Microsoft Vulnerabilities and the Windows Update Page
from the August 2000 Actrix Newsletter

by Dean Moor

This month we are privileged to be able to include the first in a series of articles by one of our customers, Dean Moor.  Dean has a long-standing interest in computer security and has graciously agreed to share some of his knowledge.

Always remember - one of the best ways to protect your security online is to change your password on a regular basis. Haven't done that for a while? Do it now. Call our help desk (0800-228749) if you're not sure how. -Ed.

Hi Folks. I have been asked to bring you news of security programs and issues. Each Month I shall endeavour to assist you in making your Internet adventures safer and more enjoyable. To start the ball rolling, I am going to tell you about one of the easiest ways of increasing the security of your Windows Operating System.

I am sure most of you would have heard all sorts of stories about the vulnerabilities in Microsoft Windows and Internet Explorer. One reason why Microsoft seems to have more vulnerabilities than other operating systems is because the majority of people use Windows. It is for this reason that "Hackers" spend so much time looking for ways to compromise these computers. Anyway, why the vulnerabilities exist is another story. What I wish to tell you is what you can do about them.

Microsoft, in their ongoing endeavour to ensure a top quality product, provide "Patches" or Updates for all known vulnerabilities. These are created as soon as possible each time a new "Exploit" is discovered and posted on the associated web page. These updates are then ready for you, the end user, to download and install.

Now, If this sounds complicated, it isn't! Microsoft has made this a very easy so that ALL users can make use of this service. There are a couple of ways to receive these updates.
The easiest method is for those running Internet Explorer. All you do is click on the TOOLS menu in Internet Explorer, and select Windows Update. From here you will be taken to a special Microsoft Site which will check for the ActiveX Component that is the centre of this service. If this component is not installed, it will automatically be downloaded and you will be given the choice to install. I strongly recommend that you accept this tool. (If Internet Explorer is not your preferred browser, or if you have an older version without the Tools/Windows Update link, you can still use this method by going here - http://www.windowsupdate.com/) Once installed you will see a new Browser Window pop up, informing you that "Windows Update is customising the product updates..."
When this is done you will be presented with a list of available updates. Pay special attention to the critical updates!

From here, simply choose which you wish to install according to time requirements and preference and click Download. Confirm your choice of updates, read and accept the license agreement, and wait for the updates to download and install. This is when I normally make a coffee, or do the dishes. When you return everything should be installed and you will be informed of any errors. A quick restart (Not always needed) later and... DONE! Couldn't be easier!
The other method is to go to the Windows download page for your particular Operating System (www.microsoft.com/windows) and download and install each update manually. This method is both more time consuming and recommended for Advance Users due to the fact that all updates are listed, not just the ones that you may need.

Well, I am sorry to say folks, but I have run out of time and space. I hope this proves helpful to you and I shall return next time with another tip.