Full Disclosure: Auto Updates--No Quick Security Fix

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

Illustration: John Cuneo
You're concerned about computer security. You know you need all the latest Windows patches, fixes, and updates, including crucial ones relating to new threats like those we examine in this special issue. And you need them installed before a new attack inflicts its damage.

But you chose "automatic" updating when you set up your system, so you figure no sweat--your PC will have the newest safeguards from the moment you boot it up.

Wrong. Microsoft's Automatic Updates service may be automatic, but it is definitely not instantaneous. As I write, no information on Microsoft's Web site fully explains the details, perhaps because of the horrified shrieks that would resound if the facts were available. But the bottom line is this: The only way to ensure that you'll get updates immediately is to surf to Microsoft's Windows Update Web site (via Internet Explorer only, of course) and explicitly request them.

The way Automatic Updates really works is as confusing as it is undocumented. After a long discussion and several e-mail exchanges with Microsoft product people, I can't presume to say I fully understand it. The short story is that the Automatic Updates client on your machine pings servers every 17 to 22 hours to see whether you need updates. If you do, it downloads them; after that (unless you've arranged for it to ask you before proceeding), Automatic Updates will install the files either at 3 a.m. (by default) or at a time you select. Then it may reboot Windows, even if your PC is in the midst of doing something important, like recording the latest episode of Entourage. Or it may wait for you to accept an end user license agreement before it proceeds.

The Waiting Game

But the full story is more like a Kafka novel. On some machines, updates can get installed when you shut the computer down (before the official installation hour). This might help if the patches come in before you turn the machine off for the night. But what if you're away on vacation--with your PC turned off--when some worm appears? Will Automatic Updates go out and grab the fixes immediately upon your return? The quick answer appears to be no.

And updating may take longer than you expect. According to a Microsoft product manager responsible for this stuff, up to five days may elapse before every PC with Automatic Updates turned on actually gets updated. There's no way to know whether your machine is at the front of the line or the back; the only way to jump the queue is to head directly for Microsoft's update site. It's also the only way to collect "optional" updates, such as new versions of Windows Media Player, which never arrive automatically.

Unlike the ancient Windows Update, the new Microsoft Update delivers fixes for recent versions of Office and other applications as well as those for late-model editions of Windows. But components it needs don't ship with any machine currently on the market. So if you want it--and you probably do--you'll have to manage your own downloading.

Which turns out to be a good philosophy when it comes to Windows updates in general.

Contributing Editor Stephen Manes is cohost of PC World's Digital Duo, on public television. Click here for more Full Disclosure columns.
Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
  
Shop Tech Products at Amazon