Microsoft has shipped the first beta of a software installer that is one key piece in a forthcoming overhaul of the company’s patch management architecture.
Microsoft Installer (MSI) 3.0, now available to users in the beta program, will become one of two installer technologies that will replace the jumble of eight installers Microsoft has today for installing patches.
MSI 3.0 will be used for most applications, while Update.exe will be the installer for the operating system.
In June, Microsoft admitted that its patch management architecture was broken and vowed to fix it, reducing the number of installer technologies and creating one comprehensive site where users could find patches for all Microsoft products.
A mish-mash of patch resources has fueled complaints for years that Microsoft’s patch management system is tainted by inconsistencies in how to find, deploy and verify a patch was installed.
Scott Culp, senior security strategist for the Trustworthy Computing team at Microsoft, said MSI 3.0 would be compatible with Windows Server 2003, Windows XP and Windows 2000 with Service Pack 3 and higher. Once users add MSI 3.0 to those platforms, Culp said they would be able to take advantage of changes Microsoft is making to its patch management infrastructure.
MSI 3.0, which includes improvements in authoring, creating, distributing and managing updates to applications, is expected to ship by mid-2004. It is designed to reduce the number of reboots needed when installing patches and other software, eliminate the calamity of file versions overwriting one another and improve the rollback of installations. MSI 3.0 also will allow the installation or removal of more than one patch at a time, but allows patches installed as part of a batch process to be uninstalled individually.
By the end of 2004, Microsoft expects to converge all products onto MSI 3.0 and Update.exe.
The installer technologies will be baked into Microsoft products starting with the Longhorn wave of software, according to Microsoft. The wave is expected to begin with a new desktop OS in 2005 or 2006.
Today, Windows Update only supplies patches for Windows and users must go to other sites to find patches for other products. To add to the confusion, other products – such as SQL Server, Exchange and Office – all have their own unique technologies for installing patches.
Microsoft hopes that cutting the number of installers is one step in reducing the burden of patch management.