sick of all updates

Discussion in 'other security issues & news' started by culla, Jul 9, 2010.

Thread Status:
Not open for further replies.
  1. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    i've been using computers for the last 30 odd years and have found that using xp pro no java no outlook no crap running that i don't need the only thing i've liked is wmp11 so now i'm not going to do any updates on 1 laptop all i'm gonna do is load xp pro sp1 and the programs i use which include sandboxie and returnil2008 make an image i've found microsoft windows updates a waste of time because everything i use works fine without them but with them things stuff up ie camera,record what you hear,etc etc if this works well i'm gonna do it with all my computers
    yes i know how to make wmp11 work :D
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Why not SP2? I like it better than SP1, but don't care for SP3 much.

    I won't argue that you need to stay patched if you know what you are doing. I have been doing that for years. I am not an early adopter. If it ain't broke, it don't get fixed. I relied heavily on RyanVMs PostUpdate packs to decide what updates were really needed and which were just fluff that had no real bearing. Since then I have a small collection of updates I apply if they pertain to what I do.

    Sure to get some replies to this thread though ;)

    Sul.
     
  3. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,098
    Location:
    USA
    I must admit I don't understand this approach. Why not update? It's easy and it does help with safety, operational bugs and occasionaly, new features.

    I do a fair amount of PC work for others and I firmly believe in updates for the above reasons. But if you are doing ok without updates, then I guess that's what we're all after...
     
  4. wat0114

    wat0114 Guest

    I had a really old computer, recently retired to the recycling bin, running XP Pro, SP2 - no subsequent MS patches at all - SRP, Win fw and Sandboxie running lua as the only security and it ran malware free for nearly a year. I agree just some common sense and basic secure setup is all that's needed.
     
  5. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Except for one XP unit that is updated to SP2, my PCs haven't seen Windows Update in a very long time. I very much agree with the OP. You can't patch your way to security, but those patches and updates can break other things. On my XP box, SP3 breaks my favorite security app, SSM. On my 2K unit, Update Rollup 1 sends it into a reboot loop that only a system restore will fix. My primary OS, 98, hasn't been supported by MS for years. The only updates it sees are unofficial ones designed to improve the system. Those updates are worth it.

    Browser updates have a way of breaking extensions I don't want to do without. Others apps try to change your default handlers when they update. I got tired of having to put things back the way I want them every time I updated. Most of the time, the updates don't give any performance improvement. Usuallly the opposite happens.

    How important staying up to date is depends primarily on your security policy. If you use a default-permit based policy and always want the "latest and greatest", better stay as up to date as possible. New versions of apps quite often have new problems and vulnerabilities. If you run a default-deny based policy or a well configured isolation setup, updating becomes much less important. Very few if any of the apps on this unit are current. Much of it is unsupported or abandonware. Even so, this system has stayed clean for the last 5 years, no matter who uses it or where they go.
     
  6. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    agreed and so much faster the only thing i'll update is firefox addon adblock cause i hate adds and currently don't see any i finally have got rid of all of them by using
    adblock plus, leechblock, flashblock and ghostery no more google ads rip off scams woohoo :D
     
  7. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Yep, although I personally update all the time, there's no reason why you have to really, if you know what you're doing. Often times the updates just create problems too. I contemplated doing this once with Win2k, but in the end I caved and did the update thing. Sometimes I get tired of all of the updates from all the various sources though... it gets a little tiresome at times....
     
  8. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
  9. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    363
    On my old computers, I never updated. For two years have not experienced any malware even without any active blacklisting resident scanner and with just the same security policy as noone's, despite, deliberately going to malware-laden sites. Now, can someone give me TDSS or Safesys samples to test. :)
     
  10. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    still no problems i now don't use antivirus just returnil2008 + sandboxie :D
     
  11. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    M.O. modus operandi, exactly what a sandbox is, letting the user use their own method of operating.
     
  12. katio

    katio Guest

    Not applying kernel updates is a really stupid thing to do. Kernel level exploits are the most dangerous thing you can encounter as they can circumvent security boundaries like sandboxes and LUA or other protection like AV and HIPS.
    Without a firewall and open services it's basically suicide (without one a fresh installation of windows xp is quicker exploited than you could even install those updates, all you need is attaching the computer to the internet and it's game over before you even started).
    With a firewall in place it's not quite that bad but if you ever process untrusted data and don't have any anti-execution protection I definitely wouldn't risk it.

    And get on SP2 asap, it fixes so many security holes which you could never patch with userland security.
     
