Bad news: Service Pack 3 for Windows XP, or one of the subsequent patches, breaks Windows Update. Not all the time, but often enough that I got burned twice.
Good news: Microsoft offers free technical support for Windows Update and that support provided a solution to my problem.
While consumers are conditioned to call their hardware manufacturer for technical support, Microsoft offers free support for Service Pack 3 for Windows XP, IE7 and Windows Update. Support for SP3 and IE7 is offered on the phone (866-234-6020), although, I had a hard time qualifying. Support for Windows Update is offered by email.
(Credit:
Microsoft)
To request assistance with Windows Update, start at the Windows Update website (Tools -> Windows Update in IE6 and IE7) and click on the "Get help and support" link in the gray stripe on the left. Then click on "Send a problem report".
The best way to do this is with Internet Explorer on the computer with the problem. This allows Microsoft to download an ActiveX control that gathers assorted debugging information and sends it back to them. In my case, this debugging information proved critical.
A Microsoft technician responded to my plea for help well within their 24 hour goal.
My problem was particularly annoying because there was no error code, thus nothing to search the net for. The error message simply referred to "a problem on your computer". In addition, a review of the update history (click on "Review your update history" in the left side gray stripe) showed no failures at all. I had even checked the system event logs and come up empty.
It turns out that Windows Update has 2.5 activity log files.
In addition to the "update history", there are two plain text log files in the C:\WINDOWS folder. The "half" is a file called "Windows Update.log" which doesn't seem to be used any longer. I checked four XP machines and in each case the file had almost no data and hadn't been updated in a long time.
Update: A reader named Joseph pointed out that this is from an older version of Windows Update.(July 27, 2008)
But the other log file, "WindowsUpdate.log" is a gold mine of information (this file has no spaces in the name). It was included in the debugging information sent to Microsoft and revealed that my problem was an error 0x80004002.
The Fix
Windows Update was resuscitated with the oldest trick in the book, re-installing the software.
Microsoft's first suggestion was to download version 3 of the Windows Update "Agent" (file WindowsUpdateAgent30-x86.exe) to the root of the C disk, then run it with Start -> Run and the following command:
C:\WindowsUpdateAgent30-x86.exe /wuforce
The installation was quick and painless. On both computers, this fixed the problem.
The link to this stand-alone version of the Windows Update agent may change over time. A technician at Microsoft suggested getting the software from here. This fix is also offered here, for a similar Windows Update problem.
How widespread is this problem?
There's no way for me to know how widespread this problem is. If you've had problems with Windows Update after installing Windows XP SP3 leave a comment below.
I don't use Automatic Updates, but if you do, and find the yellow shield never goes away, you may be experiencing this problem. To see, try running Windows Update manually from the website to insure it can install patches.
A brief search turned up forum postings at Microsoft.com from others with this problem. This thread, XP SP3 Preventing any other Windows Update Installs, started almost 3 months ago.
The thread includes an email from Microsoft technical support with three possible fixes. One of them, involving re-registering DLLs, was my fallback if the first suggestion didn't work. Scott Dunn from Windows Secrets covered re-registering Windows Update DLLs last September in Stealth Windows update prevents XP repair.
Finally, let me repeat a warning about upgrading to Internet Explorer 7. When you first install IE7, you get a known buggy version. After rebooting, run Windows Update immediately to get the patch shown below
Update July 27, 2008: After installing XP SP3 and all the subsequent patches on three more computers, my best guess is that the problem has to do with the type of license for Windows. On all four machines that were purchased from the same hardware vendor (very different models), Windows Update broke. However, a copy of Windows XP purchased at retail in a shrink-wrapped box had no problems with Windows Update.
See a summary of all my Defensive Computing postings.
On two Windows XP machines of mine, the installation of post-SP3 patches has broken Windows Update.
I first wrote about this yesterday, when it happened on one machine. Today, on a computer with very different hardware, the problem repeated itself.
In both cases the computers had no application software installed. Each had only Windows XP SP2 and a handful of vendor installed utilities. Neither machine had any anti-malware software of any kind, not even a firewall (other than XP's firewall). Both were running Internet Explorer 6.
Each time I started by installing SP3 and rebooting. Next, I ran Windows Update manually and opted to install all the post-SP3 patches, with the exception of Internet Explorer 7. I prefer to install IE7 by itself. The patches install fine, and I reboot again.
At this point Windows Update no longer works.
As I suggested three months ago, it's best to hold off on Service Pack 3.
Update July 27, 2008: This problem is not related to IE6, it was re-produced on two machines running IE7. At this point, I have tried to reproduce it on five computers. My best guess now is that the problem has to do with the type of license for Windows. On four machines that were purchased from the same hardware vendor (very different models), Windows Update broke. However, a copy of Windows XP purchased at retail in a shrink-wrapped box had no problems with Windows Update.
One Windows XP test machine started out with no service packs. I installed SP2, rebooted, installed IE7, rebooted, installed SP3, rebooted and then installed all the post-SP3 patches except for one. One patch had to be omitted because without something to install there is no way to know that Windows Update is broken. Specifically, I chose not to install KB923789, an update to the Adobe Flash player. The post-SP3 patches that I did install were KB951748, KB951978, KB890830, KB951376, KB950762, KB950760 and KB942763. One of them broke Windows Update.
For the fix to Windows Update see Fixing Windows Update on XP SP3
See a summary of all my Defensive Computing postings.
The day Windows XP SP3 was released I advised waiting a long time before installing it. In the three months since, I haven't installed it on a computer that mattered to me. Today, I installed it on a computer that didn't matter much, and it caused a problem. So, I tried to take advantage of the free tech support Microsoft offers for SP3 - and got a lesson in fine print.
The computer shipped with Windows XP SP2 and some vendor utilities installed. It was a good guinea pig for SP3 because there were no user-installed applications and no user-created data files on the machine.
I downloaded and installed SP3 without incident. Then I rebooted and ran Windows Update again to get the latest patches. There were a handful of recent patches, and I installed all of them except for Internet Explorer 7. This too went fine and I rebooted again, little knowing the grief that awaited.
Back to Windows Update to install IE7. As you can see below it found another patch too.
Now however, Windows Update can't install either the patch for the .NET framework or IE7. It politely says that "Some updates were not installed".
Under the error (see below), it says to try again. So I did, but that didn't help. I tried one at a time, but that didn't help either. I rebooted, to no avail.
So I called Microsoft (866-234-6020) hoping to get some of the free tech support for XP SP3 mentioned here. But I didn't qualify.
The free support is for "installation and compatibility". In my case SP3 installed fine so I don't qualify there. And compatibility doesn't seem to include SP3 being compatible with Windows Update.
No Free IE7 Tech Support Either
While on the phone with Microsoft, I have an idea. Because of the problem, I couldn't install Internet Explorer 7 and Microsoft offers free tech support for IE7 too. This page clearly refers to "Free Internet Explorer 7 installation and set-up phone support".
Switching from asking for XP SP3 support to asking for IE7 support stumped the person I was speaking to, and I had to wait on hold while he got a ruling from the judge. Again, I didn't qualify.
Despite the offer of free installation support for IE7 and despite the fact that I couldn't install IE7, the Microsoft person explained that since my problem was really with Windows Update, I didn't quality for the free help.
The patch for the .NET framework did me in. Since it also wouldn't install, this pointed the finger at Windows Update rather than at IE7. Adding insult to injury, Windows Update created the need for this patch by installing the known buggy Service Pack for the .NET framework in the first place, a situation I wrote about back in April (see Don't get burned by Windows Update).
Lawyers reading this, must find it a hoot. Internet Explorer 7 is installed with Windows Update and there is free telephone support for installing the product. But if Windows Update is the problem, no free support.
