How is your luck with Windows Updates?

[lakedude]

Drown lakedude's advice in the river and move on. Windows updates fix security vulnerabilities, to say that installing them is a bad idea is like saying that the broken lock on your front door is hardly worth fixing because locks are a whole load of trouble themselves and it's easier just to walk in the house without having to trouble with an unlocking mechanism.

It is kinda like that. Except you must imagine that sometimes the lock boots you out of your own house and leaves you outside in the rain and never lets you back in till you build another house.

Also imagine that you have left the lock open before by accident and all your stuff was still magically still in the house exactly where you left it. Now maybe the fence (firewall) wall was a deterrent, and maybe the barking dog (anti-malware, anti-virus) is the only thing that kept your house from being empty.

Look, if updates are working for you, great. If you are having trouble with them and have the energy to sort all that out, great. If they kill your system and you get sick of it, turning them off is not really that big of a deal if you have other security measures in place and avoid stupid programs such as Outlook and the like.

 

[mikeymikec]

@ lakedude

Considering that the biggest risk to computer security is the user, and if the user throws the idea of resolving security vulnerabilities out of the window, where does that leave the rest of the system? Do you avoid anti-virus updates as well, in case of false positives, or perhaps not bother with anti-virus at all because it might malfunction and cause problems? What about updates for any Internet-accessing apps you're using?

I've seen malfunctioning security software a heck of a lot more times than Windows Update malfunctioning.

The first line of defence is the user, however security vulnerabilities can throw any amount of user-savvyness and caution to the winds.

There's no such thing as a deterrent when it comes to computer security, at least as far as the average user is concerned. The infection process is automated the vast majority of the time. The process either manages to gain access through lax security measures or it doesn't. The vast majority of the time, a compromise in system security is due to a security vulnerability (the user, or in a piece of software that the computer is running), and sometimes a bit of both (especially in cases of privilege escalation).

It seems that you have the idea that a software firewall or anti-virus running on the same machine as the one you're using acts as some sort of protective bubble. It doesn't. An OS vulnerability (say in the TCP/IP stack, or in the network driver, if you would like a very simple example of a software firewall being bypassed) cuts straight through what you're putting so much faith in. A system-level compromise usually includes a method of disabling most software security products, and even a lot of user-level compromises I've seen do that (scam security products for example).

I would regard a software firewall being mildly important, anti-virus as pretty important, but software updates easily being more important than both put together. Firewall software sometimes needs security patching, anti-virus is pretty useless without definitions updates and security patching. Excluding the OS from the software update process is just plain lunacy from that perspective.

 

[RalphTheCow]

mikeymikec - thanks for staying with me! I am running chkdsk /r now. I ran sfc /scannow with no bad results noted. I ran the System Update Readiness Tool, but I forget the results. Yeah, there is no SP1 or 2, but as near as I can tell those were not security updates, so they must be optional. I an very confused about when I ran that fix that renamed that catroot2, all my update history went away - that was just the record of the updates, right, not the updates themselves? I'll have to look through the browser history on that Vista computer to see exactly what I did.

Update: chkdsk /r made no difference.

 

[lakedude]

@ lakedude

Considering that the biggest risk to computer security is the user, and if the user throws the idea of resolving security vulnerabilities out of the window, where does that leave the rest of the system?

Unusable if the paranoid among us are to be believed. Seems to work fine in my experience.

Do you avoid anti-virus updates as well, in case of false positives, or perhaps not bother with anti-virus at all because it might malfunction and cause problems?

I let my AV update. My current AV software has never caused any serious issues.

What about updates for any Internet-accessing apps you're using?

That really depends on how frequent and annoying they are. Apps that are too annoying get erased and replaced with less annoying programs. After all who is in charge the user or the computer?

I've seen malfunctioning security software a heck of a lot more times than Windows Update malfunctioning.

Um, okay. Anti-virus has never taken any of my machines down and made them unusable, updates have. In fact my anti-virus causes me very little in the way of trouble.

 

[who?]

I've only heard of windows update screwing things up once and that was a few years ago. I have it set to notify me about updates and let me choose them but I choose almost all of them and my W7 box sometimes seems to run better after the updates.

 

[lakedude]

There were issues with SP3, and some apparently incorrectly-built recovery images on some branded OEM systems.

Google "intelppm.sys AMD SP3"

Edit: Try booting into Recovery Console on that HDD, and typing "NET STOP INTELPPM". it might be "DISABLE" rather than "STOP".

Thank you very much for your help V-Larry.

I don't think that is the issue because the system in question is an Intel Centrino, not an AMD. If I'm reading it right the issue is when you mix an AMD CPU with IntelPPM software.

 

[VirtualLarry]

I don't think that is the issue because the system in question an Intel Centrino, not an AMD. If I'm reading it right the issue is when you mix an AMD CPU with IntelPPM software.

Yes, that is correct. If you have an Intel CPU, the IntelPPM driver shouldn't cause any issues.

Now that I think about it, I think that the particular issue that I described causes a blue-screen after installing SP3. So if that's not happening, you have a different issue.

 

[denis280]

+1 for Vista just being a dog, i ran it for a short time and then reverted back to XP until 7 came out. I see 7 as pretty much Vista without the bugs and poor performance

I agree.i did the same thing

 

[RalphTheCow]

Vista was particularly bad for losing track of registered files necessary for Windows Update to function correctly. This little app; Fix WU Utility, was developed by Ramesh Kumar for The Windows Club. This utility will re-register a total of 114 .dll, .ocx, and .ax files which are required for the proper functioning of Windows Update. You could also do this manually using the MS regsvr32 tool, but Ramesh's nice little frontend takes care of it all in a couple of minutes.

Thanks, Bubbaleone, but how do I know that is safe? I appreciate your help, and I guess the answer is thewindowsclub is probably a reputable web site, but in general they say to be careful what you download over the web, so it often seems like a quandary to me on deciding what to trust.

 

[RalphTheCow]

I agree.i did the same thing

Hmm - I sort of missed the boat for Windows 7. I wonder is there is still a way to buy it at a reasonable price? I really screwed up when I missed the cheap upgrade from Vista period a few years ago. I don't think 8 will run on my 2004 machine, plus it seems that everyone hates it!

 

[lakedude]

I hated W8 out of the box but with a few changes it isn't so bad really.

The biggest annoyance was Edge Swipe which was only annoying when using a touch-pad.

Classic Shell or Start 8 returns some W7 like functionality.

Here is what I did to make W8 mo-better:

http://forums.anandtech.com/showthread.php?t=2293473

 

[Bubbaleone]

Thanks, Bubbaleone, but how do I know that is safe? I appreciate your help, and I guess the answer is thewindowsclub is probably a reputable web site, but in general they say to be careful what you download over the web, so it often seems like a quandary to me on deciding what to trust.

Not here, or on any other forum have I ever posted a link to software and/or applications that I haven't personally downloaded, heuristic scanned with NOD32, installed on my own PC, and then thoroughly tested for functionality and usefulness.

But you don't have to trust either me, the developer, or The Windows Club; it's an executable file and can't do anything to your PC unless you double-click it. So for your own peace of mind just download it and scan it from the right-click context menu of your antivirus. If you're still paranoid, just delete it and learn how to use regsvr32.


.

 

[Zxian]

Um, okay. Anti-virus has never taken any of my machines down and made them unusable, updates have. In fact my anti-virus causes me very little in the way of trouble.

Your personal experiences are not anecdotal evidence for all Windows users. I've seen more examples of anti-virus software that causes stability or connectivity issues than Windows updates. The last time I had a serious issue with a Windows update was back in the days of XP. I haven't dealt with an XP system in about 5 years now.

 

[lakedude]

Your personal experiences are not anecdotal evidence for all Windows users. I've seen more examples of anti-virus software that causes stability or connectivity issues than Windows updates. The last time I had a serious issue with a Windows update was back in the days of XP. I haven't dealt with an XP system in about 5 years now.

Exactly when did I say anything about my experiences being typical?

What I'm saying is if you are having trouble with updates, it is better to turn them off than to have your computer rendered non-functional due to a botched update.

If you have not had any trouble with updates than my words do not apply to you.

 

[RalphTheCow]

Not here, or on any other forum have I ever posted a link to software and/or applications that I haven't personally downloaded, heuristic scanned with NOD32, installed on my own PC, and then thoroughly tested for functionality and usefulness.

But you don't have to trust either me, the developer, or The Windows Club; it's an executable file and can't do anything to your PC unless you double-click it. So for your own peace of mind just download it and scan it from the right-click context menu of your antivirus. If you're still paranoid, just delete it and learn how to use regsvr32.


.

Thanks, Bubbaleone. I was definitely not accusing you or anybody else of any malfeasance, just trying to be careful not to just click on any download that is around, so I appreciate your answer, and the suggestion to look into regsvr32.

Good point, that the AV is a good authority, and I guess any download will automagically get an AV scan, and I am especially paranoid about FF extensions. And hopefully AV programs can identify keyloggers or the like (are they officially viruses?), but I am not so sure.

One other point - Windows Update itself appears to be working ok, at least the delivery part is, but the two updates just won't install, but I will try that little fix anyway.

 

[Matt1970]

As long as you keep your browser, anti-virus and your add-ons like Java updated you will be fine.

 

[RalphTheCow]

Well, doing that registering thing didn't help.
I think this is the error from the Event Viewer Windows Log Application - the update is dated 2/8/2009, so it is darn old. I don't show any service packs installed. And the other update that keeps failing is from 2/24/2009.

There are many, many of these.
Error 6/12/2012 8:58:36 AM CAPI2 11 None
Error 2/3/2013 12:12:29 PM CAPI2 11 None

Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

[tcsenter]

Event Viewer -> Applications log -> Wininit (Event 1001)

Any reason you haven't just tried a repair install? e.g. http://support.microsoft.com/kb/2255099

 

[RalphTheCow]

Event Viewer -> Applications log -> Wininit (Event 1001)

Any reason you haven't just tried a repair install? e.g. http://support.microsoft.com/kb/2255099

Yes - seems like a more drastic solution than I need - from the error above, it appears that updates from 2009 might be too old. I guess I need to research that a little more.

 

[tcsenter]

Well I mean, how many hours have you spent on it already....more than it would take to reinstall Windows?

 

[Zxian]

What I'm saying is if you are having trouble with updates, it is better to turn them off than to have your computer rendered non-functional due to a botched update.

And I'm saying that you're better off determining why an update is failing to install instead of a band-aid solution of third-party firewalls and anti-malware software.

Have you possibly considered that your anti-virus software was the cause of your failed updates? I've seen that happen far too many times (i.e. more than once).

 

[RalphTheCow]

Well I mean, how many hours have you spent on it already....more than it would take to reinstall Windows?

Point taken, I am definitely floundering. But if I repair, won't that wipe out all the updates I have ever done?

I am afraid to do anything too drastic because it it working, and I don't have a backup system.

 

[tcsenter]

Yeah, it'll wipe all prior updates. What SP level has it been patched at?

 

[RalphTheCow]

Yeah, it'll wipe all prior updates. What SP level has it been patched at?

No service packs listed at all - I am still wondering if I ever had them, and maybe they got wiped out when I renamed catroot2. At one point Windows Update served up SP1, but I got cold feet and cancelled the update because I have no backup. I just have USB 1.0, and no external hard drive, so I wonder if I should get a USB 2 or 3 PCI card and an external drive and get it backed up, then I can be more adventurous. Or should I just trust an online backup? Or choice 3, leave well enough alone.

 

[piasabird]

Still using Vista. Sometimes you have to get rid of or temporarily disable anti-virus to get certain updates to work. Also running too many updates at once may cause problems. I installed over 100 updates at once one day. In fact at work last week I installed 100 updates to Win 7 in one day! I think Microsoft was purposely saving them all or they were not working on Win 7, in favor of Win 8!

After running some of the Optional Updates, Vista runs almost as well as Win 7.

I think most the updates to win7 were for Office 2010.