Is updating Windows important?

  jz 22:04 20 Oct 2005
Locked

I work in a medium-sized technology company which has around 500 employees, and an IT department. All PCs are networked on a domain, and internet access is via a server with a hardware firewall. Various version of Windows are used on different PCs - NT, 2000 and XP professional. The Windows software is never updated on most PCs - Turning on automatic updates doesn't result in updates gettin through on the four PCs that I've tried it on (I assume that the server or hardware firewall blocks it).

I once asked someone in the IT department about this, and he said that although applying regular updates to Windows is a good idea in principle, it can sometimes cause problems. It sounds like a disaster policy to me (although I'm don't have good IT skills, so may not be a good judge). Having said that, virus problems are rare - we all have AV software on our PCs. We don't have firewalls on each PC (except for maybe the XP ones since XP has its own firewall, although I don't know if they are enabled).

So... in a corporate enviroment, does a hardware firewall give sufficient protection such that updating Windows regularly is not essential? I ask this out of curiosity...

  spuds 22:36 20 Oct 2005

The only reply that I can give,is the fact of recent reports that some of the updates are causing more problems than solving them.

  jz 22:42 20 Oct 2005

"some of the updates are causing more problems than solving them"

Yes, I suspect that that's why the IT guy (who seemed pretty clued up) wasn't keen on getting Windows up-to-date on all the PCs - support calls would be very time-consuming for the IT department, perhaps far more time-consuming than sorting out problems caused by not keeping Windows up-to-date.

I had a look on the Microsoft website a few weeks ago, and they strongly recommend that all PCs in a corporate environment are kept updated.

  Chegs ® 23:20 20 Oct 2005

The reason MS offers updates is to patch security holes in their OS.Not getting them will result in bigger hassles from running an insecure system,not less.The patches rarely cause agro,not getting them nearly always causes agro.Go figure.

  VoG II 23:29 20 Oct 2005

Obviously an 'IT Guy' is not universally the same.

All of our PCs are now on XP and set to receive automatic updates.

  jz 23:36 20 Oct 2005

Thanks for your comments.

"The reason MS offers updates is to patch security holes in their OS. Not getting them will result in bigger hassles from running an insecure system"

Is that true when you're behind a hardware firewall and a server? Can things still get in? I'm assuming that their server is patched.


"All of our PCs are now on XP and set to receive automatic updates"

Sounds good, but some of our PCs are low-spec (Pentium II 266MHz) so I guess that moving to XP professional would be expensive, both for hardware and software (XP professional). How many PCs does your company have, out of interest, VOG?

  Forum Editor 00:53 21 Oct 2005

on matters of IT strategy, and my advice on this aspect is always the same - that Windows desktops should be kept updated at all times.
By 'updated' I mean that a structured policy of updating is in force, one which allows for the exclusion of any update which is known to cause problems in a given set of circumstances. Sometimes I'm consulted about specifics, but more often the in-house IT people will make themselves aware of any problems, and act accordingly. Support calls to MS should be rare if IT departments are on the ball.

Hardware firewalls are not always as effective as people think - in some cases a software firewall can be just as useful - and nobody should make the assumption that because a network sits behind a firewall all the desktops are safe; complacency has no place in a network admin context.

Leaving your desktops without up-to-date security patches will make your entire network vulnerable, and a life in IT teaches you one thing above all others - if a problem can happen it eventually will happen. No IT professional feels happy living with the possibility of a network that's unnecessarily exposed, and I'm sure that your IT guy is no exception - he'll know the risks, and he'll weigh the probabilities. The people who manage the business have a choice - to trust his judgment or over-rule him.

  Chegs ® 00:57 21 Oct 2005

I have a 233Mhz PC,it still got updated with patches.(its running 98se)

If the PC's are able to access the internet,then yes stuff will still get in.Firewalls do not stop trojans/malware,etc.

  jz 21:11 21 Oct 2005

FE: sounds like very good advice to me. I guess that it's tricky for them to have a structured policy when they have so many different PCs, and five different operating systems (NT, 2000, XPpro and a few 95 and 98).

I've worked there for nine years now, and to my knowledge, and the only major problem they've had was the I LOVE YOU virus, but I think that that wasn't caused by unpatched PCs.

  Dorsai 21:56 21 Oct 2005

Yes.

  Forum Editor 23:08 21 Oct 2005

was a case of I LOVE YOU they have been exceptionally lucky, or exceptionally efficient. If it's the former they are living on borrowed time, if it's the latter you have absolutely nothing to worry about.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

8 brilliant character artists speaking at Pictoplasma 2018

iMac Pro release date, UK price & specs

Football : comment regarder la Ligue 1 en direct ?