Image Map Image Map
Page 2 of 6 FirstFirst 123456 LastLast
Results 11 to 20 of 51

Thread: Leaving Windows update turned off, just use up to date antivirus

  1. #11
    Join Date
    Mar 2009
    Location
    Pleasant Hill, CA USA
    Posts
    2,721
    Blog Entries
    1

    Default

    Quote Originally Posted by IBMAT5170 View Post
    Case in point. We have a client who still has a Pentium III server running Win2k Server as their web server and domain controller. workstations are all XP SP3 running the latest firefox that xp supports. Office XP and the internet are what they use. they call maybe once a month with a minor issue that we are able to either fix entireley or work around. To suggest they upgrade, well, im sure their owner would go for it. He isnt against spending money. But then I have to migrate their E-Mails, files, et cetera. Its easier for me to just say nothing and keep patching up what they have than to upgrade them.
    If you do not have gross negligence and liability insurance, now is the time to get it, you will almost certainly need it sooner than you think.

    Also this "case in point" shows a complete lack of ethics on your part, a laziness that is borderline criminal. This customer pays you to be the expert who takes care of all the computer stuff, including keeping his computers safe from "the hackers" and you are not doing this, you are abusing their trust and are making yourself completely liable for any and all data breaches since you knowingly keep them vulnerable. And then to openly admit to it in a public forum? Really?

    On top of all of this, you are leaving a massive amount of money on the table. You can charge by the hour, above and beyond the support contract to upgrade them, and if they are willing, then why the heck not.

    Back to the topic at hand. Never turn off updates, though I do recommend delaying them, either with the built in windows settings (I delay mine by 30 days) or via WSUS. Most of the time MS pulls bad updates within a week or so of their release, so delaying 30 days means you will almost certainly not get hit by the bad ones. I certainly have not, and all my Win7 and 10 machines have all the updates. The exception to this are zero day updates, these patch holes and issues that are known to be exploited in the wild.

    As for AV, I personally do not run any, save the MS stuff, which have been proven time and time again to be more than adequate and even better than other commercial AV solutions out there.

    Oh, and someone else mentioned, if the machine is not connected to the internet (air gapped) and never will be, then it won't matter if updates are on or off you won't get them, and it probably would not matter either, nor would an A/V make much difference as it would never be able to download it's updates either. Run whatever patched or unpatched OS you want, security is of little concern in this use case.

    IBM 5160 - 360k, 1.44Mb Floppies, NEC V20, 8087-3, 45MB MFM Hard Drive, Vega 7 Graphics, IBM 5154 Monitor running MS-DOS 5.00
    IBM PCJr Model 48360 640kb RAM, NEC V20,, jrIDE Side Cart, 360kb Floppy drives running MS-DOS 5.00
    Evergreen Am5x86-133 64Mb Ram, 8gb HDD, SB16 in a modified ATX case running IBM PC-DOS 7.10

  2. #12

    Default

    I no longer allow my win 7 onto the web unless it is to down load a specific application. Hopefully they haven't been hacked.
    As for updates. Even with the best virus protection, any nasty person that is allowed to run Jav script on your machine can take advantage of MeltDown, if you have any of the newer Intel processor for the last 5 or 6 years. The updates will make your machine slower but you may still get hit on a drive by. The various Specter ones are harder to use. These are mainly blocked by the other software vendors updating the holes in their code. Windows can't stop those attacks either.
    Dwight

  3. #13
    Join Date
    Jan 2007
    Location
    Pacific Northwest, USA
    Posts
    30,985
    Blog Entries
    20

    Default

    For those with vintage systems, needing to network--you might want to do what I do. The old stuff is locally networked (VPN), with no direct internet access. Rather, the connection from the router is made to a "master" safe machine keeping things up to date. File transfers are made only from machine-to-machine on the VPN or between the master and the VPN-connected systems. No way for the vintage systems to directly connect to the cold, dangerous outside. If one of the vintage systems runs a web browser for jollies, no harm done.

  4. #14
    Join Date
    Jan 2013
    Location
    Marietta, GA
    Posts
    3,054

    Default

    I hope I never see the day when running something "old" is explicitly illegal. You know manufactures would love that.

    But I wouldn't even put Windows Eleventeen, or whatever bleeding edge latest and greatest, directly on the Internet without any kind of hardware firewall or taking some additional steps to secure the browser. Anyone who thinks simply being up to date closes every and all attack vectors, is a fool.

    In a corporate environment, you do have to CYA. Document why things are the way they are and what steps are taken to secure them. Viruses or whatever are not even the big issue - it's usually some higher-up who wants to prove how big his wang is by suddenly nitpicking about rules and policies. A long, long, time ago I actually got in trouble for not running The organization's Official Standard Approved Virus Scanner (TM) on my work PC (the kind that literally made computers take 30 minutes to boot up in the morning) - never mind that my machine was the ONLY ONE NOT infected by a virus running around at the time.

  5. #15
    Join Date
    Sep 2003
    Location
    Ohio/USA
    Posts
    7,436
    Blog Entries
    2

    Default

    When was the last time you ran into a virus anyway? Malware and ransomware what I worry about and it you are not a corporation/business then you are not targeted.
    What I collect: 68K/Early PPC Mac, DOS/Win 3.1 era machines, Amiga/ST, C64/128
    Nubus/ISA/VLB/MCA/EISA cards of all types
    Boxed apps and games for the above systems
    Analog video capture cards/software and complete systems

  6. #16
    Join Date
    Sep 2003
    Location
    Ohio/USA
    Posts
    7,436
    Blog Entries
    2

    Default

    Quote Originally Posted by SomeGuy View Post
    I hope I never see the day when running something "old" is explicitly illegal. You know manufactures would love that.

    But I wouldn't even put Windows Eleventeen, or whatever bleeding edge latest and greatest, directly on the Internet without any kind of hardware firewall or taking some additional steps to secure the browser. Anyone who thinks simply being up to date closes every and all attack vectors, is a fool.

    In a corporate environment, you do have to CYA. Document why things are the way they are and what steps are taken to secure them. Viruses or whatever are not even the big issue - it's usually some higher-up who wants to prove how big his wang is by suddenly nitpicking about rules and policies. A long, long, time ago I actually got in trouble for not running The organization's Official Standard Approved Virus Scanner (TM) on my work PC (the kind that literally made computers take 30 minutes to boot up in the morning) - never mind that my machine was the ONLY ONE NOT infected by a virus running around at the time.
    Being incompetent and being in charge of IT functions in medical, security, defense, and fortune 500 companies can either get you in legal trouble or sued into poverty. So while using something old is not illegal by itself, doing so while knowing there are security holes that will allow others to easily hack into the systems you are in charge of protecting does have rather harsh side effects.
    What I collect: 68K/Early PPC Mac, DOS/Win 3.1 era machines, Amiga/ST, C64/128
    Nubus/ISA/VLB/MCA/EISA cards of all types
    Boxed apps and games for the above systems
    Analog video capture cards/software and complete systems

  7. #17
    Join Date
    Jan 2007
    Location
    Pacific Northwest, USA
    Posts
    30,985
    Blog Entries
    20

    Default

    Fortunately for some of us, Linux/BSD systems are too small a target for malware. Heck, not even the "Vindows Support" scammers know what to do with it.

  8. #18
    Join Date
    Dec 2017
    Location
    A planet that's evolving And revolving at nine hundred miles an hour
    Posts
    412

    Default

    Quote Originally Posted by lutiana View Post
    If you do not have gross negligence and liability insurance, now is the time to get it, you will almost certainly need it sooner than you think.

    Also this "case in point" shows a complete lack of ethics on your part, a laziness that is borderline criminal. This customer pays you to be the expert who takes care of all the computer stuff, including keeping his computers safe from "the hackers" and you are not doing this, you are abusing their trust and are making yourself completely liable for any and all data breaches since you knowingly keep them vulnerable. And then to openly admit to it in a public forum? Really?

    On top of all of this, you are leaving a massive amount of money on the table. You can charge by the hour, above and beyond the support contract to upgrade them, and if they are willing, then why the heck not.

    Back to the topic at hand. Never turn off updates, though I do recommend delaying them, either with the built in windows settings (I delay mine by 30 days) or via WSUS. Most of the time MS pulls bad updates within a week or so of their release, so delaying 30 days means you will almost certainly not get hit by the bad ones. I certainly have not, and all my Win7 and 10 machines have all the updates. The exception to this are zero day updates, these patch holes and issues that are known to be exploited in the wild.

    As for AV, I personally do not run any, save the MS stuff, which have been proven time and time again to be more than adequate and even better than other commercial AV solutions out there.

    Oh, and someone else mentioned, if the machine is not connected to the internet (air gapped) and never will be, then it won't matter if updates are on or off you won't get them, and it probably would not matter either, nor would an A/V make much difference as it would never be able to download it's updates either. Run whatever patched or unpatched OS you want, security is of little concern in this use case.
    You know, this may sound crazy, but I worked with a company that used unsupported legacy software and OS's. They had an in house sec/dev team that made their own patches for the software. Simply because M$ dropped the OS doesn't mean others can't pick up were they left off. Some how they had an agreement that got them the source code for a older version of windows to probe, but they took it one step further.
    Last edited by Mr. Horse; March 20th, 2019 at 07:21 PM.
    I have dyslexia, I have alot of trouble putting my thoughts into words and spelling/grammar is something I struggle with.
    You may need to read my posts twice to understand what I said.

  9. #19
    Join Date
    Jan 2014
    Location
    Centero
    Posts
    6,876
    Blog Entries
    2

    Default

    I've seen viruses and ransomware at work.

    I've dealt with malware at home, usually knowing in advance. I've never had issues removing it.

    Lack of backups is to me a serious risk, internet not so much.

    I liken the "MUST UPDATE" criers to the people on bike trails shouting at me for not wearing a helmet. You put your trust where you will, and please don't worry about me.

  10. #20
    Join Date
    Sep 2003
    Location
    Ohio/USA
    Posts
    7,436
    Blog Entries
    2

    Default

    Quote Originally Posted by KC9UDX View Post
    I've seen viruses and ransomware at work.

    I've dealt with malware at home, usually knowing in advance. I've never had issues removing it.

    Lack of backups is to me a serious risk, internet not so much.

    I liken the "MUST UPDATE" criers to the people on bike trails shouting at me for not wearing a helmet. You put your trust where you will, and please don't worry about me.
    The thing is nobody cares if you fall of your bike and crack your head open (unless you block their path), but people will get pissed if malware opens your contact lists and starts flooding everybody on the list with advertisements for erection pills.
    What I collect: 68K/Early PPC Mac, DOS/Win 3.1 era machines, Amiga/ST, C64/128
    Nubus/ISA/VLB/MCA/EISA cards of all types
    Boxed apps and games for the above systems
    Analog video capture cards/software and complete systems

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •