Patching XP and Vista with Service Packs and Hotfix "rollups"
August 31, 2007 1 Comment
In the last few days a couple of contradictory things seem to have happened:
- Everyone and his dog seems to have blogged about the release dates for Vista service pack 1 and separately XP service pack 3 -both in 2008
- Microsoft seem to have requested that the popular patching utility “AutoPatcher” be taken down and no longer distributed.
Ironically, I started reading an excellent post on Scott Hanselman’s Computer Zen blog about his favourite Windows tools and utilities for developers and power users, updated for 2007. He posted this on 23rd August. I started to follow and download several of the applications he linked, in some cases to do something new, in others to see how they stacked up against tools I already used. I was still downloading today, when I found that one of his links, to AutoPatcher, showed me this page
So, just under a week after that list was published, someone in MS legal sat up and took notice of a tool that had been used by loads of people over the preceding years to be able to carry an offline copy of all MS patches and apply them to systems which could not be patched in the normal way for some reason such as:
- slow connection – a 56kbps dialup simply is not enough to patch XP
- paranoia of connecting a machine to the internet before it is patched
- firewall issues
- the time it takes, during which you are paying someone by the hour
I notice that Susan Bradley has also posted about this seemingly over-zealous act by Microsoft. Finger on the pulse as always, Susan!
So, what did I do? I looked for (and found) a mirror which still hosted the tool. I don’t want to disclose the name of that site but I’m sure it should show up in my browsing history if I went and looked at the time right after I visited the AutoPatcher site.
I also went and checked on the status of another well-known hotfix rollup packager which seems to still be going strong. I made sure I got their latest updates as well. I first came across this one when a client asked me to find a way to do a slipstream of the XP install which was up to date to the previous month end so they could use it as a base for their third-party distribution software tool. I won’t mention it here for fear this may lead to it getting closed down…
Until we get another service pack for XP, these sorts of tools are invaluable for taking the pain out of getting a fresh sp2 install patched up to date before you risk getting infected (or lynched by an impatient user who just wants to get on with some work). I can understand the principle of wanting to control how people distribute or use your intellectual property which is not freely available, but surely this is simply taking something their customers can already get for nothing but packaging it in a way that is much easier to manage.
If someone sets up a stall outside an art gallery offering free gift wrapping to all customers as they walk out, should the artist act to get them closed down because the end “gift” is actually one of their pieces in a more attractive wrapper?
So, what about the official service packs?
Microsoft announce XP service pack 3
It should be going into Beta soon, then the usual round of different build versions, then a Release Candidate (RC1) build on wider release (but effectively still not officially supported or legally liable for anything), then eventually a release of the actual, final service pack “sometime in H1 2008”. So that could be 10 months away (or only 4 if it gets delivered by a flying pig).
Maybe they simply hope that many people will opt for Vista as an alternative to waiting for XP sp3.
Vista service pack 1 also planned for 2008
A similar story for Vista sp1 – a round of closed Betas to around 10,000 people, then a wider RC1 release to Technet and MSDN subscribers, then in Q1 2008 a final release to Joe Public.
In relation to the topic at hand (providing tools to apply patch rollups to machines which are not so well-connected) the announcement about Vista service pack 1 beta says (amongst lots of other things you would be better off reading there than here):
Windows Vista SP1 will support the following delivery methods:
- Express. Requires an Internet connection but minimizes the size of the download by sending only the changes needed for a specific computer (approximately 50 MB for x86-based operating systems).
- Stand-alone. Recommended for computers with limited Internet connectivity and for applying the service pack to multiple computers. The download size is larger than the express package, but customers can apply a single package to any Windows Vista version and language combination (within a platform). Distribution tools like System Center Configuration Manager 2007 use stand-alone packages to deploy Windows Vista SP1.
- Slipstream. The slipstream version of Windows Vista SP1 is media that already contains the service pack, which companies can use to deploy the operating system to new computers or to upgrade existing computers. Availability will be limited. Microsoft will update Windows Vista retail media with Windows Vista SP1 slipstream media in the future. Slipstream media will also be available to Volume Licensing customers.
This is a move in the right direction – a stand-alone package that you can carry around with you and use to patch machine that would otherwise be left vulnerable.
The article goes on to say:
For express and stand-alone deployment methods, Microsoft recommends the following:
- Laptops must be plugged in to an AC power source.
- A minimum of 7 GB free disk space on the system partition for x86-based operating systems and a minimum of 12 GB free disk space for x64-based operating systems.
- The stand-alone deployment method requires administrative credentials.
Yes, 7GB of free disk space just to install a service pack! I’ve already noted in another post that my old standard of 20GB for the system partition which has served me very well on XP and 2003 installs was simply not enough for Vista (on older Windows versions I didn’t commit even that much space to the OS). I used the built-in repartitioning tool to move it up to 25GB and I currently have less than 5Gb left. So I need to add at least 3 more before I can think about running the service pack in a stand-alone mode. I just can’t see how they get the jump from 50MB for a typical system in Express mode to 7GB? Can you spell “bloatware”?
There’s still no indication of a mechanism to address the ever-increasing list of patches to be applied to machines in between the service pack releases, other than to use technologies such as WSUS. This is fine for most corporate environments, but it does not help the huge number of home users who are likely to have fewer additional security measures in place to begin with.