In association with heise online

08 December 2006, 15:05

Karsten Violka, Torsten Wittrock

DIY Service Pack

Installing Windows updates without an internet connection

Looking for manageable Windows updates even without an internet connection? Our offline update 3.0 script collection downloads the entire body of updates for Windows 2000, XP or Server 2003 from Microsoft's servers in one fell swoop and then uses them to create patch packages on CD, DVD or USB stick. Those in turn allow you to update as many PCs as desired.

Have you installed Windows Windows XP fresh from the original CD and then headed over to the update website lately? If not, be ready for an unpleasant surprise. For a system running XP Service Pack 2, the website recommends that you download 60 updates at an overall data volume of around 40 MBytes. And don't forget: that number keeps growing with each Patch Tuesday, as the monthly event of new patches released each second Tuesday of the month has been dubbed.

For its part, the Redmond crew doesn't see the update flood as any reason to rush the release of a third Service Pack for XP - all indications are that any potential SP3 would come out in the second half of 2007 at the very earliest [1]. For better or for worse, until that next service pack does roll off the assembly line, users will have to connect their PCs to the internet to bring their OS up to date.

The update dilemma

Anyone installing Windows fresh from a CD or who acquires a PC with a preinstalled instance of Windows is in a tricky situation: to protect the machine against the various dangers of the internet, one must first install all current security updates to plug the countless holes in Windows and Internet Explorer. To fetch a copy of the updates, however, Microsoft requires that your computer be connected to the internet.

That is risky: anyone using a slow modem to surf the net will have to wait several hours until the 60 updates - some 40 MB in all - dribble their way through the connection. In the meantime, one visit to a rigged website is enough to let a bug get a crucial first toehold in the machine.

The situation is particularly precarious for Windows 2000 and Windows XP without Service Pack 1, as these versions have no built-in firewall and hence are helpless against the omnipresent worms circulating on the internet. A virgin system of this kind brought online can be compromised before you can even install a security update.

Microsoft offers its users no practical solution for installing the new updates onto a PC via removable storage media. It is true that the security bulletins on Microsoft's web pages do also provide all updates as packages that can be individually installed even in ISO image form containing all updates released on a given Patch Tuesday (see KnowledgeBase article 918096).

But what Microsoft doesn't provide are convenient installation scripts. This means that manual installation sometimes fails simply because of sheer number of updates involved. It's almost impossible to establish a list of patches required for a naked copy of Windows without the aid of the Windows Update mechanism.

An alternative

We here offer an alternative to this update dilemma, starting immediately: version 3 of our script collection Offline Update requires only a few steps to reel in a current service pack at any time, combining all released Windows updates at the time of download. The download script acquires the complete update library for selected operating systems from Microsoft's servers and uses them to created ISO images for CDs or DVDs as desired. These in turn can be used to update as many PCs as you wish.

Torsten Wittrock of the IT Centre at the University of Kiel rebuilt the script for version 3.0 from the bottom up. With the previous version, each new Patch Tuesday meant that the latest updates had to be manually integrated into the scripts. Version 3.0 automatically incorporates the newly released patches and supports Windows 2000, XP and (for the first time) Server 2003 - including the English versions. The current version of the solution only covers security updates that affect Windows itself. In contrast, the online mechanisms also bring other Microsoft products up to date, including Office and the IIS Webserver.

The following demonstrates how to put together a current service pack using the scripts, how to install it on a target PC and what further options are available to you.

Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit