Windows Update
Encyclopedia
Windows Update is a service provided by Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...

 that provides updates for the Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...

 and its installed components, including Internet Explorer
Internet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...

. An optional feature disables access to Windows Update, enabling instead access to Microsoft Update, an expanded version of the service which provides updates not just for the operating system and Internet Explorer, but also for other Microsoft software running under Windows, such as Microsoft Office
Microsoft Office
Microsoft Office is a non-free commercial office suite of inter-related desktop applications, servers and services for the Microsoft Windows and Mac OS X operating systems, introduced by Microsoft in August 1, 1989. Initially a marketing term for a bundled set of applications, the first version of...

, Windows Live
Windows Live
Windows Live is the collective brand name for a set of services and software products from Microsoft, part of their software plus services platform. A majority of these services are Web applications, accessible from a browser, but there are also client-side binary applications that require...

 applications, and Microsoft Expression Studio
Microsoft Expression Studio
Microsoft Expression Studio is a suite of tools for designing and building web and Windows client applications and rich digital media contents.- Overview :...

. Updates are normally provided over an Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...

 connection, although there is provision for updates to be installed on computers without an Internet connection.

There are different kinds of updates. Security updates or critical updates protect against vulnerabilities to malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...

 and security exploits
Exploit (computer security)
An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic...

. Other updates correct errors
Software bug
A software bug is the common term used to describe an error, flaw, mistake, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or causes it to behave in unintended ways. Most bugs arise from mistakes and errors made by people in either a program's...

 that aren't related to security, or enhance functionality.

Security updates are routinely provided on the second Tuesday of each month, Patch Tuesday
Patch Tuesday
Patch Tuesday is usually the second Tuesday of each month, on which Microsoft releases security patches.Starting with Windows 98, Microsoft included a "Windows Update" system that would check for patches to Windows and its components, which Microsoft would release intermittently...

, but can be provided whenever a new update is urgently required to prevent a newly discovered or prevalent exploit
Exploit (computer security)
An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic...

 targeting Windows users. Windows Update can be configured to install critical updates automatically so long as the computer is connected to the Internet, without the user needing to install them manually, or even be aware that an update is required .

Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...

, Windows Server 2008, and Windows 7 provide a Control Panel
Control Panel (Windows)
The Control Panel is a part of the Microsoft Windows graphical user interface which allows users to view and manipulate basic system settings and controls via applets, such as adding hardware, adding and removing software, controlling user accounts, and changing accessibility options...

 to configure update settings and check for updates. The Windows Update Control Panel is also the means to download Windows Ultimate Extras
Windows Ultimate Extras
Windows Ultimate Extras are optional features offered to users of Windows Vista Ultimate Edition. They are accessible with Windows Update. Ultimate Extras replace the market role of Microsoft Plus!, a product sold for prior consumer releases of Microsoft Windows...

, optional software for Windows Vista Ultimate Edition. For previous versions of Microsoft Windows, updates can be downloaded from the Windows Update website, using Internet Explorer
Internet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...

.

Windows Update web site

Windows Update was introduced as an Internet web site with the launch of Windows 95
Windows 95
Windows 95 is a consumer-oriented graphical user interface-based operating system. It was released on August 24, 1995 by Microsoft, and was a significant progression from the company's previous Windows products...

. A link to Windows Update on the Start Menu gave access to additional downloads for the operating system. At the time of Windows 98's release Windows Update offered additional desktop themes, games, device driver updates, and optional components such as NetMeeting. Windows 95
Windows 95
Windows 95 is a consumer-oriented graphical user interface-based operating system. It was released on August 24, 1995 by Microsoft, and was a significant progression from the company's previous Windows products...

 and Windows NT 4 were retroactively given the ability to access the Windows Update website, and download updates designed for those operating systems, starting with the release of versions of Internet Explorer 4 for those operating systems. The initial focus of Windows Update was on free add-ons and new technologies for Windows; security fixes for Outlook Express
Outlook Express
Outlook Express is an email and news client that is included with Internet Explorer versions 4.0 through 6.0. As such, it is also bundled with several versions of Microsoft Windows, from Windows 98 to Windows Server 2003, and is available for Windows 3.x, Windows NT 3.51, Windows 95 and Mac OS 9...

