remote code execution

[none]

I manually select what W7 will update on my PC's. Noticed most updates
prevent remote code execution or unauthenticated remote users taking
control. I've disabled any remote control services from running, am
firewalled and virus/malware protected.

Is there any benefit to installing these 80 updates ... especially
considering they usually slow the machine down?

 

[Ken1943]

I manually select what W7 will update on my PC's. Noticed most updates
prevent remote code execution or unauthenticated remote users taking
control. I've disabled any remote control services from running, am
firewalled and virus/malware protected.

Is there any benefit to installing these 80 updates ... especially
considering they usually slow the machine down?

If you never go on the internet to do anything, no.

But why take a chance and I never had an update do anything bad.


KenW

 

[Ken1943]

I manually select what W7 will update on my PC's. Noticed most updates
prevent remote code execution or unauthenticated remote users taking
control. I've disabled any remote control services from running, am
firewalled and virus/malware protected.

Is there any benefit to installing these 80 updates ... especially
considering they usually slow the machine down?

It really has nothing to do with remote services. I have remote registry
and desktop services disabled or manual.

Most of the updates have to do with compromised web sites or links on
those web sites, is my understanding.


KenW

 

[Ken Blake]

If you never go on the internet to do anything, no.

If you never go on the internet, the risk is much lower, but it's not
non-existent. You can get malware from CDs, DVDs, thumb drives, etc.

But why take a chance and I never had an update do anything bad.

Thee I'm with you entirely.

 

[Joe Morris]

I manually select what W7 will update on my PC's. Noticed most updates
prevent remote code execution or unauthenticated remote users taking
control. I've disabled any remote control services from running, am
firewalled and virus/malware protected.

"Remote code execution" has nothing to do with "remote control services"
other than sharing the word "remote" in the phrase.

Remote Code Execution ("RCE") refers to malware exploits that allow an
attacker to inject code of the attacker's choosing into your system and have
it executed. Firewalls and antivirus programs will filter out some of the
attacks, but the sophistication of some of the attacks is terrifying.

A firewall, for example, offer no protection whatever if (for example) you
initiate a browser connection to an infected website...and well-respected
websites have been known to be hacked and reconfigured to deliver malware to
anyone opening a page from those servers. You don't necessarily need to
*do* anything at that web site; merely allowing it to display a page may be
sufficient to permit it to exploit an RCE vulnerability.

And if you have a typical "antivirus/malware" protection tool it probably
relies on signature matching. Don't get me wrong; this is a necessary tool
but it's nowhere near complete protection. Much malware comes in a number
of different forms with the same logic ("polymorphic malware") that evades
signature checking by morphing the code into functionally identical but
different binary forms. A trivial example:

Original:
x=y+1

Morphed:
x=y-(-1)

which have the identical result but use different code to achieve it.

Microsoft's EMET tool looks at behavior rather than signatures. It too is
not a complete solution to the need for malware protection but it helps and
should be on your system.

Is there any benefit to installing these 80 updates ... especially
considering they usually slow the machine down?

If you don't care about being infected, don't install the patches.

I don't agree with your statement "they usually slow the machine down";
while I'll agree that some can take an agonizingly long time to install
(especially the ones that affect .NET) most of the security updates close
off vulnerable holes to prevent malware from exploiting them. Most of the
delays related to security are built into the kernel and aren't added by an
update, but in any case if you run without patching - with or without
firewalls and antivirus programs - you'll almost certainly see far more
performance problems due to malware that has taken control of your system
than you will see from the patches that might have prevented that infection.


Joe

 

[J. P. Gilliver (John)]

Thee I'm with you entirely.

That might still be the case with 7 so far (though I'm dubious); in XP
(and possibly '9x, I can't remember) there were quite a few cases where
updates broke something: it was usually only on certain hardware (or
possibly occasionally software, I can't remember) combinations, where
somewhat arcane driver interactions with the upgrade caused malfunction.
Usually it was minor, but occasionally it caused a non-booting system.
They were usually fixed (by further update) in a relatively short time,
though of course it wasn't easy to implement the susbequent upgrades on
a non-booting system.

The _proportion_ of upgrades where such problems arose was (is?) very
small given the total number of upgrades/patches/whatever-you-call-them,
but of course knowing that is little comfort to those affected.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf

_IMPORTANT INSTRUCTIONS_ BEFORE ALL TECHNICAL INTERVENTION ON THE [CASE CUT THE
ELECTRICAL FEEDING REGULAR MAINTENANCE PROVIDES THE GOOD WORKING OF A CASE (SEE
INSTRUCTIONS BOOK) [seen on bacon cabinet in Tesco (a large grocery chain)]

 

[choro]

That might still be the case with 7 so far (though I'm dubious); in XP
(and possibly '9x, I can't remember) there were quite a few cases where
updates broke something: it was usually only on certain hardware (or
possibly occasionally software, I can't remember) combinations, where
somewhat arcane driver interactions with the upgrade caused malfunction.
Usually it was minor, but occasionally it caused a non-booting system.
They were usually fixed (by further update) in a relatively short time,
though of course it wasn't easy to implement the susbequent upgrades on
a non-booting system.

I was going to say!!!

 

[Big Steel]

I manually select what W7 will update on my PC's. Noticed most updates
prevent remote code execution or unauthenticated remote users taking
control. I've disabled any remote control services from running, am
firewalled and virus/malware protected.

Is there any benefit to installing these 80 updates ... especially
considering they usually slow the machine down?

When I use to frequent the Security and Firewall NG(S), the experts dove
it home to me.

http://helpdesk.iflsweb.org/knowledgebase.php?article=20

And what you are talking about with some remote code execution has
nothing to do with Windows Update. What you are talking about would be
due to you not doing an update to the Windows O/S or an application like
IE (un-patched) that lead to software being placed on the machine by
some exploit. The exploit by a remote hacker allows it to remotely
execute a program that can compromise you as a user using the machine.

 

[Robin Bignall]

Microsoft's EMET tool looks at behavior rather than signatures. It too is
not a complete solution to the need for malware protection but it helps and
should be on your system.

It looks very promising, Joe. How does one decide which applications to
apply it to, or deploy it for, or whatever the term is?

 

[Zaphod Beeblebrox]

I manually select what W7 will update on my PC's. Noticed most updates
prevent remote code execution or unauthenticated remote users taking
control. I've disabled any remote control services from running, am
firewalled and virus/malware protected.

Is there any benefit to installing these 80 updates ... especially
considering they usually slow the machine down?

"Remote code execution" noes not necessarily imply the use of remote
control services. It can be done with malicious website code, etc., so
yes, you should install the updates to help prevent your systems from
being compromised. The difference in performance is likely nonexistent
or at most imperceptible.

 

[Gene E. Bloch]

It looks very promising, Joe. How does one decide which applications to
apply it to, or deploy it for, or whatever the term is?

Read the documentation.

Disclaimer - in this case, that's a joke

I didn't get very far looking at it, but since I wasn't motivated, I
gave up.

 

[Robin Bignall]

Read the documentation.

Disclaimer - in this case, that's a joke

I didn't get very far looking at it, but since I wasn't motivated, I
gave up.

Well, I didn't understand a word of the documentation, so we're probably
even.

 

[Gene E. Bloch]

Well, I didn't understand a word of the documentation, so we're probably
even.

Excellent. I like equal opportunity confusion.

 

[Joe Morris]

It looks very promising, Joe. How does one decide which applications to
apply it to, or deploy it for, or whatever the term is?

Any program that you're worried about, or that anyone you trust is worried
about...especially if it processes files from the Internet.

Internet Explorer (and other browsers) are low-hanging fruit here. Ditto
for Adobe Reader and any other PDF rendering application and image display
tool (and make sure that you catch the actual executable used to invoke the
application; for example, not only "acrobat.exe" but also "acrobat_sl.exe").
Some other candidates:

* Office applications (including Excel, PowerPoint, Word, and Access
viewers, not only the ones from Microsoft). Don't forget Visio and Project
and their viewers as well.
* Groove
* Communicator

etc. (Watch out for applications with both 32-bit and 64-bit executables.)

Joe

 

[Robin Bignall]

Any program that you're worried about, or that anyone you trust is worried
about...especially if it processes files from the Internet.

Internet Explorer (and other browsers) are low-hanging fruit here. Ditto
for Adobe Reader and any other PDF rendering application and image display
tool (and make sure that you catch the actual executable used to invoke the
application; for example, not only "acrobat.exe" but also "acrobat_sl.exe").
Some other candidates:

* Office applications (including Excel, PowerPoint, Word, and Access
viewers, not only the ones from Microsoft). Don't forget Visio and Project
and their viewers as well.
* Groove
* Communicator

etc. (Watch out for applications with both 32-bit and 64-bit executables.)

Very helpful Joe, thanks. I already deduced most of those from reading
the help and the sites, but I'll go through the list again with those
criteria in mind.