Note this thread is aimed at updates rather than GUI tweaks and the like, for that sort of thing a thread already exists: http://gbatemp.net/index.php?showtopic=71377 Background. Windows is fairly useless when it comes to security and working properly but it has directX and a lot of programs people like that are not available on other operating systems so a lot of people still use it. Please leave all operating system discussion to other threads, this is about getting stuff done. Microsoft added automatic updates but they are run through the WGA (windows genuine authentication- a piracy checking method from microsoft and far from foolproof either way) and for anyone who formats/reinstalls on a regular basis or looks after a lot of computers the time and bandwidth requirements make it a pain to get sorted. There is also something to be said for running an unpatched machine even if it is just for getting updates (estimates of time to infection for an unpatched machine can be in the "under 10 minutes" range). Note if you want to disable these then either do it manually: http://www.annoyances.org/exec/show/article03-002 http://www.techsupportforum.com/microsoft-...tml#post1653649 or grab something like XP anti spy and get it to do it for you: http://www.xp-antispy.org/index.php/lang-en/home Additionally some updates break programs, an example comes in raw sockets used by several network applications but disabled in some later versions. http://www.theregister.co.uk/2005/05/09/mi...curity_process/ Occasionally they roll several updates into a big file/update and call it a service pack. At present windows 2000 has 4 service packs, windows XP there has 3 (SP1, SP2 and SP3) and vista has 1 (the second is available soon and beta versions already exist). Earlier versions of windows now lack significant first party support but third parties have made several updates, this is outside the scope of this thread though. More on this here and the board it comes from: http://www.msfn.org/board/Enable48BitLBA-B...ier-t78592.html Problems Service packs are not foolproof, can require some interesting conditions to install and other update stuff you do not want updated. Example many people do not like XP SP3 all that much but do not want to be running an unpatched system. Also your install media that came with your computer are probably not the most up to date versions, to make new install media with the updates is called slipstreaming and it is entirely possible to do, you can also make an update disc. Network admins have a multitude of methods but essentially it comes down to running a program on the machine that needs to be updated or pushing them via something like WSUS: http://www.wsuswiki.com/WSUSFAQ . Slipstreaming is best done with nlite unless your method has another way, nlite is a custom windows install disc making program that can add the updates and change several things that would otherwise require some tweaking to do as well as make "unattended installation" discs that you leave in the machine and have a working install when it is finished. http://www.nliteos.com/nlite.html nlite lacks vista support, vlite on the other hand does not: http://www.vlite.net/about.html It is aimed at maintenance/problem solving but bartpe can also be used in such a manner: http://www.nu2.nu/pebuilder/ A small aside. Drivers are not necessarily inbuilt to windows and people make packs of all the known ones. One of the best is: http://driverpacks.net/DriverPacks/overview.php Now for the thread itself. Updates are a good thing if done properly (as mentioned they can break things for some applications and if you are doing this for a large network you may not end up too popular if it does), many of the vulnerabilities are not "only if you download" but far more sinister (if you view this picture on a website) and can affect things without you knowing so it is advised you try and sort things. Some initial methods. Autopatcher. http://www.autopatcher.com/ Microsoft took down an earlier version on the grounds that they hosted their files, new versions download from microsoft's servers and as such should stay around for a while. Pros: widely used and respected. Also has support for common but not MS based software like java and flash. Cons: only supports SP3 for windows XP and latest service pack for all versions of windows. RyanVM's pack: http://www.ryanvm.net/msfn/updatepack-sp2.html Pros: a single download and for SP2 to have all the updates but without the hangups of SP3. Cons: not as functional as some of the other methods, requires integration into an install disc. Xable's pack: http://xable.net/ Aimed at keeping things secure but changes to a bare minimum. Heise.de's CT projekte http://www.heise.de/ct/projekte/offlineupd...wnload_uk.shtml Works in the same way to autopatcher and what rose up to take the place of Autopatcher when it got taken down. Pros: More functional that autopatcher (it is slightly easier to pick and choose). Project dakota: http://www.projectdakota.net/about.php Pros: one disc for all updates (in theory some may be missed). Cons: not as customisable as the other methods. Please tell me of any methods I have missed and add some discussion to it.