Windows Update

Discussion in 'other software & services' started by ErikAlbert, Jun 11, 2008.

Thread Status:
Not open for further replies.
  1. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Hi guys,

    Problem : I have clean images and I like to keep these images up-to-date without going online to avoid any possible infection from the internet.
    "Windows Update" requires an internet connection and I'm looking for an alternative.
    Please no nLite-solution, I know nLite already.

    I have "Windows XP Professional Service Pack 2" 32-bit - English

    Possible solution :
    Can I use this as an alternative for Windows Update ? I'm not familiar with this at all. Is this really the same as "Windows Update" or am I missing something ? Does it update my Windows completely ?
    Any additional info is also welcome and to make it easier for readers, I provided all the links regarding this alternative.

    http://support.microsoft.com/kb/913086
    http://www.microsoft.com/downloads/...1A-7801-4074-8E40-CAB74D586A6C&displaylang=en
     
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Maybe I didn't read far enough or missed it somewhere in there, but are these ISOs simply that particular months' updates? If so, that would seem to be a huge pain to download all that and add them to your image one by one. However, if you have all the others and just want to start doing it this way, I can see that being a lot easier.

    I assume of course you don't mind going online to get these ISOs (I'm guessing doing it from a different system). Though unless I'm missing something, isn't the risk of getting a virus the same whether you go online to download the ISO or use Windows Update for your image? In either case, the risk of a virus via either method, provided that website that hosts the ISO, or the Windows Update website is pretty slim if they are the only two places you go.
     
  3. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    The updates run about 1 to 2 weeks behind the MS release but THIS will give you links to all security related Windows updates.
     
  4. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I download the updates i believe are necessary from http://www.softwarepatch.com/

    I give them a scan and if alls clear i burn them to disk for safe storage.
     
  5. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    The chances of being infected when connected to Microsoft surely must be negligableo_O
    Unless you have a friend download the updates on your behalf in whatever form, ISO or otherwise,someone has to go online and use the internet ,obviously at some stage!!

    I believe the SP3 updates are available from Microsoft as a CD-just buy that.
    SP3 works well
     
    Last edited: Jun 12, 2008
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  7. Lamehand

    Lamehand Registered Member

    Joined:
    Mar 2, 2006
    Posts:
    428
    Location:
    the Netherlands,very near to the North sea
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes, you are missing something, because you assume that I have only ONE system partition, an actual system partition, like most users have.
    I have a CLEAN system partition = image and an ACTUAL system partition = harddisk[C:].
    I do my downloadings in my actual system partition, not in my clean system partition.
    Each time I upgrade my clean system partition, I replace my actual system partition with my upgraded clean system partition.
    I don't backup my actual system partition anymore, it might be infected, because it has been online too long.
     
    Last edited: Jun 12, 2008
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Microsoft forced Autopatcher to stop their activities and I assume that Autopatcher won't be the last one, like RyanVM, nLite, vLite and others. It's just a matter of time. Duplicating Windows Installation CD's isn't really good for M$.
     
    Last edited: Jun 12, 2008
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I will try this one, just to see what it is. Never heard of it, but that is normal for me. LOL. Thanks.
     
  11. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    ErikAlbert,

    Here is a suggestion that might work for you:
    Install Microsoft Baseline Security Analyzer.
    Let is run and find missing updates.
    Click on the solution, which usually is a separate download of the missing hotfix (without going to the Microsoft Update site)
    Store all the hotfixes in a safe place.

    Reboot into a "clean offline installation" and run the stored updates.

    The free Personal Secunia Inspector is another option to accomplish the updates check. It also looks for missing updates of third party software.

    If you install Windows XP Service pack 3 for your language, you do skip 90+ mandated hotfixes! Install it with the option /nobackup to save space.

    Paul Thurrott explains here how to slipstream SP3 into your CD without nLite. (meaning without making any alternations behind your back)
     
    Last edited: Jun 12, 2008
  12. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    I tried some of the above mentioned tools but disliked them. They either had a lag on updates notifications or were too intrusive for my taste. For example, BelArc installs a driver (it needs to, as it does more than checking for updates) which I don't need. MBSA otoh will not run if "Server" service is disabled, starting it will open a port (I have no need for "Server" service, and will not have it running because of MBSA) . I also tried SecuniaPSI, I can't remember exactly why, but it was the worst of all (a hog?).
    So I do everything manually. It's not so tedious (there are few updates these days). You just need to do a search for the exact KB###### and you'll find your updates in no time. By doing it this way, you also have a chance to read (on the download page) release notes for each update and to decide whether you need it or not. Download exes and execute them.

