[ale] [OT and sorry] - M$ patches and security advice?

[Frank Zamenski]

> On Thursday 11 September 2003 10:18, J.M. Taylor wrote:
> > I don't actually use Windows, nor have I for...4 years now? (wow, 
it's
> > like an AA meeting...)
> >
> > But I've been asked to give a security talk to our 62+ computer 
class
> > (basically, how to use a computer for anyone over 62 years old) and 
of
> > course they learn Windows.  So since there's lots of multi platform 
people
> > on ALE -- where do you go to get Windows patches?  Is there anyplace
> > *other* than the apparently overloaded microsoft site to obtain 
them?  Is
> > it an automagic patchy thing where they <shudder> scan your machine 
over
> > the web to determine what you need and then deliver it?
> >
> > Anybody have any Windows-specific advice to give me to pass on to 
these
> > folks?  I need to keep it relatively simple, but I want to make 
sure they
> > have resources they need.  My security talks don't focus on 
technology per
> > se, but are more an overview of how to be paranoid.  But I do want 
to give
> > them some Windows specific stuff that they can follow up on.
> >
> > Many thanks, and I apologize for asking MS questions here...I just 
am
> > totally, utterly clueless when it comes to Windows.  Ignorance is 
bliss,
> > as they say.
> >
> > jenn
> 
> Hey Jenn,
> 
>    No Windows for 4 years? That's a GOOD thing! Anyway, MS patches 
are a 
> semi-automagic thing. You click on Internet Explorer, then on Tools, 
then on 
> Windows Update. This gets you to Microsoft's update webpage. If you 
do not 
> have MS Updater on your PC, it will get downloaded and installed. 
Once the 
> application is installed and you are at the MS site, you can click on 
Scan. 
> It will scan your computer and give you a list of patches for your 
computer.
> 
>    Patches are broken out into 3 sections: Critical, Windows, 
Drivers. 
> (forgive me if I get a name wrong, I'm on my SuSE PC right now - but 
> dutifully applied patches to my Win2K laptop this morning). 
> 
>    You select the patches you want to install, then they are 
downloaded and 
> installed. Some critical patches require a reboot - so you download 
and 
> install then individually, then go back to Windows update and apply 
the rest.
> 
>    If you don't get better info, I'll sit at my wife's WinXP laptop, 
my Win2K 
> laptop and WinME dual-boot desktop to see if there are any major 
differences. 
> I think they all operate pretty much the same.

Jenn,

Which ver of Winbloze? If its (the soon to be unsupported) Win98, 
there's this so-called 'task scheduler' that runs in the lower-right 
screen tasks (as in running) tray. After updating 98 some mysterious X 
ammount of times, where X == some strange no# known only to Msft -- a 
critical updates pgm gets auto-installed in the scheduler. After an 
internet connection is made, one of the tasks of critical update is to 
pop up and inform (actually, iritate!) you that one or more critical 
updates is available. The pop up has two buttons, one to 'view updates 
now', which if selected will automatically take you to the Msft update 
shite, else, there is the 'view later' choice, which puts the pop up to 
sleep until the next connection. If you open the scheduler, you will 
see the critical update default is to run every 5 mins forever and ever 
or until you go insane, which maybe could be hell for an always-on 
connection? ;) Oh yeah, you can change that default in the scheduler....

Anyway, assuming you choose view, you then are magically transported to 
update, and your machine then gets scanned "without any info being sent 
back to Msft", which always crax me up as, how can you *NOT* send any 
info back to Msft for the damn thing to work in the first place?? ;)

So, it's automated.... sorta. If the machine is not updated regularly 
(and with Win, you *must* update *all the time*, like, weekly!), the 
list of available patches can be huge and unweildly, especially for 
those critical patches (and *every* patch for Win is critical, IMO) 
that can only be installed without others, which almost always require 
a reboot, then ya gotta go to the shite and do it again, and again ad 
nauseum.

If the ver is Win2K SP3 (or maybe it is SP4?), it has a slightly 
different gimmick (it was added with one of those later SPs): like Win 
eXtra Poo does now, it encourages you with this damn annoying info 
ballon you see on your lower-right desktop shortly after logging in 
(which you can NOT disable) to set up auto-update. It is said that by 
enabling that, the OS will then do all this update nonsense for you in 
the background, doing gawd only knows what to the PC. Can't say I 
recommend it.

HTH, and congrats on your four yrs!
Frank