| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 83425 | 2007-10-01 14:54:00 | More On The "Secret Stealth Updates" | SurferJoe46 (51) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 596851 | 2007-10-01 14:54:00 | I was gonna link this, but it is so important that I am going to c/p with credits instead: Computer & Internet Security News 01 October 2007 Stealth Windows patch mucks up XP By Gregg Keizer, Computerworld "....A silent patch Microsoft pushed out last month prevents Windows XP users who repair their PCs from securing their machines with new patches, Microsoft has confirmed. "When an XP repair CD is used, it replaces all system files (including Windows Update) on your machine with older versions of those files and restores the registry," said Nate Clinton, program manager for Windows Update on a Microsoft blog. "However, the latest version of Windows Update includes 'wups2.dll' that was not originally present in Windows XP. Therefore, after the repair install of the OS, wups2.dll remains on the system, but its registry entries are missing. This mismatch causes updates to fail installation." The Windows Secrets newsletter reported the patch installation failures after tests on Windows XP machines that had been restored by an in-place reinstall. The root of the problem, said the publication, is that seven DLLs from the latest revision to WU - not just one - failed to register themselves with XP. Microsoft could not provide an explanation for the discrepancy between the claims. The file cited by Clinton, wups2.dll, is one of the seven fingered by Windows Secrets and part of the so-called stealth update that Microsoft sent to most non-corporate Windows XP and Vista users beginning in July and running through this month. The update was delivered and installed without prior notification, even when the PC's owner had told the operating system not to download or install updates without notification and permission. Testing shows that the silent update - tagged as 7.0.600.381 - blocks 80 patches and hot fixes from installing on a just-repaired system restored with a retail version of Windows XP SP2. After executing a batch file recommended by Windows Secrets, the batch file registered each of the seven suspect DLLs. The updates could be installed, however. Clinton said the problem would be fixed by registering only the wups2.dll file. He also listed the steps users should take, and promised that a document providing more detail would be posted to Microsoft's support database. As of mid-day Friday, the document, designated KB943144, had not appeared on Microsoft's support site. Although Scott Dunn of Windows Secrets said the post-repair update bug is proof of the danger that stealth updates pose, Andrew Storms, director of security operations at nCircle Network Security, said that the practice also hits Microsoft in the wallet. "Imagine the amount of work for Microsoft's support teams on this," he said. "It would have probably taken a couple of hours on the phone to help a customer," he added, because even the support representative would not have had any idea that the WU update was the cause. "This isn't just a PR problem for Microsoft, but also a support problem. "Silent updates are not going to help with Microsoft or end users," Storms said. Companies may rely on re-imaging a damaged PC rather than restore it with an in-place reinstall, he said, but plenty of small and mid-size companies depend on the repair option. They, too, would be stymied by the inability to patch repaired PCs, since the same WU client software is used by Windows Server Update Services (WSUS), the update mechanism most businesses use to deliver update to their end-user machines. "Everyone gets the same updates [to WU]," said Storms, "so the same problem will persist for both WSUS and people getting updates direct from Microsoft." " |
SurferJoe46 (51) | ||
| 596852 | 2007-10-01 19:01:00 | It's pi$$ poor really. I have that problem almost every time after a repair-reinstall on a PC. Luckily, the batch files do the job great. It's a problem I'd really liked fixed. :( | wratterus (105) | ||
| 596853 | 2007-10-01 20:58:00 | Someone tell me what use the updates are. Apart from very slow and very hopeless IE security hole fixes. 3rd party is so much more secure. The amount of fully "patched" PCs I see that are stuffed with malware and have all sorts of problems. Its a joke really. It might make the user feel better but its as much use as a paper boat. |
pctek (84) | ||
| 596854 | 2007-10-01 21:17:00 | Someone tell me what use the updates are. Apart from very slow and very hopeless IE security hole fixes. 3rd party is so much more secure. The amount of fully "patched" PCs I see that are stuffed with malware and have all sorts of problems. Its a joke really. It might make the user feel better but its as much use as a paper boat. So do you suggest to your clients to disable windows update? I suppose thats a good way for repeat business :D |
plod (107) | ||
| 596855 | 2007-10-01 21:19:00 | Someone tell me what use the updates are . Apart from very slow and very hopeless IE security hole fixes . 3rd party is so much more secure . The amount of fully "patched" PCs I see that are stuffed with malware and have all sorts of problems . Its a joke really . It might make the user feel better but its as much use as a paper boat . Really, now! The reason to GET the updates is that blackhats see them and create a zero-day exploit and if you DON'T get the update, then you are a dead fish . No updates can protect a puter from an idiot operator . . . that's prolly what you're seeing . I like you and your straightforwardness in approaching things, but somehow this recalcitrant opinion about the non-necessity of M$ updates makes me think there are some other reasons why you don't like them . It's a given that if you run Windows anything, you gotta be an IT expert . Telling people to NOT get updates might just be a way of securing repair work for yourself . Tell me it ain't so . :stare: |
SurferJoe46 (51) | ||
| 596856 | 2007-10-01 21:21:00 | the problem with that is you dont have the choice of uninstalling IE, it will always be there. sucks really. wonder what they do to widows 7 to make it more fun to try and fix. | Cho (12330) | ||
| 596857 | 2007-10-02 00:50:00 | I don't mix my personal opinions with customers choices. Its a PERSONAL thing, not business. If they want them, fine. As for zero day exploits and so on, how does MS protect me in general? They don't. They dole out little fixes, ususally miles after the fact. And then some fixes for the fixes. As my own PCs have no updates at all and I rely totally on 3rd party protection, and this is supposed to be such a stupid idea, why are my PCs always free of any issues? Yes? |
pctek (84) | ||
| 596858 | 2007-10-02 01:42:00 | I don't mix my personal opinions with customers choices . Its a PERSONAL thing, not business . If they want them, fine . So do you tell customers that they don't actually need the updates as long as they have the AV and anti-spyware apps installed and don't use IE? How many still want the updates after you have explained they don't need them? As my own PCs have no updates at all and I rely totally on 3rd party protection, and this is supposed to be such a stupid idea, why are my PCs always free of any issues? I know you have said it before but I need reminding - do you not even have SP1 installed? Your PCs are free of issues partly because of your surfing habits and mostly because of your common sense, same as me . And because you don't use IE . |
FoxyMX (5) | ||
| 596859 | 2007-10-02 03:22:00 | I don't mix my personal opinions with customers choices. Its a PERSONAL thing, not business. If they want them, fine. As for zero day exploits and so on, how does MS protect me in general? They don't. They dole out little fixes, ususally miles after the fact. And then some fixes for the fixes. As my own PCs have no updates at all and I rely totally on 3rd party protection, and this is supposed to be such a stupid idea, why are my PCs always free of any issues? Yes? what about the forced updates MS put through, do yo not install these as well? After all they are done without your knowledge |
plod (107) | ||
| 596860 | 2007-10-02 03:31:00 | what about the forced updates MS put through, do yo not install these as well? After all they are done without your knowledge I don't think you CAN get them without SP-2 first.... |
SurferJoe46 (51) | ||
| 1 2 | |||||