Microsoft Patches: Do you need them?

I find WGA more than questionable, too. On the other hand, if you have a legitimate copy of Windows - is it really such a big problem?

Yes, that's what many people are afraid of. They are usually the same people who don't hesitate to install various HIPS or other security software - and "who knows what else?" Are software companies with perhaps a handful employees really always more trustworthy than a big company closely watched by the public

 

Or you could try to be too clever and think that your rough workaround actually solves the problems in all situations so you don't need the patch and get bit in the ass when you are wrong.

A little knowledge is a dangerous thing.

Particularly for something like IE unless as Ice has said you ripped it out or whatever..

For that reason I always install IE patches.

Decisions, Decisions....

That said, I do *not* automatically download and install every patch On the other hand, I don't try to be clever like Rmus and try avoiding patch because I think they won't affect me, so I install everything within reason.

These things are very tricky, you can say your firewall or router means this vulnerability won't come into play, but why risk it? Remove the vulnerability, don't just cover it up.

Same thing with using older versions on purpose, it might work, it might not.
In any case, you are betting your knowledge of security issues and of the program in question is sufficient. You sure about that?

For the rest of people who don't want to gamble , just install all the critical patches. Easy done. No reason why you should try to out-think MS.

Unless you want to come to this forum and write a post mocking people who do patches...

As for problems with installation, if that happens, just use one of your vaunted backups. I mean everyone on this forum seems to test so many damn HIPS, and other security software. These are way more likely to cause problems then any MS update.

Given that it seems damn funny, for people to start worrying about MS patch problems....

 

DA, I don't understand. On the one hand you say that you don't install every patch (I guess you mean security patch, not optional patch). On the other hand you say one should not try to out-think MS. Isn't that an oxymoron?

 

Hello,

For people who use genuine Windows, WGA is a kick in the nuts. It's a spit on the honor, respect and dignity of the legitimate buyer. It was also the final straw that decided for me that I should never ever spend a penny on Microsoft software.

I no longer trust Microsoft, on any issue.

Mrk

 

hehe & hi DA,

The claim of superior reasoning, will only work if you can show definitively that the other fella's reasoning is actually empirically flawed and your reasoning impeccable. Paranoia apart, both the method of introduction of the WGA tool (more than the fact of it) and to a much lesser extent, reports of silent fixes in patches, has for some people, had a negative impact on the integrity surrounding Microsoft's provision of patches.

If you do find Microsoft patches to lack absolute integrity, then to not check them becomes unreasonable. If you're going to reason, doesn't it make as much sense to apply reason to need, as it does to apply filtering on the basis of potential harm ?

For me, while I personally opt to be notified first before downloading, too much cherry picking would mean having to apply an extra discipline that I personally don't need. The option to delay at least gives me the chance to put a break on if the boards start screaming foul.

Alternatively, I suppose if like Rmus, you elect to use software that makes use of older code and are satisfied it isn't subject to some of the vulnerabilities of the modern code, I guess you are already by default, in a position of having to define your own strategies to support your system's integrity. Not least as there are less likely to be official options/avenues of support.

As long as the discussion remains on the level it is, which is that of personal choice, I don't see there's any sense of anybody being mocked for accepting patches.

 

As I indicated in my first post, I'm interested in "whether or not people install all of these patches as a matter of course, or are selective about which they install."

There have been mentioned already some approaches to being selective, an especially interesting one being that of Meriadoc. This seems to be an option with WinXP and not for Win2K.

For those who are concerned about installation problems with patches and updates - if there are any, they usually surface quickly. I have one friend who often will use temporarily a work-around suggested in the specific MS Bulletins until being sure there is no problem with the patch installation. Sans.org is pretty quick about discovering problems, and will post, such as:

http://isc.sans.org/diary.html?date=2006-10-14

Also you can follow their patch "overview" each month:

http://isc.sans.org/diary.html?storyid=2034

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

errr....

http://i16.tinypic.com/308ytya.jpg



DClick updates notification in taskbar > Custom Install Advanced > Next > Check > Install

and

Start > Control Panel > Automatic Updates >

http://i11.tinypic.com/2vb2drr.jpg

of course when I do rip out IE (giving up webview)
I use WindizUpdate or Technet directly (enterprise downloads)

 

ooops....

I saw the topic of updates in Help file and I was taken to the MS site. I see now that I don't have the Update software on my machine, so I don't have that item in Control Panel, which is why I don't have what you show in your screen shots.

Thanks for the clarification,

-rich