already installed. Through the System Applet in the Control Panel, the General tab reveals the Service Pack Level currently installed. As shown in Figure G, you can also go to the Add/Remove Programs Applet in the Control Panel to see what Hot Fixes have been installed. Between the installation history and the applets, you can keep a complete record of updates to the system.
|View Hot Fix installation in the Add/Remove Programs Applet.|
There are a few other applications that require updating besides the Windows operating system. Let’s look at some other updates you should perform online.
Internet Explorer updates
I suggest upgrading your Internet Explorer Web browser to at least version 5.5 or above, and then apply any secondary hot fixes that may be necessary.
Windows Office applications have as many Hot Fixes and Service Packs available for them as for the operating system. However, if you don’t have the original installation media (CD-ROM), then you won’t be allowed to install the updates. Also, be prepared to install very large service packs to most of your Office products when you use the premium suites (FrontPage, Publisher, and Project, for example). You can update Office easily by going to the Office Update Web site or by using the original Windows Update site, which includes a link at the top of the page.
Your system’s antivirus solution is the most important thing you can update after the operating system and Office applications. To do this you’ll need to open your antivirus software application and configure it to access the Internet for updates. In Figure H you can see at the top the Live Update button for my Symantec antivirus application. Once you click on it, it will access the Internet and look for new virus definition updates to install. It will also update the application with Hot Fixes and Service Packs as needed.
|Set your antivirus program to update online.|
Test first, deploy later
Before deploying an update to all your desktops in an enterprise environment, you should test it with a demo machine. Testing Windows Update is not something you want your end users doing on their own, since client workstations often have specialized applications that might conflict with the new update. After testing is completed, you can use tools like Systems Management Server to deploy service packs and fixes across your network.