Full Disclosure mailing list archives
Re: Windows Update
From: ASB <abaker () gmail com>
Date: Mon, 23 Aug 2004 09:06:46 -0400
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I really object to this philosophy because it does not let a person plan the downloading and installation of updates - some of which will require a reboot. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Feel free to elaborate on how it prevents this. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
What do large corporate installations of Windows do here? Do they run their own caches of the Windows updates? Push out updates from servers rather than have clients pull? Is it all done with SUS? Is SUS usable on a single node, in place of WU?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There are a number of patching solutions for Windows, some push-based and some pull-based. Many folks use SUS in some capacity, even if augmented by 3rd party solutions. SUS requires AU, but the admin can control what patches are available and when they are installed. It's all explained in the SUS docs, and at http://www.susserver.org -ASB On Mon, 23 Aug 2004 20:52:01 +1000 (Australia/NSW), Darren Reed <avalon () cairo anu edu au> wrote:
In some mail from Security List, sie said:Went to windows update last night w/ XP Pro. Redirected to the v5 version. I was asked to install the new Windows Update software...downloaded the WU software...copied the files...then saw registering...kinda thinking that it was checking for a valid registration or license. No updates needed according to WU. XP SP2 is not available via WU for XP Pro yet. Now, I checked the Automatic Update service to see if it was turned back start automatic as I always have it disabled. Yup, it was set to automatic and it was started. I stop and disable automatic update service, and try WU. Get error stating that the automatic update service must be enable to use WU now. Has anybody else head of this? Once again, we must have services that we do not want enable. I can not believe that they are forcing user to turn on the service to use WU.I discovered this when testing out v5beta and had to do a checkpoint recovery to restore version 4. If you don't install the latest Windows Update software (if, for example, you have all Active X stuff set for prompting and you say "no") then you don't even get to 1st base and Windows Updates (via a convienient mechanism) are not available. IMHO, this sucks big time. What I see Microsoft as doing is pretty much forcing everyone to turn on Automatic Windows Update. Why leave it as a control panel option, I've no clue. Same with BIT (Background Intelligent Transfers.) For the millions of users out there that are likely subject to viruses, etc, I'm sure it will help make things better, but for people who would fit into the "power user" class, it's a real pain in the arse. I really object to this philosophy because it does not let a person plan the downloading and installation of updates - some of which will require a reboot. What do large corporate installations of Windows do here? Do they run their own caches of the Windows updates? Push out updates from servers rather than have clients pull? Is it all done with SUS? Is SUS usable on a single node, in place of WU? The help for the "Windows Update" web site suggests that it is possible to get updates without Automatic Updates. Is the help out of date or is there a way to still do it without AU on ? If you were a conspiracy theorist, you'd say this was Microsoft's way of being able to do more automatic updates before announcing a security vulnerability and mitigate the impact of 0-day exploits (developed through reverse engineering of changes.) Darren _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Windows Update, (continued)
- Re: Windows Update Michael Schaefer (Aug 23)
- Re: Windows Update David Vincent (Aug 20)
- Re: Windows Update Gregh (Aug 21)
- Re: Windows Update Michael Schaefer (Aug 23)
- Re: Windows Update Barry Fitzgerald (Aug 23)
- RE: Windows Update joe (Aug 24)
- Re: Windows Update Barry Fitzgerald (Aug 24)
- RE: Windows Update joe (Aug 23)
- Re: Windows Update ASB (Aug 23)
- Re: Windows Update David Vincent (Aug 23)
- Re: The 'good worm' from HP Florian Weimer (Aug 20)
- Re: The 'good worm' from HP Valdis . Kletnieks (Aug 20)
- Re: The 'good worm' from HP Maarten (Aug 20)
- Re: The 'good worm' from HP Nick FitzGerald (Aug 20)
- RE: The 'good worm' from HP fulldisclosure (Aug 21)
- Re: The 'good worm' from HP michael williamson (Aug 21)
- Re: The 'good worm' from HP Maarten (Aug 21)
- Re: The 'good worm' from HP michael williamson (Aug 21)