Master the Software Updating Process to Keep Your PC Safe and Stable

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

Beyond having security software installed on your PC, the best way to keep malware off your computer is to maintain a fully patched Windows system. This includes patching desktop applications that may not come from Microsoft. Sometimes, however, default update settings can leave your PC hobbled by bad drivers, software glitches, or unwelcome new features such as Windows Genuine Advantage. Here's a look at several key applications (including Windows) and their updates processes, including some details about what you should know and expect from each vendor.

Update Windows

Microsoft issues security updates for Windows, Office, and Internet Explorer every second Tuesday of each month, commonly known as Patch Tuesday. Occasionally, the company issues emergency out-of-cycle patches as well. The best way to receive these is to set your Windows system (XP, Vista, or 7) to download and install them automatically upon release. But Microsoft includes two other options that may be of interest to you.

For most users, it's best to let Windows install updates automatically.

First, check the current status of your Automatic Update in Windows:

1. Click Start, and then click Control Panel.

2. Depending on which Control Panel view (Classic or Category) you use, do one of the following:

  • In Classic, click Automatic Updates or System, and then click the Automatic Updates tab.
  • In Category, click Performance and Maintenance, click System, and then click the Automatic Updates tab.

Microsoft advises you to permit Windows to automatically download and install recommended updates, but you do have other choices.

Tweak Automatic Updates

In some cases, you may not want a Windows Update to occur automatically. Occasionally, for example, changes to IE or TCP have broken third-party firewall connections to the Internet. If you prefer to wait a day or so to make sure that no such surprises lurk in the latest patch cycle, select the second Automatic Update option to download updates but install them later. If you adopt this approach, a yellow shield icon bearing an exclamation point will appear in the task tray whenever your system downloads a new update; the shield icon will remain there until you take appropriate action.

The updates will sit on your computer until you click the yellow shield icon or until the next time your reboot your computer. At that point you should see a dialog box that asks you to choose between an Express install and a Custom install. Express installs the updates exactly as Microsoft provides them. Custom enables you to pick and choose (suitable when avoiding a service pack, for example).

If you'd rather not allow Microsoft to install updates without your permission, you can opt to have it provide only update notifications.

A third choice is to have Windows notify you whenever new patches are available, but not have the operating system download or install those updates. In this case, you'll see a listing for each available patch, togther with its title and its Knowledge Base article number (where you can find additional information). You can uncheck any update you don't want to download and install; Microsoft will suggest all such bypassed patches again the next time it has a new update ready or the next time you check for updates yourself (see below).

The fourth option is simply to turn off Automatic Updates. Doing so puts the burden of obtaining crucial security updates entirely on the person running the computer; consequently, this option is suitable only for the most disciplined of PC users.

Check for Updates Yourself

Microsoft maintains two different sites where you can find the latest patches. Windows Update provides the latest security updates for the Microsoft operating system as well as updates for additional Microsoft products such as Office and Internet Explorer. Windows Update actually resolves to The update site was moved a few years ago after criminal hackers targeted the Windows Update URL. Regardless of how you arrive there, the update site when viewed in IE should take inventory of your system (via an ActiveX component) and then display the recommended updates and invite you to choose between Express and Custom installation.

There are some caveats. If you use Firefox, the Microsoft update site won't work. Instead, you'll need to use a Mozilla add on that conveniently opens a session of Internet Explorer at the Windows Update page.

If you don't want to open IE, or if you use some other browser, go to the second site, Microsoft Download Center, click Download Category in the top toolbar, and select Windows Security and Updates from the pull-down menu. Here, you'll find many updates that are not specific to your machine--but if you know what you're looking for, you can find it in the list.

Avoid Trouble

If you learn that a new service pack is available for Vista, but you're worried that your current apps might not work with the service pack, you have some options. Start by changing the Windows Automatic Updates to specify downloading without installing, or to specify notifying without downloading or installing. When prompted for an installation method, choose Custom, uncheck the service pack or patch that you wish to delay or avoid, and then install the rest of the pack. You may be prompted from time to time to download and install the remaining update, but you can decline to do so.

