Reuse updates in clones and other Windows installs on a multiboot machine.
On a computer that is multibooting various copies of the same version of Windows we may want to take a slightly different approach to how we keep on top of updates. Allowing various installs to download the same update could be considered wasteful so where possible we should grab such updates only once and then pass them along. This may take a little extra management and time, but it also puts us more in control and can allow for testing of updates before committing to them.
Safety in Numbers.
If you are multibooting with identical clones or even if you just keep regular and up-to-date backups of your operating systems then you don't have to be quite so concerned with updates the way you might be when you only have a single precious operating system to protect.
An operating system that can be quickly replaced is effectively disposable and so it can be discarded at even the slightest suspicion of anything being wrong. What's more if we work to a time schedule and routinely move on to a new clone every month or two then even unseen compromises will be dealt with. If we do suffer or suspect a compromise then rebooting into a new clone will allow us to scan the rest of the machine and in the rare event of the data partition or any of its contents being compromised it can be restored from backup. We can then get on with the rest of our day and leave the replacing of any suspect OS till a time of our leisure or during a scheduled new clone roll out.
More Control over Updates.
Handling Windows updates manually allows them to de done to a users own schedule and gives greater control over what gets installed and can help in identifying and eliminating any troublesome updates. Keeping the master install of our main Windows operating system updated is important so that when a new clone is run off from it the clone is ready to use without having to spend perhaps hours or the rest of the day catching up with updates. There are various ways that updates can be dealt with and which way we choose to go may come down to circumstance or just personal preference.
The simplest and easiest approach to Windows updates is to just do them all in the master install of Windows that you will then use to roll out new and up-to-date clones on a regular basis. This method does of course mean you are not testing updates beforehand, but you should always have at least one backup of your master install that you can step back to if required so that you can return to a pre-update state. You would then use clones to test updates individually so that you can track down the troublesome one.
If you choose this method of working your Windows updates then we suggest you always have auto updates completely turned off in your master install so that all clones will naturally be set the same. When it’s time to update the master you will boot into it and manually start the update checks and then select what you want and let Windows get on with it
You can allow your anti-virus in a clone to automatically update its definitions to its normal daily or weekly scheduled, then catch up with all updates in your Master copy of Windows all in one go just before you run off a new batch of clones. Alternatively you can see if your anti-virus vendor offers definition update packs you can download to install in a clone and save up for later installing in the Master. Other anti-malware apps could also be updated on a regular basis if desired, but this would only be useful for those that actively monitor traffic in real time. Any apps you only use to periodically scan for problems are completely redundant when the life span of a clone is only a month or two. It can be quicker, easier and more fool-proof just to move on to your next clone if you have even the slightest suspicion of a problem.
If you run your working clone of Windows for a longer time, or you just can't give up doing regular updates, then you can manually download and install updates and save them to use again in your master copy of Windows and even other clones. There can sometimes be a bewildering array of possible updates on offer and some of the software and driver updates don’t lend themselves well to this approach, so we suggest it mainly for the important security updates, which will be the ones you are most likely going to be concerned about. You only really need to do the critical updates as all others are optional and often not at all required by the average person.
For this to work you have to prevent Windows from automatically downloading the updates in a form that you can’t reuse, so you should set the update option to “Check for updates but let me choose whether to download and install them”. When you are informed that new updates are available you should look at what is on offer and then copy and paste the KB number of each update you want into the search box on either of these two Microsoft webpages.
http://catalog.update.microsoft.com – (this page works only with Internet Explorer).
Download the stand alone installer for each update you want and manually run them in the Windows you are updating. You can install several at once without rebooting if you watch out for and tick the option not to reboot. Once you are happy an update has no issues you can apply it at your leisure to your master or other copies of Windows.
If you keep on top of them you should not have too many to do at a time. If you also choose just to be informed about important security updates then you will have even less to bother with. When time allows you can choose to be shown the other recommended updates and software and driver downloads. For the majority of these you will be able to get them in the same manner, but for a few you may have to resort to either doing the update automatically with Windows Update, or searching further afield for a correct stand-alone version. For optional Windows tools and software the simplest route is to get them directly from their own Microsoft webpage. See the Microsoft Software links at the bottom of this page.