  13. Fiat_Lux

    Fiat_Lux Registered Member

    Joined:
    Nov 1, 2010
    Posts:
    180
    Any of you ever tried owning a PC game that says that it is Windows XP compatible and then when you try to install it it won't run ?. Then one takes an extra look into the game manual and then it says that it wil either only run on Win XP without a SP or only with SP1 (and not above SP1).....

    So it's so crazy , some stuff won't run on older O.S.' , and some stuff won't run on newer O.S. , and we can not virtualize ourself out of the problems because the virtual machines are not perfect and does not have perfect full scale DX support...

    So what's a person to do.... (?)
    And then most people think that I'm like strange when I am not very exicited every time they start talking about their new pet O.S. .....

    I couldn't agree more with the thread starter with respect to the headline, but alas somethings requires massive updates and so on just to run properly or be safe (while again that makes other things not able to run.. o_O o_O o_O o_O o_O o_O o_O )
     
  14. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    not stupid or a sucker for scaremongering laptop still working like the day i started thanks for the update but no-thanks :D
     
  15. katio

    katio Guest

    My recommendation is dualbooting. Use one OS which you don't update for running any incompatible software, the other keep updated and secure and use that for any confidential data and transaction. You need to encrypt that system or use two different harddrives which you disconnect so you don't end up compromising the trusted from within the untrusted environment.
    Ideally you'd use two physical systems, e.g. one gaming PC and a Laptop or even just a netbook.
     
  16. katio

    katio Guest

    You know about dependency hell?
    Fiat_Lux describes something similar.

    Imagine program A which is incompatible with SP2, and program B which only runs on SP2 or later.

    Roll back the update whenever you want to use A.exe? Hardly "easily".

    The "correct" way are VMs (with multiple snapshots). But what if A.exe is a demanding 3d game? Then dualbooting is the only feasible solution.
     
  17. Fiat_Lux

    Fiat_Lux Registered Member

    Joined:
    Nov 1, 2010
    Posts:
    180
    Thank you very much "Katio" :thumb:

    I went with "ideally" a long time ago.....
    I sit in front a 40" screen connected, together with keyboard and mouse, to a multiple KVM switch (also got an, up to, 500 feet adaptor kit that will allow me to have some of the "little guys"/"boxes" running in the kitchen - if I could just find a place to put them... :D :cool: :oops: ) , so it's more a problem of space really (well.. also the power bill... :blink: ) . Where I live people often throw away computer stuff that will either run as is or with little investment - so it is not old "junk" I need....
    I confess :oops: , after I found out that some games could not run on "fast" PCs even on an old O.S. then I also stashed some of the really old stuff :oops: :oops: (just don't say that I am not prepared.... :D ;) :cool: :blink: )
     
  18. ParadigmShift

    ParadigmShift Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    241
    SP1? That's an update.
     
  19. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    true but the disk i have comes with it included xp pro corporate edition including sp1 :D
     
  20. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    363
    Most kernel exploits/privilege escalation exploits require an initial remote execution exploit to get into the local system. Initial shellcode/s would download or load an executable(dll). The threadstarter has antiexecution protections, i.e Returnil with with its built in AE and Sandboxie with its start run restrictions, that would take care of those even with a more malicious version of Stuxnet with its malicious dll and its 4 day zero exploits including the 2 kernel level privilige escalation exploits. The only security hole would be Didier Steven's dll loading in memory but those require some preconditions(scripting, etc.) and would also require an initial local access and reconaissance on the attacker's part to determine the victim's vulnerabilities.

    I believe the threadstarter uses a firewall or a router or he applied any system hardening. Right? Because without any firewalling, you'll get owned/rooted in a matter of seconds even if one applied LUA and SRP. But then again, here comes his Returnil to the rescue. ha ha

    Returnil and Sandboxie are both not just userland security, they both have Kernel drivers at ring 0 unlike SRP and Applocker. Returnil is almost like a Virtual machine(not exactly), hence, the light virtualizer monicker. It is a light virtualizer like Shadow Defender, which directs all writes to a sort of RAM/disk drive akin to a system wide sandboxie, which upon reboot cleanses all craps.
     
    Last edited: Nov 28, 2010
  21. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Blimey, the last time I stated the same thing on Wilders (a coupla years ago) I was crucified. LOL

    Well there's a few more gig of malware samples under the bridge since then and still using Sandboxie and Returnil and no XP MS updates for me then and no Win 7 MS updates for me now.
     
  22. katio

    katio Guest

    Yeah, what I said. Just made it clear for any readers so they don't draw any wrong conclusions or get complacent. Also "most" isn't good enough for me.
    Wrong, dll from mem doesn't require scripting. I thought he did a good job explaining that you shouldn't focus on the specific VBA exploit. With popular apps being exploited all the time local access and reconnaissance certainly isn't needed either. You should really use EMET if you worry about this.
    You believe, I prefer to make sure. Also it's not only about the OP, this is a public forum and recommending to skip critical security updates without mentioning the pitfalls is gross negligence at best.
    In our example the system is owned before one could even install Returnil.

