MS-DEFCON 2: Time to make sure you turned off Automatic Update

Topic

New Reply

With Patch Tuesday imminent, make sure you have Automatic Update turned off. You have to patch sooner or later, but there’s no reason to expose your m
[See the full post at: MS-DEFCON 2: Time to make sure you turned off Automatic Update]

Reply | Quote

Replies

WE ARE NOW ON MS-DEFCON 2! THIS IS NOT A DRILL! REPEAT! THIS NOT A DRILL!

But in all seriousness, I wonder what updates will break this week.

Reply | Quote

Air Controller Macias: Captain, maybe we ought to turn on the searchlights now.
Rex Kramer: No… that’s just what they’ll be EXPECTING us to do.

Reply | Quote

I wait about a week to download & install patches, figuring that’s when it will be known if the patches are good or not.  Is that good?  I’m a Windows 7 user.

Reply | Quote

Sometimes it takes more than a week for all the reports to come out.

Woody has implemented the MS-DEFCON method. There is a button at the top of website that leads to a more detailed description. But basically, when the number is 1-2, it means to hold off on patching because there are problems. When the number is 3-5, patching is safe and Woody will publish instructions with any caveats.

Because of the problems with patches in June, the HOLD time was almost a month, and all the problems have still not been resolved to date.

6 users thanked author for this post.

JohnS1606, JDeC, SueW, BobbyB, woody, Karlston

Reply | Quote

I think the feeling that most of us have each month as patch day looms can best be summed up in just two words – awaiting moderation :)!

Reply | Quote

I assume this doesn’t affect 1511? I’ve just been getting the cumulative security updates for this version.

Reply | Quote

“You have to patch sooner or later…”

Right.

Later it is then! 😀

I happen to have some “serious” work to do on pc and do not have any time, desire or need to play the MS Russian Roulette game again.

Best of luck to the brave front line fighters!

Reply | Quote

As a cyber security professional, this is the dumbest possible thing you can do. Turning off automatic updates will prevent the emergency patches from being installed. These patches have been what prevented the NotPetya Ransomware Wiper and WannaCry Ransomware attacks in the past few months. The patches have not had any critical bugs that Microsoft was unable to solve. This is paranoia and stupidity, pure and simple.

Reply | Quote

how long have you been on this site. I suggest you go through the history and read what most people have missed by waiting for the all clear. Woody has been a lifeline to us for the past many years.

3 users thanked author for this post.

JohnS1606, Elly, Fred

Reply | Quote

anonymous wrote:

Turning off automatic updates will prevent the emergency patches from being installed. These patches have been what prevented the NotPetya Ransomware Wiper and WannaCry Ransomware attacks in the past few months.

OK. I’ll take the bait. 🙂

The WannaCry attack occurred six weeks after Microsoft released MS17-010, the patch that plugged the EternalBlue NSA holes.

NotPetya (I call it PetyaWrap) appeared a month later. The patches in MS17-010 are only effective against one of the infection vectors for PetyaWrap. Microsoft hasn’t released a fix for Windows that will block all machines from PetyaWrap infections. That’s why I (and many others) recommend that you disable SMBv1.

I don’t claim to be a cybersecurity professional (I’m not even sure what that is), but I’ve been helping Windows customers with problems for 25 years now – and invented the MS-DEFCON system for deferring Windows patches back in the XP era. I know more than a few people in the malware fighting biz. I don’t know of any of them who turn on Automatic Update.

That said, I appreciate the pushback! Keeps me honest.

7 users thanked author for this post.

JohnS1606, Elly, Alice, JohnW, Fred, SueW, AJNorth

Reply | Quote

anonymous wrote:

As a cyber security professional…

Thank you for sharing your thoughts.

As a professional software engineer with 41 years experience, I feel that if you believe malware infections are a certainty without immediately-applied patches then you aren’t embracing the entire reality of how high tech things work.

We have entered the time of Microsoft treating customers as testers of work that may not be quite right, and which has not been tested by an internal testing organization.

It’s all about weighing risk against benefit.

There is risk – and it’s not large if you’re conscientious – that malware will wreck your data.

But there is ALSO risk – and it’s seen time and again lately with patches that claim to fix a vulnerability but also break functionality – that Microsoft will bork your system. Maybe it’ll break something you need, and maybe it won’t. But pretty much every patch Tuesday comes with something being broken for someone.

Woody and many others are here to offer advice to help to minimize BOTH of these risks.

Please, by all means, join up and let’s talk about this further. We love to discuss these things.

-Noel

7 users thanked author for this post.

JohnS1606, Elly, satrow, JohnW, Seff, AJNorth, woody

Reply | Quote

And just make regular full disk image backups and keep them offline.  That should solve both problems!  🙂

Windows 10 Pro 22H2

1 user thanked author for this post.

JohnS1606

Reply | Quote

Umm, WannaCry was blocked by some antimalware applications (I know of Bitdefender Endpoint Security Tools [BEST] because we use it) before MS released their patch protecting Windows against it.

The notion that you have to update the day a patch hits to stay secure is asinine; there are more variable at play here, and I would think that a self-proclaimed “cyber security professional” would already know that.

2 users thanked author for this post.

JohnS1606, woody

Reply | Quote

Yup, just run HitmanPro.Alert and you should be covered from most exploits and malicious cryptoware!

https://www.hitmanpro.com/

This is the key technology now used in Sophos Intercept X for protecting enterprise endpoints.

https://www.sophos.com/en-us/products/intercept-x.aspx

Windows 10 Pro 22H2

Reply | Quote

Cyber Security Professional!
Your ill-informed rant betrays the depth of your ignorance.
Any new to The Lounge please ignore this childish foolishness.
I always follow Woody and The Crew’s expert advice.
It has saved my computer so many times.

Thanks again guys and gals – in you we trust!

sainty??⛵️??

1 user thanked author for this post.

JohnS1606

Reply | Quote

My Surface Pro 4 i7 has not run as well since the Creator’s update or shortly after. Not as good at multi-tasking…tends to freeze up more. And the mouse freezes for sometimes up to a minute after waking it from sleep now. So perhaps your advice isn’t half bad. But now I have nothing to lose and hope one of them will get it running better again. I haven’t installed any other applications or any new background processes that could have cause it. Too bad there isn’t a way to accept security updates only.

Reply | Quote

How about changing the branch readiness level to current branch for business to defer updates and hopefully increase stability. This seems to be a new option I just saw.

Reply | Quote

Absolutely.

http://www.computerworld.com/article/3187755/microsoft-windows/dont-rush-to-install-windows-10-creators-update.html

Reply | Quote

but for the poor WX Home user, it’s not much help…

Reply | Quote

Home (non-pro, basic) users are supposed to use CB at any time and this is by design.
There is a reason why the other versions are named Pro, Enterprise and their variations.

Reply | Quote

10 Home can change branch readiness in the registry; I’ve done this on my Lenovo ideapad 100s’s and it works.
https://docs.microsoft.com/en-us/windows/deployment/update/waas-configure-wufb
(Run from command prompt as admin, or add the key where necessary in the registry GUI if preferred)

Change to Current Branch for Business (CBB) (1511)
REG ADD “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /v DeferUpgrade /t REG_DWORD /d 1 /f

*or*

Change to Current Branch for Business (CBB) (1607 and above)
REG ADD “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /v BranchReadinessLevel /t REG_DWORD /d 32 /f

Reply | Quote

I have W7sp1x64 Home Premium and I have been turning WU off every evening before I shut my desktop off. Also on the same screen I turn off the three diagnostics services. Have had good results doing this.

Reply | Quote

How many people go to sites like this and say they have no issues ? I have not had 1 issue with a patch under Windows 10 since original release. Would love to see had data on how many have issues vs don’t besides on scare sites like this.

Reply | Quote

anonymous wrote:

How many people go to sites like this and say they have no issues ? I have not had 1 issue with a patch under Windows 10 since original release. Would love to see had data on how many have issues vs don’t besides on scare sites like this.

Many of us here report when we have no problems. It’s one of the beautiful things about information sharing via the Internet – we can learn from others’ experiences.

I haven’t had a problem personally with an update in quite a long time.

Nor have I ever had a malware infection, yet I have been waiting until the dust settles on new operating system patches, sometimes for months at a time, since well before there even was a Microsoft. It’s only common sense.

I’ll ask, in counter to your question: How many updates have been re-issued with fixes to the fixes after Microsoft hears back en masse from folks who installed the patches immediately then had problems?

-Noel

6 users thanked author for this post.

JohnS1606, Elly, SueW, BobbyB, AJNorth, woody

Reply | Quote

Alas, the only people who know – certain individuals at Microsoft – don’t tell us how many people are affected by any single buggy patch.

But there are lots and lots of buggy patches.

I would submit – based on experience, and no hard numbers – that the threat from delaying Windows and Office updates by a few weeks is much less than the threat of installing all patches as soon as they’re released.

As for being a “scare site” I would only note that sometimes the truth is scary. I try diligently to report what people are seeing, factually, and warn folks who may encounter similar problems. On those occasions when I overstate a problem – and it happens more frequently than I would like – I immediately correct the error. But I’m not going to pull any punches.

11 users thanked author for this post.

JohnS1606, Elly, Alice, SueW, David F, Noel Carboni, BobbyB, AJNorth, EstherD, satrow, Kirsty

Reply | Quote

Is that you again Cyber Security Professional?
If so it appears your IQ and Age are identical.
Sadly nothing can be done for either.
You are in my thoughts and prayers.

sainty??⛵️??

Reply | Quote

How do I turn off the updates?  How do I get where I have to go?  I am sure I can do it, if someone tells me how….

Reply | Quote

Check out the relevant Disable Automatic Updates topics for your WinOS version in the AskWoody Knowledge Base

1 user thanked author for this post.

woody

Reply | Quote

99.9% of all computer problems lie some where between the keyboard and the chair.

Reply | Quote

I don’t believe that stat is applicable to many of the readers here at AskWoody.com, but in general, you may have a point (with the exception of borked updates, of course) 🙂

Reply | Quote

100% of my computer problems have all come from Microsoft…

Reply | Quote

Your point? My computer is anyway an extension of my brain.

Reply | Quote

Okay folks, the July critical updates to Adobe Flash Player for all browsers have now gone live (please excuse the earlier SNAFU).

Here are the direct download links for version 26.0.0.137 (as well as the uninstaller); right-click on a link and select “Save Link As…”:

Flash Player for Firefox 26.0.0.137 – NPAPI | 19.6 MB

 

Flash Player for Internet Explorer 26.0.0.137 – ActiveX | 19.1 MB

 

Flash Player for Opera and Chromium-based browsers 26.0.0.137 – PPAPI | 19.6 MB

 

For a clean installation, existing versions must first be uninstalled: Adobe Flash Player Uninstaller 26.0.0.137 | 1.22 MB

 

(Adobe Flash Player for IE and Edge in Win 8, 8.1 and 10 will be available through Windows Update sometime after 10 AM (PT) Tuesday, 11 July 2017.)

3 users thanked author for this post.

SueW, Noel Carboni, ch100

Reply | Quote

Thanks for the info… but the last one is not good advice.

For a clean installation, existing versions must first be uninstalled: Adobe Flash Player Uninstaller 26.0.0.137 | 1.22 MB

Flash is one of those things which should be configured for automatic updates. This configuration avoids the offers of trial software or other software which may be unintentionally accepted in manual mode.
If running as non-admin or as admin with UAC enabled, it will still prompt in most situations for installation.

EDIT: My comments above in regards to ad-supported Flash and other Adobe software apply to the public web site and the software downloaded from there and not to the direct URLs posted by @ajnorth which are direct download links, free from advertising.
The considerations related to uninstallation and automatic update configuration are accurate and still apply.
Thank you @Ajnorth for your clarifying about the URLs

Reply | Quote

Perhaps the advice is fine, but should just be tempered with a warning:

If you do a full install, BEWARE that the software will offer to install extra stuff that you may not want. You may have to opt out by clearing checkboxes.

Trying to keep people from stumbling on the bad things on the internet is a noble idea, but assuming they’re always too reckless (or too stupid to learn how) to avoid them is a bit insulting.

When it matters, people can be surprisingly careful and get surprisingly good at navigating pitfalls.

I always like to think about such things like this:

Just look at the many folks who manage to drive their cars from point A to point B every day without any problems. Sure, there are occasional accidents, but they’re QUITE RARE by comparison to the number who get it right. Why? Because their lives depend on it, they’re informed, and they’re trained.

Let’s try to teach ’em that responsible, conscientious computing matters and how to get it right, rather than trying to insulate them from doing any thinking.

-Noel

5 users thanked author for this post.

JohnS1606, Elly, ch100, SueW, EstherD

Reply | Quote

I’m surprised anyone is still using Flash…

Uninstalled that (and everything else adobe) years ago and never missed it. Don’t come across any websites either, where it’s “needed” either?

It’s always been a buggy and unsafe program app, imho.

Reply | Quote

Well, so much for the reply that I [thought I] had posted at zero-dark thirty (US PT); in any case, it is just as well as additional comments have since appeared.

People, what were posted are official enterprise download links from Adobe Systems, Inc., and the executables supplied are all “clean” (that is, devoid of any cr*pware).

Every link I post has been checked (at a minimum) through URL Void, Norton SafeWeb and ScanURL. Additionally, if a download is involved, then it is checked through VirusTotal utilizing PEStudio.

Finally, should there be any question whatsoever about safety or reliability, then the link in question is simply not posted.

4 users thanked author for this post.

Elly, SueW, satrow, ch100

Reply | Quote

@ajnorth
Yes, you are right 🙂
The URLs posted are clean and not those ad-supported targeted to home users.
In regards to uninstall, I know that this is a requiremnt only when the existing version is corrupted or too old to be upgraded in place. For most installations, just installing on top of the existing one is fine.

Reply | Quote

How much more dubious these offers can be?

By clicking Install, an .exe is offered.

Please be aware!

2 users thanked author for this post.

Elly, Noel Carboni

Reply | Quote

That’s actually malware, right? Not a legitimate flash player update?

Can’t say I’ve personally seen that particular panel. As I recall, the legitimate Flash installer only offers to install Google Chrome or a toolbar or something at its worst, and some checkboxes may need to be cleared to opt out.

-Noel

3 users thanked author for this post.

JohnS1606, ch100, SueW

Reply | Quote

Agreed with Noel, I have never seen anything like that, and I would be suspicious about that;  Flash updates which are offered to me (on the “inform me” option) have always, including the most recent occasions, offered pre-ticked check-boxes to install Google Chrome (with a pre-ticked option “make Chrome my default browser”) and to install a toolbar in IE.  Nowadays I do remember to watch for those three check-boxes and to untick all of them.  But I have never seen anything like these samples.

1 user thanked author for this post.

SueW

Reply | Quote

I’ve seen ones very much like this, but with Firefox instead of Flash.  They appeared to have copied the actual FF page pretty closely, then set a trap for anyone who has a FF UA string to happen by.  I bet it ensnares quite a few people who are trying to do what they’re supposed to.

I read an anecdote on The Reg that illustrates the difficulty that IT-savvy people (whether IT workers or not, though The Reg caters to those who are) have in trying to get regular users to develop their sense of smell to be able to “smell a rat.”  The IT department sent around a message that was a deliberate example of a phishing scam email, explicitly telling people DO NOT REPLY TO A MESSAGE THAT LOOKS LIKE THIS.

Several workers emailed their passwords, just as the text in the email said to do.

Regular people cannot (easily) and do not want to understand security.  Their eyes glaze over when you try to tell them what not to do; you might as well be talking to a basketball.  Any kind of warning prompt might as well say, “Something has happened, and now you need to hit allow/continue/accept/yes to continue whatever it is you were doing.” It’s true that behavior is the most important thing in combating malware threats, but when the people who use the computers you manage REFUSE to learn the correct behavior, and you lack the power to fire them, then what?

I feel for the IT guys who have to clean up the mess and take the blame for “allowing” things to happen.  IT guys get the short end no matter what… if something bad happens that they heroically and rapidly fix, they are blamed for letting it happen.  If nothing bad happens because their preventative measures work, they’re dismissed as unnecessary and a waste of money, since nothing ever happens anyway.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

2 users thanked author for this post.

MrBrian, ch100

Reply | Quote

https://malwaretips.com/blogs/remove-how2safeupdate-net-virus-fake-flash-update/
.

1 user thanked author for this post.

ch100

Reply | Quote

Yes, I used 2 separate web sites for downloading YouTube videos which could not be downloaded with the Firefox add-on Video DownloadHelper due to their format. And those web sites offered what they claimed to be Flash. I did not install or save when I noticed what they offered, but they were more than likely adware and not viruses as such, this depending on how everyone considers adware.
The name of the exes did not mirror the name of the Adobe downloads.

Reply | Quote

Agree with Noel and the others… That is NOT a legitimate Flash installer dialog!

Dunno where you got that installer, but I sincerely doubt it came from an official Adobe site.

2 users thanked author for this post.

JohnS1606, ch100

Reply | Quote

so ran ADWCleaner and others and no sign of any infection from the Flash update

Reply | Quote

See comments above from where they came. There is an anonymous comment with more details about the action which the malware does on the infected computers and likely the manual procedure required for cleaning if infection occurred.

Reply | Quote

I hope the IE browser crashing thing gets fixed.  It crashes about every 15 minutes, and crashes immediately on askwoody’s site.

Reply | Quote

anonymous wrote:

I hope the IE browser crashing thing gets fixed. It crashes about every 15 minutes, and crashes immediately on askwoody’s site.

I suspect you have a specific problem; I’m not aware of any “IE browser crashing thing”, and it’s the only browser I use.

3rd party Add-ons are usually the reason Internet Explorer gets a bad rap.

My suggestion: Click the gear icon, choose “Manage Add-ons”, and disable any you don’t KNOW that you need (that may be all of them). Then close all instances of Internet Explorer and reopen it. I’ll bet it stops crashing for you.

You can always re-enable ones you discover you do need – if any. There’s no requirement to run ANY Add-ons in order for Internet Explorer to be a proper browser. IMO, the fewer the better!

-Noel

3 users thanked author for this post.

JohnS1606, SueW, Bill C.

Reply | Quote

AKB2000003 has been updated 7/11/2017 – July Group B Security Only Quality Updates and IE11 Cumulative Updates

1 user thanked author for this post.

samak

Reply | Quote

? says:

news flash, thanks again to Martin!

https://www.ghacks.net/2017/07/11/microsoft-security-updates-july-2017-release/

Reply | Quote

? says:

or this, if you like

https://portal.msrc.microsoft.com/en-us/security-guidance

Reply | Quote

Statistics from the ghacks report below. Gee, I’m glad Windows 10 and Edge are the most secure ever…

Operating System Distribution
Windows 7:  22 vulnerabilities of which 2 are rated critical, 19 important, and 1 moderate
Windows 8.1: 24 vulnerabilities of which 2 are rated critical, 21 important, and 1 moderate
Windows RT 8.1: 21 vulnerabilities of which 2 are rated critical, and 21 important
Windows 10 version 1703: 27 vulnerabilities of which 2 are rated critical, 23 important and 1 moderate

Other Microsoft Products
Internet Explorer 11: 7 vulnerabilities, 5 critical, 2  important
Microsoft Edge: 19 vulnerabilities, 15 critical, 3 important,  1 moderate

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

Reply | Quote

“…Gee, I’m glad Windows 10 and Edge are the most secure ever”

Well, if you take the advice in the article and don’t install the patches, then your version currently isn’t no.

All computing devices have vulnerabilities, therefore I’d be more concerned about not receiving security updates than receiving them, as has quite often been the case with Android devices not receiving updates (or slow to receive updates) due to OEM’s and carriers.

Reply | Quote

Except the advice isn’t not to install the updates at all, it is to wait and see if there are any problems with the updates that you should be aware of, so that when you do install the updates (since they will be eventually installed) you are prepared in advance to deal with those problems if you end up being affected by them.  It is better to be careful and cautious and prepared in advance than to rush in and possibly have to spend more time trying to deal with a problem that you have no idea why it is happening.  Yes, plenty of people have no problems after updates, but plenty of people do have them, so it makes sense to be prepared for the worst case scenario.  Please keep in mind that, in general, people frequenting this site, if they weren’t initially tech-savvy, are here to learn more about the current state of technology and how to deal with both the good and the bad of it.

4 users thanked author for this post.

JohnS1606, Elly, SueW, Noel Carboni

Reply | Quote

This is the dumbest article I’ve ever read. What with all the Ransomware attacks we’ve been having lately, which people were only protected by due their computers being up to date, you’re advising that people turn off the very thing that would protect them?

Reply | Quote

We take security very seriously in these parts. Just a quick look should remove any doubt of that:
https://www.askwoody.com/forums/topic-tag/ms17-010/
https://www.askwoody.com/forums/topic-tag/wannacry/
https://www.askwoody.com/forums/topic-tag/wannacrypt/
https://www.askwoody.com/forums/topic-tag/vulnerability/
https://www.askwoody.com/forums/topic-tag/ransomware/

PS Forgot to link Code Red – security advisories!

4 users thanked author for this post.

JohnS1606, Elly, SueW, AJNorth

Reply | Quote

Please go back and read the article again. You missed a couple of key points.

Reply | Quote

woody wrote:

deferring Windows patches back in the XP era

Switching off auto-update, or at least wait for quite a time [before installing them/servicepacks] …. those were the days: even in the very early Windows 3 time this was a rule of thumb!!
Thanks Woody, keep up the goodwork please  😀

* _ ... _ *

1 user thanked author for this post.

JohnS1606

Reply | Quote