, Internet Explorer and other applications appeared later, as did access to beta versions of upcoming Microsoft software, most notably Internet Explorer 5
Internet Explorer 5
Microsoft Internet Explorer 5 was a graphical web browser released in March 1999 by Microsoft, primarily for Microsoft Windows, but initially with versions available for Apple Macintosh, Sun Solaris, and HP-UX. It was one of the main participants of the first browser war...

. Fixes to Windows 98 to resolve the Year 2000 problem
Year 2000 problem
The Year 2000 problem was a problem for both digital and non-digital documentation and data storage situations which resulted from the practice of abbreviating a four-digit year to two digits.In computer programs, the practice of representing the year with two...

 were distributed using Windows Update in December 1998. Microsoft attributed the sales success of Windows 98 in part to Windows Update.

Windows Update requires Internet Explorer
Internet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...

 or a third-party web browser that uses Microsoft's MSHTML
Trident (layout engine)
Trident is the name of the layout engine for the Microsoft Windows version of Internet Explorer.It was first introduced with the release of Internet Explorer version 4.0 in October 1997; it has been steadily upgraded and remains in use today...

 layout engine
Layout engine
A web browser engine, , is a software component that takes marked up content and formatting information and displays the formatted content on the screen. It "paints" on the content area of a window, which is displayed on a monitor or a printer...

, as it must support the use of an ActiveX control to house the software that is executed on the user's computer. While details have changed from version to version, it has always scanned the computer to find what operating system components and software are installed, and compared the versions of those components with the latest available versions. The ActiveX component then interfaces with Windows Installer
Windows Installer
The Windows Installer is a software component used for the installation, maintenance, and removal of software on modern Microsoft Windows systems...

 to install or update those components, and to report the success or failure of those installations back to Microsoft's servers.

The first version of the Windows Update web site (usually referred to as "v3") did not require any personally-identifiable information to be sent to Microsoft. In order for the v3 ActiveX control to determine what updates were needed, the entire list of available software on Windows Update was downloaded to the user's computer when they visited the Windows Update web site. As the number of updates offered by Windows Update grew, this resulted in performance concerns. Arie Slob, writing for the Windows-help.net newsletter in March 2003, noted that the size of the update list had exceeded 400KB
Kilobyte
The kilobyte is a multiple of the unit byte for digital information. Although the prefix kilo- means 1000, the term kilobyte and symbol KB have historically been used to refer to either 1024 bytes or 1000 bytes, dependent upon context, in the fields of computer science and information...

, which caused delays of more than a minute for dial-up users.

Windows Update v4, released in conjunction with Windows XP in 2001, changed this by having the ActiveX control submit a list of the hardware components to Microsoft's servers, which then returns a list of only those device drivers available for that machine. It also narrowed down the list of available updates for the operating system and related components by sending details of what operating system version, service pack, and locale are installed. German technology web site tecchannel.de published an analysis of the Windows Update communication protocol in February 2003, which received wide attention on technology web sites. The report, which was the first to contain extensive details of how the Windows Update communication protocol worked, also discovered that the make and model of the computer, the amount of free disk space, and the Windows product key, were sent.

Critical Update Notification Tool/Utility

Shortly after the release of Windows 98, Microsoft released a Critical Update Notification Tool (later called Critical Update Notification Utility to avoid the unfortunate acronym) through Windows Update, which installed a background tool on the user's computer that checked the Windows Update web site on a regular schedule for new updates that have been marked as "Critical". By default, this check occurred every five minutes, and when Internet Explorer was started, though the user could configure the next check to occur only at certain times of the day or on certain days of the week. The check was performed by querying the server for a file, "cucif.cab", which contains a list of all the critical updates released for the user's operating system. The Critical Update Notification Tool then compared this list with the list of installed updates on the user's machine, and displayed a message to the user informing them of new critical updates if they were available. Once the check executed, any custom schedule defined by the user was reverted to the default; Microsoft stated that this was by design in order to ensure that users received notification of critical updates in a timely manner.

