| By Diane Korngiebel |
Reports of Microsoft’s silent updates published on Sept. 13 and 20 by Windows Secrets raised security questions for many readers.
Subscribe to our Windows Secrets Newsletter - It's Free!
Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!
Subscribe and get our monthly bonuses - free!
Want to hack the new Start screen and tiles for your Win8 Device, the new Lock screen, the new tile-based apps, or the automatic notification information? Yes, you can do that. How about running other operating systems inside Windows 8, running Windows 8 on a Mac, or hacking SkyDrive and social media? We'll show you how to do that as well. Get this excerpt and other 5 bonuses if you subscribe now!
But with a little bit of know-how, you can keep risks to a minimum when getting updates using Internet Explorer or Mozilla Firefox.
Add extra security to your update strategy
Following our stories about Microsoft’s silent updating of Windows Update, a large number of readers wrote in asking whether hackers might be able to use a similar mechanism to access their PCs.
Although there is no evidence that anyone has yet compromised the Windows Update service itself, the unfortunate answer is that hackers have already been using components of Windows Update to bypass firewalls, as reported by Symantec, Computerworld, and elsewhere last May. The method involves calling on the Background Intelligent Transfer Service (BITS), which is part of Windows XP, Windows Server 2003, and Windows Vista.
The good news is that reader Paul Jackson has come up with a tip that may reduce the risks posed by this service:
- “I completely turn off Windows Update by disabling the Automatic Updates service and setting the BITS service to manual. I have an older machine so every little thing I can to help performance is welcomed.
“When I decide to do a Windows or Microsoft update, I run a batch file that changes the Automatic Update service type to Automatic, starts it and also starts the BITS service.
“I then run Microsoft update. When that’s done, I run another batch file to turn everything off and disable the service.”
Step 1: Choose Start, Run (XP) or Start (Vista). Type services.msc and press Enter.
Step 2: Double-click Automatic Updates (XP) or Windows Updates (Vista). For Startup type, choose Disabled and click OK.
Step 3: Double-click Background Intelligent Transfer Service. If the Startup type is not already set to Manual, choose that option and click OK. Close the Services window.
Step 4: Open Notepad and copy and paste these lines into its window:
sc config wuauserv start= auto
sc start wuauserv
sc start BITS
Step 5: Save the file with a name like Before_Update.bat. Be sure to include the .bat or .cmd extension.
Step 6: In Notepad, choose File, New. Then copy and paste these lines into its window:
sc stop BITS
sc stop wuauserv
sc config wuauserv start= disabled
Step 7: Save the file with a name like After_Update.bat. Be sure to include the .bat or .cmd extension.
Step 8: Vista only: Create shortcuts for each batch file by using the right-mouse button to drag and drop the file icons; choose Create Shortcuts Here. Right-click one shortcut and choose Properties. On the Shortcut tab, click Advanced. Check Run as administrator and click OK twice. Repeat for the other shortcut.
Step 9: When you want to get updates, double-click the Before_Update batch file (XP) or shortcut (Vista). Then use Windows Update to download the patches you need. Finally, double-click the After_Updates batch file (XP) or shortcut (Vista).
Firefox add-ons are workarounds, not panaceas
Regarding the tips published in our Sept. 13 and 20 issues for accessing the Windows Update Web site using the Mozilla Firefox browser, reader Leland Whitlock writes:
- “I tried your method of using User Agent Switcher in order to run Windows Update, but it only works if you have the IE Tab installed. Then it automatically uses an IE Tab when you go to Microsoft Update. I think the problem is Windows Update uses ActiveX controls for access and Firefox, as far as I know, can’t run ActiveX.”
You can, however, take steps to reduce your risks when using the IE Tab. It turns out that many of the security settings that you designate on your copy of IE are retained by the version embedded in Firefox. For example, I tested cookies, scripting of Java applets, ActiveX settings, and active scripting. For all of them, the embedded IE Tab followed the settings I had in IE.
Therefore, customizing IE 7′s security settings can also make Firefox safer when using the IE Tab. These tweaks were described in the Oct. 26, 2006, issue. In exception to the settings described there, you’ll need to use the following three options to access Windows Update in Firefox:
- ActiveX controls and plug-ins:
• Run ActiveX controls and plug-ins: enable
• Script ActiveX controls marked safe for scripting: enable
• Active scripting: enable
Bonus tip: If you really want to get patches and updates securely while using Firefox, you can do without the IE tab entirely. Instead, manually download and install each patch you need from the Microsoft Download Center. The star-like WGA (Windows Genuine Advantage) logo by a patch lets you know which ones to avoid if you don’t want to install that component.
Secunia posts FAQ to answer reader questions
Several readers had problems with the Online Software Inspector at Secunia.com (not to be confused with the company’s Personal Software Inspector and Network Software Inspector). Some users weren’t finding the answers they needed on Secunia’s site or by e-mail. For example, Richard Bellin writes that he hasn’t received replies to messages he’d sent.
I contacted Secunia and received a response in one day. Here are the company’s answers to some of the most common questions readers submitted:
Q: Is Vista supported?
A: As the Online Software Inspector is browser-based, Vista should be supported.
Q: Which versions of Java are needed to run the Online Software Inspector?
A: The Software Inspector requires version 1.5.0_12 or later.
Q: Why does the Online Software Inspector keep finding nonsecure software when I’ve uninstalled it manually? And why are there so many versions of Flash on my computer?
A: The answers to these questions depend on the specifics of your system. However, Secunia has recently posted a FAQ that should help answer these and other questions.
Readers Bellin, Jackson, and Whitlock will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.
The Known Issues column brings you readers’ comments on our recent articles. Diane Korngiebel is Windows Secrets’ editorial assistant.