The first thing you should do is slipstream the latest Service Pack into your Windows installation media. Having SP4 automatically installed as part of the OS would cut off a third of your listed download size. I haven't run into a situation where I could test it, but this should also avoid issues on systems that have pre-SP incompatibilities. And everyone knows that a clean install is better than an upgrade, right? I don't have any hard data, but it follows that having the SP4 versions of files installed during setup is better than installing the old ones, then replacing them with newer versions.

Second, use Auto Update. It uses the BITS service to download updates only on unused bandwidth. Maw and Paw can be downloading the latest updates while they're reading a webpage (after they've finished downloading the page, the modem normally isn't actually doing anything while they're just viewing the content). If you don't trust Microsoft, get someone with a good connection to set up a SUS (http://www.microsoft.com/windowsserversystem/sus/) server. It's basically a local copy of the Windows Update system, serving up Windows critical patches. With Auto Update, the user doesn't have to worry about checking for new patches, and the actual downloading of all those patches shouldn't interfere with their usage of the system.

AV programs are similar, in that many can be set to autoupdate. At least some of them are using "delta" or "differential" technology, where only the differences are downloaded. Rather than download a whole 5MB virus definition every day, it downloads only the 100KB of changes. Microsoft is planning to use this in upcoming patches too, which should help decrease their patch size.

http://www.microsoft.com/technet/security/CurrentDL.aspx lets you search for updates. You can list all patches for a certain OS since a certain SP, excluding all the ones that have been replaced by newer fixes. This is great for creating a "patch CD" just for situations like you described. Download and burn 30 patches to a CD, slipstream SP1 into your XP install, and the OS is fully patched before you even get online. It can be a pain to manually install them, but it's faster than using a modem, and it even works on systems that don't have an internet connection. Along the same lines, I try to put a copy of a recent AV updater on any CD I make, as well as any other updaters I think I may need. Since some things are using differential updates, even just having a newer update installed (a month old instead of the original three year old program).

Once you get over the initial hump, keeping up with patches isn't that bad, as long as you do keep up with it. This is coming from someone who was on dialup (max of 49k) until just last summer. I did take advantage of faster connections and free MS CDs for getting copies of big patches (Service Packs, full IE installs, etc.), but I kept up with the standard Windows and AV updates via my modem no problem. My less-than-savvy parents are still on dialup, and their PC always has the latest McAfee defs and critical Windows updates whenever I check, thanks to decent autoupdate programs.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/230/25577#25577