Re: windows update question
From: sponge (yosponge@yahoo.com)
Date: 02/22/03
- Next message: dd709394: "Pls help on ways to knock some guy out from yahoo chat rooms"
- Previous message: memimi: "Re: windows update question"
- In reply to: memimi: "windows update question"
- Next in thread: memimi: "Re: windows update question"
- Reply: memimi: "Re: windows update question"
- Reply: memimi: "Re: windows update question"
- Reply: sponge: "Re: windows update question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: yosponge@yahoo.com (sponge) Date: 22 Feb 2003 12:02:21 -0800
Yes, the scan is specific to your computer. Microsoft even keeps a
record of what updates you have installed. The way it works is Windows
Update is an ActiveX control that downloads and installs itself into
your browser itself, effectively becoming part of it. It scans your
system for any updates which may or may not have been applied. I do
not know exactly what it checks to determine if an update has been
applied, so it may or may not be accurate should certain modifications
occur. For example, I don't know if it just checks file versions,
dates, or actually does an integrity check of updated files. It would
be easy enough for malware or poorly-written third-party updates to
fool update one way or the other if the first two methods alone were
used; the integrity check would give much more reliable info. But, all
in all, I'm pretty confident WU gives accurate info as to whether or
not you need an update.
Aside from the rantings of a deliberately misleading troll around here
(well, two, if you count Tracker, though they may be the same person)
one of the best ways to beef up your security is to just use another
browser and email client other than IE/OE. Consider this: patching all
of IE/OE's holes has been described as like plugging the holes
one-at-a-time in a wicker basket. It is, by design, extraordinarily
insecure. Microsoft tends to implement features without giving the
smallest thought to the security risks, like they did with ActiveX
downloads (which is what Windows Update uses to install itself.
Unfortunately, many spyware authors and even some worms and trojans
also use this brilliant method). Plus, since IE/OE is by far and away
the most popular browser and email client -- every Windows user has it
-- virtually all the exploits written specifically target them.
You would be amazed at how many problems go away just by using another
browser, like Mozilla. Keep IE around only to do Windows Updates.
With IE out of the picture, you will not have very many critical
updates to worry about. The big one with XP was Univeral Plug & Play
(UPnP), which you hopefully already disabled (if not, see
http://grc.com/unpnp/unpnp.htm). Microsoft apparently never fully
addressed this, so their "critical security" patch still leaves you
wide open.
Sponge
Sponge's Anti-Spyware Source
www.geocities.com/yosponge
On Sat, 22 Feb 2003 05:17:56 GMT, "memimi" <mcallahan215@attbi.com>
wrote:
>
>> > makes sense steve, explains the last update that said: " this
allows
>> > windows components to better interact with browsers other than
IE". hey
>> > steve, any input on some of the questions in the above post?
maybe help
>> > clarify a little?
>> >
>> >
>> > thanks,
>> >
>> > mike
>>
>> Ask and you shall receive...
>>
>> http://biz.yahoo.com/ap/030217/microsoft_security_flaw_2.html
- Next message: dd709394: "Pls help on ways to knock some guy out from yahoo chat rooms"
- Previous message: memimi: "Re: windows update question"
- In reply to: memimi: "windows update question"
- Next in thread: memimi: "Re: windows update question"
- Reply: memimi: "Re: windows update question"
- Reply: memimi: "Re: windows update question"
- Reply: sponge: "Re: windows update question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
