So as it turns out, Windows users patch their computers much more quickly if they’re responding to a zero-day vulnerability than to unhyped, regular old Patch Tuesday patches. Microsoft normally releases patches to its operating systems once per month on what’s affectionately referred to as “Patch Tuesday.” MS will break out of the routine for vulnerabilities that it determines are “critical” so it still maintains its emergency response capabilities. Users speed up computer patching if Microsoft releases an “out-of-band” patch, that is, a patch on a day other than “Patch Tuesday.”

Publicity Makes All The Difference In Patching Speed

Microsoft recently released an out-of-band patch to repair ten critical vulnerabilities in Internet Explorer. According to research firm Qualys, that patch was applied to 50% of the affected operating systems within nine days. A similar out-of-band patch released in December 2009 hit the 50% watermark in ten days. By contrast, Patch Tuesday releases that have no particular security urgency reach the 50% mark in 15 days. According to Qualys, some ordinary patches languish for more than 30 days before being applied. (“Within thirty days” is Microsoft’s recommended patch application window for non-critical vulnerabilities.)

According to Qualys, the difference for critical patches isn’t their inherent critical nature; it’s the amount of coverage the patches get from media outlets. Qualys speculates that the increased media attention surrounding critical updates tends to reach higher-level executives and managers, who then put increased pressure on IT support staff to apply patches.

For the most part, patches are issued to correct or close security vulnerabilities in the code of the operating system or in a component like Internet Explorer. Another report just issued by security consulting firm BeyondTrust says that many Windows vulnerabilities could also be minimized by removing administrator privileges for most users.

In many corporate settings, users don’t have admin rights to their computers. That is, they can work on the computer, but don’t have the authority to make changes to the computer’s configuration, or add/remove applications. By closing down administrative rights, even on a home computer, you can increase the security of the system. Most home users choose to run with administrative rights available. BeyondTrust’s estimation of a 90% reduction in vulnerability for Windows 7 makes this strategy of having separate admin and user accounts worth considering, even if it does create a minor desktop management nuisance now and then.

Photo Credit: Christian Halderman, via Flickr

Tags: speed up computer, windows computer performance, windows computer speed