Slashdot Mirror
DIY Service Pack For Windows 2000/XP/2003
Karsten Violka writes "Looking for manageable Windows updates even without an internet connection? Heise's script collection
Offline Update 3.0 downloads the entire body of fresh updates for Windows 2000, XP, or Server 2003 from Microsoft's servers in one fell swoop and then uses them to create ISO-Images for CD or DVD. Included is an intelligent installer script that allows you to update as many PCs as desired." Sounds like a great idea, given the danger of putting an unpatched PC on the Internet to download security updates.
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
A "danger" that is eliminated with a rinky $25 NAT router.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
Perhaps the key difference is this:
I can put an unpatched RedHat Linux system on the public Internet and download patches without worrying about it. In fact, I routinely use such systems AS the router/firewall for other systems!
If you hear people around here saying things like "Windows is insecure and/or isn't really ready for the Internet", that's because it's true, or you wouldn't need that stupid $25 router in the first place!
The fact that you can't even imagine a server without a dedicated firewall in front of it speaks volumes.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Home desktops aren't usually behind firewalls.
That may have been true 10 years ago, but these days most home PCs are at least behind a NAT. Unless you've gone out of your way and configured your NAT to forward all ports to your PC (i.e. a DMZ), outside attacks will be quite useless. The only threat in this case is the user downloading a virus from email, or visiting a compromised website. If you run windows update (well, several times) before you do either of those things, there's no danger.
AccountKiller
So what's the point of using a reg.exe from the NT 4.0 resource kit? Rename a self extracting zip to reg.exe?
In short, don't play with strange links posted by anonymous cowards...
Jonah HEX
Horror & SciFi Erotic Nudes
Yes, there is. Every time MS releases an updated WGA .dll, the pirates release a cracked copy. Shows up all over the place. Download, overwite the files in WINDOWS/SYSTEM32, and presto, no more nags, and you can use Windows Update manually too.
I have a feeling it won't be quite so cut and dried with Vista though.
If you're not prepared to pay for their software then you shouldn't be using it, simple. And you would probably be admired more if you had the courage and strength of conviction to go spend the time learning to use an alternative OS in order to make a much clearer statement to Microsoft that you're not prepared to pay the money they ask for their products.
Any fool can download a pirated Windows CD from the Internet, it takes initiative to go learn and legally use an alternative OS.
Gentoo Linux - another day, another USE flag.
> No, I'm no Microsoft fan but let's stick to facts
> rather than "science fiction" FUD stories...
These are not SF FUD stories. There are a lot of people who:
- don't know shit about security
- don't know shit about patching
- own USB xDSL modem or connect to *untrusted* network with wifi or something similar (do you carry a $50 router with your laptop?)
- use computer to Just Work With it - as a tool - you know
And Windows is not uber-user-friendly there. In fact I think you need to be relatively skilled to set up XP so it is relatively secured. Not something your mom or dad (I assume) can do with their computers.
Recently a friend of mine reinstalled Windows (since it was wrecked to the point of no other option, at least for her) from CDs (sans SP) which came with her laptop. After 1 minute the system was infected and unusable it havent even a slight CHANCE of updating itself.
MS made some stupid decissions few years ago and now they pay the price. This is not FUD. People do not have the latest Vista and so on. Some of them use 5 year old computers since they tend to work for them.
I can surely install old version of Linux distribution or OSX and do not get infected in 10 minutes after connecting to untrusted network.
I agree - but I've set up a number of these NAT routers recently for friends and colleagues, and apart from some simple configuration for ADSL accounts (and some wireless security if needed), these things now work pretty much out of the box. They are a whole heap of good security for little cost that are easy to setup - and protect you from about 90% of the bad things out there on the Internet the moment you switch them on.
And for your information, I carry round a Linux laptop with a fully locked down kernel firewall that I *carefully* open up as I need to if I'm on an unprotected (un-NAT-ed) Internet connection. :-)
> And Windows is not uber-user-friendly there. In fact I think you need to be relatively skilled to set up XP so it is relatively secured. Not > something your mom or dad (I assume) can do with their computers.
I agree again - which is why I recommend a NAT router to anyone I know with ADSL; and if they refuse to buy one, I refuse to offer them any help when their PC goes wrong! :-)
> MS made some stupid decissions few years ago and now they pay the price. This is not FUD. People do not have the latest Vista and so on. Some of them > use 5 year old computers since they tend to work for them.
Again, I agree. But, if anything, Windows 9x didn't have a complete enough IP stack to allow much to be run in the way of services out to the Internet - so it could be argued that unpatched and out of the box, a 9x machine is more secure than XP.
> I can surely install old version of Linux distribution or OSX and do not get infected in 10 minutes after connecting to untrusted network.
It depends on what's out there. Before I moved house last year, on my old ISP I ran an SSH (Secure Shell) server out to the Internet and my log files were filled with scripted access attempts against the server - just pounding away at my server with common account names hoping that one of them would allow entry.
Yes, a secured Linux server is always going to be more secure than a secured Windows server but please don't get complacent about it - it just takes one stupid mistake on either OS and someone will get into it.
Gentoo Linux - another day, another USE flag.
autopatcher is a closed source solution which requires you to trust executables from a dubious source. Even if you accept the autopatcher guys as currently trustworthy, they may still sell out or get hacked with much higher probability than microsoft.
If I understood the information on the website correctly autopatcher is just a collection of the latest MS updates from a third party. With the offline update scripts from Heise you're able to create your *own* autopatcher collection from scratch. No middleman involved.
The unfortunate fact about OS security is that it is a case of "survival of the fittest". It's pretty safe to assume that as long as there is an Internet, then there will be crackers out there trying to break into PCs that sit on the Internet. From their perspective, if they crack open a PC then they are happy and that the longer it takes them to break into a PC, the more likely they are to just give up and try another one.
Consequently, the more "walls" you put in the way of a cracker, the more the chances that you'll reach the limit of his abilities & make him give up. So security is all about doing *multiple* things against attacks - disabling well-known account names, using strong passwords, deploying software firewalls *AND* NAT routers, turning off unnecessary services, tightening the configuration of needed services to only allow certain hosts to access... these are all *ADDITIONAL* steps to just applying software updates.
Sure, a lot of these processes are tricky for new users but a lot of them are also very simple to deploy - and any of those that you do deploy put you one step ahead of the people who don't deploy them and who are, consequently, put at more risk from attack by crackers.
Gentoo Linux - another day, another USE flag.
That's up to you. But please don't take it as an offense if I say that I'd never hire you as a sysadmin.
Ask yourself this... is the 5 minutes it takes to set up basic firewalling (or even simply shutting down any daemons you're running) worth the extra time you risk if you have to reinstall the computer? Banking on averages is never a good idea, especially not when you're dealing with something mission-critical. Whatever can go wrong will go wrong, at the worst possible moment and all.
Speaking as somebody who's had computers blow up on him on many an occasion, I'd rather not take any chances I don't have to. Recovering from your own fuckups is expensive and annoying, doubly so when it's avoidable.
If you believe everything you read, you'd better not read. - Japanese proverb