Which patches to patch?

Topic

New Reply

Good question from GT: You’ve written that even when on Defcon-2, we should still download the malicious software removal tool; however, it won’t down
[See the full post at: Which patches to patch?]

Reply | Quote

Replies

Just wanted to second the recommendation of MSE. I’ve been using it for years now. Just be sure to whitelist your most frequently-used programs, as its real-time protection can have a tendency to not play well with others, especially games.

Reply | Quote

Woody, take a look at the article about Win 10 encrypted data mining in Betanews this AM. And people say we are just paranoid?

Reply | Quote

Yeah. Here it is:

http://betanews.com/2016/08/19/microsoft-sneaky-data-mining-windows-10/

They’re kind of talking around the stuff I mentioned last September:

http://www.infoworld.com/article/2987022/microsoft-windows/windows-10-and-privacy-whom-should-you-trust.html

The data has to be encrypted – I can accept that. What I can’t accept is that Microsoft hasn’t told us what data’s going out.

Reply | Quote

@Squall @Woody: How do we get this “MSE”? I’ve never heard of it until reading about it in the posts.

Reply | Quote

Seriously, Never IE and Never Norton’s … both are the last products I want to ever use on a computer.

Reply | Quote

Woody: I used to recommend MSE, because it did a decent job, and because it was set-and-forget. But a few years ago, a Microsoft official was interviewed and admitted that they didn’t put much effort into MSE:

http://www.infoworld.com/article/2612376/microsoft-windows/microsoft-admits-security-essentials-offers-bare-bones-protection-by-design.html

When the vendor tells me that his/her product isn’t very good, I hesitate to trust that product!

Reply | Quote

What is the last word on Win 7 computer protection to cover every item in or out of the computer. I stopped using IE after I downloaded IE 11 last year per Woody’s instructions. I have allowed a few updates to IE 11. It is turned off but still there on my computer.

Reply | Quote

You need to leave IE on your Win 7 or 8.1 computer. Windows uses it – even if you take steps to make it disappear from the user interface.

You need to keep it updated, too, but if you don’t use it for browsing, the danger’s significantly reduced.

Reply | Quote

I have Norton Security Suite that in-compasses 1- laptop Win 8.1, 1-desktop Win 7, 2- (CC motorola android smart phones; 5.1 and 6.0) complete coverage on all cost me $39.95, last February. Is there some kind of security suite that is safe to use that will let me have it on 5 different items for one small price. Just inquiring? So far I have not run into any problems with Norton. Since I will not let Microsoft get a foot hold into my android phone (so far) the fanfare has been pretty good .

Reply | Quote

I understand… but I think the importance of antivirus is waning, and I recommend MSE as “good enough – and always free.”

Reply | Quote

I’m not expert on Android antivirus, but on the Windows side, I continue to recommend MSE.

Reply | Quote

I would like to get rid of Google BUT android OS’s can’t operate without Google ( it’s parent), but can operate without Microsoft for the most part. Both Microsoft and Google make me a little bit paranoid me, “no” a whole lot paranoid!

Reply | Quote

It’s a free download if you’re running Win7 or 8.1:

https://support.microsoft.com/en-us/help/14210/security-essentials-download

Try uninstalling your current AV first. MSE might just pop up automatically.

Reply | Quote

I use an Android phone – Nexus 6P – and love it. But then I’m not as sensitive to snooping as some people are.

Reply | Quote

Agreed. But with the waning of traditional virus attacks, the trend for “exploit” style attacks in on the rise.

From the AV test reports that I have looked at, Microsoft MSE or Defender can pick up about 99% of the known prevalent in-the-wild malware.

But it does not catch a lot of the new variants or zero-day type of stuff.

So a layered approach is still the best, coupled with keeping your OS and applications up to date with security patches.

From what I have read about these exploits, also known as a drive-by attack (commonly containing ransomware), is that any website can host an exploit kit unknowingly. Even the ads from 3rd party ad networks can be unwitting participants in spreading exploit kits. The first thing an exploit runs is a script to probe what OS, version of browser, Flash plugins, Java, etc. you are running. If you are out of date and exposing a vulnerability, these kits can then use that to take over your PC.

Unless you are also running a “behavior based” rather than “signature based” security program.

A layered defense can be assembled using a couple of free (or paid) programs along with Microsoft’s AV or your preferred AV.

This is an additional area of PC security that is partially addressed with the Microsoft EMET toolkit. I took a look at that and decided it was too techy even for me.

