Monday, February 20, 2012

to patch or not to patch: an edge case

i find myself in a rather odd predicament today. i've been using an older computer (we'll call it one of my secondary computers since it get very little use compared to the one i'm writing this with right now) and i got a pop-up notification that i was running out of space on drive C:.

now i want to put this in context; this computer sees very little use, mostly it gets turn on, has some files transferred to it or from it, and then switched off. i can't remember the last time i actually installed anything on it (for that matter, since i've switched over to using portable software, i can't recall the last time i installed anything on my primary system either) so let's say it's been a really, really long time since i touched the C: drive at all. mostly it's the larger secondary physical disk that gets used.

so you can imagine my surprise when the notification about running low on space popped up. was there something malicious going on? had the system been compromised? no, it was in the process of applying system updates. patches had actually eaten up the majority of my free space - the WINDOWS directory was taking up over 7 gigs of my 10 gig drive. i'm actually in the position where i have to uninstall software so that the patching will succeed.

now, this is an XP system so one might reasonably suggest that i upgrade to the latest version of windows so that i can avoid having all those patches on my system. unfortunately, this system is so old, i doubt it will meet the system requirements of anything newer than XP.

one might also, entirely reasonably, suggest upgrading the harddisk to something larger. memory is cheap, after all. it's a little difficult to justify upgrading the drive just to accommodate microsoft's attempts to fix their earlier mistakes, though. it's certainly not like i'm going to get any additional benefit from greater space on a drive i never make use of.

one could even go so far as to suggest upgrading all the things so that not only would i be able to move to the latest version of windows, i could have more space and a snappier system that is more amenable to being used day to day. but i already have a computer that's more amenable to being used, so really everything that was wrong with the idea of upgrading the drive is also wrong with this plan, in spades.

it's times like this that make one question things we normally take for granted, like why does it patching take so much space? is the fixed binary that much larger than the one with the error in it? no, that doesn't appear to be what's going on. it appears that windows keeps a bunch of stuff around so that you can uninstall the patch if you want to. does anyone ever actually do that? there may be a way to reclaim the space those uninstall files take up, but it's not obvious just by looking at the system, and right now simply letting the updates happen the way an ordinary user would is actually reducing the utility of the system.

thankfully the utility that's been lost wasn't really needed anymore. but what about next time? support for XP is ending, but it's not over yet, there are still more patches coming. i'm going to be facing the prospect of no longer getting patches anyway, so i might as well get used to it early - and since the system is little more than a network attached storage device that spends most of it's time powered off, i can't really see the harm.

in security, we normally think of applying patches as a no-brainer. it may present some logistical hurdles in the enterprise, but it still needs to get done. sometimes, though, there are cases where it just doesn't pay off. no practice is so universally beneficial that it should be mindlessly applied 100% of the time.


Mark Vang said...

I didn't have the HD issue that you did, but I dealt with XP becoming obsolete by converting my systems to Linux. I run Mint 11 on one system (main) and am very pleased with it, and Lubuntu on an older system that isn't very "smart."

As a security expert, you might like the additional protections you get from running GNU/Linux opposed to Windows.

kurt wismer said...

converting the machine to linux is something i'm considering. i've used it before (was a slackware fan way back when) so it's certainly on the table.

virusnews said...

Sounds like a valid reason to install linux. I install linux on all (what Microsoft considers) "obsolete" machines thrown away by users at work. Just need to be comfortable with working on a command line interface. These outperform a Windoze machine anyday.

Anonymous said...

Thank you amazing blog, do you have twitter, facebook or something similar where i can follow your blog

Sandro Heckler

kurt wismer said...

i do indeed have a twitter account. i suppose it's about time i added a link to that on the side.

you can follow me at

Robert Kok said...

This can be easily solved in XP.

First you can use ccleaner and enable the option to get rid of hotfix uninstallers. I rarely use them, except in one case where a Remote Desktop update prevented the install of SP3. I had to download the uninstaller from another XP system to get rid of the update and install SP3.

If you go to C:\Windows\Software Distribution you can purge the download folder, which contains downloaded updates.

Not recommended, but last resort to free up some space: remove IE update folders.

kurt wismer said...

@Robert Kok:
thanks for the instructions. i fully expected there was a way to eliminate those files (even manually if need be), and i'm sure someone will find your instructions useful.

i don't know if i'll be bothering with it myself, though. although i use the system to hold files, it is essentially a sacrificial system and i'm kinda interested in what will happen if i just don't update it anymore - especially given the limited exposure scenarios offered by it's current use cases.