Updating Windows XP

How often should I update Windows?

Every hour until you get it right!

One of the reason I like PcCillin is because of its independent search for windows vulnerabilities. Where this tool comes in handy is when my machine starts slowing down for no reason. I mean I did an online virus check and found no virus at all. The caveat of course was that it failed to check about 20 blocked files. I tied running AdAware but found that updates were blocked. So I know I wont trust that result no matter what.

When I did the PcCillin test, I found one vulnerability ms05-04. Since I really didn’t have a clue on trapping my pet bug, I decided to close the vulnerability knowing in the long run it was a fools game.

Keep in mind that this is a fully protected and updated computer just one month ago but yeah I do write some stuff that probably cause me to be spied on by Military Strength Malware.

The first step is to run a Windows update and it told me I needed the latest update module for it to be effective. Naturally, I clicked update and everything was successfully installed so I must be done since this is a very old bug.

Wrong!

Another PcCillin check is run and of course, ms05-04 is still there. So I run update again and get prompted for IE 7 and one other update. I download the one and reject the installation of IE7 so I should be done with this very old bug.

Wrong!

So the next time, I download and accept everything since my default browser is Firefox and I don’t really care which Explorer is not being run. Now I think I ‘m done so I check with PcCillin.

Wrong!

The original bug is gone but a new one ms07-?? has appeared so I download a fix, but now I’m really paranoid so I run PcCillin again to make sure I’m safe.

Wrong!

The new check of PcCillin shows that I now have six vulnerabilities and I run update again. Finally, I run PcCillin and it shows perfect protection

Right??????????

Now this reminds me that at trial, the prosecution says the machine was updated so its protected. Obviously, everybody accepts that updating closes all vulnerabilities but nothing could be further from the truth. The other problem I have is what happened to the bug that opened this vulnerability in the first place. Is it dormant, is it dead will it reappear the next time I visit a government honeypot.

Remember, pictures, documents, logs, records and files are never really destroyed but can still be recovered by forensic tools so not only is everything I’ve done in the past being stored but everything I’m doing in the futer is also being stored waiting for the bugs return.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: