display | more...

Prevent viruses, worms, etc when using Windows Update the first time

Many critics of Windows XP (and Windows 2000, and any version of Windows that uses Windows Update) say that connecting to the Internet to use Windows Update immediately exposes it, and all of its unpatched bugs, to exploitation within about twenty minutes.

While that's not far-fetched, given how many worm-ridden machines are run by irresponsible lusers, there is a very simple way to avoid exploitation while using Windows Update.

  1. If on broadband (Cable modem or DSL), buy a hardware firewall.
    Most Internet sharing devices have built-in firewalls that act as one-way doors to the Internet. You can go out to the net, but people on the net can't get back in. For less than $100.00 (Canadian, one time) you can get better protection than any "software firewall" can provide, and without renewing subscription costs. Even for a single computer, it's well worth the investment.
  2. If on dial-up, turn on the built-in Internet Connection Firewall on your dial-up connection.
    Windows XP as first released comes with a silent firewall program already installed. Make sure you turn it on! Sadly, AOL dial-up users can't use it.
  3. Use Windows Update Only until it says it's done.
    Don't do any production work, don't check e-mail, don't surf any other web sites, until Windows Update tells you that you don't need any more critical updates.

That's it, really. Get behind some kind of firewall and patch your system first. After that, start using the tools included in Windows XP, such as Automatic Updates, to let the system keep itself updated.

Other routine precauctions include: Use the hardware firewall at all times, create a Limited User account for yourself and do your production work there, stick with applications and devices Designed for Windows XP, and (as The Register is fond of saying) wear a regulation tinfoil hat.