Thankfully there are several programs that have addressed this issue. I have tested two of them without issue and feel ok to recommend them.

My main desktop runs HitmanPro.Alert (paid subscriptiononly) in addition to my AV program.

My other two Windows PC’s run Malwarebytes Anti-Exploit Free.

This page lists a comparison of the features between EMET, Malwarebytes MBAE, and HitmaPro.Alert.

http://www.surfright.nl/en/alert (SurfRight was recently acquired by Sophos)

For free, the MBAE is a no-brainer. Just download, install, and forget (at least until you encounter one of those nasties), It’s so light, no signature updates, you won’t even know it’s running. The free version will protect all of your browsers from web exploit behavior.

(youTube) Malwarebytes Anti-Exploit in action:https://www.youtube.com/watch?v=34rrjkRkj1s

The first part of the video show a PC being successfully exploited by a website.
TL/DR: Skip ahead to 4:00 to see the PC visit the same website with MBAE active. Attack blocked!

Reply | Quote

I recommend Malwarebytes as a second line of defense. It does a very good job.

Reply | Quote

Just an FYI – Sophos makes a product, free for up to ten users, it has no advertising, and it offers central management through their cloud.

It is amazingly simple. I’ve used it to replace MSE on all my home systems. Does Windows and Mac.

Reply | Quote

Silly me, forgot to give y’all a link:

https://www.sophos.com/en-us/lp/sophos-home.aspx

Reply | Quote

I started to reply once, but got sidetracked and lost it.

I was wondering if ESET Smart Security Version 9 would conflict with the MSE program or be redundant. Could you offer some advice on this please? Thank you. 🙂

Reply | Quote

You should only run one AV program at a time. Installing ESET will push MSE into the background.

Reply | Quote

Woody: I’m backed up on e-mails, however noted this one which answers the question I posed about ESET. I already have ESET, and have had it for quite a few years, so I sincerely appreciate the advice to “leave well enough alone”. Thank you! 🙂

Reply | Quote

I’m just sensitive on my 1T 6GB Win 7 Home Premium HP desktop. I haven,t done any banking or such on my Moto. BUT I am in process of synchronizing the Moto E 2nd Gen Android 5.1 with the desktop so I have to be very careful. Oh, I don’t have anything saved outside of my desktop.- no clouds for me yet, because they are probably going to be the next field of attack. Thanks for your time and help. I am also going to download your brothers game in the next couple of days. Good luck to both of you!

Reply | Quote

After installing MSE, be sure to check your WU settings. I’ve had it reset them to “Automatic” on several machines.

Reply | Quote

Definitely! I would also suggest running BOTH of their products, Anti-Exploit and Anti-Malware. Each has a different role, but having both in addition to your choice of AV is a good layered approach that covers most of your defensive bases!

Reply | Quote

Good point.

Reply | Quote

Thanks!

Reply | Quote

Found right after commenting on your pager: I had only remnants of MSE on my computer so I promptly downloaded the new and get all update in about 20 minutes. It is now up and running along with GWX Control Panel and Norton Security Suite 2016 . Thanks

Reply | Quote

Years ago Sophos had the only effective engine among the big Enteprise players, Symantec, McAfee and Trend Micro and of course Sophos. However it was a resource demanding product, worse even than Symantec. Maybe they cleaned up and made it more streamlined now. I don’t know how their detection rate is now as like Woody, I am not paying much attention to antivirus products and use MSE, but as I said it was impressive few years ago, in the windows XP era.

Reply | Quote

Back up often, the large hard-drives tend to be more fragile than those under and including 2TB drives.

Reply | Quote

I totally agree with Woody’s advice with an alternative to internet security.
May I suggest:

Avast! Free (newly updated 19/08/16)
https://www.avast.com/en-gb/lp-ppc-win-02c?device=c&gclid=CMzRuufDz84CFcGdGwodh-oC9w

Although the upgrade to Internet Security is worth it’s weight in Gold with the ability to configure the Avast firewall and block IE altogether.

Been an avid user of firefox since the phoenix days (Windows 98SE/ Windows 2000) when google was just a toolbar search engine only.

Having tested Google Chrome, I can’t recommend Firefox high enough.

Hope this helps you find your bliss.

