Updates "Earl Partridge" <earlpNG[ at ]pearnet.com> 7/11/2007 1:52:10 PM What guarantees that Updates are really from Microsoft?

Re: Updates "Don Schmidt" <Don Engineer[ at ]PNB.Retired_1987> 7/11/2007 2:09:58 PM If an update comes as an attachment to an email, do not install it. Chanches are it's a virus. -- Don Vancouver, USA "Earl Partridge" <earlpNG[ at ]pearnet.com> wrote in message news:eg5li.6976$zA4.5157[ at ]newsread3.news.pas.earthlink.net... [Quoted Text] > What guarantees that Updates are really from Microsoft? > >

Re: Updates "Shenan Stanley" <newshelper[ at ]gmail.com> 7/11/2007 3:15:18 PM Earl Partridge wrote: [Quoted Text] > What guarantees that Updates are really from Microsoft? Can you be more specific? If you visit http://windowsupdate.microsoft.com/ <-- pretty good chance the updates are from Microsoft. If you are using Automatic Updates in some fashion <-- pretty good chance the updates are from Microsoft. If you manually visit the Security Bulletin or Knowledge Base Article at Microsoft's web pages and download the file <-- pretty good chance the updates are from Microsoft. However - your question is too open-ended to say that *your* updates are from Microsoft. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html

Re: Updates "Earl Partridge" <earlpNG[ at ]pearnet.com> 7/11/2007 4:21:04 PM OK, I have automatic updates turned on so that I am notified when updates have been downloaded, leaving it to my option as to say go ahead and install them. What's to prevent some hacker from sending out "updates" disguised as coming from Microsoft? In other words, is the update section of XP, or any other version, geared to authenticate the received updates are in fact from Microsoft? I did have automatic updates turned off and I would periodically visit MS to download updates. However, with updates turned off, all the settings I did to stop those constant reminders about my update status never worked. Earl "Shenan Stanley" <newshelper[ at ]gmail.com> wrote in message news:esCyL58wHHA.4668[ at ]TK2MSFTNGP06.phx.gbl... [Quoted Text] > Earl Partridge wrote: >> What guarantees that Updates are really from Microsoft? > > Can you be more specific? > > If you visit http://windowsupdate.microsoft.com/ <-- pretty good chance > the updates are from Microsoft. > > If you are using Automatic Updates in some fashion <-- pretty good chance > the updates are from Microsoft. > > If you manually visit the Security Bulletin or Knowledge Base Article at > Microsoft's web pages and download the file <-- pretty good chance the > updates are from Microsoft. > > However - your question is too open-ended to say that *your* updates are > from Microsoft. > > -- > Shenan Stanley > MS-MVP > -- > How To Ask Questions The Smart Way > http://www.catb.org/~esr/faqs/smart-questions.html >

Re: Updates "Shenan Stanley" <newshelper[ at ]gmail.com> 7/11/2007 4:44:27 PM Earl Partridge wrote: [Quoted Text] > OK, I have automatic updates turned on so that I am notified when > updates have been downloaded, leaving it to my option as to say go > ahead and install them. What's to prevent some hacker from sending > out "updates" disguised as coming from Microsoft? In other words, > is the update section of XP, or any other version, geared to > authenticate the received updates are in fact from Microsoft? > > I did have automatic updates turned off and I would periodically > visit MS to download updates. However, with updates turned off, > all the settings I did to stop those constant reminders about my > update status never worked. Automatic updates are handled essentially in the same way that your web browser uses to visit web sites. That means you're not "opening up" any additional vulnerabilities by enabling automatic updates. There are also checks and balances throughout the updating process - things are not just 'willy-nilly' installed - no matter what your setting. I would say your risk is greater clicking on an emailed attachment, not being behind a firewall or visiting a malicious web site. Is it possible? Yeah - someone I guess could hack into your computer - change it if they knew enough, get you to download from elsewhere, get passed the checks and balances and start pushing things to your machine. That's one of the reasons why I recommend setting your automatic updates to "Download and Notify" - then you can do a custom install and view everything you are about to install and check on the validity/need for each update. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html