| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: toddtowles at brookshires.com (Todd Towles)
Subject: Windows Update
I also turn off all updates. I had my Automatic updates and BITS set to manual and Windows Update wouldn't work. I never disable it but I do stop the service and leave it on manual. When you disable Automatic updates in the control panel the service keeps running. Stupid, yep..I think so too.
Help and Support is a good one to turn off but there was a update from Microsoft that required it to be on to patch. Therefore I hand to put it back to automatic across the company so I could patch the service. Crazy.
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of ?ber GuidoZ
Sent: Saturday, August 21, 2004 6:56 PM
To: FD
Subject: Re: [Full-Disclosure] Windows Update
Umm, hold on a sec here...
(snip from "James Tucker"):
> There really should be no reason why you would want to disable the
>Automatic Updates service anyway, unless you are rolling out updates
>using a centralised distribution system, in which case you would not
>need it anyway.
I believe you are missing one fundamental point: SPs and updates are notorious for breaking something else. (Especially from Microsoft.) Granted, if fixing a security weakness breaks something you're using, then that aspect could have been written better. However, that still doesn't fix it when an entire business network goes down and YOU are the one responsible. I do not allow ANY automatic updates (except for virus definitions) to run on ANY networks I am in charge of. I take the time (like every good sysadmin should) to look over each update before applying it so I know three things:
1. What it's fixing/patching
2. Why it's fixing/patching it
3. What will be the end result of the fix/patch
If you would simply allow updates and SPs to have free reign over your
system(s) without taking any time to look over those updates, you're going to be one busy and irritated sysadmin. That is, if you still have a job after a little bit.
~G
P.S. Don't take my word for it. Look here:
- http://www.infoworld.com/article/04/08/12/HNdisablesp2_1.html
- http://www.pcworld.idg.com.au/index.php/id;1183008015;fp;2;fpid;1
- http://www.integratedmar.com/ecl-usa/story.cfm?item=18619
- http://www.vnunet.com/news/1157279
- Or, find the other 200+ articles by searching Google News
for "disable automatic update sp2" =)
On Sat, 21 Aug 2004 18:51:40 -0300, James Tucker <jftucker@...il.com> wrote:
> Here I found that I can have BITS and Automatic Updates in "manual",
> Windows Update works fine here. It may be a good idea to refresh the
> MMC console page, as you will probably find that at time the service
> had shut down if and when BITS was stopped prematurely (i.e. when it
> was in use).
>
> There really should be no reason why you would want to disable the
> Automatic Updates service anyway, unless you are rolling out updates
> using a centralised distribution system, in which case you would not
> need it anyway.
>
> If you are worried about system resources, you should look into how
> much the service really uses; the effect is negligable, in fact there
> is more impact if you select (scroll over) a large number of
> application shortcuts (due to the caching system) than if you leave
> Automatic Updates on. If you are worried about your privacy and you
> dont believe that the data sent back and forth has not been checked
> before, then you surely dont want to run Windows Updates ever. If you
> want to cull some real system resources and have not already done so,
> turn the Help and Support service to manual, that will save ~30mb on
> boot, up until the first use of XP help; this will stop help links
> from programs from forwarding to the correct page, until the service
> has loaded once.
>
> As for worry over using bandwidth on your internet service, again, you
> want to check this out as its a trickle service, not a flood. BITS
> does not stand for Bloody Idiots Trashing Service; it means what it
> says on the tin.
>
> On Fri, 20 Aug 2004 14:30:22 -0700, David Vincent
>
>
> <support@...epdeprived.ca> wrote:
> > joe wrote:
> >
> > >Yep, this is how it works now.
> > >
> > >You control whether Windows Update is updating or not via the
> > >security panel in the control panel applets (wscui.cpl).
> > >
> > >
> > To eb complete, I should have mentioned I have Automatic Updates
> > turned off in the control panel. I also had the service disabled
> > before applying SP2 and venturing to Windows Update v5.
> >
> > >Of course if you aren't using automatic update you could always
> > >disable the service and just reenable when you go to do the update,
> > >or don't use windows update at all and just pull the downloads
> > >separately. We are talking about a single command line to reenable
> > >that service
> > >
> > >
> > Yep.
> >
> > >Is it a pain? Yes, for those who like to run minimal services. Is
> > >it a security issue or life threatening, probably not.
> > >
> > >
> > Agreed.
> >
> > -d
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--
Peace. ~G
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists