Do Windows updates keep out malware?

K

K.I.L.E.R

Retarded moron
Veteran
If not, do they at least help in reducing the probability you will get malware?

I've been thinking about this just after reading a recent article at Techspot.
I do believe that updating reduces the probability of getting malware through unconventional methods.

However, I believe common sense plays a bigger part of it.

Anyone agree?
 
how many times did Windows upgrade slowed down computer or opened new hole? ;)

i think that answers your question....
 
What slowing down of the computer are you talking about? I would like to know cause I update religiously for fear of allowing one of my moron friends to use my machine and have him/her go to a website of very questionable stature and get my setup jacked over!!! :oops:

By my experience I have had no slowdowns whatsoever...but then again...I am not as smart as you guys are :oops:
 
Keeping windows up to date is one small part of keeping you computer free of malware.

It's just like servicing your car. You wouldn't change the oil filter and keep the old oil in the engine.

You need to keep ALL your software up to date, as well as being smart about what software you install, which websites you visit, etc.
 
suryad said:
What slowing down of the computer are you talking about? I would like to know cause I update religiously for fear of allowing one of my moron friends to use my machine and have him/her go to a website of very questionable stature and get my setup jacked over!!! :oops:

By my experience I have had no slowdowns whatsoever...but then again...I am not as smart as you guys are :oops:
Click to expand...

sometimes windows updates fix one problem, but open another... happened many times...

http://msn.pcworld.com/howto/article/0,aid,111126,00.asp

A recent Windows Update has destabilized my system. Is there a way to undo these patches?

Bob Catanzano, North Andover, Massachusetts

Microsoft provides ways to undo disastrous updates, but they don't work with every patch. Let's hope that one of the solutions below will work for you.
Click to expand...

not uncommon, thats why i have update service shut down and i only install the most highly critical updates....

i rather go for mixture of good AV -> NOD32, firewall ->Kerio, anti-spyware -> Spybot and adaware and using Firefox for internet and thunderbird for email ( outlook express shares around 30% of components with IE, thats why it is so vulnerable to attacks, cause there is big chance that IE and OE have same bug).....

hope this hepled...


and yeah, i never installed SP2.... ;)
 
If you think anti-virus softwares, firewalls and not using IE is going to make your un-patched Windows safe, you are being naive.
 
dunno.... never had single problem with any of that.
i just DLed Spybot 1.4 and it didnt find ONE SINGLE spyware.... after i havent done sweep in like a month...

as i said, i download only highly critical updates for which i know what they do... for example i DLed patch for that JPEG problem, thats a must.

since i dont use _ANY_ other M$ software on my comp i pretty sure i am doing well WRT security....
 
pcchen said:
If you think anti-virus softwares, firewalls and not using IE is going to make your un-patched Windows safe, you are being naive.
Click to expand...

I agree with silence on this. I don't see the need of installing SP2 or all those updates on my desktop. It's behind a router and I use Firefox and a good virusscanner. I'm totally safe.
 
No, being behind firewall does not necessarily protects you. For example, if there's a buffer overflow bug in the Windows API, it can affects Firefox and countless other applications. Firewall can defense from outside, but not from inside.

The single most important change in SP2 is the support for NX bit (if your CPU supports it, of course). Even if your CPU does not support NX bit, it still worthwhile to update to SP2.

Of course, it's your choice. However, I think it's irony that one can call Microsoft being "not secure enough" and at the same time refuse to update to the latest fix.

(Always updating all critical security updates does help to a certain extents, but Microsoft will eventually stop supporting pre-SP2 Windows XP. So unfortunately people will have to upgrade to SP2 if they want the best security from Windows XP, or they can switch to other OS :p )
 
like this?
link

WASHINGTON (AP) — Microsoft withdrew a security improvement for its flagship Windows XP software after it crippled Internet connections for some of the 600,000 users who installed it.
Click to expand...

or this?
link

how about this?
link


and you simply have to love this one.....

