People using Windows XP Service Pack 3 may not be offered all the .NET security patches their applications require.

First I'll give you some background on .NET Framework, and then I'll describe how to tell whether you need to be concerned about the matter.

Microsoft created .NET Framework to provide building blocks for applications. .NET is not a component of Windows itself. I strongly recommend that you avoid downloading .NET until you install an application that requires one, at which time the program will likely install the necessary version for you.

To determine whether you have any versions of .NET Framework installed on an XP PC, open the Add or Remove Programs applet in Control Panel and look for entries reading Microsoft .NET Framework. If you don't see any such entries, you needn't worry about the update failure.

If you do see .NET Framework in the list of currently installed programs, you need to make sure you're receiving all the updates your system requires.

When you open the Microsoft Update service on Windows XP, you'll see buttons labeled Express and Custom on the Welcome screen. Click Custom to see three patching categories under Select by Type in the left pane: High Priority; Software, Optional; and Hardware, Optional.

Figure 1. Clicking the Custom button on Microsoft Update's Welcome screen shows a list of high-priority and optional updates for your PC.

While all three categories can be considered security-related, in reality only the top section lists critical patches. The second section shows optional patches for Windows and your apps; the third lists driver updates.

Always install patches listed in the upper section. You can selectively install patches from the Software, Optional section, but I recommend that you never install driver updates directly from the bottom section. In the past, drivers I've downloaded from Microsoft's update service have caused problems. Instead, go to the vendor's own site and download driver updates from there. And remember: if the device isn't causing any problems, refreshing its driver software may be more trouble than it's worth.

When I tested several XP SP3 systems, the upper section of the update window — which lists critical security patches — looked much the same as it did on XP SP2 machines. However, SP2 and SP3 showed many differences in the middle section listing optional software updates, including those for .NET Framework.

There's a very good reason the updates in the middle section are listed as "optional." Until an application on your system requires .NET Framework to function, don't install any .NET Framework patches.

Microsoft's update service will offer systems running XP SP2 an update to .NET Framework 3.0, but machines using XP SP3 won't see it listed among the optional patches.

By the way, several readers notified me that they had problems with the Secunia software scanner. I'll investigate these issues and report what I find in a future Patch Watch column.

Here's the bottom line: don't install any .NET Framework patches listed in Microsoft Update's "Software, Optional" section unless you're sure you have the corresponding .NET Framework installed on your system. Any application requiring a specific .NET Framework, such as Intuit's Quickbooks accounting program, will install the necessary version automatically.