Windows XP Update Library On a CD

KrispyKofta sends us to APC Magazine for a writeup on Project Dakota, a one-man effort to provide all Windows XP SP2 updates on one downloadable CD. It's poor man's XP SP3, but even when SP3 is out, the project will continue to offer a CD that will install all patches offline. "When was the last time you installed a fresh copy of Windows XP SP2? The process is still straightforward and relatively quick... but then you think 'I'll just make sure the patches are up to date,' and proceed to stare in horror at the 100+ security updates and critical fixes that Windows Update or WSUS demands you install. And it takes forever. A better option which we've just discovered is the innovative work of Alek Patsouris... it's a self-contained boot CD which contains all the necessary updates to automatically patch a Windows XP SP2 system with all the patches available at the CD's build time."

This was called AutoPatcher, and MS killed it.

[by Anonymous Coward]

Those who don't know history...

Pirates are pirates......

[EmbeddedJanitor (597831)]

even if they are helping you. :-)

Although it seems pretty silly, I can see MS's point of view. Autopatcher is essentially becoming a Windows patch "distro" and the more people that use this the less control MS have over patch roll out.

Say in the future MS want to push out a patch that is so mean and so unethical that Autopatcher refuse to include it (kids, don't say that's impossible - we all know MS has infinite Evilness). Suddenly MS has a large body of people that won't swallow the patch.

Less tinfoil-hat-wearing is that Autopatcher shows up MS's own ineptness.MS have shown for a long time that Windows users are their assets ("our install base") and don't treat them as customers. Customer service is secondary to asset control.

Re:Pirates are pirates......

[RuBLed (995686)]

If I followed the events last year correctly, It seems that the main argument of MS is that the AutoPatcher team distributes the patches from their own "servers" and not Microsoft's thus the possibility of the patches being distributed could be tampered with and not the "same" as the ones in MS servers.

Autopatcher was surely hurt by that but I believe they found a "loophole" in MS's demands. Last time I had visited the site, they are developing a client that would download the patches directly from the MS servers and after that act like the old Autopatcher.

Re:Pirates are pirates......

[Ardaen (1099611)]

Uhm...
1. In any reasonable well designed system wouldn't the patches be, ya know, signed?
2. Any third party software that you run could tamper with your system. Kinda sounds like a flimsy excuse used by someone who doesn't want to state their real reasons.

Re:

[Sancho (17056)]

I don't usually run Windows, but for those rare instances where I need to install it, I have to say that I was always tempted by Autopatcher. And I never ran it for the reasons stated (unknown source of patches.)

What I did use was a script to download and install updates automatically. I could read the script and verify that it was doing what it claimed to be doing, and that it was getting updates from Microsoft.

The answer: Offline-Update. Saves a lot of reading

[Futurepower(R) (558542)]

Use Heise Security Offline-Update [heise.de] to patch any installation of Windows XP with the latest service packs and security updates.

Why? Heise Offline-Update handles everything. It comes from a reputable company that makes money selling other security services; they have a strong incentive to do it right. To make the CD or DVD, it downloads all the patches from Microsoft's servers, and makes an .ISO file which you burn to a CD or DVD. To use Heise Offline-Update, you insert the CD or DVD, start the program, and let it run.

Shortcomings of Heise Offline-Update? 1) It does only security updates. 2) The web site is mostly in German, although there is an older English explanation [heise-online.co.uk].

Why not the others? 1) Autopatcher and others were much more amateurish. Autopatcher is now back with a scheme like Heise Offline-Update, but that is after months of experimentation. The volunteers at Autopatcher don't seem to have the resources necessary. See the Autopatcher downloads [autopatcher.com] page which says "This page will be back very soon :)" (2008-02-12). Before, Autopatcher provided patches directly from their servers; Microsoft stopped that, due to security risks, it said. But Microsoft did not provide its own solution.

Problems with Slashdot: 1) Bad stories create bad discussions. Slashdot editors apparently don't know much about Microsoft Windows. Almost all Slashdot readers have to deal with Windows, even if only to help family and neighbors. Sloppy stories that have not been researched waste reader's time. 2) Lots of readers comment when they don't have much to say.

That said, Slashdot is by far the best web site I know for computer-oriented news.

Problems with Microsoft: What Microsoft offers is not complete, so volunteers try to help. In my opinion, Microsoft is often extremely adversarial toward its customers.

It has been more than 3 years since Microsoft issued a Service Pack for Windows XP; that has wasted the time of hundreds of thousands because Windows XP is so unstable and buggy and malware-prone that it often needs re-loading. Often malware replaces a system file, and the only way to recover is to re-load the operating system. Re-loading Windows XP preserves all the programs and settings; however, the latest Windows XP CD from Microsoft has only Windows XP Service Pack 2; there have been hundreds of megabytes of updates since then, making updating over a dial-up connection extremely slow.

Microsoft does have a system for updating, but the system requires the very expensive Windows Server 2003, which requires a network and at least one other computer. Obviously requiring all that creates problems in helping someone with his or her home computer, or with a cash register computer in a small store, for example.

More problems with Microsoft -- Windows Update often fails. Amazingly, Microsoft is unable to deliver an updating system that works reliably. I just worked on a friend's computer, for example, and running Windows Update gives a long numerical error message with no help for fixing the error.

There have been many, many different kinds of problems with Windows Update. See, for example, Microsoft's Windows Update Discussion Group [microsoft.com].

I guess that millions of hours are lost every year because of Microsoft's sloppy programming. Bill Gates deserves his title, Chief of Grief, although soon the chair-throwing, bad-mouthing Steve Ballmer [slashdot.org] will be the Chief, apparently. (The

Re:

[NorQue (1000887)]

Autopatcher was surely hurt by that but I believe they found a "loophole" in MS's demands. Last time I had visited the site, they are developing a client that would download the patches directly from the MS servers and after that act like the old Autopatcher.

Few threads down [slashdot.org] you can find an already existing solution from a German computer magazine, no need to wait for "Autopatcher".

Couldn't understand why people used their packs in the first place anyways, people don't trust MS with their data, but they

Re:Pirates are pirates......

[William-Ely (875237)]

For me it's not about trusting the update source, it's about having a copy of the updates ready for install on a computer when time is an issue. Not everyone has the bandwidth to suck down 270 Meg service packs... yet. I used Autopatcher frequently when I was an on site PC tech since it saved a lot of time for my clients.

Does it include genuine advantage?

[rucs_hack (784150)]

I've never installed that, and I don't want to, I object to the very idea of it. It's not much of a hardship, since I don't use any Microsoft programs aside from the OS and office anyway, so I don't care about the blocked stuff.

This cd would be great unless it included WGA. Can anyone enlighten me?

Re:

[irtza (893217)]

if MS wanted to roll out an "evil" patch - they would merely embed it as part of a much needed security update. Don't include the evil patch and your system will remain compromised. Works a lot better than trying to kill this project. but I do agree with the control issue, just don't think that this takes away as much control as it lets on (except bypassing WGA?)

Re:This was called AutoPatcher, and MS killed it.

[eldorin (811824)]

M$ "tried" to kill AutoPatcher. It is back and working better then ever. Now, instead of downloading the entire distribution, you download a single small executable. It then retrieves all the XP hotfixes from M$ website. In effect achieving two goals: 1) Avoiding the source of the cease and desist that M$ sent the author. The unauthorized and unverifiable distribution of the hotfixes. 2) Chewing up M$ bandwidth instead of the author's... The thread to the new beta version is located at http://www.autopatcher.com/forums/index.php?showtopic=89 [autopatcher.com]

Re:This was called AutoPatcher, and MS killed it.

[Lumpy (12016)]

and after you run autopatcher. run nlite and create a XP install CD that is slipstreamed with all those updates.

We've been doing this for years in the IT office, every month I rebuild the XP install CD iso using nlite (It's great because you also can default to a lot of settings you like!) so after install there are no patches or updates needed.

Re:

[jp10558 (748604)]

Wouldn't it be easier (and faster) to create a Syspreped image with Acronis, and use Universal Restore to get the HAL + Mass Storage Drivers right?

If I pay attention I can get a fully configured system going in 35 minutes using the image, and it'd be faster if we didn't have a hundred different hardware configurations that requires me use DriverGenius to inject the rest of the drivers once I'm booted.

Re:Criminal OS Maintenance Time Wasters

[somersault (912633)]

How do you propose to make inefficiency illegal exactly? All OSes provide patches. Microsoft weren't even going to do an SP3 and it's good that they are still releasing updates (can't believe I'm defending MS there...). Releasing the updates on CD ROM is wasting oil and probably a lot more energy than it takes to download the patches (have no idea how much electricity either process uses, but the amount of plastic we waste is incredible). What you said sounds like it could be a joke, but for some reason you seem serious. For the sake of humanity, will someone pass an anthropology law making stupidity illegal?

Re:

[wolrahnaes (632574)]

A dynamic IP hasn't been a decent protection against any form of attack for ages. Sure, back when most attacks were directed at a specific target it might have helped, but for at least the last few years the kind of threats targeting the average Windows XP (or any other desktop OS for that matter) user are automated and basically use the shotgun approach against entire subnets at a time.

For example, drop an unpatched Windows XP RTM box on the internet, no firewalls or anything, and watch it get infected wi

c't Offline Update

[stefanb (21140)]

Reknowned IT publisher Heise is already offering an even better solution: c't Offline Update [heise-online.co.uk]. Update W2K, XP, Vista, Office in English, French, German, Spanish, Italian and some 20 more languages by using Microsofts update catalog to download all chosen updates, then creates an ISO image per OS (CD-sized) or for everything (DVD needed). The included scripts allow for a fully automated install of all updates from the CD or DVD, even including any necessary intervening reboots.

c't Offline Update Project Download Page [heise.de]

Re:

[mrbcs (737902)]

This thing is excellent. Add the updates to your xp cd with Nlite to take it one step further for those fresh installs. http://www.nliteos.com/ [nliteos.com]

Re:

[Splab (574204)]

I tried to slipstream my latest XP install with nlite, but got told that I couldn't patch a 64bit installer while under 32bit OS, don't know if its nlites fault or windows, but sure sucked not knowing about the other products - took 20 or so reboots from install to completion to get all updates down.

Re:c't Offline Update

[simong (32944)]

That's actually a good way of doing it. There's an open source build server called Unattended [sourceforge.net] that can provide a fully patched Windows build automatically - you provide the installer CD and it will pull down all the updates - and it recommends rebooting after each patch. That sounds like the same thing across a local network. I can recommend it as an alternative to ghost by the way: it will boot any PC that can be booted with PXE or bootp.

Re:

[therufus (677843)]

After installing nLite, get the majority of patches from RyanVM's website [ryanvm.net]. Any extra patches can be downloaded and applied after that, but his post SP2 update pack covers most of the big ones.

Re:c't Offline Update

[Fallen Andy (795676)]

A word of advice though - make DVD's not CD's. When I last looked the XP update CD iso was too big to fit on a std. CD

even if you just grab ENU. Perhaps they've fixed it now.

(The solution is to slipstream the SP2 onto the CD and make a new iso which would fit, sans SP2)

see e.g. http://www.winsupersite.com/showcase/windowsxp_sp2_slipstream.asp [winsupersite.com] for slipstreaming SP2 on an original or SP1 CD.

Highly recommended.

Re:

[cowbutt (21077)]

I've used the Heise offline update tool, and I'd certainly prefer its approach (i.e. downloading the hotfixes directly from microsoft.com) to putting my trust in a random person compiling a .iso image for me. Yes, I need to place a little bit of trust that Heise's tool isn't sabotaging the stuff it downloads, but they've earnt that trust from me over the last decade.

slipstreaming anyone

[Oriumpor (446718)]

Honestly [wikipedia.org] why is the latest revelation in documented common Microsoft software practices news on /. ? I mean you don't see "Latest yum library that that comes to you downloaded all rpms in one safe ISO!!1!" as a headline...

Re:

[NickCatal (865805)]

Exactly. I download XP copies to use with my 100% legit keys just because I want the slipstreamed versions with the latest updates.

Re:slipstreaming anyone

[eddy (18759)]

Slipstreaming solves a different problem (new installs). A slipstreamed installation media is pretty useless (as far as I know) when I go to person B to update his/hers ancient installation. I just want to able to run program X from a CD/DVD/USB-memory and have the system fully up to date, preferably within a single reboot.

MS should really just put up a patch-OS-DVD torrent and keep it updated in such a way that new additions doesn't completely rewrite the structure (so a torrent update goes quickly). Would be a bit of work for them initially, but it would deliver something useful to their customers. Ah, well. Guess they're to busy marketing Vista.

not a new idea

[juventasone (517959)]

This is a nice idea for individuals who only have to do this once. However, the RyanVM [ryanvm.net] and Xable [xable.net] update packs have been offered for years and integrate into your installation disc. No need to run another lengthly installation after the install is done.

all the patches?

