A closer look at Windows Update problems

A closer look at Windows Update problems

Summary: Two weeks ago, I reported on widespread problems with Microsoft's Automatic Updates and Windows Update services. Microsoft confirmed those problems a few days later, assuring Windows users that the delays in downloading updates were "perfectly normal." I've put together a new image gallery that illustrates substantial problems with Microsoft's update process. But they're not willing to talk about it.

TOPICS: Microsoft

Two weeks ago, I reported on widespread problems with Microsoft's Automatic Updates and Windows Update services. Microsoft confirmed those problems a few days later, assuring Windows users that the delays in downloading updates were "perfectly normal."

The more I look, the more I'm convinced that there's a substantial problem with Microsoft's update process. But they're not willing to talk about it.


I've put together an image gallery that documents problems I experienced, and which were confirmed by other people in newsgroup posts, comments, and via e-mail. Problems include lengthy delays before receiving updates, missing updates, and errors when connecting manually to Microsoft's update servers. In this gallery, I document how you can use some widely available tools to investigate how well the update process is working for you.

I tried to arrange a phone interview with a security expert at Microsoft who could explain what's going on. Unfortunately, the person I needed to talk to wasn't available, so I was invited to submit a list of questions to a representative of Microsoft's public relations agency, who promised to get them to the right people and assured me that I would get "transparent responses, with no waffling or sugar-coating."

The answers arrived in an unsigned e-mail reportedly prepared by a group of Microsoft employees working in Windows and security groups. Unfortunately, they didn't answer most of the questions I posed, and my request for a follow-up was turned down.

Microsoft insists there's no problem. Delays are normal, they say, especially when they choose to prioritize one update:

it is our goal to align security threats and distribution. Some of your questions asked about how long customers should expect to wait before receiving patches.   The Microsoft Security Response team works to align the severity of a security threats with an appropriate speed for update distribution.  It’s really an extension of a core security practice – as Microsoft assesses a security threat it determines whether it is appropriate to release an update during a standardized patch Tuesday, or whether there is a need to issue an update out of band from the regular cycle.

According to Microsoft, one of the errors people experienced on Windows Update earlier this month might have been caused by a unique scenario.

The threat presented by the vulnerability addressed in MS06-040 prompted us to do everything possible to ensure that customers received the update with the highest possible priority. We are aware of one scenario –which may explain what you observed. If a PC has been off for several update cycles, an AU scan will happen as soon as you log in, resulting in longer time for AU scan, inventory and downloads applicable updates.

That doesn't explain why I and many others were completely unable to reach the Windows Update servers for several days at a time.

Finally, Microsoft is sensitive to its responsibility to not overload the Internet. This theme was repeated throughout the replies I received:

[W]e believe our approach is a responsible use of the Internet. As you know, the Internet is a shared resource. As an infrastructure, it has capacity limits and the organizations that use it in the course of their business must act responsibly to ensure that high bandwidth use does not impact or slow down others use. As is further detailed below, Microsoft’s updating infrastructure is highly scalable and we purchase additional bandwidth capacity if that is required to ensure that the distribution of updates is aligned with the perceived threat. That said, we can’t let our use of the Internet impact or slow down others.

As I noted in my original post, I've kept meticulous records of the performance of Automatic Updates on a test machine since late 2004. For the first year, updates routinely arrived within 1-2 days. This year, the average time between the release of Critical updates and their arrival via Automatic Updates has slipped to 4-5 days, and in August it took a full week. Microsoft won't answer any questions that address this issue.

They also won't answer the simple question, "How many days does the Automatic Updates cycle take? How long after updates are released (typically on Patch Tuesday), should a customer wait before assuming something is wrong?" Last year it was a day or two. This year it's a week. Will some customers have to wait even longer next year?

According to Microsoft, "hundreds of millions" of people connect to the Automatic Updates servers each month. They deserve more information about what, exactly, they're getting.

See image gallery for a closer look at problems with the update process...

Topic: Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • even autopatcher had it's monthly rollup ready for download on 8/13


    if you have a fresh install of SP2 just download the full and you can patch offline.
    • That is not hardly the point.

      The point is that microsoft delivery of updates is carless and problematic. your computer works great now but tomarrow they may introduce a patch that screws your system up, breaks working programs or adds new additional exploits to your system.

