Replies

JohnW wrote:

With all due respect, you are clearly misinformed about that. I don’t know what version you are looking at, but he has added support for SHA-256, SHA-512, SHA-384, and CRC32.

Thanks very much.
You are right, of course.
I based my earlier comment on NirSoft’s description, “HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. […]”
I missed the info regarding SHA-256, SHA-512, and SHA-384 in Versions History.
It would be welcome if NirSoft added that information under Description.

In reply to JohnW, July 9, 2017,

You mention NirSoft’s HashMyFiles.
However, NirSoft’s HashMyFiles calculates only MD5 and SHA1 hashes.
As mentioned by Kirsty, MD5 and SHA1 hashes are no longer suitable for checking file security.
Therefore, NirSoft’s HashMyFiles is not suitable for checking file security.

In reply to AKB1000006: Checksum Verification of Downloaded Files, by Kirsty, published 4 July 2017 | Rev 1.0

If one wants to use a utility for checking checksums, shouldn’t that application be digitally signed?
The mentioned MD5 & SHA Checksum Utility, Multihasher and also 7-Zip are not digitally signed.

Some other are utilities for checking checksums are digitally signed.

There is DigitalVolcano Hash Tool:
https://www.digitalvolcano.co.uk/hash.html

And if you want a shell extension, that integrates into Windows Explorer file properties, there is Implbits HashTab:
http://implbits.com/products/hashtab/

And another shell extension, that integrates into Windows Explorer file properties, is Febooti Hash & CRC:
http://www.febooti.com/products/filetweak/members/hash-and-crc/

EP wrote:

[…] KB3003057 is being offered instead of KB3008923. […]

Thanks, EP, same here.

On one of my Windows 7 x64 systems, on which since May 6 KB3008923 was being offered, yesterday, I unchecked KB3008923 and I installed Rollup KB4019264.
I am not sure if after installing Rollup KB4019264 the old KB3008923 was still being offered, or if it was replaced by KB3003057, at that time.
Anyway, at this time, today, KB3008923 is no longer offered, but it is replaced by KB3003057, Cumulative security update for Internet Explorer: November 11, 2014.

The system on which first KB3008923 was offered, and (after installing Rollup KB4019264) now KB3003057 is offered, that is my Windows 7 Professional x64 system that was installed March 29, 2016, on which KB3008923 and KB3003057 were never installed, as in March 2016 those were already superseded by a more recent Cumulative security update for Internet Explorer, the March 8, 2016 update KB3139929.

Seff wrote:

I installed KB3008923 on both my Windows 7 machines in December 2014, and it’s being offered again now. The only difference between then and now is that in Dcember 2014 I was running (and using) IE9 and now I’m running (albeit barely using) IE11.

I think I found the reason that you get KB3008923 offered for the machines on which KB3008923 was installed in December 2014, while I do not get KB3008923 offered for the machine on which KB3008923 was installed in December 2014.

On your machines you had the KB3008923 update for IE9 in 2014, I had the KB3008923 update for IE11 in 2014.
According to the Microsoft Update Catalog for KB3008923, the versions for IE9 and IE11 are not the same. (Also if you download the two versions, you see they’re not the same.)
As I said, I think that is the reason that you get KB3008923 offered for the machines on which KB3008923 was installed in December 2014, while I do not get KB3008923 offered for the machine on which KB3008923 was installed in December 2014.

Thanks very much, Seff.
That means I may have been too confident in my conclusions in my previous post.

Regarding KB3008923,
I wondered why some Windows 7 systems get KB3008923 offered and others don’t.

For instance,
I do not get KB3008923 offered on my Windows 7 Home Premium x64 system that was installed November 24, 2014.
But I do get KB3008923 offered on my Windows 7 Professional x64 system that was installed March 29, 2016.

I guess the system installation date, and thus the updates that were installed, has something to do with getting KB3008923 offered or not.

On my Windows 7 Home Premium x64 system that was installed November 24, 2014, KB3008923 was installed December 25, 2014. (That system was offline on Patch Tuesday December 9, 2014, till December 25, 2014, when KB3008923 and other December 9 updates were installed.)

On my Windows 7 Professional x64 system that was installed March 29, 2016, KB3008923 was never installed, as it was already superseded by a more recent Cumulative security update for Internet Explorer, the March 8, 2016 update KB3139929.
And with recently Microsoft retiring old superseded updates, consequently breaking the supersedence chain (as discussed by abbodi86 and ch100), Windows Update no longer recognizes the current Cumulative security update for Internet Explorer on that system.

I think that difference, mainly the system installation date, and thus the updates that were installed, is what determines whether or not KB3008923 is being offered.

(Also posted at Wilders Security Forums.)

2 users thanked author for this post.

satrow, MrBrian

Pepsiboy wrote:

Well, I just got offered from Windows Update 3 KB’s from Oct. and Dec. of 2014. […] KB’s offered are 2987107 – 10-14-14, 3008923 – 12-9-14, and 3003057 – 12-9-14. These are “Cumulative Security Updates” for IE 11. As old as these are, Should I install them or hide them and forget about them? […]

Regarding KB2987107, KB3008923 and KB3003057, all three KB-articles state “The update that this article describes has been replaced by a newer update.” Meaning those updates are not current.
To me it looks that Windows Update is making a mess.
I think it’s too early to tell what is going on.
What I do, is wait for a couple of days, and see if Windows Update is corrected before or with May 9 Patch Tuesday. I think that may be wiser than trying to install those out of date patches, or hiding them.

PKCano wrote:

Perhaps the supersedence chain will be updated with the May updates. If this is an UNCHECKED optional, it should be ignored by default.

Regarding KB3008923, on my system, it was checked and under “Important”.
And yes, as I said, let’s see if this is corrected before or with May 9 Patch Tuesday.

1 user thanked author for this post.

PKCano

Same here.
Windows 7 SP1 x64 up-to-date, including April 11 2017 Rollup.
And now KB3008923, “MS14-080: Cumulative security update for Internet Explorer: December 9, 2014” is being offered through Windows Update, even though the KB3008923 knowledge base article states “The update that this article describes has been replaced by a newer update.”
 Let’s see if this is corrected before or with May 9 Patch Tuesday.