Microsoft is now offering Windows 7 users “Service Pack 1,” a bundle of security updates and minor feature improvements. If you’re thinking about installing this update, read on for a few caveats and tips that may change your mind.
First off, this service pack is mainly a bundle of previously-released security updates. If you are staying up-to-date in security patches, you are not going to gain much by installing this service pack, which contains a few uber-geeky feature improvements that are mostly a bonus for users of Windows Server 2008 R2 — not Windows 7.
My take? I’d say that the main benefit of this service pack for Windows 7 users would be if you were considering re-installing the operating system for some reason. In that case, Service Pack 1 would streamline the process quite a bit. Otherwise, I would urge Windows 7 users who are up-to-date to ignore this offering, at least for now.
If you decide to go forward with this Service Pack, there are several important considerations, particularly if your system has certain hotfixes installed (hotfixes are small patches designed to address specific — not necessarily security — issues). For example, Microsoft says that systems with hotfixes (2406705, 979350 or 983534) will block the installation of the service pack and may experience problems as a result.
Microsoft doesn’t exactly make it easy for you to figure out which hotfixes you have installed. If you mosey over to the Windows Update panel in Windows 7 (click start and type “Windows Update”), you should be able to get a list of installed updates by clicking the “View Update History” link in the left side menu. But paging through these updates and looking for obscure knowledgebase (KB) numbers is mind-numbing. There is probably an easier way to do this, but I wanted a text file listing all the updates installed, so I clicked Start, then in the text box typed “Cmd”. In the resulting command prompt, I typed “wmic qfe list full > patchlist.txt” without the quotes, and it quickly spat out a list of installed updates into a text file called “patchlist.txt”. A quick keyword search through this file (Ctrl-F) will tell you whether any of those three hotfixes is installed.
If you do have any of the above hotfixes installed, you will need to follow Microsoft’s instructions here if you want to install this service pack with a minimum of potential complications. Also, do not ignore Microsoft’s admonition to backup your system and your data before proceeding with this Service Pack. Better safe than sorry.
Microsoft’s own Technet forum post on this service pack includes a number of cautionary tales from users who have installed this update. Also, the SANS Internet Storm Center is keeping a running tally of issues and conflicts that users have reported. For example, some users are reporting that certain types of third party firewalls and disk encryption software may be affected by the service pack. If you decide to proceed with this service pack, please consider having a look at these two resources.
As always, please drop a note in the comments area below if you have any personal experience with this service pack that you’d like to share.
Using Windows Update, I installed it several days ago with no problems and the computer has been working fine since.
Installed on several boxes with no issues.
Jim & Jerry: Thanks for your comments, both of you. Can you please tell us why you chose to install SP1? Were you up to date on patches? Thanks!
I’m sorry, Brian, but your advice to not install SP1 is bonkers.
Here’s why.
Some point further down the road, Microsoft will stop supporting pre-SP1 builds of Windows 7 (and 2008 R2).
Then you’ll find yourself without security updates, leaving your PC vulnerable. The only option then is to ditch Windows 7 for Windows 8 (on a different PC, as a whole version upgrade in-situ will be far, far worse than applying a simple service pack) or applying SP1. By that time, of course, many months worth of updates and new software will have gone onto the PC, making the likelihood of problems after installing SP1 even greater.
No, as SP1 contains all but the February 2011 security updates, the better strategy is to get it on ASAP, and endure any pain now, rather than delaying and possibly compounding any problems.
Eh. You had no problems, I would assume. Good for you. You don’t have to wait until MS stops supporting non-SP1 machines to try and install. My advice for now is, simply, if you don’t need, why take the risk? Wait a while and let others make the mistakes. Learn from them.
This is good advice. End users should always be installing the latest patches and service packs. I dislike these kinds of articles because they are conspiratorial in nature (MS IS OUT TO GET YOU WITH ITS SHODDY SOFTWARE!!!). I remember this level of BS when SP2 came out for XP. “ZOMG FIREWALL ON BY DEFAULT NOW??? MY 10 YEAR SOFTWARE DOESNT WORK!” etc
I also find that end users who follow the basic principle of KISS almost never have issues. Its the “enthusiast” know-it-all who has multi AV apps running, third party firewalls, every “driver optimizer’ BS he can find, and a load of pirated software which is running its own keyloggers, shuts of the UAC, etc that has issues. Of course he has issues. Its like when old people die from the flu. The flu isn’t suddenly fatal to all, its that the person, just like that computer, was on his last legs to begin with.
