Re: Best Practice: Patches that are not critical or security related



paulc2480 wrote:
What is the best practice for installing patches that are not listed as "Critical" or "Security" related? Does Microsoft have an official stand on this?


I imagine Microsoft's "Official" stand is that they wouldn't offer the patches unless they thought they were important. Of course, what's important to them may not be important to you.


Some would say push them all to be safe and fix any potential issues. On the other side it has been said that by pushing patches for problems that don't specifically affect you it creates a greater chance that something else might be broken. Any references containing recommendations or best practices on this subject? Thanks!


I really don't like to see people use the Automatic Updates, unless they take precautions to ensure that no patches get installed without the user's express permission, given only after he/she has researched each individual patch to ensure that it applies and is necessary. Due to the nearly infinite number of possible combinations of hardware, device drivers, and applications on any given PC, it's impossible to guarantee that all patches will be 100% harmless. In a very small number of cases, patches and hotfixes can cause conflicts or other problems. So, as with all changes to an OS, caution is advised.

All "Critical" updates should be installed. These address serious issues that can affect a large number of computers. There will be only rare occasions when a Critical update will not apply. Of special importance are those that address security vulnerabilities. If people had installed the available critical updates in July of 2003, the Blaster and Welchia worms would not have spread throughout the Internet the following month. In the unlikely event that problems do develop, you can always use the Control Panel's Add/Remove Programs applet or a System Restore Point to uninstall the troublesome hotfix.

For the "Recommended" updates, simply study the information
provided to see if these updates apply in your specific situation. If
they don't apply, or you're not experiencing the problem(s) addressed,
you needn't install them. For instance, I have no use for WinXP's
MovieMaker, so I ignore any updates to it. Again, in the unlikely
event that problems do develop, you can always use the Control Panel's
Add/Remove Programs applet or a System Restore Point to uninstall the
troublesome hotfix.

In general, though, I've found it best not to download the
"Driver" updates from Windows Update, unless they're for a hardware
device originally manufactured by Microsoft. Device drivers provided
by each component's manufacturer's web site are likely to perform
better and offer more features than will the watered-down, "generic"
drivers that those manufacturers provide to Microsoft for distribution
via Windows Update.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell
.



Relevant Pages

  • Re: Pay for Automatic Updates Automatically
    ... >> I think it would be a great idea for Microsoft to charge a fee each time ... You should have to pay a fee, ... >> raise if a fee was imposed for updates and patches. ...
    (microsoft.public.windowsxp.general)
  • Re: patch management policy/practice
    ... Installing patches is certainly a headache. ... There are a variety of ways to get updates easily, ... Microsoft update services built into Windows XP etc., ...
    (microsoft.public.windowsxp.security_admin)
  • Re: patch management policy/practice
    ... Installing patches is certainly a headache. ... There are a variety of ways to get updates easily, ... Microsoft update services built into Windows XP etc., ...
    (microsoft.public.win2000.security)
  • patch management policy/practice - a summary of responses till 12:45 am (EST)
    ... How soon do you apply patches to your "critical" servers? ... schedule unless the patch is of such critical nature that they cannot wait. ... The real issue regarding patches and service packs and Microsoft is that it ... The frequency of updates that are said to be ...
    (microsoft.public.windowsxp.security_admin)
  • patch management policy/practice - a summary of responses till 12:45 am (EST)
    ... How soon do you apply patches to your "critical" servers? ... schedule unless the patch is of such critical nature that they cannot wait. ... The real issue regarding patches and service packs and Microsoft is that it ... The frequency of updates that are said to be ...
    (microsoft.public.win2000.security)