“In the night, no control
Through the wall something’s breaking…”
(c) Laura Branigan
There has been a lot of buzz floating around for the last week shouting on what’s going on with WU updating itself silently without sending any notifications to the user. Some people misunderstood the source of troubles and decided that WU went all funky and “begun patching files on Windows XP and Vista without users’ knowledge, even when the users have turned off auto-updates”. That’s surely has been incorrectly phrased, but combined with the fact that WU has been known for causing a resource hog each time when user first logs on to the Windows XP session. Microsoft issued a special patch aimed specifically to resolve the problem. The tricky moment there was that installing the patch mentioned in the KB927891 and KB916089 was not enough to resolve the problem in all cases. As it is mentioned in the article 932494, “sometimes, this update [update 916089] resolves the issue that causes the CPU usage to spike to 100 percent. Typically, this update also resolves the unresponsiveness of the computer. However, continuing issues are known to occur” and users had to install the updated version of Microsoft Windows Update Client version 3.0. That probably is why that Scott Dunn’s article has caused all these rumblings so that they have even been published on Microsoft-watch.
Personally I don’t know why this problem cropped up only now as on my home computer I had the Automatic Update updating automatically since at least the end of June but I am sure I have had this message for ages although my Windows Update settings had always been set to “Download Updates for me, but let me choose when to install them” option.
That has also been confirmed by Nate Clinton, a Windows Update program manager for Microsoft in her article published on the Official Microsoft Update Team blog. Here is what could be read there:
“This has been the case since we introduced the automatic update feature in Windows XP. In fact, WU has auto-updated itself many times in the past.”
So this does mean that this behavior is by design.
“It’s Up to you, it’s out of my control”?
Is this that behavior bad? Sure no. It’s confusing and I am partly agree Security Research said here that silent updates can be contradicting to the internal corporate security rules and guidelines. The core thing here is as with all software “WU updates itself to make sure it continues to work properly”. One may find it just not that flexible and scalable as it is targeted for the home customers. This point of view makes sense for IT administrators who need to control updates for a whole set of computers running in his domain. Are there any ways to put it under your control and maintain it at the enterprise level? Yes. That’s what the desktop management services and tools are used for. There are also tools which control that all the operations to the corporate infrastructure such as desktop management should be compliant with the regulatory standards such as the well-known Sarbanes-Oxeley Act (SOX). So this DOES NOT mean that you can’t put the updated procedures as well as other operations you make when you perform maintenance operations under your personal control. In fact you can and that’s why companies like Scriptlogic or Microsoft itself are providing specialized enterprise-level solutions that are standardized and allow flexibly deliver updates via WSUS or specialized solutions that provide enhanced functionality combining the system and application specific updates that allow me to keep all the software I have deployed on my domain updated. What’s great about third-party tools is that they sometimes provide more flexibility as they are less restricted by boundaries defined by default features that came bundled with the system software by default. Such tools often include advanced reporting functionality which when used can completely eliminate the confusion with administrator being uninformed of what’s happening to the computers he controls. Microsoft did a great job developing the secure SQL server 2005 and I am finding it great that independent software vendors such as the aforementioned Scriptlogic Corporation are using these technologies to store configuration settings and reporting.
Complex unified updates and reporting related:
Unified application and patch deployment and patch management with enhanced reporting
Automated reporting tips’ and tricks for WSUS
Windows Update Client Software related:
Сhecking the Windows Update Agent Version on Client Computers
Download the Updated version on Windows Update Agent
Some fixes and solutions
Fixing computers that “do not report back to the Windows Software Update Services (WSUS) server”
Technorati Tags: Microsoft Windows Update Microsoft Update Windows Patch Management Desktop management Management Automatic Updates Self-Update Silent Update Security Rumors Technology Hotfix Vista Windows Vista Windows XP Windows Update v6 Auto-updates KB916089 KB927891 KB932494 Windows Update Client Reporting WSUS Windows Server Update Services Windows Update Agent Updates Get Updates Security Issue Privacy Update Management Critical Talks Opinions Safety
Filed under: Auto-updates, Automatic Updates, Critical, Desktop management, Get Updates, Hotfix, KB916089, KB927891, KB932494, Management, Microsoft, Microsoft Update, Opinions, Patch Management, Privacy, Reporting, Rumors, Safety, Security, Security Issue, Self-Update, Silent Update, Talks, Technology, Update Management, Updates, Vista, WSUS, Windows, Windows Server Update Services, Windows Update, Windows Update Agent, Windows Update Client, Windows Update v6, Windows Vista, Windows XP
