Are Updates dangerous!
in [Windows XP]
|
From: Daave on 12 Feb 2010 14:47 C wrote: > joe wrote: >> Don't see what you're getting at. >> >> >> "C" <nospamming(a)please.com.invalid> wrote in message >> news:hl41mi$ps3$1(a)speranza.aioe.org... >>> joe wrote: >>>> Thank you Daave,SK and Shenan for a very detailed and informative >>>> answer. I intend to follow all the advice given here, especially >>>> waiting a couple of days before installing the updates. A very >>>> good idea :-) >>> No, it's a very bad idea. They don't call it Exploit Wednesday for >>> nothing. >>> >>> -- >>> C >> >> > > After patches are released on the second Tuesday of the month, the > hackers get to work the next day on the computers of n00bs who haven't > updated yet. Ergo, Exploit Wednesday immediately follows Update > Tuesday. Do you understand now? I would imagine the hackers don't even wait. To OP: In order to be as safe as possible, you need to do the following: 1. Regularly image your hard drive so you have something to fall back on if the need arises. 2. Install the Microsoft critical security updates as soon as they come out. Chances are you won't run into any problems. And if you do, all you need to do is restore the most recent image you have. If you decide to manually update (and wait a few days), arguably you will be slightly less safe. Then again, if you have your firewall running and you avoid dodgy Web sites and don't click on spurious e-mail attachments and if your AV defintions are up-to-date, you should be fine for all intents and purposes. And again, if you run into any problems, you can still restore the most recent image of your hard drive. :-)
From: MowGreen on 12 Feb 2010 15:32 S K wrote: > On Feb 12, 11:49 am, "joe"<j...(a)ebox.com> wrote: >> Thank you Daave,SK and Shenan for a very detailed and informative answer. I >> intend to follow all the advice given here, especially waiting a couple of >> days before installing the updates. A very good idea :-) >> >> "Daave"<da...(a)example.com> wrote in message >> >> news:Oaoqso$qKHA.4220(a)TK2MSFTNGP05.phx.gbl... >> >>> One more time... >> >>> http://groups.google.com/group/microsoft.public.windowsxp.general/msg... > > > And definitely don't install updates in the middle of a busy work day > when the computer absolutely MUST keep running. Sometimes what > Microsoft thinks is funny turns out to not be very funny at all. Speaking of "funny", get a load of this - Windows Activation Technologies Update for Windows 7 http://windowsteamblog.com/blogs/genuinewindows/archive/2010/02/11/windows-activation-technologies-update-for-windows-7.aspx?PageIndex=2 " In the coming days, we�ll be deploying a new update for Windows Activation Technologies, the set of built-in activation and validation components built into Windows 7. Called Windows Activation Technologies Update for Windows 7, this update will detect more than 70 known and potentially dangerous activation exploits. Activation exploits are sometimes called �hacks�, and attempt to bypass or compromise Windows� activation technologies. This new update is further evidence of Microsoft�s commitment to keeping customers and partners secure. " But wait ... it's get's even *funnier* - " Media Surveillance, an anti-piracy solutions company based in Germany, recently downloaded more than five hundred pirated copies of Windows 7 (and Windows activation exploits) and found that 32% contained malicious code. " Yeah, the 'malicious code' is DRM and WGA. Doesn't this sound like an Abbott and Costello routine ? " DRM's on first, WGA's on second, but who's on third " " WAT's on third " " Who ? " " No, WAT's on third, Who's at my door ? " But wait, there's more ! - " The Update is designed to run on all editions of Windows 7, although we will distribute first to the Home Premium, Professional, Ultimate and Enterprise editions. It will be available online at www.microsoft.com/genuine beginning February 16 and on the Microsoft Download Center beginning February 17. Later this month, the update will also be offered through Windows Update as an �Important� update. <snip> I�d like to stress that the Update is voluntary, which means that you can choose not to install it when you see it appear on Windows Update. <snip> How does it work? Once installed, the Update protects customers by identifying known activation exploits that may affect their PC experience. If any activation exploits are found, Windows will alert the customer and offer options for resolving the issue � in many cases, with just a few clicks." Yeah, right, " just a few clicks ". That's hystericaly NOT funny for anyone who's had to go through the False Positive Activation/Validation Dance and had to call in to get their OS Activated or Validated. And now for the final guffaw - " The Update will run periodic validations (initially every 90 days). During validation, Windows will download the latest �signatures� that are used to identify new activation exploits � much like an anti-virus service.. " No thanks. My Windows 7 system has been Activated/Validated/Genuined and I *highly* doubt that this update will protect it " by making sure that the integrity of key licensing components remains intact. " No fish, try again. MowGreen ================ *- 343 -* FDNY Never Forgotten ================ banthecheck.com "Security updates should *never* have *non-security content* prechecked MowGreen ================ * -343-* FDNY Never Forgotten ================ banthecheck.com "Security updates should *never* have *non-security content* prechecked
From: (PeteCresswell) on 12 Feb 2010 16:57 Per S K: >Yes, there are problems with updates from time to time. For testing >purposes, some organizations will update non-critical machines to see >if there are any ill effects before flooding all the company's >computers with the update. I usually wait a week or three Flipping it around: would anybody care to comment on the hazard(s) of never applying updates? Let's say "SP2" and call it a day? -- PeteCresswell
From: Shenan Stanley on 12 Feb 2010 17:18 (PeteCresswell) wrote: > Flipping it around: would anybody care to comment on the > hazard(s) of never applying updates? Let's say "SP2" and call > it a day? What's the situation? Where is this computer, what is it used for? -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html
From: Saucy on 12 Feb 2010 17:27
Hey, you might have something there. lol An unpatched rtm Windows XP will be infected within minutes if connected directly to the Internet: http://www.securityfocus.com/columnists/262 "(PeteCresswell)" <x(a)y.Invalid> wrote in message news:ikjbn5t985qth3s7krp421dca06ug6p800(a)4ax.com... > Per S K: >>Yes, there are problems with updates from time to time. For testing >>purposes, some organizations will update non-critical machines to see >>if there are any ill effects before flooding all the company's >>computers with the update. I usually wait a week or three > > Flipping it around: would anybody care to comment on the > hazard(s) of never applying updates? Let's say "SP2" and call > it a day? > -- > PeteCresswell |