DIY Service Pack For Windows 2000/XP/2003 197
Karsten Violka writes "Looking for manageable Windows updates even without an internet connection? Heise's script collection
Offline Update 3.0 downloads the entire body of fresh updates for Windows 2000, XP, or Server 2003 from Microsoft's servers in one fell swoop and then uses them to create ISO-Images for CD or DVD. Included is an intelligent installer script that allows you to update as many PCs as desired." Sounds like a great idea, given the danger of putting an unpatched PC on the Internet to download security updates.
yeah, that's real safe (Score:3, Insightful)
Already been done in a better form (Score:5, Informative)
http://www.autopatcher.com/ [autopatcher.com]
Re:Already been done in a better form (Score:5, Informative)
Re: (Score:2, Interesting)
I believe a vista version was release as well known as vlite. I have not used either but they look very promising, I have been meaning to try out nlite for the next time I reformat but maybe I will try one of these alternatives instead. Any one out there used them all?
Re: (Score:2, Insightful)
Well Einstein (Score:2, Informative)
2) The probability that an unpatched PC behind a firewall will get "hacked" in the moment while you are downloading it is what... 0,2?
3) What else will we whine about now... the versatility of Macintosh hardware?
Re:Well Einstein (Score:4, Funny)
I would say your second guess of 2 is closer than your first of 0... shall we split the difference and agree at 1?
Re: (Score:2)
I guess there is good reason to be careful.
Re: (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2)
Re:Well Einstein (Score:4, Insightful)
Home desktops aren't usually behind firewalls.
That may have been true 10 years ago, but these days most home PCs are at least behind a NAT. Unless you've gone out of your way and configured your NAT to forward all ports to your PC (i.e. a DMZ), outside attacks will be quite useless. The only threat in this case is the user downloading a virus from email, or visiting a compromised website. If you run windows update (well, several times) before you do either of those things, there's no danger.
Re:Well Einstein (Score:4, Interesting)
That may have been true 10 years ago, but these days most home PCs are at least behind a NAT.
Umm, I'd have to disagree with that statement. Around here the biggest provider of internet connectivity for home users is Roadrunner. They provide you with a cable "modem" that acts as a bridge between their network and your PC. The PC gets a globally valid address.
In fact the only Roadrunner home users I know (not counting geeks/techies) that have NAT routers are those that have more then one computer. Otherwise it's right into the PC and come and get it boys cuz I'm wide open!
Re: (Score:2)
They provide you with a cable "modem" that acts as a bridge between their network and your PC. The PC gets a globally valid address.
That's true, but there's a large percentage of people with more than one computer/game console/etc in their household, and roadrunner only provides one IP address unless you want to pay big money for business class service. Those people will buy a cheap NAT router at best-buy and plug it in so they can get more than one computer connected to th
Re: (Score:2)
That's true, but there's a large percentage of people with more than one computer/game console/etc in their household, and roadrunner only provides one IP address unless you want to pay big money for business class service. Those people will buy a cheap NAT router at best-buy and plug it in so they can get more than one computer connected to the internet.
I don't disagree with you on that. I just disagree with your original statement of "most" home PCs being behind a NAT. Being the only techie at my com
Re: (Score:2)
Re: (Score:2)
I find it impossible to imagine that most non-technical people are asking for routers/gateways when they purchase their PCs.
Most of them don't know what the hell it is, they just want something that'll allow them to connect multiple computers on the same internet connection.
Do you have any evidence?
Just my own experience. It really doesn't take much of any technical experience to setup a NAT. Your average interface-jockey can certainly plug the thing into the cable modem, and plug his computers into the l
Re:Well Einstein (Score:4, Funny)
I want your users. I lost internet access three times last year because some dumbass down the hall plugged his router in backwards and was trying to NAT the whole damn building.
Re: (Score:2)
I want your users. I lost internet access three times last year because some dumbass down the hall plugged his router in backwards and was trying to NAT the whole damn building.
Heh. Well I didn't say they understood what's going on at all. In their own home they can only screw up their own crap (and when it doesn't work, they plug it in the other way). In a public LAN they're dangerous as hell.