    My mistake, I meant 3rd party security patches. But anyway:
    Ring 0 security software vs ring 0 exploit, I know which one I'd bet on...
    You need ring -1 security if you use untrusted or vulnerable kernels.
    If you got remote code execution (and with something like dll from mem that's definitely a risk despite sandboxing and AE) and the kernel is vulnerable there is always a way to own the system. I don't say it's likely or that it's even happening with in the wild automated attacks but it is absolutely possible.
     
  23. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Go figure, some folks always complain Microsoft is late providing security updates (I see a lot of this pretty much all over the forums I visit); other folks enjoy not updating. :D

    I do like to play with the odds, even 1%.

    By the way, for those who consider updating not to be crucial, it would be nice to for you to give a proper guide explaining what you exactly do to cover your back, like what services that may be listening do you disable, etc

    Telling you don't update, but without a valid explanation of what you do to balance the lack of updates, just doesn't say much.

    Other people may read this thread, and may stop updating when seeing users from a security forum saying it's a waste of time.

    By the way, are you all sick of updating just Windows, or also any other application? The thread's title is "sick of all updates". Only Windows updates are mention afterwards, though.

    Does anyone update Sandboxie, Returnil, etc? Also if you don't, it would be nice to know what other measures you take, just in case any of those apps have a vulnerability.

    If you do update, then I can just think that you do believe updates are crucial? Or are you guys just constantly switching between image backups? Is such a practical thing to do for every person, as well?
     
  24. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Very important point, and applies to other discussions as well, such a whether or not to use an inbound firewall or router.

    In the "etc" department I'll mention Adobe PDF Reader.

    I've kept the old version 6 because it's light and fast, and I don't use any of the newer "features" in the recent versions.

    Keeping only the necessary plugins loaded (Search, Print, etc) prevents those exploits that use other plugins (Javascript, URI for example) from triggering any malicious code.

    For PDF exploits using other means of triggering: With proper security measures in place, PDF exploits are really a no-threat. For example. all remote code execution web-based exploits require the PDF browser plug-in to be enabled so that the PDF file loads automatically into the browser window, where the malicious code can attempt to run. Without the browser plugin enabled, the browser prompts the user for action (Open, Save). Encountering this unexpectedly if redirected to a malicious web site will trigger user action to deny the prompt, following good security policies of not opening/installing anything you didn't go looking for.

    All of the PDF exploits in the wild that I know of trigger the download/execution of a malicious executable file, so any of the many solutions available for that type of trick will block the exploit, should the user somehow be enticed to click on such a PDF file.

    Updates are fine, but in the case of Adobe and other companies, often, an update/patch is not quickly forthcoming so that proper security measures in place will protect the user during the window of opportunity for a malicious attack (0-day, so-called).

    Well, there is your explanation for measures taken in this case.

    Many other people have discussed similar measures for older applications that they continue to use for various reasons.

    Again, this not to recommend that everyone stick with older applications, but just to point out that there are cases where security measures in place permit a user to be safe with a older application.

    regards,

    -rich
     
  25. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    363
    Is good enough for me and the threadstarter. Such ominous privilege escalation kernel exploit having an arbitrary remote code execution is such a rarity that you have a higher chances of getting struck by a lightning. ha ha

    I don't think the thread starter is going to be a targetted attack anyways. Right, TS?
    Disable VBA macro and goodbye shellcode. Embedded Codes need to be interpreted by an executable to make any sense.

    What I meant for a local access is another remote execution exploit is needed for a kernel exploit to work. The kernel exploit would require an initial payload coming from the first exploit. The payload will be blocked by an antiexecution protection.
    They'll get rooted before they "read anything at Wilder's" if they haven't installed/activated the firewall or have others installed the firewall for them or they are not behind a router. ha ha

    I am sure he installed Returnil and Sandboxie first before going to the internet or is behind a Router. My hunch is he has offline copies of those installers beforehand the fresh re install of Windows XP.

    Ring 0 exploit will be denied in the first place with his AE protections and if it succeeded it won't get written to disk anyway as the writes would be redirected. Even if dll in memory succeeded in rooting the system, since all the writes went into a virtual layer, those writes are gone in the next reboot.

    Till a true malware appears with dll in memory capability appears, for now, he can be rest assured that he's safe.

    But for our readers, I don't recommend that they follow me and the TS' example. Please update.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.