Microsoft prepares Windows patch CD

The security update CD for older Windows systems, set to begin testing soon, is Microsoft's latest attempt to tackle an increasingly thorny security situation
Written by Matthew Broersma, Contributor

Microsoft is planning to begin testing next week a security CD designed to allow users of older Windows systems to easily bring their PCs up to date -- a new attempt to change a situation that has been a boon to virus writers and spammers.

The software company last month called for users to beta test a CD designed to provide critical security updates to users of older editions of Windows, including Windows 98, Windows 98 SE and Windows ME. "This security update CD will be of special benefit to customers with slow Internet connections and for those customers who typically do not visit the Microsoft Web site to download updates for their computers," the company said in an email to potential testers, which made its way onto Windows rumour sites.

This week the project moved on to its next step, with testers who had been accepted into the programme informed that the first release candidate would be released sometime next week. The new email was published on rumour site Winbeta.org. Microsoft has not set a release date for the CD.

The potential product, which Microsoft said it is "considering developing", could be a first step towards ensuring that Internet-connected PCs are patched, a problem that has become increasingly thorny as virus and spam levels mount. Many users rarely or never apply security patches to their systems, because they are not aware that they should, can't be bothered or don't wish to spend hours downloading an enormous backlog of fixes over a slow Internet connection.

The result -- especially for unpatched computers with an always-on Internet connection -- can be serious for the rest of the Internet. "One of the biggest problems we're facing today is that viruses manage to infect and spread through the large number of unpatched computers on the Internet," said Mikko Hypponen, director of antivirus company F-Secure. "There are thousands and thousands of computers in the world that are always on the Internet, through DSL or cable connections, but the users have no skills to keep those computers up to date."

Many users leave their machines unpatched for months, even after a virus infection, allowing their computers to continue to bombard the rest of the Internet with attacks, Hypponen said. This is one of the reasons why viruses such as Sobig continue to linger for months.

Some viruses allow spammers to use the infected machines to relay junk email, making the spam nearly impossible to track down or stop. Antivirus company Sophos recently estimated that a third of all spam is carried by infected PCs.

The programme could be a good way to get users to patch their PCs, Hypponen said. "I applaud them for doing this," he said. "I think it's a good idea. In fact, maybe they should have done it sooner."

He cautioned that patching alone wouldn't be enough, saying users should be encouraged to run a firewall and antivirus software. He also said that broadband users shouldn't leave their PCs connected to the Internet when it isn't necessary.

Microsoft is pursuing other ways of getting Windows computers patched, including an advertising campaign and possibly making future versions of Windows download patches automatically by default.

Editorial standards