      This makes windows very unreliable and unstable. It has probably been the leading cause of me switching teams. I am now a linux user and enjoy a system of stability.
  • Hmmm, by limiting how fast people update

    MS gets a chance to see how many machines/apps are broken with the update and warn their big (corporae) customers and/or alter it before it's wide spread.

    Could just be...
    • ...more people are vulnerable

      MS chants "patch your box so you're not vulnerable". They release updates with details of what is fixed and of course exploits are generated within the day.

      So now you've got the exploit people being given the means to exploit the box and a growing window of vulnerability for Windows users...
      Robert Crocker
    • It is possible

      they are doing this to give their corporate customers QoS bandwidth priority, but I think it is more likely that the whole security branch of MS is alsmost out of control. With so many security breaches being constantly patched, MS is barely treading water and likely, the servers are simply overrun with the sheer volume of traffic.

      It is a shame because, where security side of MS is concerened, they are trying to do the right thing, and are working hard to protect people computers as best they can. In this respect, I feel for the developers at MS.

      Ironically, it is probably time for some new ultra reliable high capacity dedicated hardware from Sun. They don't need flexibility, they need some raw performance. (Sun is a partner, so it is much more appealing than a Linux cluster farm).

      • They are already using a cluster of ...

        ... high capacity Windows servers for this task. The issue is more complex then that! It has to do with how much of the pipe should they take for this function. Would the World be willing to give up say 50% of the pipe for some period of time for this function? They are throttleing to be good Internet citizens and not because the backend can't handle it.
        • High capacity Windows servers?

          No wonder they are having so many problems
        • It's a cluster alright........

          but I won't go into the obvious! If they were good internet citizens and wrote secure code we wouldn't have to have a designated "Patch Tuesday". They could release any patches as needed, not because the software looks like swiss cheese and needs a daily cork put into another hole.
          I'm not trying to get a flame started here but....look at Vista...hacked already! And yes, I do understand any software can be cracked/hacked given enough time.
          I say open the doors and let the patches roll! If I remember right there are differant time zones????
          • I agree with mstngtim

            Its a bit contradictory of Ms to sudenly be good citizens and stagger the auto update when they claimed patch tuesday was the best way to go for so long.
            Now they ae being nice to the internet when in reality they are reverting to a whenever possible timesale.
            Patch Tuesday should not exist.
            Patch as soon as one is available and be a good citizen.
            And stop the Hype.
  • Where's the upside?

    Ed, there's no upside for Microsoft to admit to any problems. It's the same situation they were in back before the security community went to Full Disclosure:

    "Better to remain silent and thought to be unreliable rather than speak up and remove all doubt."

    This [1] is a PR problem, so it's hardly a surprise that MS is treating it like one.

    [1] Communications with you -- not the engineering, which is none of our business.
    Yagotta B. Kidding
  • Of course it takes longer...

    You've got to understand, MS has to validate your machine, check to see if there is any possible way they can label your Windows 'not in compliance' and send you an invitation to 'Get Legal'. This takes a significant amount of time and resources... just look at how many illegal installations they're having to deal with!
  • Windows Update issues

    OK...so they take longer? What they will tell you is that it is all in your side of the network. They will tell you to clear your Temporary Internet files, or maybe it is your browser having problems, or maybe it is your ISP, or maybe your Network card is having issues... Never them...NO, NO, NO...never Microsoft. They made up this computer OS thing. They know everything there is to know about ALL this stuff...BULL**AP! WHY WON'T ANYBODY TAKE RESPONSIBILITY WHEN THEY ARE THE PROBLEM? I say we go back to using typewriters and Abacus'. They don't put in letters on their own, they literally only do what you tell them to do...Viva la revolution!!
  • Is it acceptable?

    The simple answe is no. The amount of time it takes to download, or for that matter even access the needced portion of the site has become far to excessive in length of duration.

    While this may be inconvenient for the at home user, those of us in a work environment do not have the kind of time required to wait for site access and subsequently downloads. I have seen times as long as two hours to complete the task, and often times fail completley.

    Unfortunatley, it is not always practical or secure to leave multitudes of desktops, laptops etc. with automatic update running, thus the issue of the "middle of the night" download often times being invalidated, so while the concept here is a good one, the execution is often times flawed.

