Page 1 of 4

Windows updates on Ward computers

Posted: Tue Aug 19, 2008 11:08 pm
by pricer
My last question was not answered in the last posting, Question: Should I run the Windows XP updates once are ward computers are connected to the internet? I am sure there are many updates and patches for XP that have not been installed. Should I let the OS updates be installed by Microsoft updated? Thanks --- Roger

Posted: Wed Aug 20, 2008 12:21 am
by jdlessley
pricer wrote:My last question was not answered in the last posting, Question: Should I run the Windows XP updates once are ward computers are connected to the internet? I am sure there are many updates and patches for XP that have not been installed. Should I let the OS updates be installed by Microsoft updated? Thanks --- Roger
You may find that you are not able to do Windows updates because the icons have been removed and the Windows Update feature has been disabled in the registry. When you access the Windows Update Web site or the Microsoft Update Web site directly, you receive an error message that is similar to the following:
Access Denied
Network policy settings prevent you from using Windows Update to download and install updates on your computer. If you believe you have received this message in error, please check with your system administrator.

Since most of the updates needed are part of the Windows XP SP3 you should not try to install this either until word comes down from SLC with instructions. There may be compatiblity issues between Church software and these updates. This is true also with Internet Explorer 7.

If you have already installed SP3 or IE7 I recommend you uninstall them.

Posted: Wed Aug 20, 2008 4:39 am
by russellhltn
jdlessley wrote:If you have already installed SP3 or IE7 I recommend you uninstall them.
Is that based on knowledge of problems or is that just being cautious? As far as I have heard, there are no known problems, but you are being a beta tester if you install them.

Posted: Wed Aug 20, 2008 1:23 pm
by Mikerowaved
As we move more admin PCs on to the Internet, CHQ should realize that as good as Desktop 5.5, Symantec AV, and the ASA firewall might be, they are still inadequate if an OS and installed software have not applied all the upgrades and security patches available from the manufacturer(s). If they haven't given the green light for IE7, Adobe Reader 9, Windows XP SP3, etc. they are asking for problems that I don't think many units are equipped to handle.

Mike

Posted: Wed Aug 20, 2008 3:22 pm
by jdlessley
RussellHltn wrote:Is that based on knowledge of problems or is that just being cautious? As far as I have heard, there are no known problems, but you are being a beta tester if you install them.
Yes I did and started having minor problems. I did not record them nor do I remember exactly what they were. I do remember that IE7 kept returning the security setings back to a less secure configuration and the message bar at the top of the window kept asking if I wanted it to 'fix' the settings. I remembered reading a post that said not to install SP3 or IE7 and so I went through the trouble to uninstall them just to avoid some real issues I had not yet run into.

I've also installed Adobe Reader 9 and have had no problems - yet. I did have to unistall two tag-along installs. One was something to do with adobe.com. The other one I don't recall what it was. This is my policy - uninstall any additional entries found in Control Panel | Add or Remove Programs after determining they are not necessary for the install I did want. In this case both were not necessary and were only tag-along installs.

I vote yes, run the updates.

Posted: Wed Aug 20, 2008 5:07 pm
by eyoungberg-p40
Our stake has been online for several months now. As a matter of routine I perform all updates. None of our workstations have exhibited any issues with any updates, IE7, or SP3.

I would recommend against connecting to the LAN/Internet unless you plan to have all of the udates performed, and Symantec AV installed. Case in point: previous to connecting to the LAN/Internet, more than one of our workstations had been infected by viruses or malicious software (floppy disks? USB drives?). Symantec had not caught them. But the instant the Windows updates had been put in, the Malicious Software detection update from Microsoft Update caught them. If we had not done the Windows/Microsoft updates, we could easily have infected every machine on the LAN.

I think you are simply asking for trouble connecting a Windows client to the Internet without all of the Windows updates.

Posted: Wed Aug 20, 2008 5:31 pm
by russellhltn
It's been a while, but I know of some machines that got infected via the phone call. This was back when the admin machines ran XP SP1. (Pre-Desktop 5.5). At some point the ACL on the ISP that MLS uses failed and machines got infected via the Internet.

I was lucky because I saw the early warning signs and installed SP2 which included a firewall before that was all approved.

Posted: Wed Aug 20, 2008 9:48 pm
by jdlessley
eyoungberg wrote:Our stake has been online for several months now. As a matter of routine I perform all updates. None of our workstations have exhibited any issues with any updates, IE7, or SP3.
How did you get all the updates? Was SP3 installed from a CD or from the Windows Update site?

In my previous post I mentioned that IE7 would give me information bar warnings on every new web page I opened that said the Internet security settings should be changed for better security. I tried countless times to change the settings. I even clicked on the option to allow IE7 to change them. The changed settings never took and always reverted back to the settings inherited from IE6 on each new web page I opened. How did you get IE7 to accept changes to the Internet Options | Security | Internet Zone settings? I assumed there was a registry setting that had to be changed. Since I figured any changes I made would be contrary to what the Church wanted the computer to have for security reasons, I gave up trying to make the changes stay where I wanted them.

Did you have any issues with security warnings from Symantec Client Security after installing SP3? Or did you have any Internet access issues or difficulties after the updates? I experienced all of these. But because these updates had not been tested and approved for install I assumed that these issues would not be solvable. I therefore did not investigate them but rather uninstalled SP3. I did however install some security updates that were a part of SP3 - just not all of the updates - after I uninstalled SP3.

Posted: Thu Aug 21, 2008 3:51 pm
by eyoungberg-p40
jdlessley wrote:How did you get all the updates? Was SP3 installed from a CD or from the Windows Update site?

The Microsoft Update process, after the workstation is connected to the LAN/Internet. This is the upgrade to Windows Update, which extends the update process to all Microsoft products (MS Office, etc)
jdlessley wrote:In my previous post I mentioned that IE7 would give me information bar warnings on every new web page I opened that said the Internet security settings should be changed for better security. I tried countless times to change the settings. I even clicked on the option to allow IE7 to change them. The changed settings never took and always reverted back to the settings inherited from IE6 on each new web page I opened. How did you get IE7 to accept changes to the Internet Options | Security | Internet Zone settings? I assumed there was a registry setting that had to be changed. Since I figured any changes I made would be contrary to what the Church wanted the computer to have for security reasons, I gave up trying to make the changes stay where I wanted them.

The only time I've seen this issue is when I have a spyware problem. One of the things I also do is download and configure Windows Defender for a full scan. This stays resident on the workstation and is configured to update itself and scan during a planned, weekly overnight maintence process.

You might also download and run Spybot and Adaware, two excellent feebee spyware and adware killers which each find stuff the other, and Defender, do not. I run these once when I feel the need to look for spyware, but use Defender on a consistent basis.
jdlessley wrote: Did you have any issues with security warnings from Symantec Client Security after installing SP3? Or did you have any Internet access issues or difficulties after the updates? I experienced all of these. But because these updates had not been tested and approved for install I assumed that these issues would not be solvable. I therefore did not investigate them but rather uninstalled SP3. I did however install some security updates that were a part of SP3 - just not all of the updates - after I uninstalled SP3.

Nope - all of this smacks of spyware that is looking to protect itself, but is having a problem because it can't call home through the CHQ firewall. If the system is as "hosed:" as it sounds, I would be prepared to do a complete reinstall of the image - Windows, MLS, etc.

Also, if this is a Dell Dimension OptiPlex GX270, you may very well have a known hardware problem.

Good luck - please share with us what you find!

Eric

Posted: Thu Aug 21, 2008 4:08 pm
by mkmurray
jdlessley wrote:How did you get all the updates? Was SP3 installed from a CD or from the Windows Update site?

In my previous post I mentioned that IE7 would give me information bar warnings on every new web page I opened that said the Internet security settings should be changed for better security. I tried countless times to change the settings. I even clicked on the option to allow IE7 to change them. The changed settings never took and always reverted back to the settings inherited from IE6 on each new web page I opened. How did you get IE7 to accept changes to the Internet Options | Security | Internet Zone settings? I assumed there was a registry setting that had to be changed. Since I figured any changes I made would be contrary to what the Church wanted the computer to have for security reasons, I gave up trying to make the changes stay where I wanted them.

Did you have any issues with security warnings from Symantec Client Security after installing SP3? Or did you have any Internet access issues or difficulties after the updates? I experienced all of these. But because these updates had not been tested and approved for install I assumed that these issues would not be solvable. I therefore did not investigate them but rather uninstalled SP3. I did however install some security updates that were a part of SP3 - just not all of the updates - after I uninstalled SP3.
I think I've seen or heard of this before, I'm not convinced it's spyware. I wonder if I can dig up anything on it...