Rob

(Disclaimer: I/we have no association whatsoever with this security company other than being a multiple device end-users)

Reply | Quote

I use ESET AV because I’m used to it for many years, and basically because of that only… I like the design and the detection rate, plus it is “light” enough for me. But on the other hand I know that in a patched system and with caution when installing, downloading, and general browsing and file sharing, pretty much any AV will do it’s job… On most cases, for home users at least, it seems to come down to a matter of personal choice on what AV to get these days, as lack of user caution or knowledge may have a greater impact in the security of a system than the difference in detection or removal statistics could ever achieve… Of course there are better and worse products, but I think MSE is a pretty good solution and does the job it was built for pretty well, and it’s free.

Also Woody, I have a question and I didn’t know where I could post it… My Windows Update found a Broadcom adapter driver today, which is kinda off since I disabled the “search for drivers” on system settings, and even more weird is the fact that it is a driver dated from 2011 and the update release is from 2013! It appeared under the “Optional” tab upon automatic search and disappeared when I ran a manual check… What could that be?

Reply | Quote

If it’s a driver distributed through Windows Update… fuhgeddaboutit. They’re notorious for breaking things. If you really need a new driver, go to the manufacturer’s site and download it directly.

Reply | Quote

Rarely the Windows distributed drivers may be more stable just because they have less features and in many situations have passed the test of time. This is rather an exception though.
The Microsoft distributed drivers can all be downloaded from the Catalog as .cab files and they are not quite easy to install unless knowing the procedure.
I found events in the Windows 10 Windows Update log saying that there are updates available but were not downloaded and installed. By looking up the GUID in the Catalog, they were identified as drivers. Not particularly useful, not considered critical by Microsoft as they were not pushed through WU, but useful only to make the Event Log clean after installation.
Those non-critical drivers are those which are pushed only if there is no functional or compatible driver in the system, but never as an update.

Reply | Quote

If it disappeared there are chances that it was silently installed. Otherwise, see Woody’s and my reply in relation to drivers.
In short, the official policy is to push Windows Drivers regardless of your settings for drivers update only if they are considered missing, those being installed not compatible (which is debatable sometimes) or Security Updates (to the drivers themselves).
If you manage to set Windows Update for Never check, then this should act as “master” setting on drivers too and do exactly what it says.
This is the theory at least…

Reply | Quote

Slightly off topic but looking for an answer to why on one of my Win 7 Pro 64 machines Windows Update does not present the MSRT for installation as all of my other machines do? The machine has been in service for several months and I manually installed Julys MSRT to see if that would prompt it to show the August version but no dice. Update settings are the same as my other machines.
Thanks.

Reply | Quote

@Woody

I’ve searched a bit and found exactly that… Windows distributed driver DO break things… Haha… Over the internet I found a couple forums where people found the same, or at least similar drivers, and at some situations the installation seemed to cause havoc…

Will just let it be then…

@ch100

I don’t believe it has been installed, my Windows Update is set to search but not install nor download automatically, also, it’s not listed as installed, the last one being the Windows Defender definitions, installed by me earlier today.

My driver policy is strict, only touch it if it’s broken for some reason, or if there is a significant, palpable amount of performance or funcionality gain that make worthy the effort to risk something that is working, for a mesureable enhancement… The second reason is massively less common…

I’m 100% with you both regarding drivers… And since my network adapter seems to be working fine (both Wifi and Bluetooth, and no problems shown in device manager) I won’t be making any changes.

Was just curious on why the heck Windows Update gave me that… Even because it ain’t a missing driver…

Actually I guess it is worth mentioning that it is the second time it appears on my machine, the first was a couple months ago, but I didn’t even had the chance to install it or not, had an update issue and used a restore point, after that the update was never seen again, until now.

Reply | Quote

The latest MSE downloads are for Windows Vista SP2 & Windows 7 SP1 only. Windows 8.1 includes its own version of Windows Defender that is already like MSE. So no MSE download is necessary for Win8.1.

Reply | Quote

@Doug: Sophos requires minimum Windows 7 to use as noted in the System Requirements section (sorry XP/Vista users – look for something else if using these old OSes).

Reply | Quote

I paid, I think, $19.95 for my Norton Internet Security (5 devices including mobile ones) this year.

Normally with Norton in the last 8 or so years (prior to their going to the cloud-based NIS last year), I paid between $0 and $9.95 for 3-device coverage (it was that inexpensive due to the rebates and sales they usually offered around November-January time).

Even at $19.95, I don’t think it is expensive.

I have conveyed my good experiences with Norton and my recommendation of them before in comments on this site, as has frequent contributor LizzyTish, and probably a couple of others whose names I don’t recall now.

A couple of independent (and above-board) anti-virus testing sites that I have seen also have rated Norton higher than the free Microsoft ones. (I gave some links to those in my prior posts about Norton.)

