It is pretty amazing to me how little has been automated in all these years for a IT "dad" who has to maintain a bunch of computers for the extended family. While there have been lots of lockdown technologies for servers and some draconian things for desktops, really the effort to maintain a good, virus-free configuration for say 4 machines at home and probably another 8 scattered across grandmothers and friends is just mind glowingly complicated.
Still if you are stuck this holiday season helping people maintain their machines, here's a quick guide. Depending on your broadband connection this can take as long as six hours (yikes!) on a 1Mbps line to an hour with a 40Mbps one mainly because the files that need to be loaded are so big. But here is a rough guide. The overall point is that you have to have three sets of software in update mode: a) Windows itself covers only a small portion of the landscape, b) the firmware and system software from the motherboard maker, c) the vital software mainly graphics and browser and d) the annoying things that are add-on applications like Sony Vegas, Flash Player that requires their own and Apple iTunes. These all require their own update programs.
- Make sure that Windows Defender Virus and firewall are on. Now at least these are built into Windows so you don't have to download them. But most of the time, I find that these are left off despite the warnings from the problem center, etc. It is just confusing why these are not on by default.
- If they were not on when you found them, then run an update and then you should do a full scan. Actually, given the number of attacks around, you kind of have to assume that this machine has a root kit (a nasty that is hard to spot). So ideally , you will have remembered to bring your Windows on a USB and then you have to hit DEL and change the boot sequence to boot from there and scan the disks. [I normally forget this, but just pray that there isn't one].
- Now you need to run Windows update. It is incredible how people don't set this to automatic (come to think of it why isn't this the default). For a six month old machine, this can be 100-500MB and a reboot or two.
- Next up is armoring the browser. The modern browser is just an invitation to hack into your computer just by browsing. So you have to install ad blockers, script blockers and so forth. Here, I admit, I don't understand the Internet Explorer ecosystem at all, but normally if I can get people to Firefox, I feel better knowing that at least some of their software is publicly inspectable and doesn't have too many backdoors for the NSA and other hackers. If you can convince your buddies to use Firefox or Chrome, then you have to install the minimal set of add-ons to protect them (I still don't understand why these are not the defaults for at least Firefox), but they are: AdBlock, Noscript, WOT and Ghostery as the basics. If you have firefox, create an account so that Firefox at least will automatically redownload these on a new installation. Also make sure automatic updates is checked for this whole assembly. I normally also like to clean out all the cookies and so forth as normally the unsuspecting user is tracked by everyone on planet earth if you don't do this.
- The graphics drivers (particularly when running games) tends to be a huge source of instability, so it really pays to make sure you have the latest. Both nVidia and AMD have their own download systems and you have to load their own control panels to manager this. These are massive 200MB downloads, so get started on these as soon as you can particularly if the user has been complaining about crashes.
- The firmware and system software. For whatever reason, Windows update doesn't pick up the latest Intel, and motherboard drivers. So ASUS and MSI (at least) and I'm sure others have their own update software. It is a good idea not to let the BIOS and the drivers stale out. I've had lots of bugs due to bad audio drivers and network drivers. These are can be absolutely huge as well in the 200-300MB range. And people never seem to take these updates.
- Finally, you have the plethora of applications software which is pretty much uncovered by Windows update. Some of these folks have their own updates (and people tend to ignore them!), but Adobe does for instance, but Sony relies on you going to their site and doing a download. Flash is another problem and when you set it up, you need an Adobe account (watch it they were just hacked, so don't use the same old password for all these sites). Apple also has their own update software that you need to run and make sure you take all the updates. Java is another one that usually requires a manual update.
Well, that about covers the checklist, also it is a good idea after each major step just to run a few things to make sure the whole thing isn't broken. And pretty much your day is shot making a single machine work. Argh. It does make me appreciate the Mac as their operating system updates encompass so much more (the video, the firmware and system and the operating system and of course iTunes, iPhoto, etc.) so normally you can skip the lower steps, but you still need to cover the applications software.
And no, while it might be nice to have a single install, usually, the machines are by definition all a little different as someone saves $100 on a CostCo machine and you spend six hours loading custom software for it :_)