[by Anonymous Coward]

Can it be limited to the security updates? Some of the patches are really suspicious.

Re:all the patches?

[Nullav (1053766)]

As are some of the security updates [phex.org]. I know it's a bit of an unreasonable demand, but I'd rather see a list of questionable updates than yet another offline patcher.

sounds like a copyright violation

[martin-boundary (547041)]

Does Microsoft allow third parties to distribute official patches? If not, this sounds like a copyright violation.

Re:sounds like a copyright violation

[juventasone (517959)]

yes. just not the OS itself. thus why the slipstream providers can't provide you the ISO already one.

Re:

[juventasone (517959)]

one=done

Re:

[Jah-Wren Ryel (80510)]

yes. just not the OS itself. thus why the slipstream providers can't provide you the ISO already one.

Well, the pirates can - seems like there are monthly pirate releases all over the net with the latest patches slipstreamed in.

Re:

[trawg (308495)]

yes. just not the OS itself. thus why the slipstream providers can't provide you the ISO already one.

To the best of my knowledge, redistribution of Microsoft patches is actually explicitly denied by their EULAs and the terms of use of the microsoft.com website.

The only things you can redistribute are the things they've marked as explicitly redistributable (like DirectX and various other runtimes).

This is why Autopatcher was terminated [autopatcher.com]. I have also contacted Microsoft in the past to obtain explicit permission to mirror their updates and was refused permission to do so.

WindizUpdate...

[joshuaes (1035088)]

From the site:
 
 

Why use WindizUpdate?

Not only will it keep you up to date with the latest updates from Microsoft, it will also keep software and drivers from other vendors updated. However, that functionality is currently missing.

Good reasons to use WindizUpdate

        * No personally identifiable information is collected from your computer.
        * No more unwanted spyware -- Microsoft Internet Explorer can finally be removed from your computer (if that were possible).
        * It lists just the updates you need. If an update has been superceded by a newer one, it will not ask you to install the older one.
        * Using enhanced data from MBSA, WindizUpdate will find more security patches needed for your O/S than the "other" website.
        * If there is a security issue with a component that is not yet installed, it will not ask you to update it. For example, if you have not installed hyperterminal, it will not update it.
        * It is not restricted to just Microsoft products. Software from other vendors can also be updated.
        * Upgrading to the latest version of Internet Explorer is not considered a Critical Update!
        * Works on Windows versions no longer supported by Microsoft -- Windows NT 4.0 and Windows 95
        * Our plugin is not an ActiveX control.
        * Integrated download manager with error detection -- you can cancel downloads at any time, and the next time you wish to install the cancelled update, it will continue from where it left off. Only corrupted sections of the file are redownloaded.

If you are still not convinced that WindizUpdate is the site for you, please check out our page titled "do we need to say any more?"

Disadvantages

        * There is a delay from when new updates are released from Microsoft to when they appear on this site.
        * If you're using Internet Explorer, you will need to use Microsoft's Windows Update site for updates -- this site will be of no use to you.
        * You'll need to upgrade your browser if you're using MSIE 4.xx -- This site won't work, neither will Microsoft's.

http://windizupdate.com/ [windizupdate.com]

The "do we need to say any more?" link is: http://windowsupdate.62nds.com/whywelovems.php [62nds.com] ;)

Sure, it's not an AIO CD, but it's a great alternative to Windows Update.

Re:

[XO (250276)]

Hm. Went to their site, it told me it wanted me to isntal a browser plugin.... alrighty then, install it, it completely freezes the browser upon installation, which i have to kill from taskman, then it completely freezes explorer, which i kill with taskman, and then it comes back and says that the plugin is not installed, please install it.

Fantastic program.

Innovative?

[unbug (1188963)]

Providing an OS + released patches on one CD is actually innovative? Oh my...

Anyone have a torrent?

[erroneus (253617)]

C'mon! I know there must be one out there.

:O

[joaommp (685612)]

Did it all fit onto a single CD?? :O

"The Dakota Project"

[Thanshin (1188877)]

"The Dakota Project"

"A one-man effort to provide all Windows XP SP2 updates on one downloadable CD."

