Computer system security is a journey, not a destination. The moment you think you have a secure system, you don’t. The process of securing a system includes constant monitoring for discovered security holes and vulnerabilities.
The objective, of course, is to find out about the newly unearthed flaw, obtain a patch and implement it before any maliciously minded individual discovers your unpatched system. To do so would seem a daunting task requiring non-stop attention. In a sense, that’s an accurate description.
At first look it seems like an excellent idea to have an automated mechanism for obtaining security patches for identified holes and exploits. Those who are in the best position to discover flaws and holes in an operating system are those who know it best; namely, its authors. There are mechanisms for security conscious system administrators to notify each other of holes, including NTBugTraq.
Details on NTBugTraq can be found at www.ntbugtraq.com. They operate a list service to which you can subscribe and through which system administrators can keep each other informed on Windows security issues (To subscribe: send a message to listserv@listserv.ntbugtraq.com; no subject; in the message area type subscribe ntbugtraq.) As the author of the Windows family of operating systems, Microsoft, among other things, keeps a close eye on NTBugtraq.
It is only the team at Microsoft who are in the position to create patches for these holes, since only they have all of the operating system source code. It is therefore they who are in the best position to notify you when both a vulnerability is identified and its patch is available. To this end, Microsoft came up with Windows Automatic Updates.
Automatic Updates can be found in the control panel in Windows 2000 and as a tab of System Properties in XP and 2003. There are four options available. It can be turned off, which is probably only really a reasonable option on a machine that is never connected to the Internet, or when there are several machines in a site, all of which will need the updates and you wish to conserve bandwidth by downloading only once.
When on, it can be set to notify you before downloading updates, to notify after downloading updates or to simply download updates and install them on a specified schedule.
The use of Windows Automatic Update to notify you of security patches is an excellent mechanism. If you only have a few systems to maintain, or if you don’t believe bandwidth consumption will be an issue, then it is also a great method of obtaining updates. There may even be some circumstances in which it would be advisable to use the capability to install updates on a specified schedule, but be careful, however, because a second look at the subject can reveal a downside to this.
The problem with an automated system is that the administrator can lose track of changes that are being made to their systems when those changes don’t actually require the administrator’s intervention. This may seem relatively minor, but consider this example; a recent security update from Microsoft was presented to systems by the automatic update even though it had a prerequisite of a particular service pack level that had not been met on the subject system.
When installed, the patch caused an incompatibility with a core DLL resulting in a system that would halt with a Stop error on restart (see Q318533 & related articles.) Had the install been performed manually, the administrator would have been clued right into the cause of the problem. Automatically installed updates may have been put in place a few days prior to the restart and would not be immediately associated with the error in the mind of the administrator.
As I have said before, there are a lot of advantages to the automated system. My personal preference is to have automatic updates on systems that I am physically close to and are not in a critical setting. For more mission critical machines, I like to monitor for updates by subscribing to Microsoft’s Product Security Notification Service and scheduling times to apply the fixes based on severity of threat, applicability, etc.
As the number of threats increase, it is becoming more and more critical that hotfixes be applied in a timely manner. The same holds true for service packs. It can be a risky proposition to allow time to go by before patching your system.
Remember that those with malicious intent also subscribe to the NTBugTraq and MS Notification services. To them, these services provide a list of new things to look for and try. If your system is already patched when they come looking, they’ll just have to move on to the next one.
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2020
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Anticipating The Coming Wave Of AI Enhanced PCs
FEATURE | By Rob Enderle,
September 05, 2020
The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
August 14, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.