An analysis done by security researcher H D Moore in early 1999 was critical of this approach, describing it as "horribly inefficient" and susceptible to attacks. In a posting to BugTraq
Bugtraq
Bugtraq is an electronic mailing list dedicated to issues about computer security. On-topic issues are new discussions about vulnerabilities, vendor security-related announcements, methods of exploitation, and how to fix them...

, he explained that, "every single Windows 98 computer that wishes to get an update has to rely on a single host for the security. If that one server got compromised one day, or an attacker cracks the MS DNS server again, there could be millions of users installing trojans
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...

 every hour. The scope of this attack is big enough to attract crackers who actually know what they are doing..."

The Critical Update Notification tool continued to be promoted by Microsoft through 1999 and the first half of 2000. Initial releases of Windows 2000
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...

 shipped with the tool, but Windows 95 and Windows NT 4.0
Windows NT 4.0
Windows NT 4.0 is a preemptive, graphical and business-oriented operating system designed to work with either uniprocessor or symmetric multi-processor computers. It was the next release of Microsoft's Windows NT line of operating systems and was released to manufacturing on 31 July 1996...

 were not supported. It was superseded by Automatic Updates in Windows Me
Windows Me
Windows Millennium Edition, or Windows Me , is a graphical operating system released on September 14, 2000 by Microsoft, and was the last operating system released in the Windows 9x series. Support for Windows Me ended on July 11, 2006....

 and Windows 2000
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...

 SP4.

Automatic Updates

With the release of Windows Me
Windows Me
Windows Millennium Edition, or Windows Me , is a graphical operating system released on September 14, 2000 by Microsoft, and was the last operating system released in the Windows 9x series. Support for Windows Me ended on July 11, 2006....

 in 2000, Microsoft introduced Automatic Updates as a replacement for the Critical Update Notification tool. Unlike its predecessor, Automatic Updates includes the ability to download and install updates without using a web browser
Web browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...

. Instead of the five minute schedule used by its predecessor, the Automatic Updates client checks the Windows Update servers once a day. The user is given the option to download available updates then prompt the user to install them, or to notify the user prior to downloading any available updates. After Windows Me is installed, the user is prompted via a notification balloon
Balloon help
Balloon help was a help system introduced by Apple Computer in their 1991 release of System 7.0. The name referred to the way the help text was displayed, in "balloons", like those containing the words in a comic strip...

 to configure the Automatic Updates client.

The Windows Update web site itself was significantly updated to match the visual style of Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...

.

Windows XP and Windows 2000 Service Pack 3 include Background Intelligent Transfer Service
Background Intelligent Transfer Service
Background Intelligent Transfer Service is a component of Microsoft Windows XP and later operating systems that facilitates prioritized, throttled, and asynchronous transfer of files between machines using idle network bandwidth...

, a protocol for transferring files in the background without user interaction. As a system component, it is capable of monitoring the user's Internet usage, and throttling its own bandwidth usage in order to prioritize user-initiated activities. The Automatic Updates client for these operating systems was updated to use this system service.

Microsoft Update

At the February 2005 RSA Conference
RSA Conference
The RSA Conference is a cryptography and information security-related conference held annually in the San Francisco Bay Area.The RSA Conference started in 1991 as a forum for cryptographers to gather and share the latest knowledge and advancements in the area of Internet security...

, Microsoft announced the first beta of Microsoft Update, an optional replacement for Windows Update that provides security patches, service packs and other updates for both Windows and other Microsoft software. The initial release in June 2005 provided support for Microsoft Office 2003
Microsoft Office
Microsoft Office is a non-free commercial office suite of inter-related desktop applications, servers and services for the Microsoft Windows and Mac OS X operating systems, introduced by Microsoft in August 1, 1989. Initially a marketing term for a bundled set of applications, the first version of...