After hanging up, I tried Microsoft Update instead of Windows Update, but it failed in the same way. When turning off the machine, automatic updates tried to install a patch, but that failed. At the next boot, automatic updates wanted to install both IE7 and the patch for the .NET framework. I let it try, but it failed in the same way. At the next shutdown, Windows again tried to install a patch. It's confused.
Microsoft offers free tech support for Windows Update too. But that's not on the phone, only by email. I went down that route, filling out the necessary forms and accumulating the required data.
I don't expect it to lead anywhere. For one thing, as you can see from the screen shots above, there is no error code, just a generic warning about "a problem". I checked the event logs and there were no error messages there either. Debugging errors without an error code is really hard, especially by email.
I think it's time for some more Linux postings.
Update: July 22, 2008: This was not a fluke, it happened again on another machine.
See a summary of all my Defensive Computing postings.
My last couple postings were about a bug fix for Windows, that I think is best avoided. Dealing with this particular fix, raised the issue, for me, of how to best deal with installing all patches, from a Defensive Computing standpoint.
I spent 10 years in the mainframe world administering to DB2 databases. The conundrum with installing patches is the same on mainframes as with PCs. Should you install every bug fix as soon as it's released or should you hold back a bit? And, if you do hold back, for how long?
The problem, in both environments, with installing bug fixes ASAP is that some will inevitably cause more problems than they fix. And when they do cause a problem, it may be a biggie, because a work-around could be days away. The problem with holding back, again in both environments, is how long to wait until you are reasonably sure that a patch won't break something accidentally. Do you install bug fixes a week after they were released? A month? Two months?
Mainframers have some advantage over Windows users when it comes to installing patches.*
For one, they can opt to not install patches until they "ripen" (my term). Assuming, for example, that patches are released monthly, a mainframe administrator can, if they want, install March patches in May and April patches in June. Windows/Microsoft update has no such date-oriented feature.
Another advantage is that mainframe patches are usually overseen by someone expert in the software being maintained. That is, a DB2 expert reviews the DB2 patches and can decide to omit some, if for example, they apply to features not being used. Likewise, patches for the operating system (z/OS) are typically reviewed by an expert in the OS before being applied. Needless to say, most PC users can not evaluate for themselves whether a particular patch is really needed or not.
Patching for non-techies
So, what should non-technical PC users do?
There is no one right answer. If non-techies install patches as soon as they are released, they are the least qualified to deal with problems caused by buggy patches. Yet, leaving their computers vulnerable to newly discovered bugs is risky too.
Many people recommend that non-techies let Windows automatically install patches as they are released. To recommend this is to trust Microsoft a bit more than I do. But, if the computer is used for non-essential things, and being without it for a period of time is no big deal, then installing patches automatically is the way to go. If the computer in question is used by children a lot, then again, installing patches immediately is probably the best approach.
But, some non-technical users make their living using a Windows computer, and they can't take the risk of a buggy patch causing a problem for which a fix may be days away. These people are probably better off waiting until a computer nerd can assist them, even if means being vulnerable to a newly discovered bug.
Patching For Techies
If you have the technical skill and the inclination, then I suggest turning off all the automatic processing offered by Windows/Microsoft Update. Don't even let it check for updates without downloading them. On top of this, I would also disable the underlying Automatic Updates Windows service (In XP, Control Panel -> Administrative Tools -> Services).
Once a month, I would enable and run Windows/Microsoft Update manually, then immediately disable it again.
When to run it? Installing patches a few days after Patch Tuesday gives Microsoft time to fix or withdraw any patches that caused widespread problems. Sometimes patches can be easily un-installed, but not always. Unless you make a disk image backup beforehand, I'd be very wary of installing patches on Patch Tuesday.
The classic trade-off has always been between security and convenience. Manually running Windows Update once a month is, admittedly, a nuisance.
To run a completely disabled instance of Windows/Microsoft Update in XP, you start by enabling the Automatic Updates service. This requires both setting it to start Automatically (note that it must be set to an "Automatic" startup, for some reason "Manual" is treated the same as disabled) and then manually starting it. Then run the update, selecting "Custom" rather than "Express" processing (see above). Before shutting down Windows, stop and disable the Automatic Updates service again. The Background Intelligent Transfer Service can be left at Manual startup at all times.
