Full Disclosure mailing list archives
RE: Windows Update
From: "joe" <mvp () joeware net>
Date: Tue, 24 Aug 2004 11:28:07 -0400
The client is required. I have sent a complaint to MS though concerning the idea that the service set to manual but started doesn't allow the updates to occur. That, I agree, is a bad design choice. If the service is set to automatic but not started, it will get started as soon as you try to actually search for updates. Having it set to auto and not started just gets you past the initial check. I actually replaced the service with a quick "do-nothing" service I wrote and the web page gets past the initial check but then hangs in the search for updates section. I have no doubt that the client is actually used and needed. Once again, I agree requiring the service set to automatic is poor. Again however, this isn't life threatening or insecure, just a pain. Simply use something to quickly change the start config for the service before going to the windows update site and change it back afterward. No big hoo hoo. joe -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Barry Fitzgerald Sent: Monday, August 23, 2004 4:35 PM To: mbs () mistrealm com Cc: full-disclosure () netsys com Subject: Re: [Full-disclosure] Windows Update It's a little bit more than seriously annoying, though. It represents a very poor design choice. Obviously, if this setting change works, it means that the automatic update client is not actually necessary to install patches from windowsupdate. I could see the service requirement *if* Microsoft were piggybacking the installation code off of the client in an effort to no longer rely on installing the code with an ActiveX control, however what this demonstrates is that the only reason to do this check is strictly to ensure that automatic updates is running. This is either a bug or a very poor design choice. If the idea is to ensure that everyone has automatic update running, then it's going fail. The people who are getting their updates from WindowsUpdate are not the people you generally need to worry about getting their patches -- it's the people who don't know about WindowsUpdate and who don't have automatic update running that you have to worry about. What I'm saying is that warning people is good; blocking people is bad. It's kind of like not letting someone get a medical checkup if they don't check their blood sugar everyday. It hurts people more than it helps. -Barry _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Windows Update, (continued)
- RE: Windows Update joe (Aug 22)
- RE: Windows Update Dave Aitel (Aug 22)
- Re: Windows Update Über GuidoZ (Aug 24)
- RE: Windows Update joe (Aug 25)
- Re: Windows Update ASB (Aug 23)
- Re: Windows Update Michael Schaefer (Aug 23)
- Re: Windows Update David Vincent (Aug 20)
- Re: Windows Update Gregh (Aug 21)
- Re: Windows Update Michael Schaefer (Aug 23)
- Re: Windows Update Barry Fitzgerald (Aug 23)
- RE: Windows Update joe (Aug 24)
- Re: Windows Update Barry Fitzgerald (Aug 24)
- RE: Windows Update joe (Aug 23)
- Re: Windows Update ASB (Aug 23)
- Re: Windows Update David Vincent (Aug 23)
- Re: The 'good worm' from HP Florian Weimer (Aug 20)
- Re: The 'good worm' from HP Valdis . Kletnieks (Aug 20)
- Re: The 'good worm' from HP Maarten (Aug 20)