, Exchange 2003
Microsoft Exchange Server
Microsoft Exchange Server is the server side of a client–server, collaborative application product developed by Microsoft. It is part of the Microsoft Servers line of server products and is used by enterprises using Microsoft infrastructure products...

, and SQL Server 2000
Microsoft SQL Server
Microsoft SQL Server is a relational database server, developed by Microsoft: It is a software product whose primary function is to store and retrieve data as requested by other software applications, be it those on the same computer or those running on another computer across a network...

, running on Windows 2000, XP, and Server 2003. Over time, the list has expanded to include other Microsoft products, such as Windows Live
Windows Live Essentials
Windows Live Essentials is a suite of freeware applications by Microsoft that aims to offer integrated and bundled e-mail, instant messaging, photo-sharing, blog publishing, security services and other Windows Live entities...

, Windows Defender
Windows Defender
Windows Defender, formerly known as Microsoft AntiSpyware, is a software product from Microsoft to prevent, remove, and quarantine spyware in Microsoft Windows...

, Visual Studio
Microsoft Visual Studio
Microsoft Visual Studio is an integrated development environment from Microsoft. It is used to develop console and graphical user interface applications along with Windows Forms applications, web sites, web applications, and web services in both native code together with managed code for all...

, runtimes and redistributables, Zune Software
Zune
Zune is a digital media brand owned by Microsoft which includes a line of portable media players, a digital media player software for Windows machines, a music subscription service known as a 'Zune Music Pass', music and video streaming for the Xbox 360 via the Zune Software, music, TV and movie...

, Virtual PC
Windows Virtual PC
Windows Virtual PC is a virtualization program for Microsoft Windows. In July 2006 Microsoft released the Windows-hosted version as a free product...

 and Virtual Server
Microsoft Virtual Server
Microsoft Virtual Server is a virtualization solution that facilitates the creation of virtual machines on the Windows XP, Windows Vista and Windows Server 2003 operating systems. Originally developed by Connectix, it was acquired by Microsoft prior to release...

, CAPICOM
CAPICOM
CAPICOM is a discontinued ActiveX control created by Microsoft to help expose a select set of Microsoft Cryptographic Application Programming Interface functions through Microsoft Component Object Model...

, Microsoft Lync, and other server products. It also offers Silverlight
Microsoft Silverlight
Microsoft Silverlight is an application framework for writing and running rich Internet applications, with features and purposes similar to those of Adobe Flash. The run-time environment for Silverlight is available as a plug-in for web browsers running under Microsoft Windows and Mac OS X...

 and Windows Media Player
Windows Media Player
Windows Media Player is a media player and media library application developed by Microsoft that is used for playing audio, video and viewing images on personal computers running the Microsoft Windows operating system, as well as on Pocket PC and Windows Mobile-based devices...

 as optional downloads if applicable to the operating system. A persistent bug in Microsoft Update affecting XP computers with limited internal memory is that it allows the update programs wuauclt.exe and svchost.exe to claim 100% of the computers memory for extended periods of time (up to hours) making affected computers unusable.

MS Office Update

Microsoft Office Update was a free online service that allowed users to detect and install updates for certain Microsoft Office products. This update service supported Office 2000
Microsoft Office 2000
Microsoft Office 2000 is a release of Microsoft Office that succeeded Microsoft Office 97 and was designed as a fully 32-bit and Y2K compliant version to match Windows 2000 features. All the Office 2000 applications have OLE 2 capacity, which allows moving data automatically between various...

, Office XP
Microsoft Office XP
Microsoft Office XP is a productivity suite written and distributed by Microsoft for their Windows operating system. Released on March 5, 2001, it is the successor to Office 2000 and the predecessor to Office 2003, and was known as Office 10 in the early stages of its development cycle...

