Of the past four or so machines on which I’ve installed Windows 2000, two have gotten infected by Welchia. My very first step after installing any Windows machine is obviously always to go to http://windowsupdate.microsoft.com and install all the critical patches, as is Absolutely Necessary for anyone who installs a new Windows machine these days. But it takes a few minutes to download and install them, and in the meantime the machines get infected. That’s frustrating.
I just got us a new win2k install disk which has Service Pack 3, which should help considerably. When you’re installing win2k without any service packs, you have to jump all the way to SP4, which takes a considerable amount of time to install, especially on slower machines. And you need at least SP2 to be able to install the Blaster patch. But now I can install the SP3 version and go straight to windowsupdate for blaster and welchia patches before dealing with SP4 or IE or whatever.
Now I just need a good mnemonic for figuring out which patches are relevant from Windowsupdate, which is not exactly famous for providing detailed information on what the updates it suggests actually do. Typically it says something like “There is a security problem. People might be able to do stuff to your machine. This thing might possibly help. You might have to reboot after installing.” without ever mentioning any useful keywords like “Blaster” or “Welchia”. Arggh.