I had a similar problem a few years ago when some damn fool miss-configured his router with the same IP address
Re: (Score:2)
So yes, evidence exists.
Re: (Score:3, Informative)
Home desktops aren't usually behind firewalls
Depends on your service provider. In my experiences most DSL providers use NAT routers -- even for single PC connections. Most cable providers seem to use bridges and your PC gets a globally valid address, which tends to be a problem for a Windows PC.
Then there's dialup users. But if you have to use dialup to do a complete set of Windows updates on a brand new PC it's an even money bet that you'll die from old age before they finish and in this scenario wh
Re: (Score:2)
I don't know if it's any good or not, but my understanding is that it should keep you covered at least until you get all your patches. Chances are that if you're confident enough with computers to have reformatted the thing for whatever reason, you have more than one in active use and thus a hardware firewall via your router.
Not to mention anyone with a wireless connection will have a wireles
Re:Well Einstein (Score:4, Funny)
Although, script kiddies might still be trying to infect it...
Re: (Score:2)
Would that be a new PC running the current version of Windows, namely XP Service Pack 2 where the firewall is installed by default?
How is that going to get infected please?
Re: (Score:2)
I've personally seen a Windows 2000 system get railroaded because it got bad DNS from a malicious DHCP server in the real world. Visit windows update, ends up feeding you a bogus IP, redirects you to someplace that owns you.
Re: (Score:2)
Does MS offer this (Score:2)
I know Apple offers their patches as download, complete with SHA1 sig.
Re: (Score:2, Interesting)
Re: (Score:2)
I didn't look around more for other newer patches, but they might be doing that as well.
Re: (Score:2, Informative)
Re: (Score:2)
I can't tell... are you trying to be funny? Completely without cost (except for the costs) and better than near-instantaneous downloads, they'll probably get a CD to you within a couple months!
Re: (Score:2)
I can't tell... are you trying to be funny? Completely without cost (except for the costs) and better than near-instantaneous downloads, they'll probably get a CD to you within a couple months!
I know you're a troll, but I'll bite. Yes, certainly "completely without cost". That's what "free" means, you know. I also have a SP2 CD that MS shipped for free. I think the main point was to get SP2 out to those who are stuck with dial-up or -- God forbid -- not connected to the internet. As for shipping time, it arrived quicker than Ubuntu Linux (but admittedly, being a security & stability update, wasn't as fun to play around with :) ).
Re: (Score:2)
Re: (Score:2)
"Free" would mean completely without cost, and therefore something is not "completely without cost" if you're paying shipping/handling costs.
I didn't pay shipping and handling costs. At the time, I didn't have a credit or debit card and thus had no means with which to pay shipping and handling costs even if I had wished to out of the goodness of my heart. I did not, in fact, pay any costs. Nor did anyone. I think they've started charging for shipping now, but they certainly didn't when they released SP2.
Second, shipping CDs is fine and dandy, but in this day and age, it's not so clearly "better" than a convenient high-speed download.
Uhh... Huh? They do offer a high-speed download. They do for all their updates. They've always done so. It's called Windowsupdate. Th
Re:Does MS offer this (Score:5, Funny)
Autopatcher, on the other hand, provides the actual software, which is explicitly prohibited by the TOS you mentioned. He has this hilarious line in his FAQ:
A: Yes, nwraptor once spoke to a Microsoft employee and apparently they know about us but dont care what we do!
Corporate Windows Update (Score:2, Informative)
Re: (Score:3, Informative)
Danger? (Score:5, Insightful)
A "danger" that is eliminated with a rinky $25 NAT router.
Re: (Score:2)
Re: (Score:3, Insightful)
Re:Danger? (Score:5, Informative)
Torrents (Score:3, Interesting)
Or connect to a torrent server. Watch the number of attacks on your PC's FW skyrocket the instant you run BT and connect to a tracker. Lot's of hackers run torrent servers just to mine the connection information and find new, unprotected computers to attack.
autopatcher has been doing this for a while now (Score:5, Informative)
Autopatcher! [autopatcher.com]
Re: (Score:3, Insightful)
Or just buy the firewall you should have anyway (Score:2)
Or you could just buy the firewall you really should have anyway and be done with it. Seriously, I can't imagine anyone would try to argue that it's acceptable to put a server out on the net without a firewall in front of it, so why should a desktop PC be any different? That way you get to protect your unpatched Linux box too.
