Your daily technology class with Professor Randy!!

Randy The Tech Professor

November 10, 2009 at 3:56 pm

My MS-DEFCON System By Woody Leonhard

MS-DEFCON-2Hello everyone,

What a treat!! Today Woody Leonhard writes as a guest blogger. I’ve mentioned Woody before ( and he is one of the best Microsoft “gurus” in the business! Woody’s ideas on using Microsoft’s Automatic Update are somewhat unique and totally thought provoking!


I have a rating system that lets individual Microsoft consumers know when it’s safe to install patches. I call it the Microsoft Patch Defense Condition Level, or MS-DEFCON for short. It’s modeled after the US armed forces DEFCON system.

MS-DEFCON 1: Current Microsoft patches are causing havoc. Don’t patch.

MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

MS-DEFCON 5: All’s clear. Patch while it’s safe.

The MS-DEFCON system assumes that you have your Windows XP, Vista, or Windows 7  firewall turned on, that you’re using an up-to-date antivirus program (I use Microsoft Security Essentials, which is free, and I vastly prefer it to the giant expensive AV packages) and some form of hardware protection, like almost any router.

The MS-DEFCON level also assumes that you’re using Firefox 3, not Internet Explorer.

I firmly believe that Microsoft’s Automatic Update is for chumps, and I’ve said so for years: go ahead and let Microsoft notify you when it wants to install something on your computer, but don’t blindly allow the “Softies” to install whatever they want. Follow the instructions in any of my books to disable automatic updating, or click Start | Control Panel | Security Center (in Windows 7, Start | Control Panel | System and Security | Windows Update) and take it from there.

In general, I apply Outlook Junk E-mail Filter updates as soon as they’re available. Why? Microsoft hasn’t screwed up any of them too badly – and the one bad Junk E-mail Filter update was patched quickly. You’re better off applying those updates than letting them slide for a week or two.

Many of my readers have written asking about non-critical updates that are offered by Windows Update, Office Update, and/or Microsoft Update. Unless you have an immediate, painful, obvious reason to install one of them immediately, I’d avoid them like the plague. Microsoft has really screwed up several hardware patches, in particular. Don’t trust Microsoft to deliver hardware updates; go to the hardware manufacturer’s site and install them manually. If your computer stops working, you only have yourself to blame!

For advice on updating non-Microsoft software, I recommend Secunia’s free-for-personal-use Personal Software Inspector (

Best wishes,

Woody Leonhard

Professor Randy says: Do you really want to allow Microsoft (or anyone for that matter) to install software on your computer whenever and however they so choose???



RSS feed for comments on this post | TrackBack URI