Reply | Quote

If using Firefox and a VPN, you might want to make sure it still doesn’t have the big security issue that Firefox has had with VPNs for the last couple of years.

See more at Wikipedia’s entry on Firefox:
“In January 2015, TorrentFreak reported that using Firefox when connected to the internet using a VPN can be a serious security issue due to the browser’s support for WebRTC.”
https://en.wikipedia.org/wiki/Firefox

The last time I looked into Firefox, I rejected it for that reason (I use a VPN sometimes), but it also seems that they’ve made other changes to the browser in the past year that some folks haven’t been happy with.

—
Noel Carboni, I think it was, has posted in earlier discussion threads on this site about how he thinks I.E. is better these days and safer these days than some folks claim, and that I.E. still gives the other alternatives a run for their money, especially as the alternative browsers also have security issues and user complaints.

That is also my opinion (pro-I.E., when it comes to Windows 7, at least), though I’m just a mildly-informed, non-techie person. 🙂

Reply | Quote

Regarding MSRT’s running itself, there were some questions about that here in April, starting with the following comment by contributor Jim:

“I have never seen MSRT install itself when not selected and especially when Never check for updates is chosen.”
https://www.askwoody.com/2016/win7-security-patch-kb3146706-causing-problems/comment-page-1/#comment-80801

The response from Woody at that time was: “There’s some open question about that. I’d welcome any and all observations.”

Contributor Ed wrote: “I’m with Jim on this one Woody. I have 3rd party AV running along with MWB so I never bother running the MSRT. It shows up in the list every month and regardless of how many individual patches I install along the way it’s still there when the name changes the following month.”

—
I choose not to update my MSRT manually, and I don’t think mine runs automatically – it is always in the list of recommended updates for me. I don’t check it when I download the updates that I do want, and it seems to remain in the list of “available” ones.
In my computer’s update history, it does not show up as having been installed/run in recent times, as far as I can recall (I have the whole ball of wax barricaded eight ways to Sunday right now, so at the moment I can’t click over and easily check the update history.)

Reply | Quote

🙂 🙂

Reply | Quote

Thinking of switching to MSE per Woody’s comments, but worry, since it’s not being distributed for Win 8 and above, about MS’s commitment to maintaining the program. Any thoughts on that?

Reply | Quote

System Restore can behave in weird ways. I don’t take it seriously and it is one of the first things which I disable. The restore point may explain the driver update behaviour? I don’t know, it is just speculation. You can tell if it was installed not based on the Windows Update history which is not authoritative, but only a cache. You can rather tell by looking into Device Manager and chacking the driver version.

Reply | Quote

I actually agree that IE is a good browser although somehow difficult to configure correctly and this is the big issue with it, in other words it is too bloated for the regular user. For an administrator who understands all the technicalities, it is quite good.
On the other hand, I don’t know if Firefox is marginally insecure as it is claimed, it is the foundation of TOR which is one of the most secure platforms and this confirms that it is secure enough. Nothing in technology is perfect though.

Reply | Quote

MSE has been renamed for Win8.1 and 10 – Windows Defender – but it’s basically the same thing.

Reply | Quote

The Firefox extension “Disable WebRTC” takes care of WebRTC leaks.

You can test your browser for leaks here:

https://www.browserleaks.com/webrtc

https://www.privacytools.io/webrtc.html

Reply | Quote

Can you tell me where I can download Malwarebytes MBAE free edition from. Malwarebytes website advertises a pay for edition. Cnet advertises a free edition but is it safe to download through Cnet? I have heard bad things about it lately.

Reply | Quote

First, never download anything that is not either directly from the author’s site or very trusted website like bleepingcomputer. Cnet is a horrible place to download stuff from as there are spyware and adware bundles with their downloads.

Secondly, just go to download and select MBAE and there should be free version there after you click on the MBAE.

Reply | Quote

Hi Woody, I’ve still got my GWX Icon on my desktop and it still shows as an Installed Program. I’m running Windows 7. Do I still need to keep it? Thanks.

Reply | Quote

Chances are good the updates in the next few months will gradually remove it. Microsoft hasn’t given us a definitive timetable, but that’s their stated intention. I wouldn’t worry about it – they’re unlikely to renew the “offer.”

Reply | Quote

Woody…… not sure if this is the right spot to post my comment……. but it is regarding the current August updates (perhaps). I belong to a group of graphic enthusiastists (my spell checker tells me that’s not the correct spelling) Anyway the problem that has suddenly happened is that several members whose machines are still Win7 have found that they are unable to (1) Open their Corel PSP programme from Explorer by right clicking on an image with the command open in : blah blah. A message comes up saying “There was a problem sending the command to the program”… the programme opens but no image. and (2) some have found they simply can’t open them at all.
When testing this myself found that my PSPX and PSPX2 wouldn’t open either by the shortcut in taskbar or Explorer……. until I changed to “Open as Administrator”……… but my later versions PSPX7 and PSPX8 did both without any problems. Most of us still keep our older versions to do things when the later versions play up!!!

As this seems to have only just started and some members have resorted to System Restore to a particular date of 17th August when the problem has been corrected….. I’m wondering if there has been something in the either current updates (which are still waiting on my computer) or in pehaps the July or even June updates that would perhaps affect this. These are all Win7 OSes.
Notice when googling there were instances where websites were speaking of Win7 strengthening security which would create this problem with older versions. They spoke of registry fixes which none of us are really too fussed about doing.

There was also some asking for help in the Corel Forums…….. so it is obviously something that is happening to quite a few.

I thought I would pass this your way in case either yourself or someone else may have a thought or two about it all. Thanks for any help……. greatly appreciated!!! LT

Reply | Quote

I go along with Poohsticks comments re Norton….. they always have good deals going……. and if you still have days left on your previous subscription they will just add them on to your new one if you let them know…….. so you don’t lose out. Also their after service is excellent………. but be aware that you should contact THEM and not their affiliates/agents who have sites online and can be confusing. When trying to sort my Android this year and last year…….. they sorted it all for me… on the phone and by remote. But apart from all that…. the product I feel is trustworthy and good. If for instance I try to go to a site and its a “no-go” area………. Norton stops me in my tracks with great big red sticker smack in the middle of the screen! and of course all the other stuff it does under the bonnet….. gives one peace of mind for sure! Just my two cents worth!!! LT

Reply | Quote

I haven’t seen the problem documented, but I’ll keep an eye out for it. Shoot me links to any problems and solutions you may find posted.

Reply | Quote

Well its strange…….. this has only happened in the last few days to quite a few people in the PSP world…. but it seems that it has also reared it’s little head over the years. I found a site that was speaking about this in 2011: and I quote:

“In Windows 7, double clicking on an image file that should open in PSP 9 will open the program with an error message but without the image on most machines. PSP 9 uses an old Windows system called DDE to pass the image to the program. DDE is still part of Windows 7, but is prevented from working by 7’s tighter security.

One solution, is to disable UAC. ”

They also go on about a registry fix…..
but wondering if what she’s talking about the DDE etc & UAC ring any bells for you with regard to any specific recent updates perhaps?

On the right click menu (explorer) on the “Open with” lists all the PSP Versions and others… on my machine.

Some are talking about Intel Drivers which have been updated recently effecting PSP.

Something has affected this…. in my case I had to use “Open as Administrator” to open both PSPX and PSPX2…. when just perhaps last week they opened without any problems as they had always on this computer. But in some cases the programme just will NOT open – period for some people… My later versions PSPX7 and PSPX8 open just fine……. no problems at all.

Also on those google searches alot of links were thrown up for Excel having the same problems… now just wondering….would there be a connection?
specially when there was a dodgy update affecting Excel.

Woody much appreciate any input into this…. from your side…. Thanks a ton! LT

Reply | Quote

You got me….

Reply | Quote

Thanks Woody…… Obviously it’s some stupid little glitch but being on several computers and happening at the same time….. you think what’s the common denominator!!! anyway if anything comes out of all this will let you know…….. thanks again… LT

Reply | Quote

I am still running Vista until Microsoft stops supporting it next year. I turned off the updates on my computer, because I could not put up with all the crap from Microsoft anymore. I am running Firefox as suggested. I expect to purchase a new Apple Mac Book Pro when they are available late this year. Staples has a deal on Kaspersky right now. Internet Security regularly priced at $79.95 for $29.95. A great deal!

Reply | Quote

The cumulative IE update is always a concern, even for non-IE users. Many parts of Windows depend on IE-related libraries – do NOT wait to get that installed properly.

Reply | Quote

Thought to let you know that it was an update from Dropbox that affected several PSP programmes not being able to either open or open a graphic from explorer……….. and that a subsequent update from Dropbox today has corrected it. So now all is working as before and everyone is happy!!!! LT

Reply | Quote

Dropbox? Ouch.

Reply | Quote

Did you mean GWX or GWX Control Panel?

Reply | Quote