Disabling the Automatic Updates service has two added benefits. The minor one is that it enables XP to start up a bit faster.
The major one is that it also helps to protect you from Microsoft, which last September, forced updates on computers that were configured not to be automatically updated. I blogged about this at the time, see Windows is spyware and Defending yourself against Microsoft. I also recommend reading the September 13, 2007 edition of the Windows Secrets newsletter, specifically the lead article by Scott Dunn, Microsoft updates Windows without users' consent.
On a related note, as I wrote in April, Windows XP users should not be in a rush to install Service Pack 3. In fact, if someone suggested installing SP3 soon after it was released - don't take advice from them in the future. The problems that cropped up after its release were as predictable as the sun rising in the morning and the benefits are, by all accounts, minimal.
Patching Other Software
But what about the tons of other software, besides the operating system, that also needs to be patched?
In the Windows world this is a mess, if not a disgrace. Every software company re-invents the wheel when it comes to updating their software.
I'm not a Mac person, but I believe the situation is basically the same there, Apple's equivalent to Windows Update only updates Apple software. Linux has great potential in this area but I'm not familiar enough with it to judge if the potential is being realized. I do know that a number of Linux distros resisted my attempts to figure out how to update software. At least Windows Update is simple as easy to use, even in manual mode. Recently, a copy of gOS running a new computer totally refused to update anything and the error messages were of little help.
Macs and PCs will always be unreliable without a single patch delivery system for all the installed software.
In the meantime, some businesses make due with assorted commercial products that install patches to a wide range of software. A large computer company has home-grown software for doing this on the machines of employees. Home users have the Secunia Online Software Inspector; flawed though it is, you're much better off using it than avoiding it. FileHippo has a free update checker for Windows machines, but it is in beta test and requires .NET framework version 2. CNET offers VersionTracker, but it is not well rated by the 387 users that rated it.
In the long run this argues for Software as a Service, if for no other reason than, as in the mainframe world, experts oversee the patch process rather than normal, non-techie users. It may also lead to some type of virtualized desktop, again, motivated by the need to increase reliability by controlling software installations. Personally, I'm a huge fan of portable applications, that is, software that can run without being installed (www.portableapps.com has a great collection). And while I'm not a big fan of software like GoBack to rollback system activity, it may justify itself by being able to undo any software installation, be it a patch or not.
Personal computing is a young field and the way patches are handled, shows all too clearly that this is still the Fred Flintstone era.
*NOTE: What Windows people refer to as a "patch" or "update", mainframe people refer to as a PTF - Program Temporary Fix.
See a summary of all my Defensive Computing postings.
As I wrote a couple days ago, Microsoft released a new bug fix, KB932823, on May 28th which seemed suspicious for a number of reasons.
For one thing, the patch was released at the end of the month instead of Patch Tuesday. It turns out, according to a company spokesperson, that Microsoft releases patches twice a month, not just once a month. "While we release security updates on the 2nd Tuesday of the month, non-security updates are usually released either the 2nd or 4th Tuesday of the month." Who knew?
Since KB932823 is not a security related patch (terminology: "updates" means "patch" which in turn means "bug fix"), it doesn't show up in the list of latest security patches. The Microsoft spokesperson was unable to find a web page that explains or documents the fourth Tuesday bug fix schedule.
Still, this particular bug doesn't strike me as high priority, so I wouldn't install the patch. As I wrote previously, there are two workarounds, and according to Microsoft, the problem only "occurs if the Japanese Input Method Editor (IME) is the default keyboard layout."
The Microsoft spokesperson added that the problem only occurs on multi-core machines. So why was my English-only copy of XP running on a single-core processor offered this patch? Doesn't inspire confidence.
In addition, the problem also occurs on Windows Server 2003 where it is considered a "hotfix" rather than a critical bug. A hotfix is a bug fix that not only doesn't get installed automatically, you can't even download it. Instead, you have to call Microsoft and convince them you need it. For Windows Server 2003, Microsoft says:
Apply it only to systems that are experiencing this specific problem ... if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.
