[Thinkpad] Re: On applying patches to Windows ThinkPads
Jonathan Berry
jberry@islandnet.com
Sun, 24 Aug 2003 18:50:22 -0800
In article <200308232356.07898.andres@msu.edu>,
"STeve Andre'" <andres@msu.edu> wrote:
>Oh gads... I can't keep silent on this.
>
>Jonathan, you are dancing on a volcano.
>
>The updates that MS comes out with are *VITAL*
Not if the computer isn't connected to the Internet.
That's the first line of defence.
I'm connected to the internet behind a firewall (ZA free).
The firewall registered 125 "alerts" in the past 60 hours
(during which I might have been connected to the Internet 3
hours), but I'm still here with no signs of virus/trojan/worm.
I'm not saying that you're wrong, just giving you a data point.
I do connect to the Internet frequently, sometimes for tens of
minutes at a time. I do not imagine that the fact that I use
dialup is of any protection. Rather, I'm guessing that it's
the firewall. I don't know if my ISP could be playing a role
in this, as it does in erasing email viruses before they reach
my mailbox.
When Microsoft says the same thing that you do, I mark it up to
their self-serving policy to spread FUD (Fear, Uncertainty,
Doubt). The fact that YOU say the same thing somewhat takes
the warning out of that category, but not enough yet for me to
spend a day or so to do as you suggest. So for now I'm a
guinea pig.
Those in the business says yes, update everything. It's like
vacation warnings: Foreign Affairs will warn citizens to stay
away from a certain part of the globe. Often the warnings are
spot on; often they are ridiculous. But diplomatic officials
would rather err on the side of caution. Of course.
What's your opinion of the free services out there that test
your firewall? Are they obsolete?
> to the
>continued secure running of a system. The service packs,
>as big as they are (and they are pretty corpulant) are
>fairly well crafted and make it much much easier to apply
>a bunch of patches at once.
>
>They are needed. Please do not skip them. I can see that
>being at SP2 might make for some problems. I just updated
>an SP1 system with SP4, and found that I couldn't run Windows
>Update any more.
Yeah, you have to Update the Update (though Microsoft doesn't
tell you that). Part of the bugginess of the update process.
> After some considerable digging in things,
>I found that a DLL wasn't at the right version: copying over the
>file from a running system got me back up and running. This
>says to me that even though you are supposed to be able to
>apply SP4 on an older system, I now take the cautious approach
>and apply SP3, then SP4 to a system, then apply kb823980,
>*then* get on the net and run update to scoop up all the rest.
So for me as a home user, it's a chicken and egg situation. To
get SP3 I need to spend xx hours on the net, then another yy
hours to get SP4, all the while with a computer that is, by
Microsoft's (and your) definition, insecure! Or I suppose I
could order the update CDs from Microsoft Canada and not pick
up my email until they arrive.
>You really really really want to do this. Think of it this way:
>every known hole in Windows is scrutinized by vandals,
>looking for ways to exploit possibilities. By not having applied
>the updates you are exposed to new as yet unpublicized
>problems with old problems, not to mention all the known
>exploits for things.
>
>If anyone thinks that being on a modem is any protection, it
>isn't. I knew this on the intellectual level, but I got a stomach
>churning reminder of that just this week. I'd deloused a
>ThinkPad from MS Blaster and applied SP4 to it, but forgot
>to apply kb823980 first. I connected up to MSU's modem
>pool and within 20 seconds, litterally a fraction of a minute
>I got one of those "svchost error" messages, and the machine
>was infected!
Which firewall were you using?
>I've never had that happen to me on a dialin
>line before, but this is a new world: be patched or be vandalized.
>
>I've gotten 100M files over modei before. It isn't exactly my
>definition of a good time, spending 10 hours getting a patch,
>but consider the alternatives.
>
>It is of deadly importance for all you Windows people to keep
>up on your patches. With the RPC DCOM exploit the net is
>a much more nasty and dangerous place for Windows folks,
>and people, a LOT of people have learned the hard way that
>not keeping up causes real problems.
>
>I hope I'm not sounding too preacher like here.
>
>--STeve Andre'
>
>On Saturday 23 August 2003 04:31 pm, Jonathan Berry wrote:
>> In article <200308231417.39087.andres@msu.edu>,
>>
>> "STeve Andre'" <andres@msu.edu> wrote:
>> >Well, the first suggest is to Upgrade to SP4 and all the patches
>> >after that! You really really really need to do this. I recently had
>> >a sick ThinkPad which I'd put on the net via modem for an upgrade,
>> >and it got hit by the Welchia horror. Patching with kb832980 is
>> >just absolutely critical.
>>
>> I don't use IE or OE. 600E. I'm still on SP2, but I use
>> ZoneAlarm (free) and have not come down with an MSBLAST attack.
>> ZA blocks the port(s) through which MSBLAST attempts to insert
>> itself. I think the main one was 135, and it's rejected close
>> to 100 such connections. Then again, maybe I'm just living on
>> borrowed time.
>>
>> I DL'd WINDOWS2000-KB823980-X86-ENU.EXE (sic), the msblast
>> security patch, all 918K of it, only to discover that MS does
>> not allow it to be run on my computer. I'm guessing that the
>> patch requires SP3 or higher, despite what the DL page says
>> about it.
>>
>> DL'ing SPs over dialup is extremely aggravating. SP3 was,
>> what, 127 MB ? There was another method that involved less
>> downloading, but 1) it was buggy; 2) IMHO it gave MS too
>> much access to my computer. No, I don't trust them.
>>
>> YMMV, but I'm not convinced that the updates are necessarily
>> needed (if you have other defences, the most severe of which is
>> to disconnect your computer from the internet, ahem), nor am I
>> convinced that SPs and MS updates alone will protect you from the
>> dangers out there. Rather than "necessary and sufficient" it
>> could be "unnecessary and insufficient".
>>
>> >On Saturday 23 August 2003 02:01 pm, Lou wrote:
>> >> Hi,
>> >> I have a strange problem with my T22. It has the Intel 1.0 CPU with the
>> >> speed control. I have it set for maximum and it plugged in 95% of the
>> >> time.
>> >>
>> >> About every 3 to 4 months, the speed drops from the 1Ghz to about 350Mhz
>> >> as shown by either Belarc or Sandra.
>>
>> If it were a heat issue, as somebody else suggested, turning
>> the computer off for a while might solve it ...?
>>
>> I find my 600E going slow every so often (once a year?), but
>> rebooting cures it. Win2K SP2.
>>
>> >> I run virus scans all the time, and no virus is detected.
>> >>
>> >> I usually need to do the complete restore from the IBM restore on the
>> >> hard drive. Once I was able to use the Config-Safe to reset it but this
>> >> time, it does not work.
>> >>
>> >> Has anyone else run into this problem. My two desk systems don't ever
>> >> have this problem. I am running Win2K SP2.
>> >>
>> >> Suggestions?
>
>
>
--
happy
Jonathan Berry and Erika http://www.islandnet.com/~jberry/fun.htm