    You certainly do not need to download the whole ISO just because of few MBs of updates. ISOs are mutilingual - hence the size.

    Cheers,.
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes, I'm investigating this at the moment along with Belarc Advisor.
    Although I keep my system unchanged and malware-free, it won't hurt me to install some security patches (81 are missing already).
    I think installing SP3 is the shortest way to install ALL updates, but I will look at the rest also to find a complete solution that will work in the future. :D
     
  14. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    by removing all changes at reboot. by having out of date applications with secuirty holes you alot more likely to be infected. sure the changes are gone at reboot but your confidental data could be stolen then you reboot and all the evidence goes with it.
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    No, I'm not infected, but it takes too long to explain it in full detail and defending myself is usually a waste of time.
    My boot-to-restore is just a daily protection, I have something much better in the background.
     
  16. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    i never said you was infected.
    i was saying by having out of date applications you more likely to be hit by the security exploits because they havent updated them. so you could get hit someone could then nick information then you reboot and evidence that it happerned goes at reboot.
    im here to listen.
    im sure it doesnt take that long to explain.
    at some points your to paranoid but it still seems you leave your system to open.
    so what else do you use along side your daily boot to restore?
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Not paranoid, I'm doing things in the right sequence, not the classical sequence. Paranoia is a mental disease, I'm not crazy.
    In my setup an infection is in the worst case scenario a temporary one, never a permanent one. I read enough posts to know I'm doing much better than other users.
    But don't worry, I will take care of Windows Update, it wasn't my priority #1. I'm just polishing my approach, the final touch. :D
     
  18. bman412

    bman412 Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    261
    Unfortunately even with SP3 installed, you still won't get all the critical updates after installation. You will still need to get the post SP3 updates from microsoft. But hey, if your set up atm works fine for you, why bother? :)
     
  19. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    At first I was fond of Belarc, but I discovered that they are not up to date with the security hotfixes. Which means that Belarc doesn't show missing hotfixes from this month. (at least not when I used it after June's "update Tuesday")

    To be more specific: All updates which were available on release date of SP3, excluding Internet Explorer 7, Adobe Flash Player and Media Player 11 plus their own updates.
     
  20. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    It only shows how much you can trust M$. The website says clearly that all previous updates are included in SP3, probably not true. But it doesn't really matter. I live almost 2 years with an unpatched Windows.
    Tomorrow I will see what needs to be done. :)
     
  21. Teknokrat

    Teknokrat Registered Member

    Joined:
    Apr 20, 2007
    Posts:
    95
    Location:
    First Life? (Sweden)
    I think he is talking about the updates released AFTER SP3
    I think all updates released prior to SP3 is included.

    I have to agree with lodore. Regardless of whether you are borderline paranoid or not (I'm no doctor :cautious: ): it's a bit odd you choose to go for a solution where you choose not to patch all the known security holes in Windows.

    I know you have a good security solution that enables you to reboot to the "original" state but I still think you would benefit from a patched OS. Either by MS updates or by manual fixes (that is the "hardening"-part). I don't know if all known exploits can be manually fixed. If you don't plan on altering the code yourself you will have to rely on MS updated or 3rd party apps/fixes if you want a secure OS.

    I hope you will find a solution that you can trust, I really do, but IMO it seems you have set your security standards very close to what is practically impossible.

    Prettig weekend - Proost ;)
    /T
     
  22. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    This is my new BEFORE/AFTER game ;)

    Belarc Advisor BEFORE installing SP3 :
    1. CIS Benchmark Score : 0.63 of 10
    2. Virus Protection : Unknown
    3. Microsoft Security Updates : 81 missing

    Belarc Advisor AFTER installing SP3 :
    1. CIS Benchmark Score : 1.88 of 10
    2. Virus Protection : Unknown
    3. Microsoft Security Updates : 5 missing
     
  23. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    Current status:

    belarc.png

    update.png
     
  24. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    LOL. I have now 2 advisors to ski with me through my white as snow computer.
    1. Belarc Advisor v7.2x
    2. Microsoft Baseline Security Analyzer v2.1
    It's a bit of fun too and it might give me new ideas. Thanks again for the links.
     
  25. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    You could also try the blink vulnerability assessment, which scans your system and lists all known vulnerabilities it finds. It does require installing blink personal but it definitely can be helpful.
     
Loading...
Thread Status:
Not open for further replies.