Safe way to get XP updates (new install)

Discussion in 'other security issues & news' started by innerpeace, Dec 11, 2007.

Thread Status:
Not open for further replies.
  1. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Hi, I have finally created an XP SP2 install disk negating the mandatory use of my OEM restore system. I'm looking forward to my first XP clean install. I've had this system for almost 2 1/2 years and it looks like I have over 100 Windows updates. I would like to n-lite a complete disk, but that's a future goal and another thread.

    What is the safest way to get my updates on the new install? I assume my NAT router will be recognized easily and I will turn on Windows firewall or at least check if it is on since this is SP2. Are the (vulnerable?) services listening on ports my main concern? Is it a good idea to set IE6's home page to about:blank before checking the updates?

    My goal is to install Windows via my newly created cd and then install my imaging program then create an image. Next I want to update Windows and then create another image. That should give me a good baseline to build on. What do you think? I also want to create images with my drivers, tweaks and programs. I'm not sure what order is best.

    Thanks,
    innerpeace
     
  2. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    Assuming you will be connected to the Internet on initial install so
    Windows can detect and set up your connection, the router should protect
    you just fine. What I do next is disconnect from the Internet, and
    install SP2, which automatically turns on the SP2 firewall if you
    are worried (if I understand you correctly, SP2 is part of your install).
    Then I disable SSDP Discovery Service and Universal Plug
    and Play Service (ports 1900 & 5000), Next, since I don't use them, I go to:

    Control Panel\Network Connection\Properties\Internet Protocol (TCP\IP)\Properties\WINS\Disable NetBIOS over TCP/IP.
    I also disable File and Printer Sharing for Microsoft Networks.

    Then, in Services, I also disable TCP/IP NetBIOS Helper Service.

    After that I connect to the Net, go to Windows Update and install the
    High Priority stuff. After that an AV, & I'm good to go to finish
    up with software, tweaks, images, etc. I just leave IE6 at its default
    install URL.

    Don't know if it's the best way, but it always works for me, and
    over the years I've become very adept at reinstalling Windows, after doing
    it about 15 times, before I discovered imaging, LOL.
     
  3. masqueofhastur

    masqueofhastur Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    109
    I'm assuming you've already downloaded any 3rd party software you want to install?
     
  4. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    If you are behind a properly configured hardware firewall then you should be fine to simply connect and download. I've been doing it for years with trouble. The xp firewall should also be on by default so you have double protection.
    I manually download the windows xp updates from http://www.softwarepatch.com/windows/index.html then slipstream them into an nlite install disk.
     
  5. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    FadeAway, thanks for the advice. It sounds good to me. I know if I download from MS, I will be online for a long time. I wonder if I can hold out until SP3 is released and safe? :cautious: Does anyone know if SP3 includes WGA Notification?

    I also know what you mean about imaging. I can't wait to make my first set and get organized. Of course, I didn't have the problem of having to reinstall Windows until now.

    Thanks,
    innerpeace
     
  6. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I have a driver and apps. restore disk I made with all the OEM software and drivers that came with this computer. I did try installing the drivers on my ext. HDD which I tested my new XP install on. I also backed up My Documents on the ext. HDD and plan on burning a dvd soon with it's contents. My other softwares are mainly games which I have their disks sitting beside me. Most of my other apps are free one's from the internet which are saved in My Documents.

    Was there anything I'm missing or that you had in mind? Works 8.0 is on that Recovery cd I mentioned and is probably the only thing I would use from it. I still have my complete set of Recovery cd's to fall back on and if they don't work I think I can still pay for and get a set from emachines.

    Thanks,
    innerpeace
     
  7. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Thanks farmerlee, I guess my router is ok. It's a wired NAT router and the default password is changed. I did disable UPNP and gaming mode. Other than that, it's pretty much stock except for a firmware update I got from the D-link site. It's a DI-604.

    I am taking a look at the link you provided. If I include some of the patches on my cd, can I still get updates from MS later?

    innerpeace
     
  8. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    If you don't install anything beyond SP2, you will be running three
    years behind in MS security patches. Seems to me like a horrible risk
    to take just to save a couple of hours of download time. Or am I
    misunderstanding you? Remember things like the WMF vulnerability are still
    out there.
     
  9. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Noooo, I'm trying to get my ducks in a row before I reinstall Windows on my internal drive. I wouldn't run a bare SP2 install. I think I could though with some of the programs I've found a Wilders lol. Also, thanks for your reply.

    I'm just really overwhelmed as this whole project started with a new external HDD and cd/dvd burner (mine wasn't working). Then I found a good link this week and I made my own XP cd from my I386 folder and it worked (offline). Now I have many options and possibilities to consider. My OEM recovery comes with Norton, McAfee and other crap that still has it's fingers in my system today. I was looking to avoid the OEM install and I think I can now :).

    I'm trying to take it one step at a time and keep it simple while looking for shortcuts. During the whole process I aim to make images which are new to me too. I'm going to try Seagate disk wizard (ATI) because my old and new drives are Seagate. I also have a free Paragon HDM 8 SE sitting around.

    I'll probably get the updates via MS, but n-lite is very tempting. If I get the updates online, I just want to be safe. I don't want any nasties making there way on to my images :ouch:. I will also use your tweaks if I go the online route.

    If anyone can think of anything else, let me know. I'm still in the planning stages.

    innerpeace
     
  10. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    I reinstalled Windows for a novice neighbor who had a badly infected Dell
    machine. On reinstall, none of the OEM junk installed. The recovery disk
    was just a clean copy of Windows. Turns out all that other stuff was
    added at the factory after Windows. Just a comment FYI.
     
  11. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Whatever patches you haven't installed will be available via windows update.
     
  12. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Thanks FadeAway, that is interesting. I have 4 recovery cd's I made when I first bought the machine. About 900MB should be apps and drivers. I had been toying with the idea of trying that route to see if I can opt out of the installation of the crap. The only thing I would have invested is time. Thanks

    @ farmerlee, I've been looking at the SP site and going over my updates to see which I have and don't have on my current setup. I made a 3 lists to compare. I have 81 of the 95 listed as essential at SP. My current setup has an additional 37 not listed at SP as essential. Some of these I know are for apps like IE7, OE and other things like XML and .NET stuff.

    I understand some of the one's at SP are system and program specific. Would I dl the 81 patches and then give it a try with n-lite? I would also have to dl .NET 2.0 because I don't have it either :cautious:. Do you also include IE7 and it's updates and OE's updates and DX9.0c(Nov.) and WMP11? I honestly don't use a mail program or WMP so I guess I could n-lite them out? I'm in waaay over my head LOL.

    I will probably reinstall windows and then get the updates online. I'm legal so it's no problem. It is the easiest path for me at this point. I will later try the n-lite route and see what I can come up with. If you can provide any advice as to how you decide which updates you include from SP, that will be helpful.

    Cheers,
    innerpeace
     
  13. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Personally i include the IE7 installer plus updates. I don't use OE, WMP or DOTNET and i've actually never tried slipstreaming a dx9 update before. Just install whatever your preferences are, you'll might have to go thru a bit of trial and error. It took me a while to get my nlite setup just right. At the moment i'm slipstreaming the recent service pack 3 rc1 into an install disk. It has all the xp updates so it makes things real easy.
     
  14. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Thanks for sharing your experiences :). You must be using the alternative runtime. I was wondering about it. I'll avoid dx, it probably would be dicey to try it. As far as trial and error, how do you determine if something is wrong? Is it by checking MS for updates?

    If you don't mind, let me know how the SP3 rc1 slipstream went. Please also let me know if it includes WGA notification tool kb905474.
     
  15. Aerowinder

    Aerowinder Registered Member

    Joined:
    Aug 15, 2007
    Posts:
    29
    SP3RC1 slipstreams fine. I run a virtual machine with it. Also, I highly recommend nLite, brilliant app.

    SP3 comes with IE6, WMP9, and no WGA.

    IE7 and WMP11 can be directly integrated into the SP3 install disc (via nLite) without WGA. So my virtual machine has these applications working without WGA. Since that's true, I don't see the point in not integrating them.
     
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Does SP3 RC1 include the Nov. release of DirectX?
     
  17. Aerowinder

    Aerowinder Registered Member

    Joined:
    Aug 15, 2007
    Posts:
    29
    Judging by the file dates in dxdiag (10/31/07 is the date on the majority of the files), it looks like it. Though I can't be certain.
     
  18. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Thanks Aerowinder, I'm going to have to wait awhile to try n-lite. The information you provided will be noted for future use ;). I'm currently not in the position to try RC's yet, but after my reinstall, I hope to try many new things.

    It's also good new about the Nov. DX9 inclusion in SP3.

    innerpeace
     
Loading...
Thread Status:
Not open for further replies.