In other words, the patch status on Windows Server 2003 is totally opposite from that in Windows XP. Strange.
I also checked the IE blog and the IE home page at Technet. Neither said a thing about this bug fix.
Another Microsoft spokesperson noted that this patch also applies to the Media Center Edition of XP. They said, "Media center is just a variant of Windows XP so all fixes that apply to Windows XP Pro apply to Media Center Editions. Windows Update handles this automatically by delivering the correct version of the fix."
In addition, they pointed out that KB932823 applies to both 32 and 64 bit versions of Windows XP. Quoting: "The x64 version of Windows XP uses the Server 2003 version of the fix - this is true for all x64 XP fixes. Windows Update handles this automatically by delivering the correct version of the fix. (However, only WinXP x86 fix is available from the Microsoft Download Center. Customers who want the fixes for ... Windows XP x64 need to contact Microsoft to get the fix.) "
If you have Windows/Microsoft Update set to operate automatically, then you can't pick/chose the patches to install. Next time, some thoughts on dealing with Windows/Microsoft Update.
Update June 2, 2008: Added comments from second Microsoft spokesperson.
See a summary of all my Defensive Computing postings.
For some reason I felt the need today to run Microsoft Update (big brother to Windows Update) on my Windows XP computer. No particular reason, just felt it in my bones, even though I had run it recently after installing the Word viewer. Sure enough, it found a missing bug fix. It thinks the bug fix is critical, me, I'm not so sure.
Anyone who runs Windows Update manually, as I do, knows not to trust it all that much. It has, for example, found missing patches for software that was not installed. In April, I blogged about how Windows Update installed software with known bugs, converting a secure computer into an exploitable one.
This particular bug (a.k.a. KB932823) doesn't seem at all critical. The sole extent of the problem (see You may be unable to use Windows Internet Explorer 7 to download files on a computer that is running Windows Server 2003 or Windows XP) is that Internet Explorer 7 may not download a file when requested to do so. Here is the problem symptom, as described by Microsoft:
"You may be unable to use Windows Internet Explorer 7 to download files on a computer that is running Windows Server 2003 or Windows XP. For example, after you click Save in the File Download dialog box, the file is not downloaded."
In other words, it's not a security related thing at all.
And, there are two workarounds. One, provided by Microsoft in the problem description, involves configuring Advanced Text Services. The other is simply running another web browser.
The patch for Windows XP was released May 28th, but the problem description was last reviewed 2.5 months ago. I searched Microsoft's website and found nothing new written about it. Microsoft tracks the latest security updates here. It was last updated May 13th and says nothing about the release of KB932823 on May 28th. The Microsoft Update Product Team blog also says nothing about this bug fix. Not exactly a hot item.
Microsoft releases patches once a month, on what us nerds call Patch Tuesday. For a bug fix to be released immediately, as opposed to waiting for the next Patch Tuesday, it has to be the most critical of the critical. Doesn't happen often. And, apparently, should not have happened now. By all measures, this is a trivial dinky problem.
Still, why not just let Windows/Microsoft Update install the patch anyway?
For one thing, any time you install software you are taking a risk. That Microsoft released this as an immediate critical patch makes it fairly obvious they don't have their act together, so I would trust this patch even less than normal.
And, there have been reports that this patch has caused problems (here and here and here). Then again, these problem reports have to be taken with a grain of salt, unless you know the people reporting them.
The bug, it seems to me, is with Windows/Microsoft Update, rather than with IE7.
Update June 2, 2008: See More about patch KB932823 for more on this.
See a summary of all my Defensive Computing postings.
NOTE: Microsoft says the bug applies to Windows XP Home and Professional, but doesn't bother to state if it is the 32-bit or the 64-bit editions or both. For Windows Server 2003, which is also affected by this bug, they do clearly make this distinction. And, Microsoft does not say that the bug applies to the Media Center Edition of XP - almost every bug for XP Home and and Professional also affects the Media Center Edition.