link
Microsoft has quietly released an update to Windows XP to fix a potentially serious configuration problem in the firewall that ships as part of Windows XP Service Pack 2.
Users who installed SP2 on their Windows XP machines and also have file and printer sharing enabled may have been sharing their files and printers with the entire Internet, according to Microsoft.
By default, file and printer sharing makes changes to the SP2 firewallto give computers on the "local network" access to shared resources. However, the definition of that local network depends on the Internet service provider. In some cases, especially with dial-up ISPs, it meant the entire Internet, according to Microsoft.
"In the default configuration of Windows XP SP2, that (firewall) setting was probably a bit wider than it should have been," said Gary Schare, director of product management for Windows. "This update narrows the scope of what defines the local network."
Click to expand...


yes...... i can see your point clearly.... i think i'll go now and turn on update service :rolleyes:
 
I use a completely non patched version of XP, no updates, no service packs and the only time I have ever recieved a virus or spyware was by visiting a questionable site using an improperly configured IE.

I have tried both service packs and both break other things and cause general system instability and/or slowdown. Not my cup of tea. Running a good AV program combined with a firewall and custom settings is all you need to be safe. My computer not only shows up as closed on all ports but it's completely stealthed. If, in any likelihood, a virus were to get in my Firewall is set up to stop any program that tries to access an outside source, and I'm behind a router. XP, by default, has many vulnerabilities, however there are many things you can do to make it safer. And it runs far better then with these service packs and updates installed, which fix past vulnerabilities only to introduce new ones.
 
So you put more faith into the original Windows XP than service packs?
Of course you can give a lot of examples about service packs' problems. But there're MORE problems in original Windows XP. Maybe you just haven't hit them.
Anyway, if you think it works, that's good for you. But if you really care about security, you wouldn't think that antivirus and firewalls will do everything for you. As I said, they can protect you from outside, but not from inside. Do you think Firefox is bug-free? Come on, it already have several security fixes. Ditto for every other applications.
 
pcchen said:
So you put more faith into the original Windows XP than service packs?
Of course you can give a lot of examples about service packs' problems. But there're MORE problems in original Windows XP. Maybe you just haven't hit them.
Anyway, if you think it works, that's good for you. But if you really care about security, you wouldn't think that antivirus and firewalls will do everything for you. As I said, they can protect you from outside, but not from inside. Do you think Firefox is bug-free? Come on, it already have several security fixes. Ditto for every other applications.
Click to expand...

are you saying that Win is virus itself? 8)
if you know how to set up your computer you wont have trouble.... i dont recall when AdAware or Spybot found _ANYTHING_ since i started using Firefox....

only way virus can get INSIDE is if you let him.... if you open every attachment that comes from unknown adress or visit sites with unpatched IE and so on.....it still needs a way INSIDE computer....

or you bought computer with preinstalled viruses??????????? :rolleyes:
 
silence said:
are you saying that Win is virus itself? 8)
if you know how to set up your computer you wont have trouble.... i dont recall when AdAware or Spybot found _ANYTHING_ since i started using Firefox....

only way virus can get INSIDE is if you let him.... if you open every attachment that comes from unknown adress or visit sites with unpatched IE and so on.....it still needs a way INSIDE computer....

or you bought computer with preinstalled viruses??????????? :rolleyes:
Click to expand...

No, what I mean is, firewall only protects you from other computers, but it can't protect you from something working in your computer.
If you think that virus and worms only come from attachments, you are wrong.

Let's think about a hypothesis situation: supposed that there is a buffer overrun bug in a Windows API, and Firefox uses it (Firefox uses a lot of Windows API, so it's normal). Someone found a way to expose that buffer overrun bug through a web page (a innocent looking HTML page). Now, when Firefox loads the HTML page, it crashes and run the code embedded in the HTML page. Now the attacker can work from inside.

Other than Firefox and Windows, many programs can have buffer overrun problem. Be it a movie player, a MP3 player, or a PDF viewer, a buffer overrun problem provides a chance for attackers to run the code of their choice, only through a innocent looking movie file, MP3 file, or PDF file.

SP2 greatly reduces the chance of buffer overrun problem through supporting NX bit (of course, if your CPU has it). It doesn't completely immune from buffer overrun problem, but it makes running the code of attacker's choice much harder.
 
What horseshit.
As someone who uses SUS (and now WSUS) to deplay microsoft patches to 1500+ machines, the total number of problems we've had has been exactly ONE. A machine with a certain video capture card could not deal with the Windows 2000 service pack 4 - had to stay on sp3.
There have been a few updates that caused problems for other people, but thats why I wait a day or so before I approve most of them.

If you think your AV will prevent malware from exploiting an unpatched windows vulnerability, you havent a clue.


silence said:
suryad said:
What slowing down of the computer are you talking about? I would like to know cause I update religiously for fear of allowing one of my moron friends to use my machine and have him/her go to a website of very questionable stature and get my setup jacked over!!! :oops:

By my experience I have had no slowdowns whatsoever...but then again...I am not as smart as you guys are :oops:
Click to expand...

sometimes windows updates fix one problem, but open another... happened many times...

http://msn.pcworld.com/howto/article/0,aid,111126,00.asp

A recent Windows Update has destabilized my system. Is there a way to undo these patches?

Bob Catanzano, North Andover, Massachusetts

Microsoft provides ways to undo disastrous updates, but they don't work with every patch. Let's hope that one of the solutions below will work for you.
Click to expand...

not uncommon, thats why i have update service shut down and i only install the most highly critical updates....

i rather go for mixture of good AV -> NOD32, firewall ->Kerio, anti-spyware -> Spybot and adaware and using Firefox for internet and thunderbird for email ( outlook express shares around 30% of components with IE, thats why it is so vulnerable to attacks, cause there is big chance that IE and OE have same bug).....

hope this hepled...


and yeah, i never installed SP2.... ;)
Click to expand...
Oh, and lets note that your "evidence" is from 2003...and you call this occurance "not uncommon", something that has happened "many times"...what a crock.
 
pcchen said:
No, what I mean is, firewall only protects you from other computers, but it can't protect you from something working in your computer.
Click to expand...

Well, they don't get inside my computer, so it seems to work fine. And I do browse some very obscure sites every once in a while. And when they cannot get inside, I don't have to protect myself from that.

If you think that virus and worms only come from attachments, you are wrong.

Let's think about a hypothesis situation: supposed that there is a buffer overrun bug in a Windows API, and Firefox uses it (Firefox uses a lot of Windows API, so it's normal). Someone found a way to expose that buffer overrun bug through a web page (a innocent looking HTML page). Now, when Firefox loads the HTML page, it crashes and run the code embedded in the HTML page. Now the attacker can work from inside.
Click to expand...

The good thing about Firefox, is that it runs everything inside it's own sandbox. And Java does as well. And that seems to be pretty effective, because the only reported exploits are some semi-browser hijacks, that are pretty hard to pull off, and don't seem to offer much risk for daily use.

Other than Firefox and Windows, many programs can have buffer overrun problem. Be it a movie player, a MP3 player, or a PDF viewer, a buffer overrun problem provides a chance for attackers to run the code of their choice, only through a innocent looking movie file, MP3 file, or PDF file.
Click to expand...

Sure. So? What does that have to do with it? If you are running that application in the first place, why bother with a buffer overrun and not just go and do the bad stuff right away?

SP2 or whatever won't protect you from that.

SP2 greatly reduces the chance of buffer overrun problem through supporting NX bit (of course, if your CPU has it). It doesn't completely immune from buffer overrun problem, but it makes running the code of attacker's choice much harder.
Click to expand...

So, if you have an Athlon64, don't run any old software and not one of your applications crashes when you enable the NX bit, you would recommend to install SP2 and turn it on, just to make especially sure?
 
Althornin said:
What horseshit.
Click to expand...

Likewise. My pleasure. :D

As someone who uses SUS (and now WSUS) to deplay microsoft patches to 1500+ machines, the total number of problems we've had has been exactly ONE. A machine with a certain video capture card could not deal with the Windows 2000 service pack 4 - had to stay on sp3.
There have been a few updates that caused problems for other people, but thats why I wait a day or so before I approve most of them.
Click to expand...

And, do they help? Is your network more secure now? Did you test that, or did you just believe Microsoft without question? Or did you just do it because surely, everyone knows that you have to do that, don't they?

If you think your AV will prevent malware from exploiting an unpatched windows vulnerability, you havent a clue.
Click to expand...

Well, add a good router and Firefox, and it sure seems to work rather well. You DID test that as well, didn't you? Or don't you have a clue about that?
 
DiGuru said:
The good thing about Firefox, is that it runs everything inside it's own sandbox. And Java does as well. And that seems to be pretty effective, because the only reported exploits are some semi-browser hijacks, that are pretty hard to pull off, and don't seem to offer much risk for daily use.
Click to expand...

Yeah, and Java is a complete safe environment :rolleyes:
Of course everything is safe if it works as advertised. However, what's called a "security breach" means it doesn't work as advertised.

Sure. So? What does that have to do with it? If you are running that application in the first place, why bother with a buffer overrun and not just go and do the bad stuff right away?
Click to expand...

How about reading a PDF file with Acrobat Reader makes your computer runs some codes of attacker's choice? You think Acrobat Reader will never have a buffer overrun bug? How about Media Player, Winamp, or iTune?

So, if you have an Athlon64, don't run any old software and not one of your applications crashes when you enable the NX bit, you would recommend to install SP2 and turn it on, just to make especially sure?
Click to expand...

Not only that. It's just the single most important feature of SP2 regarding to security.

Anyway, if you think your computer is secure, fine. However, in most cases, people who think this way usually have insecure computers.
 
DiGuru said:
Likewise. My pleasure. :D
Click to expand...
Ah, this means that you are about to talk about stuff you know nothing about, while insulting my abilities by assuming I do not do things that you yourself do not do - and being wrong about it. How refreshing.

As someone who uses SUS (and now WSUS) to deplay microsoft patches to 1500+ machines, the total number of problems we've had has been exactly ONE. A machine with a certain video capture card could not deal with the Windows 2000 service pack 4 - had to stay on sp3.
There have been a few updates that caused problems for other people, but thats why I wait a day or so before I approve most of them.
Click to expand...

And, do they help? Is your network more secure now? Did you test that, or did you just believe Microsoft without question? Or did you just do it because surely, everyone knows that you have to do that, don't they?
Click to expand...
Actually, smartass, I did test, and I DO test.
Constantly.
I use a range of programs including nessus for vulnerability testing and snort for IDS.

I/(my place of work) share a LAN/WAN with 5 other organizations (all colleges, seperate political entities like the college I work for), most of which do NOT patch their machines. When the worms hit, our machines are fine. I can see the storm of probes and attacks coming from the other colleges' vlans, but they fail to infect our machines. Then they run around patching and fixing, while I and my co-workers sit on our asses.

In short, far more than you've probably done to test. But sure, call me out - Bring it.
If you think your AV will prevent malware from exploiting an unpatched windows vulnerability, you havent a clue.
Click to expand...

Well, add a good router and Firefox, and it sure seems to work rather well. You DID test that as well, didn't you? Or don't you have a clue about that?
Click to expand...
Right. and the vulnerabilities in things other than IE get somehow hidden, right? Try again.

Now sure, if you place yourself behind a "good router" - Which I assume means you are behind NAT/firewalled - then you are pretty invulnerable to stuff coming in without user intervention (browser, email, or user error). But you have a nice day when your buddy brings over his (unknown to him) infected laptop and hops on your network.
AV is a good second line of defense (and I do advocate its use - it is on all of my machines), but it will not save you from OS vulnerabilities being exploited.

You know, if you are going to go around and call other people clueless, I'd suggest actually having one in the first place.
 
You must log in or register to reply here.

Similar threads

D
Video Game Console Cooling - A Hot Topic (pun kind of intended).
Replies
14
Views
3K
Shifty Geezer
Shifty Geezer
iroboto
B3D IQ Spectrum Analysis Thread [2021-07]
2 3 4
Replies
63
Views
15K
OlegSH
O
N
Deja Vu from the past :)
2
Replies
29
Views
4K
function
F
T
I moved to Japan!
Replies
14
Views
4K
tuna
T
A
Holy Wall of Text: My impressions post Playstation 4 (PS4) unveil
2 3 4
Replies
70
Views
20K
(((interference)))
I
Back
Top