Full Disclosure mailing list archives
Re: Windows Update
From: ASB <abaker () gmail com>
Date: Mon, 23 Aug 2004 09:01:49 -0400
Just because the Automatic Update service is enabled, doesn't mean that updates will be automatically "installed". There are various options for configuration. I require AU enabled because I'm using SUS, and I control when updates are available. The automatic nature of the service is not an implicit evil. -ASB On Sat, 21 Aug 2004 19:56:14 -0400, Über GuidoZ <uberguidoz () gmail com> wrote:
Umm, hold on a sec here... (snip from "James Tucker"):There really should be no reason why you would want to disable the Automatic Updates service anyway, unless you are rolling out updates using a centralised distribution system, in which case you would not need it anyway.I believe you are missing one fundamental point: SPs and updates are notorious for breaking something else. (Especially from Microsoft.) Granted, if fixing a security weakness breaks something you're using, then that aspect could have been written better. However, that still doesn't fix it when an entire business network goes down and YOU are the one responsible. I do not allow ANY automatic updates (except for virus definitions) to run on ANY networks I am in charge of. I take the time (like every good sysadmin should) to look over each update before applying it so I know three things: 1. What it's fixing/patching 2. Why it's fixing/patching it 3. What will be the end result of the fix/patch If you would simply allow updates and SPs to have free reign over your system(s) without taking any time to look over those updates, you're going to be one busy and irritated sysadmin. That is, if you still have a job after a little bit. ~G P.S. Don't take my word for it. Look here: - http://www.infoworld.com/article/04/08/12/HNdisablesp2_1.html - http://www.pcworld.idg.com.au/index.php/id;1183008015;fp;2;fpid;1 - http://www.integratedmar.com/ecl-usa/story.cfm?item=18619 - http://www.vnunet.com/news/1157279 - Or, find the other 200+ articles by searching Google News for "disable automatic update sp2" =) On Sat, 21 Aug 2004 18:51:40 -0300, James Tucker <jftucker () gmail com> wrote:Here I found that I can have BITS and Automatic Updates in "manual", Windows Update works fine here. It may be a good idea to refresh the MMC console page, as you will probably find that at time the service had shut down if and when BITS was stopped prematurely (i.e. when it was in use). There really should be no reason why you would want to disable the Automatic Updates service anyway, unless you are rolling out updates using a centralised distribution system, in which case you would not need it anyway. If you are worried about system resources, you should look into how much the service really uses; the effect is negligable, in fact there is more impact if you select (scroll over) a large number of application shortcuts (due to the caching system) than if you leave Automatic Updates on. If you are worried about your privacy and you dont believe that the data sent back and forth has not been checked before, then you surely dont want to run Windows Updates ever. If you want to cull some real system resources and have not already done so, turn the Help and Support service to manual, that will save ~30mb on boot, up until the first use of XP help; this will stop help links from programs from forwarding to the correct page, until the service has loaded once. As for worry over using bandwidth on your internet service, again, you want to check this out as its a trickle service, not a flood. BITS does not stand for Bloody Idiots Trashing Service; it means what it says on the tin. On Fri, 20 Aug 2004 14:30:22 -0700, David Vincent <support () sleepdeprived ca> wrote:joe wrote:Yep, this is how it works now. You control whether Windows Update is updating or not via the security panel in the control panel applets (wscui.cpl).To eb complete, I should have mentioned I have Automatic Updates turned off in the control panel. I also had the service disabled before applying SP2 and venturing to Windows Update v5.Of course if you aren't using automatic update you could always disable the service and just reenable when you go to do the update, or don't use windows update at all and just pull the downloads separately. We are talking about a single command line to reenable that serviceYep.Is it a pain? Yes, for those who like to run minimal services. Is it a security issue or life threatening, probably not.Agreed. -d
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Windows Update, (continued)
- Windows Update Security List (Aug 20)
- RE: Windows Update ISNYC (Aug 20)
- RE: Windows Update joe (Aug 20)
- Re: Windows Update David Vincent (Aug 20)
- Re: Windows Update James Tucker (Aug 21)
- Re: Windows Update Über GuidoZ (Aug 21)
- RE: Windows Update joe (Aug 22)
- RE: Windows Update Dave Aitel (Aug 22)
- Re: Windows Update Über GuidoZ (Aug 24)
- RE: Windows Update joe (Aug 25)
- RE: Windows Update ISNYC (Aug 20)
- Re: Windows Update ASB (Aug 23)
- Windows Update Security List (Aug 20)
- Re: Windows Update Michael Schaefer (Aug 23)
- Re: Windows Update Michael Schaefer (Aug 23)
- Re: Windows Update Barry Fitzgerald (Aug 23)
- RE: Windows Update joe (Aug 24)
- Re: Windows Update Barry Fitzgerald (Aug 24)
- RE: Windows Update joe (Aug 23)