Information Security Frequently Asked Questions (FAQ)
Why do they need to be automatic?
Patching needs to be done in as timely a fashion as possible to reduce the chance of the computer being exploited. Even if an exploit does not exist when a patch is released, it will shortly thereafter to take advantage of computers that have not yet been patched. A patch identifies the vulnerable code making it easier for a malicious person to create an exploit. And there is never proof that other exploits don't exist -- they could simply have not been discovered yet. Sometimes a patch has an unexpected, and undesirable, side effect. Although Microsoft tests patches, we are in a better position to test the effect of a patch in our specific environment, so we do test them before releasing patches to our update server. The best way to ensure a timely installation of a patch is to set them to install automatically.
Isn't there some other way to protect a computer?
There is no single solution to providing security, just pieces in a puzzle. The university firewall provides some measure of protection, as do personal firewalls, antivirus software and patching. However, none of these methods provide complete protection.
But my computer needs to be run without interruption!
If a computer needs to be run without interruption, then applying patches is only one of the concerns that needs to be addressed. What happens when the power goes out? Or if a cable is accidentally unplugged? Or if the computer crashes unexpectedly? There are many reasons why the proper functioning of a computer might be interrupted and patching is just one piece in that puzzle. However, from a network security perspective the real question is: if it needs to be uninterrupted then why is it connected to the network at all? Whether through malice or accident, network activity can drastically slow a computer or cause it to crash.