Re: Windows Update

[ASB <abaker () gmail com>]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I really object to this philosophy because it does not let a person
plan the downloading and installation of updates - some of which will
require a reboot.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Feel free to elaborate on how it prevents this.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> What do large corporate installations of Windows do here?
> Do they run their own caches of the Windows updates?
> Push out updates from servers rather than have clients pull?
> Is it all done with SUS?
> Is SUS usable on a single node, in place of WU?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

There are a number of patching solutions for Windows, some push-based
and some pull-based.   Many folks use SUS in some capacity, even if
augmented by 3rd party solutions.

SUS requires AU, but the admin can control what patches are available
and when they are installed.

It's all explained in the SUS docs, and at http://www.susserver.org

-ASB

On Mon, 23 Aug 2004 20:52:01 +1000 (Australia/NSW), Darren Reed
<avalon () cairo anu edu au> wrote:
> In some mail from Security List, sie said:
> > Went to windows update last night w/ XP Pro.
> > Redirected to the v5 version.  I was asked to install
> > the new Windows Update software...downloaded the WU
> > software...copied the files...then saw
> > registering...kinda thinking that it was checking for
> > a valid registration or license.  No updates needed
> > according to WU.  XP SP2 is not available via WU for
> > XP Pro yet.
> >
> > Now, I checked the Automatic Update service to see if
> > it was turned back start automatic as I always have it
> > disabled.  Yup, it was set to automatic and it was
> > started.  I stop and disable automatic update service,
> > and try WU.  Get error stating that the automatic
> > update service must be enable to use WU now.  Has
> > anybody else head of this?  Once again, we must have
> > services that we do not want enable.  I can not
> > believe that they are forcing user to turn on the
> > service to use WU.
>
> I discovered this when testing out v5beta and had to do a checkpoint
> recovery to restore version 4.  If you don't install the latest
> Windows Update software (if, for example, you have all Active X stuff
> set for prompting and you say "no") then you don't even get to 1st
> base and Windows Updates (via a convienient mechanism) are not available.
> IMHO, this sucks big time.
>
> What I see Microsoft as doing is pretty much forcing everyone to turn
> on Automatic Windows Update.  Why leave it as a control panel option,
> I've no clue.  Same with BIT (Background Intelligent Transfers.)
> For the millions of users out there that are likely subject to viruses,
> etc, I'm sure it will help make things better, but for people who would
> fit into the "power user" class, it's a real pain in the arse.
>
> I really object to this philosophy because it does not let a person
> plan the downloading and installation of updates - some of which will
> require a reboot.
>
> What do large corporate installations of Windows do here?
> Do they run their own caches of the Windows updates?
> Push out updates from servers rather than have clients pull?
> Is it all done with SUS?
> Is SUS usable on a single node, in place of WU?
> The help for the "Windows Update" web site suggests that it is
> possible to get updates without Automatic Updates.  Is the help
> out of date or is there a way to still do it without AU on ?
>
> If you were a conspiracy theorist, you'd say this was Microsoft's way
> of being able to do more automatic updates before announcing a security
> vulnerability and mitigate the impact of 0-day exploits (developed through
> reverse engineering of changes.)
>
> Darren
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html