Full Disclosure mailing list archives
Re: Windows Update
From: David Vincent <support () sleepdeprived ca>
Date: Mon, 23 Aug 2004 08:38:32 -0700
Darren Reed wrote:
I'm just annoyed that Microsoft now requires me to run another service if I want their update website to work when I use it. Turning off automatic updates in the control panel doesn't do anything to the service other than tell it to not poll the Microsoft site and tell me if I am missing something.What I see Microsoft as doing is pretty much forcing everyone to turn on Automatic Windows Update. Why leave it as a control panel option, I've no clue. Same with BIT (Background Intelligent Transfers.) For the millions of users out there that are likely subject to viruses, etc, I'm sure it will help make things better, but for people who would fit into the "power user" class, it's a real pain in the arse.
If you don't want to use Windows Update, you can always download each patch manually from the links provided in their monthly security bulletins. You are subscribed to their bulletins right? Once you have each patch downloaded, you can indeed plan the rollout to your system, don't forget you need a tool to check that your patches were installed correctly, like MBSA or HFNETCHK.I really object to this philosophy because it does not let a person plan the downloading and installation of updates - some of which will require a reboot.
What do large corporate installations of Windows do here?
SUS, soon to be WUS.
Do they run their own caches of the Windows updates?
Yes, SUS, soon to be WUS.
Well, no. The clients really pull it from the SUS Server, which pulls it from Microsoft.Push out updates from servers rather than have clients pull?
Is it all done with SUS?
Yes.
Define node. On a workstation? No, you need a Windows Server (2000 or 2003) to run SUS from. You also cannot visit the SUS site from a workstation using IE and do a scan like you do with Windows Update. You have to schedule things so the client will poll the server for updates it is missing.Is SUS usable on a single node, in place of WU?
Subscribe to the Monthly Security bulletins and download the patches using the links provided there. Or go to http://www.microsoft.com/security and click on the "More security updates..." link. I think you can take it from there.The help for the "Windows Update" web site suggests that it is possible to get updates without Automatic Updates. Is the help out of date or is there a way to still do it without AU on ?
No, if I were a conspiracy theorist I'd say Microsoft was pushing Automatic Updates so they could install secret backdoors on everyone's computers and then sneak in during the night to steal CPU cycles to donate to their friends from Betelgeuse 5 who need the help to plan their takeover of Planet Earth.If you were a conspiracy theorist, you'd say this was Microsoft's way of being able to do more automatic updates before announcing a security vulnerability and mitigate the impact of 0-day exploits (developed through reverse engineering of changes.)
-d _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Windows Update, (continued)
- Re: Windows Update David Vincent (Aug 20)
- Re: Windows Update Gregh (Aug 21)
- Re: Windows Update Michael Schaefer (Aug 23)
- Re: Windows Update Barry Fitzgerald (Aug 23)
- RE: Windows Update joe (Aug 24)
- Re: Windows Update Barry Fitzgerald (Aug 24)
- RE: Windows Update joe (Aug 23)
- Re: Windows Update ASB (Aug 23)
- Re: Windows Update David Vincent (Aug 23)
- Re: The 'good worm' from HP Florian Weimer (Aug 20)
- Re: The 'good worm' from HP Valdis . Kletnieks (Aug 20)
- Re: The 'good worm' from HP Maarten (Aug 20)
- Re: The 'good worm' from HP Nick FitzGerald (Aug 20)
- RE: The 'good worm' from HP fulldisclosure (Aug 21)
- Re: The 'good worm' from HP michael williamson (Aug 21)
- Re: The 'good worm' from HP Maarten (Aug 21)
- Re: The 'good worm' from HP michael williamson (Aug 21)