I also don’t understand the warning of those installed patches to end users. All those patches are server-side patches. End users will never, ever have to worry about that as they arent running 2008 R2. Admins can figure this stuff out. Don’t purposely conflate the two to write a sensational article.
Instead of scaring people we should be teaching people the KISS principle. Arguably, this is why Apple products are doing so well in the market. The come with a basic image with a bunch of basic apps that cover what most people need. There’s no “gamer culture” of souping everything up, modifying everything, installing tons of different utilities, or OEM crapware.
Seriously, once end users grok KISS and running as non-admin they tend to have bulletproof machines both in regards to stability and security. Unfortunately, the PC culture isn the opposite of KISS currently.
I have to agree with Brian’s approach. It’s far better to take a cautious approach than have your computer rendered useless. Not just for service packs but regular updates. I’m not saying to wait months to update, just a few weeks so you hear of any issues and are prepared to confront them.
The last batch of updates had no less than four kernel updates, one of which has caused reports of BSODs. Another was a “reliability update” which ironically, caused computer to get stuck in a rebooting cycle.
If you’re a novice user, than by all means, use the auto-updates but I’d think most people reading this blog are at least intermediate if not expert users. And these types of users know the headaches updates can cause and should be careful with them and not just load them all when Microsoft says so.
I personally read the bi-weekly patch column in the Windows Secrets newsletter to help determine which ones to install right away and which ones to wait a couple of weeks on.
@Phil: That is bad advice too, sorry. The real solution is to wait and let other users figure out what the problems are and install the SP at some future but not too far in the future date. That way you get the easy upgrade path for later but don’t shoot yourself in the foot (i.e. you won’t have to endure any problems at all).
Yes, I am up to date on the patches. Also, I use Secunia PSI to keep up on all updates. Plus I had a full backup.
Being as I am one of the people others turn to with their computer issues, I figured better to try it on myself first. For others, it is probably not a bad idea to wait a few weeks.
Do be prepared to spend an hour to install SP1 via Windows Update.
I installed it the 1st day on a virtually brand new Lenovo laptop with Home Ultimate. My rationales were a) I didn’t have anything to lose data-wise, or too much configuration-wise, plus I always have my trusty MacBook to use while it got rebuilt.
As someone who has lived through the NT4 SP2 and SP6 (not 6a) debacles, I sure as hell wouldn’t do that in a production environment. Then, like with all of their RTM products, I let someone else be the guinea pigs…err, early adopters.
@Brian
Ah, but you didn’t say “wait a while” in your post, you just ranted against the service pack with an arrogant “who needs it anyway” attitude.
The problem with delaying is, if there are any problems, Microsoft doesn’t hear about them because nobody’s applying the Service Pack. So it takes even longer to fix.
So, best advice? Wait at most a few months before installing SP1, but don’t not install it.
If you have to call PSS with any Windows 7 (non-SP1) problems from now on, Microsoft’s first response will be the command to install SP1.
Better to get the SP installed, report any bugs, back it out if need be, and eagerly seek a solution.
I know Microsoft’s past history isn’t brilliant, with Windows 2003 SP2’s Advanced Networking Pack which screwed up more than it fixed and XP SP3’s blue screen and reboot loop on certain Compaq desktops (including my daughter’s).
But, from my experience (around 30 2008 R2 servers and a few Windows 7 boxes updated without incident or subsequent problems), SP1 is looking good so far.
For the record, I updated the above post right after I posted it to add “at least for now” to that third paragraph.
I’m sorry that the column sounded arrogant to you. But I think a lot of readers here would take issue with the concept that they have some obligation to be Microsoft’s Guinea pigs. True, Microsoft can’t be expected to figure out every possible wrinkle with every imaginable software and hardware conflict, but that doesn’t mean people should volunteer for something that has a fair degree of likelihood of screwing up their system for little immediate benefit.
Brian just said it best – why should an everyday non-pro user be a guinea pig for MS. I’m not sure I could figure out how to report a problem, even if I managed to realize that SP1 was its cause.
