I recently reformatted a badly infected PC for a customer. It had a number of nasty trojans, plus some files with broken digital signatures. After reinstalling Windows Vista plus the 100 or so updates, and restoring her documents, I returned the PC.
I always try to advise customers on how to protect themselves online, as so much malware is now a “wolf in sheep’s clothing” masquerading as some useful piece of software. “Honest guv, I will speed up your pc, plus give you virus protection, make you lots of money and even bring you regular cups of tea” (well ok, not that.)
As part of this advice, I advise customers to remove software they no longer need, such as RealPlayer, Java, Shockwave, a gazillion toolbars etc.
Startlingly, during the course of my conversation with my customer, she starting telling me how she had removed all those surplus Microsoft Updates, as they were years old, and she doesn’t use them! I had to explain how they are vital for her protection, but it never occurred to me that this could make sense and there is a certain logic to it. The average user just installs the updates automatically without ever needing to understand these updates fix security holes in Windows.
What is the solution to this? Microsoft can’t prevent users from uninstalling updates, as updates can cause other programmes or entire systems to crash or cease working. As much as I dislike the “are you sure?” and “are you really, really sure” type of dialogues, perhaps a sterner warning before uninstalling critical updates is needed.