I want my Windows Update Rollup!
When you set up a new Windows system, especially an XP system, you may be faced with a titanic load of updates to apply to it in order to bring it up to date. If you don't have a loaded-up WSUS server or similar system this means pulling potentially hundreds of megabytes over your Internet connection, and multiple reboots. Microsoft could make it a lot easier.
F-Secure just brought this up by asking for an "update rollup" for Windows XP SP3. A perfectly reasonable request if ever there were one. When they set up a minimal install of XP SP3 (e.g. no calc.exe) in a VM they have to apply 157 updates after SP3. As they point out, SP3 itself was basically just an update rollup. So why doesn't Microsoft do more?
I first wrote about this problem almost 8 years ago, when I suggested some sort of Windows Update CD. The problem I addressed at the time, and it's still important to some people, is that if you have a dial-up connection the number of updates you require to set up a new system is unacceptably large. If I'm not mistaken, this past Patch Tuesday's updates were around 50 MB which is lot to schlep across a phone line.
Not too long thereafter Microsoft actually announced and released such a CD, but it was for Windows 98SE and ME users. (Yikes, that's a long time ago!) Microsoft has since occasionally done rollups, but very few, none for a long time and there seems to be no pattern or policy behind it.
Here's the right way for them to do it: Monthly, as they issue the Patch Tuesday updates or maybe a day or two later, they issue rollups for each operating system. They should come as bootable ISO and USB versions, allowing a user or IT admin to bring a system up to date without turning it on and exposing it to the network or Internet where it could be attacked.
In fact, they could do these updates quarterly, leaving you to apply as many as 2 months of updates through Windows Update and it would still be a huge improvement.
Should other Microsoft products (basically Office) be included? It would be good, but it's not anywhere near as important.
Now it's been 8 years and Microsoft hasn't listened to me on this yet, but things could change.
Larry Seltzer is a freelance writer and consultant, dealing mostly with security matters. He has written recently for Infoworld, eWEEK, Dr. Dobb's Journal, and is a Contributing Editor at PC Magazine and author of their Security Watch blog. He has also written for Symantec Authentication (formerly VeriSign) and Lumension's Intelligent Whitelisting site.