This method of doing updates will take a lot more of your time than method 1, so you should weigh up the hassle involved and compared it with just updating a single master install once every month or two and running off a batch of new clones.
Microsoft Security Essentials
Microsoft’s own anti-virus and malware package will auto download definition updates on a daily or near daily basis. It is possible to retrieve and save these updates from the (C:/Windows/SoftwareDistribution/downloads/install) folder, but you would have to save them regularly as they don’t remain for long. Despite our best efforts we can only manage varying success with the task of organizing and re-using these updates, so we have to advise that you don’t try this approach. The easiest solution would be to leave the current working install to do its own daily updates, then when it is time to update other installs either let them do their own updates, or go to the Microsoft Security Essentials definitions update page www.microsoft.com/security/portal and grab the latest definitions package and apply that from inside any other install we wish to bring up to date. Alternatively we can block Security Essentials in our firewall from being able to connect to the net so we can manually download and install definition packages on a weekly basis, then save these up for later install in our master copy of Windows.
When a new program version of Security Essentials becomes available and you are informed of this by either Windows Update or the program itself, then just go to the security essentials home page www.microsoft.com/security-essentials and download the version that will be on offer there. Install it in the current working operating system and then later when time allows install it in the master copy of Windows.
If you are reasonably computer able and generally confident about taking care of your own security then you can of course forgo regular Windows updates and only apply the service packs when they become available. To manage this approach you would need to be sure of your backup strategy and its ability to allow you to recover from almost any eventuality. You would also probably use some kind of file monitoring software and be intimately familiar with all the internals of your operating system so you could instantly spot when something was out of place. If you only use a Windows install for a month or two before moving on to a new clean one then you should know that your current working Windows is clean regardless of any updates. You should not consider this approach if you even have to think about how you would manage your own security.
If you have a home or business server for your own local network then you can install a free program from Microsoft that will store and distribute updates out to any Windows install that requires them. The Windows Server Update Service (WSUS) is the corporate solution to controlling and applying updates to numerous workstations but it will work for any size of network. This is no breeze for your average IT staff to install and configure, so unless you are a tech wizard with plenty of spare time and patience then you would be advised to skip this one or save it for the next time you are looking for a challenging project.
For Windows XP based operating systems each downloaded important security update is stored in its own individual folder inside the C:/Windows/SoftwareDistribution/downloads folder. These updates can be saved and reused in a master install or other clones. This downloads folder is periodically cleaned out by Windows so you should copy and save the updates just after acquiring them. Set Windows Updates in XP to “Notify me but don’t automatically download or install them”. When you are informed updates are available you should manually clean out the SoftwareDistribution/downloads folder and then let Windows download and install the high priority updates that you want. (Be aware that as with Windows7 some updates for additional components that are not an integral part of the Windows operating system may not leave a reusable download, so you should uncheck these updates from the auto download and acquire them separately as explained in method 2 above).
Once the updates are all finished and applied to the Windows install that downloaded them you can copy them for reuse. The easiest method to apply them to another install is to simply copy everything across into the SoftwareDistribution/downloads folder of the Windows install you wish to update and begin the normal auto-updates routine where the Microsoft server is consulted to see what you are lacking. As usual this will generate a list of the updates required and you will be advised to download and install them. Going ahead with the auto install will not result in the re-downloading of the updates, as Windows will discover they are already present in the download folder and will install them as normal.
The alternative way to install these saved updates is to manually run the update.exe that you will find inside the "update" folder that is inside the main folder of each saved update. Installing them individually is more time consuming, but it is an ideal way to test updates one at a time if for example you want to identify an individual update that has caused you a problem.
Microsoft Silverlight - Checker Page
Windows Media Player
Microsoft .NET Framework
Windows Powershell and WinRM
Microsoft Safety Scanner
Malicious Software Removal Tool
Understanding Windows automatic updating
Windows 7 Compatibility Center
Secunia Personal Software Inspector
IBM Tivoli Endpoint Manager
VMware vCenter Protect