With:

Bruce Willis as The Architect
Jennifer Lopez as Dakota
Will Smith as Bill Gates

also starring...

[Loibisch (964797)]

Also starring:

the Evil Monkey [google.com] as Steve Ballmer

MS are morons....

[cheekyboy (598084)]

They really think doing 100 updates, and 12 reboots is ok? Get real, maybe if you work for ms and want to waste 3 days work not working.
If I was bill gates, I would walk right into the OS group and say, "listen MOFO loosers, make a single one time update for all fucking patches under 100meg, no online wizards"

I think Bill Gee has a personal IT ass-sistant keeping his top of the line laptop always ready & working. If only Billy knew how shit his OS was. This goes to a few linux distros too,
stop this madness 5.1 6.1 7.0 8.1 every 6 month, just update a .1 DVD ISO every 3months for gods sake, and up its number. Major release numbers should ONLY be needed if the kernel changes.

Frigging bloody BA Managers. Clueless about IT.

Re:MS are morons....

[Zorque (894011)]

I decided a few days ago to dual-boot XP and Vista, since one of my devices isn't supported under Vista (its manufacturer hasn't existed for a while). I had to, of course, install all of the necessary updates for XP, but it only took one reset for over 100 patches. It's really not that bad a process.

Install cycle

[isorox (205688)]

Boot PC
F12 - PXE boot
"ubuntu-710-server"
enter hostname
*wait 20-40 minutes depending on time of day and bandwidth*

Fully uptodate, patched installation, ready to go, with essential utils installed like sshd, snmp, npt, etc.

If building a generic box, run "setup.sh", select role, and go. Depending on role thigns like apache are installed. Everyone's happy.

Nagios checked every 6 hours for critical security patches are flags them up, test and dev systems get them installed automatically, live systems get the OK (

Re-Inventing the wheel?

[lennier1 (264730)]

There already a freeware tool out there which does most of this task.
"Offline Update" (http://www.heise.de/ct/projekte/offlineupdate/download_uk.shtml) was created by Heise, a German publisher of several serious IT magazines.
You simply choose a MS product and it will then download all updates and patches and generate an ISO image for a bootable CD/DVD. Once finished, simply put that disk into the destination computer's drive and the the rest will be done via autostart. Reboots and related stuff will be handled by creating a temporary local admin account automatically, which will be deleted again once the program finishes its run.
A nice solution for smaller companies who don't want to set up their own WSUS node.

and I'm waiting for this one to get forked...

[mathnerd314 (1212880)]

Project North Dakota and Project South Dakota?

nLite

[Nehle (784297)]

Ever heard of nLite [nliteos.com] or vLite [vlite.net]? They let you build your [u]own[/u] XP/Vista ISOs with update, service pack and additional driver integration as well as literally every customization you can think of. So, yes, this is nothing exactly new, and I'd rather prefer my own customization.

I often build SP2 machines

[spywhere (824072)]

I frequently find myself in the exact situation for which this project was intended: I've just done a clean build of Windows XP SP2, and it's time to bring it up to date.
However, I prefer to change the sequence up a bit:

-- Run a scripted build from a modified SP2 CD.
-- Install all the 'inside-the-case' hardware drivers: IMHO, Windows Setup isn't complete until Device Manager is clean.
-- Install the Micro$oft Java VM, and its latest updated version (must be done as two steps, thanks to $un).
-- Install a Google-tweaked version of IE7.
-- Install the latest versions of Flash Player, QuickTime, Real Alternative, and Nero.
-- Install Media Player 10 (which reclaims all the file associations that Media Player can handle).
-- If the machine will get Office, install it.

-- Finally, open the Windows Update page, and immediately click over to Micro$oft Update. Choose the options to hide Media Player 11, and any video driver updates from M$ (they usually break things). Launch the process. Go to lunch.

If the project included an option for starting with a machine that already has IE7, has the M$ Java, and is meant to be left with MP10, it would be perfect for me.

Re:

[leenks (906881)]

Err, Windows Update? The Windows Catalogue lets you download all updates for a particular OS into a directory for offline installation. They aren't *that* far behind...

Re:

[by Anonymous Coward]

... then all you'll need is a patch [linuxmint.com] for Ubuntu and another patch [kde.org] for Gnome.

Re:

[AndGodSed (968378)]

Oh, and they sent me the disks. For free. Best value for money upgrade I ever had.