Retail PCs can reach customers without latest patches

The excitement home buyers feel when taking a new PC out of its box can be short-lived if the machine is vulnerable to the swarm of viruses and worms on the Internet.

One senior administrator at a major research university recently endured a prolonged setup procedure with his new laptop. The administrator, who asked not to be identified due to the visibility of his position, purchased a laptop in May after encountering delays in obtaining the notebook, which was first introduced last March along with Intel Corp.'s Centrino technology.

After connecting the notebook to the Internet over a dial-up connection, the machine started crashing repeatedly in a sequence that looked eerily familiar to the administrator's experiences with the Blaster worm last August. Sure enough, a Google search quickly confirmed his diagnosis, setting the stage for a two-hour marathon download of Windows Update patches and the Blaster Worm Removal Tool from Symantec Corp.

Current PC users are constantly reminded about the need to download patches and operating system updates as soon as they are made available. But those users may not realize that a "new" PC might have been sitting in a warehouse for several months, and might lack the most recent patches required to keep it safe from viruses and worms.

To meet delivery deadlines, PCs bound for the retail market must have their operating systems frozen about three to four weeks prior to the date on which they are made available, said Jim Kahler, manager of consumer support for Hewlett-Packard Co.'s consumer PCs. With Microsoft Corp. releasing new security updates almost every month, there's no simple way to ensure that when a PC finally makes it to the user, that PC contains the latest updates required to secure the system, he said.

HP advises all buyers to activate the built-in firewall that comes with Windows XP prior to connecting the machine to the Internet, Kahler said. The next major update to the Windows operating system, Windows XP Service Pack 2, will help improve security by turning on the firewall as the default option on future releases of the operating system.

Toshiba Corp. ships every PC with documentation that urges customers to immediately visit the Windows Update Web site and download and install any software patches that the site identifies as missing on that PC, said Carl Pinto, director of product development.

Most of IBM's PC customers are businesses that have an IT staff member who makes sure each PC contains the necessary updates before passing it along to the user, said Clain Anderson, director of marketing for IBM's wireless and security solutions.

IBM can also set up a system that monitors the patch status of an enterprise's network of PCs, automatically downloading updates as they are provided by Microsoft, Anderson said.

Representatives from Dell Inc. didn't respond to requests for comment. However, Dell doesn't sell its PCs through retail stores, which means it carries only four days of inventory at any one time, according to its financial results presented last month.

The Windows Update feature is only one line of defense against fast-moving worms and viruses. Just about every PC company ships a free trial version of an antivirus product such as Symantec's Norton Antivirus that will help detect viruses and worms.

Besides those two defenses, there's not much the PC industry can do to protect users against worms and viruses other than pleading with them to install Windows Update patches and regularly update their virus definitions, said Stephen Baker, director of industry analysis with NPD Techworld in Reston, Va.

Unlike other electronic devices that consumers are used to owning, such as televisions, PCs require regular maintenance and a willingness to cede control of the update process to a vendor, Baker said.

"You have a lot more responsibility as a PC owner to maintain and take care of your device than you do as a television owner," Baker said.

Virus-infected PCs aren't just problematic for their users. They are often used as spam relays or to launch other virus and worm attacks, making it essential that all PC users patch their systems, Baker said.

The university administrator eventually discovered a guide called "Windows XP: Surviving the first 24 hours" on the mailing list maintained by Dave Farber of Carnegie Mellon University that would have provided tips such as turning on the firewall and manually checking for updates.

The episode turned out to be nothing more than an evening of aggravation, but it could have been avoided with clearer instructions on how to safely break in a new PC, the administrator said.

Special Report

The Future of BI

Stories in this report:


Copyright © 2004 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon