To avoid the systems crashes from February, which were triggered by the security updates to the Windows kernel and tied to the fact that the machines were infected by the Alureon rootkit, Microsoft has made some modifications to the security updates released on Tuesday.
The updates will do their job with uninfected Windows XP systems, but will halt installation if they spot that the system is compromised by the rootkit. As Microsoft explained in the notes that follow the issuing of the patch, some “abnormal conditions on a system could be the result of an infection with a computer virus that modifies some operating system files, which renders the infected computer incompatible with the kernel update.”
That means that those people whose PCs are infected will not be able to update their system, and I can understand Microsoft not wanting to put people off patching and updating.
I am just a little bit skeptical about the effectiveness of way they are trying to warn their customers about the problem – i.e. when the automatic patching fails, the users are presented with a warning message about why that happened (or, actually, didn’t happen), so that they can do something about it – i.e. download a malware removal tool and remove the rootkit.
The problem lies in the users – some will see the message and ignore it, and some will not understand what they should do. On the other hand, there is not much Microsoft can do about it – there is no big red button that the users can press and “make it all better”.