• Illustration: Protect Your PC Services

Microsoft has released a CD containing security updates for client versions of its Windows OS, primarily to help users with slow network connections get the security patches they need. By eliminating the need to download many patches, the CD makes it easier for customers to update their Windows software, which in turn makes their PCs less of a threat for other users. However, without an ongoing program to update and distribute this CD, users connected by slow links could continue to be vulnerable.

CD Supports Consumer Security Push

The "Microsoft Windows Security Update CD February 2004" can be ordered at no cost. It contains two CDs, one with security updates for Windows and one with a trial version of Computer Associates "eTrust EZ Armor LE" antivirus, firewall, and e-mail protection software. The CD is already somewhat out of date, as it only contains updates released as of Oct. 2003, despite the fact many updates have been released since that date.

The CD is part of Microsoft’s Protect Your PC program. This program encourages end users to maintain a properly configured firewall, keep software patched, and keep antivirus software signature files current. The program also provides a Web service to check the security settings of computers and offer step-by-step instructions for users to follow to increase the level of protection. (See the illustration "Protect Your PC Services".)

First in a Series?

Although distributing the CDs will help users without a broadband connection improve their security, it does not appear that Microsoft will update this CD or continue to distribute newer versions in the future: a spokesperson called it a "one-off" product, even though the date in its name suggests that the company might release similar CDs with later dates on them. Instead, Microsoft appears to hope that advances slated for later in 2004, such as smaller patches, Automatic Update clients that will download patches in the background, and the new Microsoft Update site, will make it feasible for all users to keep their computers current even if they have only a dial-up connection.

However, if these improvements aren't enough for users with slow links to keep their PCs patched, those PCs will continue to be vulnerable to viruses and worms that can launch distributed denial of service (DDoS) attacks and propagate to other computers. Consequently, Microsoft might need to issue security update CDs like this one on a regular basis.

Resources

Customers can order the Security Update CD from www.microsoft.com/security/protect/cd/order.asp.

The main Microsoft Protect Your PC campaign site is www.microsoft.com/security/protect.

Computer Associates eTrust EZ Armor is described at my-etrust.com.