Network News

X My Profile
View More Activity

Windows Vista Service Pack 1: Not for the Impatient

Microsoft has released a bundle of security and stability updates for Windows Vista users. What follows is a long-overdue primer on this package of goodies from Redmond known as Service Pack 1.

While some peoples' experience with Service Pack 2 for Windows XP may have left them feeling wary about installing this package, I haven't heard about SP1 causing any major problems for Vista users. Most Vista systems probably will be better off -- security- and stability-wise -- with this rollup than without it, for the reasons I describe below.

One reason I haven't heard of any problems with SP1 may be that few people have yet to install it. Following all of Microsoft's instructions for prepping a system to receive SP1 can be extremely time-consuming, and even more so for a subset of Vista users who have certain incompatible hardware drivers installed on their systems. As a result, it's likely that a large portion of Vista users simply won't bother with this service pack, at least for now.

Strictly speaking, Vista users who are staying up-to-date with security patches from Redmond don't have to install this update, as Service Pack 1 includes all of the security patches Microsoft has released for Vista since first shipping the operating system more than 14 months ago.

While this service pack does include other security enhancements, it seems oriented more toward fixing problems that users have most frequently reported about system crashes, slowness or other buggy system behaviors.

Many of the security features of SP1 are designed specifically to enhance the security of Vista installations in a corporate environment, but one portion from Microsoft's description of what's included in the service pack bears highlighting. Microsoft says that in addition to offering a rollup of all security patches released thus far for Vista, SP1 includes security improvements that came from taking a second look at areas of the operating system that have been found to be the source of vulnerabilities so far.

"SP1 includes Secure Development Lifecycle process updates, where Microsoft identifies the root cause of each security bulletin and improves our internal tools to eliminate code patterns that could lead to future vulnerabilities," Microsoft stated in a paper documenting the Vista changes introduced via SP1.

Microsoft says SP1 provides for faster file copying (25-50 percent faster, Microsoft claims) and decompression, as well as better handling of large files. The company said SP1 also addresses the most commonly reported causes of operating system failures or program crashes. Other changes include new protections to help prevent data loss while ejecting certain types of removable media, and more stable and reliable networking in Vista. A full list of the hundreds of hotfixes, drivers, etc. included in SP1 are at this link.

Here's what you should know before you install SP1. Microsoft recommends users fetch the service pack using Windows Update (a 65 megabyte file for most users), but anyone who needs to install the update on multiple computers can download a standalone installer (>450 mb).

Microsoft says that for Windows Update and stand-alone installations, the SP1 setup program automatically creates a system restore point before the installation of SP1 begins (system restore backs up critical system files). But Redmond suggests that Vista users "may want to back up any user data before you begin installing SP1." Vista includes a backup utility called the Backup and Restore Center that allows you to back up certain files or make a complete backup image of the hard drive where Vista is installed.

But before you try to download and install SP1, Microsoft says it's a good idea to check to make sure there are no corrupted files on your computer. To accomplish this, run the Check Disk and System File Checker utilities by doing the following:

1. Open a Command Prompt window (click the Start button, type command in the Start Search box, right-click Command Prompt, and then click Run as administrator).
2. Run the following command (assuming that C is the system drive): chkdsk c: /F
3. After the command in step 2 completes, type SFC /Scannow, and hit enter.

These two scans took about 10 minutes total to run on my machine, but then again I don't have a lot much more than the default Vista operating system files on my Vista PC, so the scans may take longer for Vista users who have other programs already installed.

Some Vista users won't receive notifications that SP1 is ready to install even if they've turned on Automatic Updates from Microsoft - and this was indeed the case with my Vista (Ultimate) PC. According to Microsoft, there may be several reasons for this. Among the most likely is that Windows Update will temporarily not offer Windows Vista SP1 to systems that have certain hardware device drivers that have shown to cause problems with SP1. Microsoft lists a bunch of these, which includes some pretty widely-deployed hardware drivers, including audio drivers Conexant HD Audio, Creative Audigy, and RealTek AC'97 (you can check for the presence of these driver files by searching for them by name, as listed in this advisory).

If you have one these incompatible drivers on your system, you can try visiting Windows Update again and checking if it has an update to address that specific driver problem. Non-security related updates are usually marked "optional." Alternatively, you can check the support pages of the hardware manufacturer's Web site to see if they have any updated drivers.

Microsoft says another reason SP1 may not be offered even though Automatic Updates are enabled is that there are previous updates waiting to be installed. While it may seem like it shouldn't matter (because SP1 supposedly includes the latest security updates), Microsoft says SP1 cannot be installed together with any other updates.

"It must be installed by itself. Therefore, if there are any pending updates on Windows Update, such as security updates, Windows Update will not offer Windows Vista SP1 until the updates are installed."

Turns out, Windows Update won't offer SP1 if you haven't installed all of the updates tagged by Windows Update as "Important" or "Recommended."

When I began researching and writing this post, I was already up to date with the patches that Microsoft released last Tuesday, but was wondering why I hadn't yet received a notice that SP1 was available. When I went back in to Windows Update, I was surprised to find that I still had some 16 "recommended" updates that were not yet installed (most were marked simply "Update for Windows Vista (KB######)".

About 15 minutes and a reboot later, I had the 16 updates installed and was ready to head back to Windows Update to see if it would offer me the service pack. It didn't. So, in the interests of completing this experiment, I decided to download the 445 megabyte SP1 installer and install it manually.

The installation Window told me that the process might take an hour or more. My installation took slightly less than an hour. No problems that I can tell after installing it. I didn't time it or anything, but my Vista machine does seem to be somewhat snappier than before, taking less time to respond to simple requests.

But for anyone who does run into problems -- before or after applying SP1 -- see the section marked "troubleshooting" in the "Windows Vista Deployment Guide," found here.

What about you dear Security Fix reader? Are you a Vista user who has updated to Service Pack 1? Or maybe you've chosen instead to hold off? Tell us about it the comments below.

By Brian Krebs  |  April 17, 2008; 11:15 AM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Security Updates for Firefox, Safari
Next: When Monetizing ISP Traffic Goes Horribly Wrong

No comments have been posted to this entry.

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company