The only reason to download now would be to stop the annoying daily reminder from popping up in the notification box when I start my computer, and that doesn’t weigh much against the potential for SP1 to mess things up.
We have installed on clients and working no problem but we don’t patch outside of normal auto updates we figure MS has superior knowledge about threat vectors to us. We don’t automatically install updates we run on test box first. We adopt Alex wait and see approach tempered by intel we get from various sources including quality journos like Krebs before we rollout across all clients and in deciding if we will patch outside of regular updates.
I installed it on both my Windows 7 machines without any issues and I was aware of the three hotfix issues before installing. Why did I install it you ask? Cause I like to live dangerously…that’s the kind of guy I am.
I remember back in the day when TechTV had the Screensavers on. I think it was on the day the XP SP1 was released they had a segment on a security bug that MS fixed in the service pack, but kept quit about. Ever sense then I have installed service packs ASAP after release.
I installed it with no problems. In fact my logs show zero errors since installation.
I can only only speak for myself, but if I distrusted any company to the point that I suspected them of using me as a guinea pig I wouldn’t use their products in the first place. Period.
I’m with Phil on this one.
I installed SP1 this morning on x64 machine. Downloaded fine, installed fine, hung up at 30% config. Shut down machine, restarted, it then finished config. Don’t know cause, checked logs but can’t figure it out. Just glad it finished successfully. I installed thinking there might be some security fixes that hadn’t been posted by MS. I had a full system b/u done before attempting SP1. This is a must.
With this SP1 you have the option of downloading a super file that updates many if not most of windows 7 versions and burning a CD/DVD or USB flashdrive. I may do that and save the disk on the closet shelf for when I have to reload the OS.
In the blog post, the link labeled “Technet forum post” is a duplicate of the link labeled “few uber-geeky feature improvements”. I suspect this was a mistake.
Maybe not. In my 35 years of working for various compuyter manufacturers it was not at all uncommon to refer to fixes for screwups as “improvements”. Incidentally,, installion of SP1 in an otherwise up to date computer cured a minor problem with a third party program.
Brian, thank you for this warning. I saw SP1 appear in Windows Update today, it isn’t checked by default. So I was wondering whether I should install it. Another source also mentions that it doesn’t really matter whether you install it now or in two years when Microsoft drops support for Windows 7 without SP1. But they also say that so far there don’t seem to be any issues with this service pack. For me the question then really was whether I want to spend an hour of my time on that. Now I decided that I better wait a little longer – even though I don’t have any of the mentioned hotfixes installed (nice command btw), I don’t like taking risks when it comes to my work system.
I work on a Mac ever since our money was stolen via a Zeus Trojan, so this is slightly amusing. However, I do think these discussions are helpful to help users decide what TO or NOT TO install on THEIR systems. IMO, whenever a company, be it MS or Apple, et al, releases a patch or update, they should have no question as to their stability. After all, they are being released to thousands of users. Accountability is the bigger issue here.
Amusing in what way? How long do wait to install the .1 versions of MacOS, which are effectively equivalent to Windows service packs? My main home machine has been a Mac since a Mac Classic in 1990…and Apple screws up, too. Anyone remember the version of iTunes whose installer would delete the contents of your hard drive because they didn’t put an rm -r’s (recursive delete) path name in quotes? By and large, unless you need a fix immediately, it pays to wait …and for IT professionals your job might depend on waiting.
Calm down, Rick. I did mention Apple, if you read my entire post. It’s amusing to me just because it is. I also enjoy watching star quarterbacks throw interceptions and “geniuses” that can’t change a tire. I also like seeing Krebs getting a little sass every once in a while. It’s fun because it is. Hi, Brian! Love your site!
I should add that SP1 updated 5 drivers on my machine and installed one new hidden service, TsUsbFlt.sys. In addition to that, 5 other services were removed and reinstalled. IE8 was also removed and reinstalled.
Oops, I should have also added the fact that my machine was 100% up to date before I installed SP1.
any info. on slipstreaming SP1 onto a CD image copy of Win7?
I’m still using XP on my netbook – but w/ recent memory upgrade would be willing to install Win7 when I get the chance to backup.
Wondering if you can still slipstream the OS like WindowsXP.
Basically, download the Win7 SP1 and use the CMD line to apply all the patches to a hard drive copy of the Win 7 cd contents. Reburn. And viola – install Win7 w/ SP1 from the get go.
Krebs – good blog BTW.
ive had a number of problems, my computer slowed down considerably until i installed another update they released a day later. In addition im now getting messages saying my installation of windows is counterfeit, which is ridiculous since its the same windows 7 key i got when i bought my computer
My machine is completely up-to-date and I installed SP1 when it came out. I didn’t have any problems at all, but I agree that it’s a good idea for most end users to wait to see what issues may occur and be prepared in the event that one crops up.
Still, the severity of some of the problems people have encountered during or after installation of SP1 is concerning. I don’t expect Microsoft to be able to anticipate every possible conflict, but a lot of people will probably see the update, assume they should download it, and do so without any prior research. Considering the level of aggravation or horror an average user may experience with a faulty installation, you’d think Microsoft would be a little more cautious.
Brian,
Don’t you mean Windows SERVER 2008 R2?
Doh! Henry, you’re right. I omitted the server part. Have added it. Thanks for the heads up
I think where all stressing about this too much, use your own discretion. Brian keep the good work.
Microsoft no longer supports xp sp2. That creates some issues if you want to minimize exposure. So you’re pretty much stuck with updating to xp sp3.
The most important thing to keep in mind, is don’t fire off the Win 7 sp1 update if you don’t have the time to fix it.
If the use of the machine is important, use Clonezilla to image the drive, if the update goes wrong, use the image to start over.
And Brian, the guinea pigs are the one’s using the rc releases, and we know we’re guinea pigs, hence vm’s.
Once it’s released via Windows update it should be good, well, unless you own a Samsung phone. 🙂
That said, I’ve only fired the update on 2 test units, out of the networks I’m responsible for. 🙂 So even I’m still in the wait and see what happens to everyone else mode.
Hey Brian,
you blog has always been something to look forward – to be honest inspirational. i could not let this article go away, read it twice; okay three times, thought i did comment.
first of all, your blog is not run of the mill it is sort of – ‘sleeps under the blanket of the very freedom I (you)
provide – few good men.’
aren’t all your readers that follow your blog not those trigger-oops- mouse click happy people.
you sound so much like Microsoft bashing (wait they must (have to ) make mistake) – apple fan-boy. oh! sorry tiger is extinct – go far-east lucky if you find one , leopard n snow leopard we are hunting it down, give one more month we will make it extinct too – no service pack just Lion – on a lighter note mac bashing.
I had problem with HDMI – mine win 7 update is a automatic, one fine evening it was smooth – wondered the magic, things became clear, you had pointed not to update sp1 i did it, further inquiry the culprit was sp1. me happy though i am not tigger happy.
JUST A THOUGHT
SP1 does update things you may not be aware of, and in some cases it forgets to do so. When installing SP1 interactively (i.e. via the EXE file) it forgets to update the USB drivers. See http://goo.gl/53bdR for more details.
I am not sure if the WU version behaves differently, but I saw the mentioned issues on all Windows 7 systems I installed SP1 on, both 32 and 64 bit.
My own experiences with SP1 install include somehow getting my Office 2007 install corrupted.
Symptoms include Word telling me I have insufficient system memory to run it, and Outlook telling me it is unable to start because it can’t initialize some of its components.
I was unable to repair or uninstall it because the installation source files on disk were corrupted somehow (for repair) and I got error reports regarding Windows Installer (for uninstall).
In the end I ended up running the MS Fixit tool for Office 2007 removal, after which I was able to install Office again.
What caused this? I have no idea. What I did was running Win Updates prior to SP1 install, I uninstalled my security suite (Kaspersky) and even run chkdsk for good measure in order to be sure nothing would go wrong =)
On the technical forums I follow, there are a number of people experiencing serious problems after installing SP1. Brian’s advice to hold off for a while sounds good to me.
Oh, I’ll definitely be waiting a while, until 2014 when Windows XP (with SP3) extended support ends. 😉
As far as I’m concerned, Microsoft screwed the pooch with their horrendous UI (User Interface) redesigns and removal of classic mode. Way to alienate your user base by taking away choice. 🙁
Over a year and half later, Windows XP still has the highest usage share of all Windows versions. Where I work (a large enterprise), we’re still using Windows XP despite having a Windows 7 pilot program for over a year. There are just too many application compatibility and user training issues/costs to justify upgrading.