Not everyone wants to, or can, pay for a copy of Microsoft Office. Some of us, instead, chose to run free software that competes with Office, such as Open Office or Star Office or IBM's Symphony.
As a user of Open Office, I can attest that it's formatting of Word documents is far from perfect, and, there is no way to know how good a formatting job it is doing on any particular document. To get perfect rendering, I also use the free Office viewers that Microsoft provides for Word, Excel and PowerPoint. You can download them at microsoft.com/downloads (select "Office" in the left side column).
Despite the name "viewer" these programs also let you print Office files and copy data into other applications. The viewer programs are supported on Windows XP, Vista, 2000 and Server 2003.
The most popular viewers are those for PowerPoint 2007 and Word 2003. The Word 2003 Viewer, like Word itself, can read documents from earlier versions of Word.
The latest Word viewer, released in September 2007, is simply called the Word Viewer, with no version number at all. It's nice to be a monopoly. You can think of the latest Word Viewer as the Word 2007 Viewer since it lets you view the new .docx and .docm file formats. However, to get this functionality, Microsoft also requires that you install the Office Compatibility Pack.
The latest Excel Viewer, released in January 2008 also has no associated version number. A screen shot is below. I haven't used it much, but have noticed that it doesn't let you resize columns.
In part, this posting was prompted by a recent question at ask-leo.com - Do I need MS Office updates if I only have the viewers? The answer is yes, but Windows Update doesn't cut it. Just like with the real Office software, bug fixes to the viewers are detected and installed with Microsoft Update. The Word 2003 Viewer was released in August of 2005 and needs quite a few patches as shown below.
Office documents have often been booby-trapped with malicious software, so be sure to run Microsoft Update after installing any of the Viewer programs.
Many of the Word documents that I'm sent don't need to be edited, only viewed. If that's the case for you too, you may be able to save the cost of Microsoft Office by combining free Office software with the free viewers.
See a summary of all my Defensive Computing postings.
It's the very definition of irony: bugs in the application designed to install bug fixes. Such is Windows Update, which in the two instances described below installs known buggy software--and tells you that all is well when it is not.
Installing IE7
I use Firefox for pretty much everything, so my main desktop and laptop (both running Windows XP) still had Internet Explorer version 6 until recently. I also run Windows Update manually, so keeping IE 7 off my machine involved nothing more than unchecking a box once a month. But now that IE 7 has been out for roughly a year, and I'm addicted to tabs, I finally got around to installing the browser.
Since I was up-to-date on bug fixes, IE 7 was the only thing Windows Update had to install. The installation process includes the option shown below about installing "the latest updates for Internet Explorer," which I did. All went well, at least according to Windows Update.
The first thing I noticed afterward was that IE 7 turned on the language bar toolbar on the task bar. It doesn't take up much room, but I have no interest in the language features and the fewer things running the better.
To get rid of the language bar, go to the Control Panel, click on Regional and Language Options (the globe), then click on the Languages tab, then the Details button, then the Advanced tab. Finally, put a check in the box to "Turn off advanced text services".
All seems well at this point, but it's not. A critical bug fix having to do with something called VML is missing. The fix goes by the names KB938127 and MS07-050 (see Critical Vulnerability in Vector Markup Language Could Allow Remote Code Execution) and dates back to August 2007. Yes, Microsoft has had eight months to make Windows Update smart enough to install this critical bug fix when it installs IE 7. Or, at the least, warn us to run Windows Update again. But no, it instead installs known buggy software.
.Net Framework Version 2
The same thing happens when you install version 2 of the .Net framework. There are three versions of the .Net framework, and all are optional--until, that is, you try to install software that requires it.
Again, I started with a Windows XP system that was up-to-date on all bug fixes and installed nothing but version 2 of the .Net framework using Windows Update. As before, I ran Windows Update manually (Tools -> Windows Update in IE) and opted for a Custom install. All went well, and I rebooted afterwards, just for good luck.
