This is a widespread problem which becomes especially acute if your firewall/AV programs try to update the same time as Windows.

What happens is that the Windows Update process takes over the entire PC using 100% of CPU to do multiple updates essentially choking off the Firewall/AV updates. Consequently, your firewall/AV will issue all kinds of off-the-wall error messages which mean nothing. Don't un-install your firewall/AV. There is nothing wrong with them.

The solution is to leave your PC alone for about 30-60 miutes and then reboot. In most cases everything comes with a green board. There is a big thread about this over at PC Magazine with quotes from Symantec and others.
http://www.appscout.com/2007/05/who_killed_my_computer_part_1.php#more

If I remember correct from the documentation Vista has a safety feature that when you connect a network connection and the firewall is off it will start it up. This is protection against applications turning it off to get free run of your network/Internet connection.

I don't think I'd feel secure with One Care, the software may function but how well? You do know Joe that they failed to even hit 85% detection for typical viruses in comparatives TWICE, it was about 82% I believe. I laugh at that because AVG and other free AVs trounced it thoroughly... so while One Care works, I don't think it works well, mediocre would be a better word like other MS bought products (defender and frontpage come to mind).

As for the updates breaking these security programs, it wouldn't surprise me, MS hasn't seemed to care that much about other companies, and now that they have One Care they can cash in on less techie/busy people complaining that their AVs don't work... like you.

I myself, feel very secure. Ubuntu keeps me safe, and its updates can't break my AV, cuz I don't have one :p

No problems here, using NAV05 an NPF05 with current definitions.

I've seen a few computers this week that seem lock up while Windows Update runs. We have AVG 7.5 as well and didn't notice any problems with it, but maybe that was what was causing the update to not work.

Turning off automatic update lets me use the computer, but not do the updates. I've been able to make that work by stopping the service, deleting the "SoftwareDistribution" folder as mentioned and also reinstalling the update software manually. One one computer it still wouldn't update until after doing a registry clean as well.

If I encounter it again I'll have to mess with AVG as well to see if that's causing the problem.

Well Joe,

I usually agree with your points, but this one I repectfully cannot;

"Upfront, I want to debunk any conspiracy theories that might appear in the comments. I don't believe Microsoft is shafting security software for competitive reasons. Windows is under enough security assault without Microsoft making matters worse. I highly doubt there is any conspiracy here."

Come on now. Coincidence, again? Do we need a refresher course in Windows 101 on all the dirty tricks that M$ has pulled starting with DRDOS in Windows 3x not being able to run in enhanced mode on a 286? How about how Office always seemed to get the API right and Wordperfect and Lotus always had problems as soon as a new Windows came out? Coincidence, again huh?

conspiracy theory Number 1;

Perhaps as possible as Vista breaks so many programs anyway. But consider the fact that M$ has entered the antivirus and antitrojan field now. Like everything else, why wouldn't they use there usual dirty tricks? While Onecare is a bottom product right now, you can bet it will improve. In a few years, companies like Norton will be a shadow of itself. M$ will take over this market, except for the "free" antivirus programs, and you don't think they are in M$ sights? Its just the ole playbook, by the master chess player Gates, who will always control M$ with all his Stock, even if he is not involved in the "day to day running of it."

Both of my systems running F-Secure Internet Security 2007 became a nightmare after the updates. The services continued to function, but the system had some serious issues with not being able to log out, context menu's not available to click on, etc. The symptoms were consitent across both machines. System restore, uninsstall of f-secure then re-applying windows updates worked. Unfortunately, that meant no security software ... so I'm back to a system without the update for now (and vista on the other machine)

http://blogs.technet.com/wsus/archive/2007/05/15/srvhost-msi-issue-follow-up.aspx

The 100% CPU/SVChost issue is a big one. Get your fix there.

I too have seen both Microsoft Update and Windows Update fail and take 100% CPU on multiple machines. The prescribed "fix" to delete the SoftwareDistribution folder worked on 2 machines, but on one machine, which is Windows 2000, even after deleting the folder only Windows Update worked and not Microsoft Update.

A particularly nasty aspect of this problem is that regular users have no idea what's happening. Most users start their machine and everything appears normal, but very soon their machine grinds to a halt with the CPU pegged at 100%. That's because they've connected to the Internet and the Automatic update has kicked in. Most users are certain that the computer has been taken over by a virus or some other kind of malware, or if their machine is older they start to think that their machine has reached the end of its usable life.

Anyway, the problem is known by Microsoft and supposedly a fix for this will be released on May 22. We'll see...

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=89&articleId=9019218&intsrc=hm_topic

Great -- as a user of AVG 7.5, now I'm going to have to worry about this the next time I dual boot back into XP from OpenSUSE. Of course, it's been a month, and might not happen again for some time ... hopefully any fix'll be effective.

I've actually wondered if there's a growing population of dual-booters like me who face an interesting dynamic from this perspective -- just how vulnerable am I for how long when I boot back to Windows, and have a boatload of updates to wait for? And how much risk of conflicts emerging on update installation, since there's no reasonable way Microsoft can test every possible permutation of install sequence over time? (I don't fault them for that, it's just a reality).

(p.s. Just re-read this -- to avoid stereotypification, I'm not a Linux zealot nor a Microsoft hater, I'm just doing what makes sense for myself and our household).

Can anyone confirm if what you've described above is the reason Microsoft issued a High Priority update not on their usual Screw-Up-Tuesday, but two weeks later?

Here is the relatively uninformative information:

High-priority updates
Microsoft Windows XP
Download size: 1.2 MB , less than 1 minute

Update for Windows XP (KB927891)
Date last published: 5/22/2007
Download size: 1.2 MB
This is a reliability update. This update resolves an issue in the Windows Installer (MSI) that can affect performance during software updates. After you install this item, you may have to restart your computer.

I stumbled across Autopatcher - this allows you to forget Windows Update, and run the updates through a third party program. The beauty is that you can also remove anything you install.. I'm hooked - saves a ton of time in installs, too. I download from the fast mirror site at www.ap.500words.ca. The main website is www.autopatcher.com.

I have been in Network IT since 1986. I have seen it all. I have used Norton's Internet Security for the last several years. The complaint I have with most AV software is the high CPU load. About 6 months ago a manager's system began acting funny. I did a manual scan of the system with Norton's AV fully updated. Nothing found. I did an online test scan from MS One Care Live website. It found 4 different viruses and cleaned them without having to download a special removal tool. From that point we decided to try the Full MS One Care package on that system out of the 30 pcs on the network. The system ran smoother than any of the other systems using NIS. With the success on the one system half the Sales Dept's PC were switched to One Care. The Sales PCs have been the worst as far as performance issues in the past yet the One Care systems ran at normal speeds without the high cpu useage. Lastly, the NIS systems had 6 infections during the test period while the One Care systems had only 1 and that was automatically removed before I had a chance to remove it manually. Since then all 30 systems were switched to MS One Care. The only issue I have is no telephone support for One Care. I had a subscription problem on one system and have as of yet to get it resolved. But it still runs fine and is updating etc.

If your looking for even more information on PC security then I would head over here as they have plenty of stuff on identity theft, antivirus software etc.