tenthofjune

I’ve just run a manual Windows update on three Windows boxes today that are normally run by non-admin users. This is still necessary since, although they are all set to ‘auto-update’, the updates get downloaded but the actual updates do not take place unless an admin logs into the machine. I wonder how many PCs around the world are delayed in installing critical security updates because of this? However, that is an aside as it is not the reason for this post.

On all three machines, as well as the critical update, I also installed updates for .net 1.1, .net 2.0 and the latest Windows Media Player. After installing and rebooting, I always make a habit of logging in again as admin and forcing a recheck for any other updates: on all three machines it was then identified that critical security patches were required for all three of these new items installed.

This means that the initial downloads made available by Microsoft were not patched, despite the fact that Microsoft knows they need it because it has the patches ready for them.

Since the initial install involves the mandatory Microsoft ‘your mouse has moved, please restart to update changes’ reboot, it is quite likely that anyone installing it will then leave the machine to a non-admin user to continue using, blissfully unaware that the new software has a critical flaw.

Surely it makes perfect sense to have the initial download fully patched.

Following my last post on open wireless access points, have a look at this article by Dick Morrell.

On a short walk with my WiFi enabled Palm recently, I was amazed to find so many open wireless access points.
While some of these are in residential areas, most surprising was the number of businesses leaving themselves wide open. Whoever had set them up had gone as far as changing the SSID to the business name (making it even easier to see where the signal was coming from) but had failed to enable even simple security.
No doubt, these businesses will have a firewall on their internet connection, but having an open wireless access point is like leaving the back door to the shop open.

Further to my last post, I have checked and can confirm that a straw poll of three of Vodafone’s other services in Australia, Germany and Hungary, all still use secure connections for connection to ‘My Vodafone’.

Vodafone UK have redesigned their on-line billing interface (about time too) but they have either forgotten or decided to omit security in their planning. The new pages are all accessed over non-secure links.

Read more…

Trying to re-install McAfee on a new PC, but McAfee’s website requires that I download using Internet Explorer.

I find it ironic that a company who is supposed to be protecting my PC, requires me to use an insecure piece of software to download it’s AV product.