Re:Or just buy the firewall you should have anyway (Score:5, Insightful)
I can put an unpatched RedHat Linux system on the public Internet and download patches without worrying about it. In fact, I routinely use such systems AS the router/firewall for other systems!
If you hear people around here saying things like "Windows is insecure and/or isn't really ready for the Internet", that's because it's true, or you wouldn't need that stupid $25 router in the first place!
The fact that you can't even imagine a server without a dedicated firewall in front of it speaks volumes.
Re: (Score:2)
It has always been good practice to have a firewall, or at least a NAT router in front of any server, be it Redhat / Windows / BSD / OSX / Solaris whatever. Thats only one piece of the puzzle of course, but a very important one.
However, for your average desktop machine there has to be a balance between security and usability, a balance that the builtin firewall
Re: (Score:2)
As I recall, it takes an average of about 3 months for an unpatched RedHat box to get rooted, if left up in its default config and unpatched. Can't find a link - but there was a honeypot project on this a while back. And somehow, I doubt that even at 28.8 Kbps, it would take 3 months to complete an update.
However, patch the system, and apply reasonable "best pr
Re: (Score:2)
Is it time for the obligatory 1-2-3-4-5 luggage joke?
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
That's up to you. But please don't take it as an offense if I say that I'd never hire you as a sysadmin.
Ask yourself this... is the 5 minutes it takes to set up basic firewalling (or even simply shutting down any daemons you're running) worth the extra time you risk if you have to reinstall the computer? Banking on averages is never a good idea, espec
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Or you know, the windows firewall that came with your xp system. Enable it. Block printer and file sharing ports on the local lan (MS default). Now download your updates.
Re: (Score:2)
Friend of mine did that until he realised that it'd been rooted a few weeks ago. Fortunately he didn't lose anything important, but it cost him an evening to work out what had happened then reformat and reinstall.
Don't assume that Linux is impervious to attack, as it most certainly isn't.
The fact that you can't even imagine a server without a dedicated firewall in front of it speaks volumes.
Yes -
nLite (Score:5, Informative)
Re: (Score:3, Interesting)
Jonah HEX
Another (Score:2)
http://smithii.com/slipstream_xpsp2 [smithii.com]
I use it for my unattended [sf.net] share. Works great.
Re: (Score:2)
nlite (Score:4, Interesting)
http://www.nliteos.com/ [nliteos.com]
Re: (Score:2)
Assuming it works of course, nLite does indeed work, this box is running via an nLite made windowz disk. (with RyanVM updates and driverpacks drivers slipstreamed)
Re: (Score:2)
Check out RyanVM too (Score:2, Informative)
http://www.ryanvm.net/msfn/ [ryanvm.net]
This allows you to produce updated Windows installation CDs, that actually have the service packs and post-service pack hotfixes *already integrated into the installation*. This saves the extra time normally taken to install Windows *then* go apply all the updates.
Mod parent up (Score:2)
Is this the kind of stupid comment that gets... (Score:2)
"Sounds like a great idea, given the danger of putting an unpatched PC on the Internet to download security updates." - Who the heck said you should connect the unpatched machine to the 'net to grab this stuff? FFS, I bet ol' Karsten would go to town of the Windows zealot for playing stupid.
Re: (Score:2)
Could it be... you?
(Clearly the point is that you use a patched machine to make the CD, then feed the CD to an unpatched machine, resulting in 0 unpatched machines on the raw internet.)
Good idea for some applications... (Score:2)
Having the patches on hand would really help when we don't have a little router on hand on field calls.
Yes but... (Score:2, Informative)
It just shows how retarded update management is in Windows. It is like 10 years behind Linux and 5 behind OSX. And Vista is no different either.
Wish they would do this for Linux Distros (Score:2)
Re: (Score:2)
If you use synaptic (for debian and friends) it will create a download script which is just a file with a bunch of "wget url" lines in it, where url is a full URL to a .deb package.
Personally I save this file to my USB key which has a windows wget.exe on it, and name the file whatever.cmd. Then I just put the usb key in my windows machine, double-click the file, and bingo! It downloads the packages. If I save the selection file as well, then I can copy the files to the distfiles location, load the selec
Re: (Score:2)
debian do a "point release" every so often which includes security updates among other things and when they do so they build both new full CD/DVD images and a set of update CDs (they don't seem to yet do update DVDs but i've just suggested it
If you really wan't the latest updates you can always take a copy of the relavent directories on security.debian.org and burn it to a CD/DVD.
What about Microsoft? (Score:3, Interesting)
Thank you
Re: (Score:3, Insightful)
Re: (Score:2)
Comment removed (Score:4, Informative)
Re:Stop with the "unpatched PCs are insecure" rubb (Score:3, Insightful)
> rather than "science fiction" FUD stories...
These are not SF FUD stories. There are a lot of people who:
- don't know shit about security
- don't know shit about patching
- own USB xDSL modem or connect to *untrusted* network with wifi or something similar (do you carry a $50 router with your laptop?)
- use computer to Just Work With it - as a tool - you know
And Windows is not uber-user-friendly there. In fact I think you need to be relatively skilled t
Comment removed (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
Re:encountered (again) another win box without NAT (Score:4, Informative)
There's even a howto on NetBSD's website that explains exactly how to go about setting such a box up.
But you're right... generally, it's easier to go with NAT in the long run.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Comment removed (Score:5, Informative)
Re: (Score:3, Informative)
People keep repeating it, but it's just not true. It is TRIVIALLY easy to send packets to private addresses behind an open NAT.
First off, the way in which packets sent to a NAT box disappear is like waving a big red flag that says "NAT". Then all it takes is a little bit of forging of header address, and a
Re: (Score:2)
Dangerous to put an unpatched machine on the net? (Score:2)
Well, it can be, but doesn't have to. Behind a decently-configured firewall, the machine can download patches without any connections from the outside getting through. YOU might ruin things by initiating connections to non-trusted sources, but that's your fault, not the OS. Of course, the security of other machines on the same network is important, but it's easy enough to maintain a seperate, firewalled network for "fresh" machines, or any sort of machine you're not sure of.
steve
Alternate Windows Update method (Score:2)
Once you've installed Installer 3.1 and BITS2 , it downloads and installs all the updates from the Windows update site
http://www.wsus.info/forums/index.php?showtopic=6
Comment removed (Score:4, Insightful)
Concept is great, execution is poor. ERRORs (Score:2)
Starting download (v. 3.02)
Copying Microsoft registry console tool...
Downloading Microsoft ifmember tool...
Can't timestamp and not clobber old files at the same time.
Usage: wget [OPTION]... [URL]...
ERROR: Download failure.
Press any key to continue . .
Looking at the components it's not clear if there's an erroneous parameter passed to wget or something, as several thing
NT4 Revised Service Pack 6A (Score:2)
I made a service pack 7 for Windows NT some while ago, but it is still in late alpha. When this installs, it does so as "Revised service pack 6A". Still, i use one further patch file to deliver updates, like the 2k3 NTLOADER / NTDETECT.COM, sol.exe and cmd.exe from Windows 2000, and a few other "fixes".
There are, none the same, a number of useful projects to slipstream fixes etc into both OS/2 and Windows.
One might for OS/2, try UPDCD, and compare this with the various Windows versions: NLITE, HFSLIP,
Trust him? Do you know what Heise is? (Score:2, Informative)
Re:Trojan Horsey?! Neigh! (Score:2)
Re: (Score:2, Insightful)
In short, don't play with strange links posted by anonymous cowards...
Jonah HEX
Re: (Score:2)
The reg_x86.exe is actually a winzip file (it can be opened in any zip utility), the relevant file contains reg.exe, along with a readme file (suggesting the file goes to c:\reskitnt). I have been incliding reg.exe in the various update files etc.
Re:WGA & Patching pirated copies (Score:3, Insightful)
I have a feeling it won't be quite so cut and dried with Vista though.
Re: (Score:2)
Re: (Score:2)
Re:Installed patched OS, same as old OS (Score:4, Interesting)