    While I suppose there is some validity to Microsoft not wanting to deplete the bandwith of the internet with massive amounts of visitors to the various update sites, I think the deeper question needs to be asked, and that in my eyes is why so many updates in the first place? In looking what runs on my machine, which granted is not the norm, I could potentially spend an inordinate amount of time downloading patches for XP, SQL, VS just to name a few.

    Perhaps the problem is not really the update issue, but why we need to update so frequently. If Microsoft looks there first,at the core product in a pro-active manner, then perhaps the level of traffic to microsoft.com would decrease accordingly.
    • Of course it's acceptable...

      Microsoft says so. Shut up and stop whining. Buy an upgrade. Buy their antivirus software.

      I'm glad I only have to deal with WinDos at work. The machine runs like a dead dog but that's the company policy so it's not my problem. I find it rather amusing to hear the boss complain about what goes wrong each week. Patch didn't arrive. Patch broke MacAffee software. Patch broke payroll system. Patch was followed up by worm in a matter of hours. Patch broke backup software.

      Of course not all problems are Microsoft's fault - there are just a lot of really awful programmers out there, and with modern 'managers' being trained by Jack Welch's latest management bestseller, they have this ridiculous notion that the cheapest programmer is as good as any. Personally I'm rather angry at the number of people being given diplomas in computer programming when they're absolutely clueless. Unfortunately, have paper get job. I have never considered myself a top-notch programmer, but I do a much better job than most I've seen - pretty sad considering that programming machines isn't even my job. Apparently I'm not the only one who thinks the newer generations of programmers are generally no good - several people in various Australian companies have told me they have a very hard time finding good programmers - each job ad receives hundreds of applications and it's not unusual that there is not a single qualified applicant.
    • Friedrich

      Of course, it is not acceptable, not even close. I set up my automatic updates for automatic download of updates, but leaving the installation decision to me. This option is clearly indicated on Window's Update Screen. Windows (or let's call it Microsoft) completely ignored my customization, downloaded and installed junk which I did not need nor wanted. It gets worse: once in automatic-download-and-install-mode, Windows will not stop trying to install the update I do not want, and my system does not need. Navigation in Microsoft's Web sites is a nightmare, which requires a major overhaul or editing. As it is, I think Microsoft just leaves everything on the sites and, maybe once in two years, does a little cleaning up. I use Windows Live OneCare, the basic concept of which is excellent and reminds me of the times when I almost prayed to Microsoft. No more! While non-wanted downloads eventually disappeared, they stay in Windows OneCare forever and disrupt my system at several points of my login. Could it be that Microsoft now takes on more than it can handle? Then, there are the endless hyperlinks to another site and another site and another site, non of wich relevant to my question. I worked at PARCS (Palo Alto Research Center) in 1969 that was before Billy came around. He could have learned a lot there.
      • A close look at Windows Update Problems

        I have fully updated XPpro/SP2 with some 50 programs and have never had any update problems.
  • Auto Updates

    I bought a new computer whichcame loaded with IE 7 Beta2. This wouldnt talk to the UPS billing/shipping computer. The seller ripped out 7 and installed 6. That action negated all updated to XP so had to do all that. Now the word processor, spread sheet and OE wont accept any updates at all. MS is trying to help but so far no joy on updating. It's annoying and the machine has been in the vendors hshop for a week trying to sort it out.
    • Time to find a new seller

      Beta software (no matter how "gold" somebody says it is) does not belong on a production computer, period. Maybe its time to give up, reformat, and start over.
    • ????

      [i]This wouldnt talk to the UPS billing/shipping computer. [/i]

      Do you mean the UPS WorldShip software won't phone home to mama? Or you can't pull up the tracking data from the UPS web site? Those are two very different problems. Do you have an automated scale in your warehouse linked up to a computer? Label printer and all that? Because my question is why isn't UPS supplying that PC for you?

      Is this a warehouse or billing issue? It's either warehouse or you're doing accounting and you can't access your reports.

      Thanks for the heads up. I'm sure this jewel will add even more billing for meeeeeeee. lol. Gotta love it.
    • You must be smokin something

      Any version of IE is integrated and can?t be removed. If it came preloaded with IE7 then you may never get it right. If you can reload XP, clean of SP1 or SP2, you may have a chance, but MS may consider that machine illegal. <P.

      For the money, I would stick with older versions of XP for stability. IE7 has proven to be a nightmare. I don?t care how it?s touted, IE7 is crap.