Though all seems well, I ran Windows Update again. Sure enough, the just-installed .Net framework needed updating. And not just one bug fix; it was missing an entire service pack (KB110806). Installing the service pack was uneventful other than the required reboot.
Back to Windows Update and, finally, everything is up to snuff.
There is no excuse for a software update application, such as Windows Update, to install known buggy software. No excuse, but there is a reason: either incompetence or a corporate laziness that sets in when a company is not challenged in the marketplace. I am not sure which applies in this case.
See a summary of all my Defensive Computing postings.
Yesterday I wrote that Windows is malware. I said this because:
Microsoft can and will update your copy of Windows whenever they feel like it, regardless of your wishes. And, they feel no obligation to tell you what they've done. Your computer is just a zombie to them.
Defending yourself against Microsoft involves turning off automatic updates and that's what this posting is about.
At first glance, turning off Automatic Updates seems simple enough. In Windows XP, you go to the Control Panel, then System, then the Automatic Updates tab and click on the radio button to turn off automatic updates (as shown below). But Windows is lying to you, simply doing this does not turn off Automatic Updates.
The thing that actually installs bug fixes is a component of Windows called the Automatic Updates service. A service is a computer program that runs in the background, so you're not aware that it's there. You may not even see it listed on the Processes tab of Task Manager. A single instance of the svchost.exe process hosts from one to many different services.
Windows consists of many services, the XP machine I'm using to write this posting has over 90. Some services directly translate to a visible feature of Windows. For example, if you have ever used Windows to configure a WiFi connection, then you've been communicating with the Wireless Zero Configuration service. The Automatic Updates service is the one that handles patches to Windows. The name sounds better than the Automatic Bug Fix Service, but that's what it is.
At any point in time a service is either started (on) or stopped (off). A computer that does not use WiFi, for example, should have this service turned off since it won't be needed.
When Windows starts up, it turns on some services and does not turn on others, depending on an attribute of the service called the Startup Type. If the Startup Type is Automatic, the service is automatically started when Windows boots. If the Startup Type is either Manual or Disabled, the service is not started.
A Manual service can be started by another service on an as-needed basis. A Disabled service can not be started until the Startup Type is changed to either Manual or Automatic.
When I said earlier that Windows is lying to you, I meant that even when Automatic Updates are turned off in the Services applet in the Control Panel, the underlying Automatic Updates service remains on. This is why Microsoft can update your computer whenever they feel like it.
To defend against the Borg Microsoft, disable the Automatic Updates service.
In Windows XP, go to the Control Panel, then Administrative Tools, then Services. You'll see a window like that above, listing each service, its current Status and Startup Type. A blank status means the service is not running (off), a status of "Started" means that it is (on). Get the properties of the Automatic Updates service and change the startup type to disabled (see below).
Interestingly, disabling a service does not stop it, if it's already running. If you want, you can also stop the current instance of the service, but the more important point is that the next time Windows starts up, it will be off. And it will remain off/disabled until you manually change the Startup Type.
But, sometimes you want to install Windows bug fixes.
To do so, you need to change the startup type of the Automatic Updates service to Automatic and then start the service. Interestingly, the Windows Update web site will not function if the Automatic Updates service is running but the startup type is set to Manual. Microsoft really wants this service running all the time. I wonder why.
When you are done installing bug fixes, stop and disable the Automatic Updates service until next time. Note that the Background Intelligent Transfer service is also required for Windows Update to function, but it works fine, in Windows XP, with a Startup Type of Manual.
Interestingly, this has always been my advice for dealing with automatic updates. At first, my opinion was based simply on the fact that I prefer to run Windows Update manually, so there is no need to have the Automatic Updates service running. Then, my opinion was strengthened by a bug in the Automatic Updates service that caused the poor processor to run at 100% usage rendering your computer slow as molasses.
And now this.
Update: September 16, 2007. Clarified the point that disabling a running service does not stop the current instance of that service.
- prev
- 1
- next