, Office 2003
Microsoft Office 2003
Microsoft Office 2003 is a productivity suite written and distributed by Microsoft for their Windows operating system. Released on October 21, 2003, it was the successor to Office XP and the predecessor to Office 2007.- Overview :...

, and Office 2007
Microsoft Office 2007
Microsoft Office 2007 is a Windows version of the Microsoft Office System, Microsoft's productivity suite. Formerly known as Office 12 in the initial stages of its beta cycle, it was released to volume license customers on November 30, 2006 and made available to retail customers on January 30, 2007...

. On 1 August 2009, Microsoft decommissioned the service. Users are now required to use Microsoft Update. However, as Microsoft Update does not work with Office 2000, Office 2000 users no longer have any method of automatically detecting and installing updates. This is not a limitation for existing installations of Office 2000, because the product is no longer supported and so no new updates are being produced. However, it is a serious limitation for anyone re-installing MS Office 2000.

Windows Vista, Windows Server 2008, and Windows 7

In Windows Vista, Windows Server 2008, and Windows 7, the web site is no longer used to provide a user interface for selecting and downloading updates. In its place, the Automatic Updates control panel
Control Panel (Windows)
The Control Panel is a part of the Microsoft Windows graphical user interface which allows users to view and manipulate basic system settings and controls via applets, such as adding hardware, adding and removing software, controlling user accounts, and changing accessibility options...

 has been expanded to provide similar functionality. Support for Microsoft Update is also built into the operating system, but is turned off by default. The revised Windows Update can also be set to automatically download and install both Important and Recommended updates. In prior versions of Windows, such updates were only available through the Windows Update web site.

In versions of Windows prior to Vista, updates requiring a reboot would pop up a dialog box every number of specified minutes requesting that users reboot their machines. This dialog box was changed to allow the user to select a longer period of time (up to 4 hours) before being prompted again. The revised dialog box also displays under other applications, instead of on top of them.

In Windows 7 and Vista once automatic updates have finished, the computer will be shut down after a countdown, sometimes causing the countdown to finish and the system to reboot while the user is in the middle of using the computer (or away from the computer and not wanting it to reboot for various reasons), possibly losing data, gameplay advancement, etc.

Windows Update makes use of Transactional NTFS
Transactional NTFS
Transactional NTFS is a component of Windows Vista and later operating systems. It brings the concept of atomic transactions to the NTFS file system, allowing Windows application developers to write file output routines that are guaranteed either to succeed completely or to fail completely.-...

, a file system
File system
A file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...

 feature introduced with Windows Vista, when performing updates to Windows system files. This feature helps Windows recover cleanly in the event of an unexpected shut-down during an update, as the transactioning system will ensure that changes are committed to the file system in an atomic fashion.

Statistics

At the beginning of 2005, Windows Update was being accessed by about 150 million people, with about 112 million of those using Automatic Updates.

As of 2008, Windows Update had about 500 million clients, processed about 350 million unique scans per day, and maintained an average of 1.5 million simultaneous connections to client machines. On Patch Tuesday
Patch Tuesday
Patch Tuesday is usually the second Tuesday of each month, on which Microsoft releases security patches.Starting with Windows 98, Microsoft included a "Windows Update" system that would check for patches to Windows and its components, which Microsoft would release intermittently...

, the day Microsoft typically releases new software updates, outbound traffic could exceed 500 gigabit
Gigabit
The gigabit is a multiple of the unit bit for digital information or computer storage. The prefix giga is defined in the International System of Units as a multiplier of 109 , and therefore...

s per second. Approximately 90% of all clients used automatic updates to initiate software updates, with the remaining 10% using the Windows Update web site. The web site is built using ASP.NET
ASP.NET
ASP.NET is a Web application framework developed and marketed by Microsoft to allow programmers to build dynamic Web sites, Web applications and Web services. It was first released in January 2002 with version 1.0 of the .NET Framework, and is the successor to Microsoft's Active Server Pages ...

, and processes an average of 90,000 page requests per second.

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK