Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Updating XP SP2 new install manually + Firewall, AV etc. 5

Status
Not open for further replies.
torandson

torandson

Technical User
Feb 8, 2005
239
A1
Hi,
I recently built two new systems and plan to have these access the Internet, so I downloaded SP2 on a Win98 system and installed SP2 on the new ones.

I want to update these machines and then save the barebones, fresh install, updated OS before installing any applications (which will include Microsoft Office 2003)---especially anti-virus, which goes in last so that it can be kicked out first if it misbehaves.

In other words, I want to do the updating before installing apps so that I can save an image of the OS partition and roll back to any point by restoring the partition image.

However, I am concerned about virus exposure while going online to run Windows Update, so it seems that doing all this requires some ingenuity.

First, I installed the 90 day Norton Internet Security that came with the motherboard, intending to download updates and install them after rolling the partition back to the pristine, pre-Norton image.

However, two problems:

1. Windows Update, which is very secretive about what it is doing, and astonishingly complicated and lacking in any clearly stated IT solutions. (Yes, I read about the MBSA utility, and downloaded version 2.0. But there is no simple, direct statement anywhere on Microsoft's website I could find that explains exactly what this is and how to use it. I had to search all over the place just to find a simple reference to the word "XP" that made it clear that this utility pertains to it. And SUS, whatever that is, is being phased out, so please migrate to another update management solution about which the online documentation states it is compatible with Windows 2000 and/or Server 2003 but says nothing about XP.) My need is very simple. Just give me a list of updates that need to be installed, in the order in which they need to be installed, and show me where I can download them.

Windows Update downloads updates to an unknown location. and then asks if I want to install unspecified them. I managed to read the fine print and wrestled control of my own computer away from Microsoft once again at the last minute so that it did not automatically install the updates when I shut down. But I cannot locate them.

So I figured I would go ahead and install them, and then look in Add/Remove programs afterward to see what they were so that I could download them again manually myself. Nice to see when I did that that I was finally told what they were (almost) if not where they were. (The Microsoft Installer 3.1 --- is it the 3.1 v2 or not? WAU didn't say.)

I've been talking with Microsoft support, and I appreciate the gesture, but I was told that it did not make any difference in what order I installed the updates. (???) This contradicts what I read in one Knowledge Base article. Now I am again waiting for a reply. (I seem to spend all of my time waiting and explaining something. When do I get to use my computer?)

Of course, if I simply let Windows Update automatically install them now, they will be gone when I roll the system back to the pre-Norton image, and I won't even know what they were, so I need to find out what updates should be installed, and in what order Windows wants to install them all.

Why can't a company as big as Microsoft make this as simple as it actually is? Why can't Windows Update just output on request a simple script file that lists the needed updates and security patches and performs the installation of every needed patch back to a fresh install of SP2 from a disk folder full of downloaded updates? DOS 3.0 could have done that much!

2. Norton Internet Security. Enough said. I don't want to complain, but the product smells like something spelled j-u-n-k. It so slows down the loading of XP I sometimes think the computer is locked up for five or ten minutes before the desktop icons appear. Most of the time, most of the usual taskbar icons do not appear. So it goes in the trash. One reason I'm upgrading my office system is that Norton routinely crashes it. I no longer have even the patience to endure the affront of this chokeware even for the limited period of time it takes to get these updates downloaded.

Two broad questions:
1a. How do I get and install the necessary updates? How do I download them to a known location so that I can then install them in the correct order on multiple computers without having to put each machine online to do that?

1b. How do I protect my machine while I am downloading the updates? I am no longer willing to let Norton assist with that. I am now more worried about what Norton will do to this system than I am worried about what a virus might do. I am not willing to kill the patient to keep it safe from viruses.

Perhaps this is not a legitimate concern. After all, I am going to restore the partition after I download the updates. The system will not again go online until after the applications have been installed and the long-term anti-virus and firewall solutions put in place. If an infection while downloading the updates is not likely to corrupt and infect the updates themselves, then it doesn't matter if I am at risk while downloading them, it would seem. Anyone know for sure?

2. What anti-virus and firewall solutions exist that provide effective protection from the threats without crippling either the system or the owner's budget in the process? Because this is a business, I cannot implement many of the free solutions available to home users out there. But Norton already has all of my AV budget for the next few months. What can I do in the near term (in addition to tossing NIS in the trash)?

I've read a variety of AV and firewall reviews. Apples and oranges. Six of this and half dozen of that. What I am looking for here is a consensus unanimity about one solution that is widely known to be effective and also lacks a significant negatively impressed community.

--torandson
 
Sort by date Sort by votes
Unless you are using non-oem cd's to setup the os, I wouldnt worry about viruses. This is assuming youre installing from a fresh format.

As far as an overall security suite, I would suggest anything from Kaspersky labs. They have great software and great support. If we didnt use Symantec at work, I'd suggest the Kaspersky suite to my boss.

Heres the link:
 
Upvote 0 Downvote
For the Primary task of of downloading updates,

Download AVG Antivirus. The free version, and go ahead and download the updates. Unfortunately there is no way of knowing what updates need to be downloaded without actually downloading them. Once the updates are downloaded, you can remove AVG, which allows itself to be removed leaving no trace behind, (unlike Norton, which you practically have to wrestle the computer away from it) This way you preserve the updates and can image the computer without having traces of unwanted software looming around.

You can also tell Windows Updates to tell you what it wants to install by selecting "Manual installation" instead of Automatic. It will then show you a list of the recently downloaded updates that are waiting to be installed. You can't actually select which ones to install but at least you'll know what they are.

As for Corporate Security Suites, my money is on Trend Micro's Array of Corporate security products, they work well together aren't resource hogs, and have pretty comprehensive protection without interfering with users work. And they are [red]NOT[/red] "[green]free solutions for home users[/green]"

----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.
 
Upvote 0 Downvote
I would say if all your trying to get is the system upgrades from microsoft there should be no viruses to
worry about. Only if you start surfing to other sites.
Also one of the best drivebackup packages I've found is from NTI. You can use there try before you buy version. It will let you use it 3 times before you can't make more backups. I tried it and after setting up my system with all the upgrades and packages I wanted installed I made a image. It has saved me already. I mistyped a web site and had all kinds of junk installing. I rebooted with the image I made and I'm back to the way I was after I had everything installed. Now I can put my recovery cd's that came with my pc away.
 
Upvote 0 Downvote
For future reference you can manually download updates from the Windows Update site and save them to disk. Maybe you know of such a person who has and would then let you copy them?

The trick with the above procedure is to let Windows manually scan your computer and tell you what updates are required. With a list of the updates in your hand, you then use the Administrators option link on the Windows Update site to access the Windows Catalog of updates, where you can then save them to disk. When you know what updates you require, go here and look for the link called "Find updates for Microsoft Windows operating systems". This will be available after a Brief Update of the Windows Update engine.

Find updates for Microsoft Windows operating systems.

How to download Windows updates and drivers from the Windows Update Catalog



You can also look at the settings available under Automatic Updates, settings such as Notify but don't download, or Download but don't install.

Automatic Updates are usually held in a folder such as C:\windows\softwaredistribution\ until after you install them, at which point Windows may clean them out. You could also look at locations like C:\Windows such as "downloaded installations" or "registeredpackages" or somewhere like a WU temp folder. Also there is often something stored in the Temporary Internet Folder, or even the System Restore folders.


How to configure and use Automatic Updates in Windows XP
 
Upvote 0 Downvote
trojanman, Thanks, I may just do that. I've been seeing a lot online about Kaspersky these days.

Would anyone else care to comment about Kaspersky? Does anyone know of a reason not to get Kaspersky? How easy is it to uninstall?

vacunita, thanks, I'll check out the Trend Micro line, too.

And thanks for that info about having Windows Update tell what has been downloaded. I'll look for that next time I go online. I wondered where I could get that information. Too much information is now available only after one clicks on an .exe file or commits to 'installing' something. This is very problematic when half the time such a move constitutes making an inescapable commitment, and one in a hundred times it wrecks something. One needs to know before clicking on .exe or "install" what is going to happen.

Everyone, same question as above: does anyone know of a reason not to go with Trend Micro antivirus/firewall solutions? How easy is it to uninstall?

However, RE: using AVG Free to get the updates: The AVG EULA specifically states that anything other than home use constitutes a violation of the EULA. Using AVG free to protect my business computer while getting updates from Microsoft is therefore not an option. I would be happy to reconsider if I heard otherwise from the company that produces AVG, but 'everybody does it' is not such a thing.

On the other hand, if AVG is a viable corporate solution, I might consider just going ahead and buying it.

Anyone have any thoughts about this?

lpblauen, Thanks, that's what I surmised.

I may just go and get the updates wearing nothing more than the XP firewall. But I have a backup imaging solution that works for me, thanks. I use Partition Magic 8.0 to copy the partition to a mirror location, and then boot to it and copy the original to DVD using the Nero OEM BackItUp that came with my Sony DVD/RW drive.

linney, Thanks, as usual your advice is solid.

I don't know of such a person, nor would I really want to trust my computer to the kind of 'chance' that would introduce to the system. This is why I don't want to 'uninstall' an antivirus solution, but to restore an image on which it never existed. With all the corporate spyware out there, (Think of Sony's fiasco with the rootkit mess) I frankly don't trust Microsoft, much less any of the little 3rd party software vendors. I want to make a bakup of my partition offline. I don't want my backup software talking to a parent company over the Internet whether looking for 'updates' or whatever when I am imaging a partition. And I want to be able to return the system to a previous known state by means into which no other company intrudes upon the backup/restore operation. The same goes for removing any program I later don't like: I do not want to uninstall it. I want to return to an image on which it never existed, when that is practical.

Yes, you understand what I want to do. The weak link I was dealing with before was that I didn't know what Windows Update had chosen to download and install, nor where. Your information is right on target for helping me locate that, thanks.

Of course, this raises another issue. I will have to go online and re-update the Windows Update engine before installing the updates that I download after discovering which ones they are, correct? (Since it will disappear when I roll the system back to a clean partition after I download the needed updates.) So I still am confronted with the problem of how to install the updates on a clean installation without going online.

Can I download the update to the Windows Update Engine for installation later?
Actually, Windows Update gave me two or three update downloads: A Windows Authentication Active X, (IIRC), The Windows Update Updater Engine, and a Windows Update Catalog Active X.
Can these be saved to a folder for later installation after restoring a clean image? Which of these if any would be required to install the updates that I will download? (Perhaps I could wait and update these three again after installing the updates, my 3rd party apps, and then my AntiVirus solution. Os that possible? Or is the Updater Engine update required to correctly install the updates?)

--torandson
 
Upvote 0 Downvote
Once you have downloaded the updates and saved them to file, CD, DVD or USB, then the window update engines are of no significance as you just install the saved updates as normal installs.

For the extra paranoid I suppose you could go online get all your updates save to file etc., then reformat and re-install, or re-image, then install the updates manually.

I tend to shy away from big (read slow) Internet Security suites, that try to do everything in one program for you.

A good anti virus program, the SP2 firewall (or your own preference) and something like the free Ewido, Windows Defender, is probably adequate. It really depends on where you surf and what you download. Commonsense, using a limited user wherever possible, and a fast, light, layered security protection, is what I rely on.
 
Upvote 0 Downvote
The only 'problem' I have found with Kaspersky AV is that it is very "heavy" -- i.e., CPU and memory intensive. It made a 1.8 GHz DELL with 512MB DDRAM unusable for even casual surfing. In fact, I can see performance degredation on a 3.8 GHz hyperthreaded CPU with 2GB RAM. This is a very thorough and complete product.
 
Upvote 0 Downvote
linney,

Just as I was getting serious about Kaspersky, I read ...

avanderlaan,

The only 'problem' I have found with Kaspersky AV is that it is very "heavy" -- i.e., CPU and memory intensive.
Click to expand...

... and I think about my 1.8 GHz 750MB smaller office system with onboard video sharing RAM ... (the other system is an Intel 3GHz board with 1GB RAM that is also shared by video) ...

Please define:

A good anti virus program
Click to expand...

and then, if I might ask again,

... a fast, light, layered security protection
Click to expand...

I have downloaded the Lavasoft Personal Firewall. Any comments? cf. Kerio, Zone Alarm?

I already purchased SpySweeper.

Which fast, light anti-virus plays well with (which of) these, and is effective, in your opinion?

--torandson
 
Upvote 0 Downvote
And SUS, whatever that is, is being phased out, so please migrate to another update management solution about which the online documentation states it is compatible with Windows 2000 and/or Server 2003 but says nothing about XP.)
Click to expand...

SUS was replaced by WSUS (which is really quite good for a business and does support XP+Office etc). It allows you to schedule the automatic updating of clients but you can specify exactly which updates are being applied.

It would give you the high level of control you need, from a verified source but without the hassle of updating machines individually.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
 
Upvote 0 Downvote
You might look at the Jetico Personal Firewall It has gotten some very good reviews lately. I have switched to Jetico from Sygate Personal firewall after Sygate was acquired by Symantec.
 
Upvote 0 Downvote
I have found that NOD32 (not free) to be a good choice for anti-virus protection of "underpowered" systems like the 1.8GHz DELL I mentioned previously. I really liked Panda AV, but their service was problematic -- I got an awful lot of Spanish email replies to bug reports I submitted.
 
Upvote 0 Downvote
I also recommend the Kerio personal firewall.

Check this out:


If you're looking for the free Kerio Firewall or a replacement for the Sygate firewall, you have found the right page. Just like the original, the Sunbelt Kerio Personal Firewall will keep working after the first 30 days, but in basic mode.

"Best personal firewall in the roundup!" PC Magazine

I personally recommend it because it is easy to configure and very powerful, yet light on system resources. ZA seems to lock up and cause Internet issues from time to time. You can also download it from my webpage:


Spysweeper is a great spyware program. Ewido is also great to have in the toolbox. Check it out here:


AVG seems to play well with all of these products that I mentioned (Kerio and Spysweeper/Ewido). I like this combination.

Best regards.

Erik
 
Upvote 0 Downvote
Running "realtime" on my main system I have NOD32 anti virus, Outpost Firewall (its Spyware checking is turned off), Windows Defender, Process Guard, and Reg Defend. I am also behind a firewall/router.

Available for manual scanning I have, Ewido, Ad-Aware and Spybot S+D

As I said before I tend to stay away from combination suites that try to do everything from within one program and may be resource hogs.

I surf as a limited user and don't go anywhere "interesting" - what a bore!

As far as I can tell it costs me about $100 to catch a few "evil cookies". Even if I ever caught something really nasty that couldn't be removed, I have recent images to restore from.

I keep my machine fully updated with Micosoft Security updates and ServicePacks.

1GB RAM on a Pentium 4 CPU 3.00GHz machine.
 
Upvote 0 Downvote
The AVG corporate range is superb - I've been using it for years with no issues at all. - It also is comparatively cheap when you consider that the susbcription fee covers two years not the usual one.

Very easy to manage centrally - roll it out and forget it, and it won't eat your Exchange server resources either.

Give it a try

MD
 
Upvote 0 Downvote
Thanks again, all,

Having taken all of your advice into consideration, I've decided to go with Kerio for the firewall and SpySweeper for the antispyware. Now I have to choose an antivirus program.

I found a few "top6/top10/review/comparisions" and have boiled it down to:

TOP CHOICE:
BitDefender Standard:

Pros: Ranked #1 by TopTenReviews, good feature set, 4-user price is only a little more than twice the single-user price (I have 4 online machines)

Cons: Doesn't have webmail protection (which I do use), separate license required for their Linux manual scanner only, don't know how easy it is to uninstall

If I hear that this product is glitch-free compatible with the above firewall and antispyware solutions I've chosen and light on resources, I think I'll go with it. Otherwise, ... my number two choice is split between ...


AVG Pro :

Pros: Multiboot machines need only a single license, Protects Linux systems also, Price is competitive over two years, Webmail protection, said to be easy to completely uninstall

Cons: didn't pass the W.C.L level 2 (disinfects) test, doesn't have script blocking, history/report logging, outbreak notice, realtime registry scanning

Mitigating: I, too, keep backup images and can restore a clean partition if bugs are found, so maybe I don't critically need the level 2 (disinfects) ability, and do use webmail.

... and ...

Nod32:

Pros: flexible and configurable, high user ratings,

Cons: No registry scanning, no webmail protection, Windows only, higher price



I am going to install the 30-day trial versions of the top two on the two new machines and see what they 'look' like, while downloading the Windows Updates. Then I'll roll back to my clean install image, and make a decision about what to buy.

Meanwhile, any further comments about your experience with any of these products would be much appreciated. Especially, can anyone comment from personal experience or neighbor's firsthand knowledge of BitDefender? Is it light on resources? Easy to uninstall?

--torandson


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

VicM
  • Locked
  • Question
Problem updating Windows Explorer
Replies
1
Views
962
Nancycaf
Nancycaf
pmonett
  • Locked
  • Question
Cannot install Notes R12 1
Replies
13
Views
763
Rick998
Rick998
pjw001
  • Locked
  • Question
File Explorer New File Menu (Windows 8)
Replies
1
Views
291
pjw001
pjw001
johncp
  • Locked
  • Question
W10 Defender blocking installation of uTorrent
Replies
9
Views
1K
mikrom
mikrom
Thespian
  • Locked
  • Question
Transfer files and applications from a hard drive to a new system
Replies
4
Views
394
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top