| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: support at sleepdeprived.ca (David Vincent) Subject: Windows Update Darren Reed wrote: >What I see Microsoft as doing is pretty much forcing everyone to turn >on Automatic Windows Update. Why leave it as a control panel option, >I've no clue. Same with BIT (Background Intelligent Transfers.) >For the millions of users out there that are likely subject to viruses, >etc, I'm sure it will help make things better, but for people who would >fit into the "power user" class, it's a real pain in the arse. > > I'm just annoyed that Microsoft now requires me to run another service if I want their update website to work when I use it. Turning off automatic updates in the control panel doesn't do anything to the service other than tell it to not poll the Microsoft site and tell me if I am missing something. >I really object to this philosophy because it does not let a person >plan the downloading and installation of updates - some of which will >require a reboot. > > If you don't want to use Windows Update, you can always download each patch manually from the links provided in their monthly security bulletins. You are subscribed to their bulletins right? Once you have each patch downloaded, you can indeed plan the rollout to your system, don't forget you need a tool to check that your patches were installed correctly, like MBSA or HFNETCHK. >What do large corporate installations of Windows do here? > > SUS, soon to be WUS. >Do they run their own caches of the Windows updates? > > Yes, SUS, soon to be WUS. >Push out updates from servers rather than have clients pull? > > Well, no. The clients really pull it from the SUS Server, which pulls it from Microsoft. >Is it all done with SUS? > > Yes. >Is SUS usable on a single node, in place of WU? > > Define node. On a workstation? No, you need a Windows Server (2000 or 2003) to run SUS from. You also cannot visit the SUS site from a workstation using IE and do a scan like you do with Windows Update. You have to schedule things so the client will poll the server for updates it is missing. >The help for the "Windows Update" web site suggests that it is >possible to get updates without Automatic Updates. Is the help >out of date or is there a way to still do it without AU on ? > > Subscribe to the Monthly Security bulletins and download the patches using the links provided there. Or go to http://www.microsoft.com/security and click on the "More security updates..." link. I think you can take it from there. >If you were a conspiracy theorist, you'd say this was Microsoft's way >of being able to do more automatic updates before announcing a security >vulnerability and mitigate the impact of 0-day exploits (developed through >reverse engineering of changes.) > > No, if I were a conspiracy theorist I'd say Microsoft was pushing Automatic Updates so they could install secret backdoors on everyone's computers and then sneak in during the night to steal CPU cycles to donate to their friends from Betelgeuse 5 who need the help to plan their takeover of Planet Earth. -d
Powered by blists - more mailing lists