Back to Top

Sunday, April 06, 2008

Consider the source before ranting

or else you could look foolish.

Full disclosure: I work in the AV industry, however this post (and all of my posts, unless stated otherwise) do not necessarily reflect the opinion of my current or past employers. They are my own personal opinions / views of things.

Getting back to the topic: some time ago there was a posting on the Authentium Virus Blog entitled "Windows Updates: Ranting about things that I dislike". My remark is the following: we can assume with a high degree of certainty that software works the way it works for a reason. And the more people work on a product, the more solid the reasons are for it working the given way. Unless it really is a little project thrown together in half an hour, you should first assume that you made a mistake, not that the team working on the product made one. This is exponentially true for "mega-structures" like the Microsoft products (including Windows Update).

Getting specifically to the points criticized by this blog post:

  1. "If you do it through a safer browser then it does not work. You need Windows Internet Explorer for it to work." - the built-in updater (the one showing you the yellow shield in the taskbar) doesn't need Internet Explorer. Also, considering that such a system level process (updating OS components) needs system level access which can only be done in native code (I'm generalizing here a little) and that IE is the only browser which has a built-in mechanism for executing code from a remote website (through ActiveX - some would call this a security risk :-)) and that IE is already installed on all Windows systems, this is a very reasonable dependency.
  2. "The Malware removal tool appears in my list of items to install every month and I have to say no to it every month. Sometimes months old Malware removal tools will re-appear and I have to say no to them all over again. Although this tool is useful for 99% of the people out there, running it on my machine would be bad for obvious reasons." (Note: I assume that s/he talks about the need to store samples of malware on computers which get the Windows Update). The Malware removal tool is quite different from traditional AV programs, a fact which the author of this post does not quite seems to grasp. It won't scan your hard-drive looking for infection (like tradition "on-demand" scanners) or check every file accessed (like "on-access" - also called "realtime" - scanners). It will look in a few key locations (registry keys, directories, etc) to check if the computer has an active infection with an "important" malware. If so, that malware is removed. Rest assured that it won't touch your inactive malware collection, so you can enable it safely (and I'm saying this out of experience, having run a few Windows machines storing or handling malware samples which had always all the patches applied).
  3. "Then finally, after you have installed the patches, a reboot is required. Note, it is not optional, and definitely not at your convenience." - the author is partially right there that the reboot prompt is very annoying, however it is optional (unless you are in the middle of something and hit enter right before the popup appears and it takes it as a confirmation for rebooting) and can be stopped temporarily. All you need to do is to run ProcessExplorer and suspend all the Windows Update processes (by right-clicking on them and selecting "Suspend"). I admit that this is a hack which is too complicated to normal users, however the whole point of this posting was to argue that the Windows Update process is inadequate for power users.

In conclusion: keep Windows Update enabled, it's your best friend if you run Windows! I read it recently (unfortunately I can't seem to find the link right now) that in a test machines which were up-to-date with patches have not been infected after visiting sites which hosted exploits (the idea being that the exploits used in the mass-attacks are usually for problems for which a patch is already available, so keeping you computer up-to-date will make it immune to almost all of these attacks).

0 comments:

Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.