Checking for updates
The Windows Update client on your PC checks the Windows Update server at Microsoft for the availability of new updates at random intervals, every 17 to 22 hours. The randomization ensures that the Windows Update server is not overloaded with requests for updates all at the same time. The client is very efficient in checking for new updates and searches only for updates that have been added since the last time updates were searched, allowing it to find updates quickly and efficiently.
When checking for updates, the Windows Update client evaluates whether the update is appropriate for your computer using guidelines defined by the publisher of the update, for example, Microsoft Office.
If the computer is not online at the time you specified to check for updates, then the Windows Update client begins checking every five hours until it successfully finds updates. If more than 30 days have gone by without successfully finding updates, the client will notify you. If you should receive such a notification, you should connect your computer to the Internet, go to the Windows Update Web site, and check for updates.
Downloading updates
Once the Windows Update client determines which updates apply to your computer, it will begin downloading the updates, if you have selected the option to automatically download updates. It does this in the background without interrupting your normal use of the computer.
To ensure that your other downloads aren’t affected or slowed down because updates are downloading, Windows Update uses the Background Intelligent Transfer Service (BITS) technology which downloads updates using idle bandwidth. This technology ensures that Windows Update downloads only when no other active download is in progress on the computer. This allows you to smoothly carry on day-to-day activities even while updates are being downloaded in the background.
Windows Update also supports pausing and restarting downloads. You do not have to worry if you need to shut down your computer, or if you have lost your Internet connection while an update is downloading. Once the connection is reestablished, the download will continue where it left off.
Installing Updates
When downloading is complete, depending on your Windows Update settings, the Windows Update client either installs the updates automatically, or else it notifies you of the download without performing the installation. You do not need to be logged in to your computer for Windows Update to automatically install updates.
When the option to automatically install updates is configured, the Windows Update client tries to install updates as they become available. For example, if updates are available when you begin shutting down your computer, it gives you the option to install the updates before shutting down the computer. Otherwise, it installs them during the time you have specified for updates to be automatically installed. The default time for updates to be automatically installed is 3:00 AM daily.
When you install Microsoft software
When you install or reinstall a program, you must reinstall updates that came out after the installation CD or installer was created. For some programs there may be multiple updates available and some updates may require a previously released update to be installed.
If your computer is not turned on during the scheduled time for installing updates, the Windows Update client will try to wake up the PC (if the PC was asleep), or wait for the PC to be turned on again. As soon as the PC is running again, it will install the updates.
Rebooting your computer
When the option to automatically install updates is configured, the Windows Update client, in most cases, automatically restarts the PC for you after installing the updates. This is necessary because your PC may be insecure, or not fully updated, until a restart is completed. To reduce the number of computer restarts required, the client attempts to install as many updates as possible together. If you are using the computer, you may be given the option to postpone the restart.
Most updates can be installed automatically without any user intervention. Some updates, however, such as service packs require the user to provide explicit consent. These are not automatically installed. When you install updates manually, be sure to restart your PC if prompted to do so. Otherwise, the PC may not be updated until a restart is performed.
Reporting
The Windows Update client reports back to Microsoft regarding which updates have installed successfully and which, if any, failed to install. This helps the Windows Update team verify the quality of the updates provided by Windows Update. No personally identifiable information (PII) is sent to Microsoft or stored by Microsoft with the report. For more information, read the Windows Update privacy statement online at
http://update.microsoft.com/windowsupdate/v6/vistaprivacy.aspx?ln=en-us.
The Windows Update client keeps a log of all the different actions it performed on a particular computer at %windir%\windowsupdate.log. On Windows Vista, this log is available from the Windows Update control panel.
When the Windows Update Client is Updated
From time to time, Microsoft needs to update and enhance the Windows Update service, and that includes updating the Windows Update client software on your PC. If Windows Update is configured to check for updates, it installs a newer version of the Windows Update client automatically, so that it can continue to check for updates. If Windows Update is completely turned off, the client is not updated. If the client doesn’t update automatically then it may not be able to notify you about new updates. For this reason, Windows Update always updates the client automatically before checking for other updates. Given how important it is to maintain the quality of the update service, Windows Update always updates itself when it is turned on, regardless of whether you've chosen the option to have updates automatically installed or to be notified that they are available so that you can manually install them. If you have automatic updating turned off completely, the next time you manually check for updates, you will be prompted to update the Windows Update client before installing any updates.
Security Protections in Windows Update
Windows update implements many security checks and restrictions to ensure that the security of your computer is not compromised. The most critical checks validate the authenticity and quality of the software and updates that are installed on a machine. Some of the ways in which Windows Update maintains the integrity of the updates that get installed are as follows:
- Windows Update uses the Secure Socket Layer (SSL) protocol to send and receive information. SSL is used to encrypt the information being transferred, prevents hackers from tampering with information being transferred, and verifies that the Windows Update agent is transferring data from an authorized Microsoft server.
- Each update is individually signed using the Secure Hashing Algorithm (SHA-1). This technology allows Windows Update to confirm that the update has been downloaded correctly and hasn’t been changed by anyone. The update signature is also compared to information in the update metadata that was previously downloaded.
- Windows Update also checks for the certificate associated with each update. This certificate provides a means for Windows Update to validate the source of each update. Currently Windows Update will only install updates that have certificates issued by Microsoft or other providers that are trusted by Microsoft.
Windows Update has many more internal security checks and controls. For example, Windows Update ensures that any action that can make your machine less secure (like turning off Windows Update) can only be performed by an authorized administrator.
To help keep your PC more secure and reliable, it's a good idea to install new updates as soon as they're available. The easiest way to install updates is to use the Windows Update service and make sure automatic updating is turned on. Now that you know how important—and easy—it is, be sure to check your Windows Update settings today.