Thursday, January 14, 2010

Why the need to reboot after updating Windows?

By Susan Bradley

Not so long ago, Microsoft promised that fewer Windows patches would require restarting the system to complete their installation.

Microsoft clearly hasn't delivered on that promise, so PC users need to take steps to ensure that they don't lose data due to unexpected post-update reboots.

Let's face it, we all hate rebooting. At best, rebooting requires that you start your work session over. At worst, if you've set Windows to update automatically, any open documents may close without giving you a chance to save your information.

In 2005, Microsoft started talking about a new restart manager to be built into Vista to ensure that fewer operating-system and application updates would require a reboot. In an Eweek interview at the time, Jim Allchin, former Microsoft co-president of the Platform Products and Services Group, boasted how much this technology would change the game.

But Microsoft's promises of fewer or no reboots were a lot of hot air. For example, let's look at Internet Explorer, although the same idea holds for any software you update.

When you update IE, the new software is written to disk. Any old code (such as dynamic link libraries or DLLs) already active in system memory usually remains untouched. Only when you restart do you flush out all the old code and load the new, updated software from your hard drive.

This is why in my experience, virtually all IE patches still insist on a reboot. Without a restart, you're still running the old code that contains whatever flaw the update was designed to correct.

And don't think that using Firefox gets you a pass on these updates: You have to update Internet Explorer because Windows uses IE for many other purposes. Thus malware can still reach your system through IE whether you open the program or not.

Predicting whether an update requires a reboot

Patches whose installation requires a restart are normally released by Microsoft only on the second Tuesday of the month (Patch Tuesday). However, Microsoft also distributes updates on the fourth Tuesday of the month. This is where the water gets muddier.

The descriptive text accompanying these updates states only that a reboot may be required. In these cases, some machines will need to reboot to complete the update installation, and some won't, but there's no good way to tell in advance.

Even Windows 7 is annoyingly vague in stating its update-reboot requirements. On my Win7 test machine, I reviewed several recent randomly chosen updates to determine whether the patches demanded a reboot. Each update used the vague wording that it "may" require a restart.

* KB976098 patches Win7's Date and Time applet and didn't need a reboot, even though the update indicated that it "may" need one.

* KB890830 for the Malicious Software Removal tool also didn't need a reboot but stated that one "may" be required.

* KB974431 is a monthly compatibility update normally delivered on the fourth Tuesday; it did require a reboot.

* KB975467 and KB974571 are security updates that forced a restart to complete their installation.

* KB976325 is an Internet Explorer 8 patch that — to my amazement — didn't require a reboot, although both the update itself and the related MS security bulletin MS09-072 warn that one may be necessary. (See Figure 1.)

Windows Update restart warning
Figure 1. The message accompanying some Windows updates warns that a restart may be required, but there's no good way to tell whether one will in fact be necessary.

Confused? As Ms. Palin would say, you betcha. The uselessly vague fudge-phrase "may need to restart" leaves you guessing. What's the story, Microsoft? I asked the company to clarify but haven't yet received a response.

Until we have clear word from Microsoft as to when reboots are truly required, it's generally wise to reboot after installing any Windows patches. It's the only way to be sure that all old code is flushed out of active memory.

Note that Windows XP lacks the restart manager and thus doesn't support "hotpatching." That's why reboot nags are so common on XP machines. However, even Windows 7 fails to live up to Jim Allchin's no-reboot promise.

Autosaving avoids data loss from forced restarts

You can do two things to minimize accidental loss of data due to files closing unexpectedly during a forced reboot. First, set your automatic-update options to either "download but do not install" or "notify me when updates are available."

Second, configure your applications to save files automatically.

Office 2007's "AutoRecover" function autosaves open files every 10 minutes by default, but you can reset Word, Excel, and other apps to automatically save your files more frequently. To do so, click the Office button and choose Options, Save. Make sure Save AutoRecover information every xx minutes is checked, and then adjust the time between autosaves to your liking. (See Figure 2.) You can also change the autosaved files' location so they're easier to find if you need to restore them manually.

Microsoft Word 2007 Autsave options
Figure 2. Use Word 2007's AutoRecover (autosave) features to ensure you don't lose data due to a forced reboot.

To change your autosave settings in Word 2003, click Tools, Options, Save. Make sure the Save AutoRecover info every option is checked, and then adjust the number of minutes. (See Figure 3.) As in Word 2007, you can also change the folder storing your autosaved files; in Word 2003, this option is found under the File Locations tab.

Microsoft Word 2003 Autosave options
Figure 3. Word 2003's autosave settings are found under the Save tab in the Options dialog box.

Is this sufficient protection? Not for me. I've gotten into the habit of clicking the Save button (or pressing Ctrl+S) every few minutes while I work. I also save all open files before stepping away from my PC, even if I expect to be gone just a few minutes.

If you use Windows 7, be extra-observant on the second and fourth Tuesdays of each month, when Microsoft releases most updates. Watch for a "shut down and install patches" prompt in place of the normal shutdown prompts around those days. If you get the prompt and want to postpone the patch installation to a later time, shut down by pressing Ctrl+Alt+Delete and choosing the direct shut-down option on the resulting screen. (See Figure 4.)

Windows 7 no-update shutdown
Figure 4. Press Ctrl+Alt+Delete to shut down Windows 7 without installing downloaded updates.

With each passing year, we seem to spend more of our workday maintaining our systems rather than actually using them. I hope someday the people at Microsoft will realize we want to spend more time doing our work and less time doing theirs.

No comments: