My antivirus tells me LegacyUpdate.exe is infected! What are you trying to do to my PC?

Legacy Update is in an awkward position because it’s not a very commonly downloaded file. That causes AVs to be more vigilant, and use more generic detections. The idea is to err on the side of caution, because the AV vendor doesn’t have enough information crowdsourced from its users to decide whether it’s safe or not.

Some reasons Legacy Update might wrongly flag as malware could be:

If your antivirus reports malware, please consider finding and filling out their false-positive report form. For instance, do a Google search for “Microsoft Defender false positive report”. Their engineers will investigate, and should be able to confirm that Legacy Update is safe to use.

You can refer to VirusTotal results for more detailed info on how AVs detect Legacy Update. If you have the time to set up a build environment, you can always build from source.

Am I using up all your bandwidth when I use this?

Not at all, please feel free to install as many updates as you like. The updates themselves come directly from Microsoft servers. The website of course is hosted on my server, but employs Cloudflare edge caching, so you’re in fact rarely sending traffic to my actual server.

When you check for updates, the Windows Update protocol traffic is proxied through my server, so that it can be downgraded from modern encryption to something old Windows can understand. All the server currently does is pass through exactly what your machine, or the Microsoft server, sends, with no processing beyond that. This traffic isn’t small, but it’s also not really big enough for me to be concerned about either. It’s well below the monthly bandwidth limit I’m allocated by my host.

You can, of course, still send a tip my way to support the server fees - I won’t say no to some extra support and motivation!

Why is it slow?

Windows Update is a complex protocol, and applying updates is an elaborate juggling act to ensure only the correct updates are applied, and in the right order.

When you check for updates, Windows and the Windows Update server compare notes on what’s installed on your system, and therefore which updates are applicable to you. Because there are thousands upon thousands of updates, this is a very long, slow process, heavily tied to your CPU’s single-core performance, and hard drive/SSD read performance. If you watch Task Manager while you check for updates, you might see svchost.exe, wmiprvse.exe, and TrustedInstaller.exe (on Vista and later) using up an entire CPU core. This is the Windows Update Agent evaluating the configuration of your computer so it can let the Windows Update server know which updates it needs to see. Old PCs can take minutes to complete this stage, while a VM running on your modern laptop should fly through this in a few seconds.

While installing updates, you may feel a slowdown on lower-end PCs due to the volume of hard drive write activity. If you have a small amount of RAM in such a system, and a fairly slow hard drive, this can really hurt the system’s ability to use the hard drive as swap/pagefile space. This will clear up once the updates finish installing.

I installed a bunch of updates and now my PC doesn’t boot (e.g. I get “NTLDR is missing”). What now?

It seems that the latest version of the Windows Update Agent installer, when run on Windows XP Home Edition, triggers a limitation of the Windows 2000/XP bootloader (NTLDR). This is covered by KB320397, a patch for XP SP1 that was later built into XP SP2, but the issue still seems to occur despite the fix.

You can resolve this in one of a few ways:

What about Windows 95, 98, Me, and NT 4?

To explain this, here is a quick history of Windows Update:

Legacy Update works because we’re lucky enough that the Windows Update v6 protocol is pretty much the same today as it was when the v6 protocol was first released around 2005. It seems unlikely that Microsoft will completely discontinue Windows Update for 2000/XP, though as I discussed in the introduction paragraph, Microsoft has taken a very destructive approach to discontinuing services for old versions of Windows, right down to deleting legacy downloads and knowledge base articles from their servers, so that’s still an issue to be concerned about.

Given Windows Update is a protocol, and not a website Wayback Machine can easily scrape and archive, I’m concerned that this means the legacy Windows Update servers and the updates/drivers they provide are lost to time. Some, but not all, of Windows Update v3 has been preserved by the Wayback Machine, so I’m looking into what I can do there.

So the answer, pretty much, is that I’d love to support as far back as Windows Update itself has existed, but it may be quite a bit more significant undertaking than Legacy Update has been so far due to Microsoft’s intent to move on from its past. I’m still positive it can be done though!

What do you store when I use this?

Refer to the privacy policy. Please don’t hesitate to reach out to me if you have any concerns with it.