If an update that you have installed proves to be the source of subsequent problems, you can take steps to reverse the damage. If you have Windows System Restore turned on (Start, All Programs, Accessories, System Tools), you can return to a point before the patch was installed, when your system still worked perfectly (note, however, that doing so may also undo any other recent software installations you may have performed).

Sometimes patches can cause problems with apps and hardware on your system. You can roll them back in the Add or Remove Programs control panel.

Another, perhaps easier choice, is to uninstall the patch. Go to Control Panel, Add or Remove Programs. Check the box at the top, if it isn't already marked; the resulting list of installed apps will include Microsoft updates. As you scroll down the list, you'll see a large block of Windows Updates, identified by update number and date. Uninstalling the update with the highest number (or the most recent date) should do the trick. Once the update is gone, Windows will try to reinstall the missing patch the next time it has a chance to--especially if you have Automatic Updates turned on. To prevent this from happening, change your Automatic Update profile (see above) either to notify you of the latest updates, or to download but not install them.

Even if you arrange to delay installing all patches, not every update will go swimmingly. For example, Service Pack 1 for .Net Framework 1.1 does not install correctly for some people no matter what steps they take to prepare the way for it. The resolution, according to Microsoft, is to remove a particular Registry key, after which the service pack shouldinstall correctly; unfortunately, uncovering that information can sometimes be vexingly difficult. Start by typing the exact error message into Google or another search engine; the results page should include at least one Knowledge Base (KB) article located on the Microsoft Technet or Support Web site.

In other instances you may simply want a newer version of Internet Explorer. To get one, visit Microsoft Update, Windows Download Center, or Microsoft's Internet Explorer site.

Update Third-Party Applications

Your operating system isn't the only software you need to keep patched. In the old days, users commonly had to find third-party security updates on their own. In more-recent years, however, as criminal hackers have begun targeting common desktop applications, vendors of multimedia apps in particular have gotten better at pushing out their own security patches. Here's a look at the update process for some common types of desktop software.

Firefox: Mozilla silently and automatically downloads its browser security updates in the background; Firefox then installs the update the next time you launch the browser. You can check for updates whenever you want by clicking Help, followed by Check for Updates. Full-version updates (say, an upgrade from Firefox 2 to Firefox 3), however, still require a clean installation from Mozilla.

Apple installs its own software update tool when you install iTunes or QuickTime on your Windows PC. Watch out for attempts by Apple to use this tool to automatically install unwanted apps.

iTunes and QuickTime: Whenever you launch an Apple application within Windows, Apple does a quick check and then notifies you of the latest release for iTunes or QuickTime (if you aren't already running it). You can also request a update by clicking Help, and then Check for Updates. Occasionally, Apple will push out a notification of a new security update for iTunes and/or QuickTime. When it does, a dialog box will pop up to explain what the update includes. Unfortunately, Apple has been known to bundle other offerings--such as Safari and Bonjour for Windows--with these updates, regardless of whether you already have these apps installed. If you don't want these extra programs, simply uncheck their boxes before installing the update.

Flash and Adobe Reader: Adobe, like Apple, pushes out security updates as they are completed and issued. Alternatively you can request a update check by clicking Help, and then Check for Updates. In general, you can expect legitimate requests from Adobe to install new updates to appear shortly after you boot into Windows; you should take the opportunity then to install them.

Java: Sun recently ran afoul of security researchers who discovered that insecure older versions of Java remained on the Windows machine the researchers installed newer, more secure versions of Java. With JRE6 Update 10, Sun now removes older versions of Java, but it doesn't remove any pre-Update 10 versions; you'll have to uninstall these yourself. (Note: Not all PC users have Java installed on their desktop; don't feel bad if your system is Java-less.)

Robert Vamosi is a freelance computer security writer specializing in coverage of criminal hackers and malware threats.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon