Be careful of Windows update

[Anton Kolakov]

For some reason Windows update is offering people to install an ATI
driver and claiming it is an important update instead of optional. I
already have latest driver so there is no way I need this driver. If you
have auto-update on, which I don't, it will install automatically which
has happened to a few people already. The drivers at Windows update do
not have OpenGL driver so if you have any games that use OpenGL and this
update installs you will have to mess around with installing ATI
download driver again.

 

[Benjamin Gawert]

* Anton Kolakov:

For some reason Windows update is offering people to install an ATI
driver and claiming it is an important update instead of optional. I
already have latest driver so there is no way I need this driver. If you
have auto-update on, which I don't, it will install automatically which
has happened to a few people already. The drivers at Windows update do
not have OpenGL driver so if you have any games that use OpenGL and this
update installs you will have to mess around with installing ATI
download driver again.

I noticed the same problem, Windows update installed an older driver
(identified as Catalyst 9.7 by CCC) when I had 9.9 already installed, so
I had to reinstall 9.9 afterwards.

It doesn't seem to be limited to ATI drivers. On my laptop with Nvidia
gfx I was offered an older driver as "critical update" today.

Ben

 

[Anton Kolakov]

I have never been offered drivers, even when running much older versions.

Probably because you turned off the option to show optional updates. The
problem now is that Microsoft has flagged them as critical updates,
which they are not. If you run update now you should see the video
driver update unless Microsoft has fixed their gaff already.

 

[Anton Kolakov]

Automatic Updates is one of the first things I disable after installing
Windows, along with about 20 other useless Windows Services.

Me too, but I installed MSSE on XP and Win7 today and Microsoft thought
it would be a good idea to turn auto-updates back on without notifying
me it would. Soon turned it off again though. I know when to check for
updates and I even turn off auto-updates in AV software which might not
be a good idea for some people but I manually have it check for updates
daily.

 

[Anton Kolakov]

Checking for AV updates daily is really overkill. I update my Avira
Antivir definitions once a month and I download all kinds of cracks and
no-CD patches without infection.

Never heard of Zero Day virii? AV should be checked for updates every
day if you are going to bother running AV software. AV software is
usually updated every day too.

 

[DevilsPGD]

In message <[email protected]> "First of

A few things make daily AV software updates overkill:

- Just because a zero-day virus is in the wild doesn't mean it has infected
the file you happen to be downloading today. In fact virus propagation on
the internet takes time.
- When an AV software developer is made aware of a new virus in the wild,
they still need time to analyze it and develop the signature, so even daily
AV updates will lag behind virus threats by a few days.

Right... So why add additional latency to the process?

 

[Benjamin Gawert]

* First of One:

Checking for AV updates daily is really overkill.

No, it isn't.

I update my Avira
Antivir definitions once a month and I download all kinds of cracks and
no-CD patches without infection.

Just because you were lucky so far doesn't mean your approach is
sensible. In fact, you can be infected without knowing it.

Updating your AV software daily only takes seconds and is done
automatically. There is absolutely no sane reason to not do it.

Benjamin

 

[Benjamin Gawert]

* First of One:

A few things make daily AV software updates overkill:

- Just because a zero-day virus is in the wild doesn't mean it has infected
the file you happen to be downloading today. In fact virus propagation on
the internet takes time.

This is not true, as the past has shown. Many zero day exploits are
widely used within a few days.

- When an AV software developer is made aware of a new virus in the wild,
they still need time to analyze it and develop the signature, so even daily
AV updates will lag behind virus threats by a few days.

No. Just because you (the public) haven't heard of it before does not
mean the AV software developers haven't, too.

- Signatures is only one means of detecting viruses, the other being
heuristics.

Heuristics is very unreliable and only works when the malware is already
on your system.

Sorry, but your relaxed and very naive approach is a prime example why
bot net operators never run out of zombie PCs.

Benjamin

 

[DevilsPGD]

In message <[email protected]> Benjamin Gawert

Heuristics is very unreliable and only works when the malware is already
on your system.

*all* desktop AV software only works when malware is already on your
system.

Heuristics are trivially defeated by any virus author with a copy of the
AV software they're trying to defeat and are therefore not particularly
reliable, but that's another debate entirely.

 

[Benjamin Gawert]

* DevilsPGD:

*all* desktop AV software only works when malware is already on your
system.

Well, yes (it was badly worded, sorry). However, heuristics only works
once the malware is *active* while signature-based scanning works when
the malware is still *inactive*

Heuristics are trivially defeated by any virus author with a copy of the
AV software they're trying to defeat and are therefore not particularly
reliable, but that's another debate entirely.

Heuristics is a last chance of detecting something nasty but the chance
that it works is minimal. Once malware is running then the whole system
should be considered compromised and cleaned up appropriately.

Benjamin

 

[Antonio López de Santa Anna]

A few things make daily AV software updates overkill:

Only takes about 20 seconds to update so is not overkill at all. You
do it your way and I will do it mine, the smarter way.

 

[Antonio López de Santa Anna]

Updating your AV software daily only takes seconds and is done
automatically.

Well, in my case I do it manually but still daily.

 

[Benjamin Gawert]

* First of One:

Then I've been lucky for 12 years and counting. Not a bad track record.

Well, if it is 12 years or 20 years is irrelevant as malware got only
really really bad within the last 5 to 7 years. Before that it was very
easy to avoid malware, however this is not the case anymore.

Your system may be infected, too. The only difference is you can say your
system is clean with 99.9% confidence, while I can say it with 99.8%
confidence.

Updating your antimalware program once a month does in no way give you
even 90% confidence, in reality you are probably more down to 70%, if at
all. Timely updates are critical for antimalware tools, updating once a
month is barely batter than not updating it.

Except no single AV app is completely effective anyway. Depending on whether
the developer gets the virus sample before or after it's in the wild, there
may be a lag in getting the signatures prepared.

Right. So what? Just because a virus program is not 100% effective or
that there might be a delay between new virii and new signatures there
is no reason to add another, even longer delay.

Following your logic, a cancer patient would only get his medications
once a month when he is supposed to take it daily, simply because there
is a delay in development and diagnostics of cancer, and despite the
treatment he might die anyways.

Different dev houses get
different virus submissions, too, which affects their detection ability.

Not really. Today, antivirus companies and security experts works quite
closely together and exchange virus signatures and malware information
quickly.

Occasionally I get infected spam email attachments that penetrate Yahoo
Mail's Symantec virus scanner, but they scan positive using Avira with my
weeks-old definitions.

Well, "Symantec" says it all.

What's more important? A good scan engine or
daily-updated definitions?

It is not one or another. One is worthless without the other. Simple as
that.

If you work in a particularly high-risk environment, you would need to scan
files on-demand with at least two AV programs (they obviously cannot run in
the background simultaneously). "Zulu" from alt.2600.cracks advocated this,
using some metaphor about contraceptives...

If you use files from what you call "high-risk environments" then the
safest way is to only use them is in locked-down virtual machines.

But that makes regular timely updates of your antimalware tool not less
important.

Benjamin