Windows

Windows 7: Don't forget to update

In all the fanfare of releasing Windows 7, Microsoft forgot to mention something. Michael Kassner explains why you should immediately install updates to your new system and get to know the changes in UAC.

While talking about Windows 7 RTM (Release To Manufacturing) installs with some colleagues, I mentioned the need to run Windows Update right after loading the operating system. A couple of system administrators looked at me funny, saying they didn't think it was necessary.

Run Windows Update

The last thing one expects to do after installing a brand-new operating system, is to check for updates. Still, I have been using Windows 7 RC for several months and every patch Tuesday, Windows Update has installed fixes. The bad guys know about the vulnerabilities too and are currently exploiting them.

So doing a manual Windows Update after installing Windows 7 RTM made sense to me. When I checked for updates after each install, I was informed the following patches (2 critical and 4 important) were available:

  • MS09-54: This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
  • MS09-055: This security update addresses a privately reported vulnerability that is common to multiple ActiveX controls and is currently being exploited. The vulnerability affects ActiveX controls that were compiled using the vulnerable version of the Microsoft Active Template Library.
  • MS09-056: This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication.
  • MS09-058: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application.
  • MS09-059: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process.
  • MS09-061: This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser.

During our conversation, one associate felt updating was done automatically. I didn't see that. So, I am glad I checked Windows Update. Running a manual update is less painful than fighting malware on a brand-new operating system.

Don't forget UAC, it's changed

Microsoft changed how User Account Control (UAC) works in Windows 7. Another controversy I plan on writing about in the near future. UAC in Windows 7 allows the user more options or chances to get into trouble, depending on your point of view.

You can find the UAC dialogue box by going to Control Panel, selecting User Accounts, followed by Change User Account Control Settings. Here are the four settings:

  • Top position: Is "Always Notify" and identical to the default mode in Vista.
  • Second position: Is the Windows 7 default setting, prompting the user when a non-Windows executable asks for privilege elevation.
  • Third position: Is similar to the second position. The difference being the prompt occurs on the user's desktop rather than the secure desktop.
  • Bottom position: This setting turns off all protection afforded by UAC.

As a security advocate, I felt compelled to at least mention that Microsoft changed UAC. Many security-conscious people prefer the "Always Notify" setting. So they need to adjust the setting. Others abhor UAC and will immediately turn it off. No comment, at least for now.

Final thoughts

I understand why software is out-of date as soon as it is released. Why not automate the update process to check after being installed or at least warn the user to check for updates.

My friends and I are still debating about the update process. What is your experience? Is Windows 7 updated automatically after installation?

"Finding vulnerabilities is good news, not bad news. It means we can do something to improve security. It doesn't mean someone has been screwing up." Roger Johnston.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

86 comments
Ocie3
Ocie3

So far, I haven't installed Windows 7 on anything and it might be a while before I do. Many vendors do not hesitate to send you a CD that contains outdated software, and Microsoft is one of them. So, the standard operating procedure for me is to always check for an update, if I can, to any software [i]before[/i] I install it. It is best when the installation process includes checking for any update(s) and applying them but that isn't always adopted. Also, I've found a few vendors that expect new customers to [i]download[/i] outdated software and install it, then download the most recent update and install it. That is not a problem, unless I must uninstall the outdated software before I can install the updated software. Then again, back when I was using dial-up, that expectation did not seem reasonable. With regard to [b]Vista/7 UAC[/b], I have not used it. However, I use a firewall that has security features which remind me of the descriptions of how Vista/7 UAC behaves. So I am accustomed to having every security feature available (usually) enabled to maximize security -- especially with respect to installing and updating software; monitoring software for changes in the interim; requiring my authorization for a program to access the Internet; etc. Then again, I can see why most people would regard such security features as a nuisance, an easy step away from being seen as an [i]unecessary[/i] nuisance. The reason is that some idiot told them that a computer is "just a TV that connects to the Internets". Does their TV have "security features"??

.Martin.
.Martin.

as soon as it is available for retail, there will be updates, and i never assume that windows will check for me...

ultimitloozer
ultimitloozer

The only real problem I have with UAC is that you cannot specify programs that should always be authorized to run. For example, the HP update utility that was installed with my printer drivers. Every week I have to tell my system yet again to let it run. There should be a mechanism to allow an installed application to always run from a specific location and you can even hash the file just to make sure it hasn't been changed since the last run. I would imagine that this type of mechanism is what allows the various OS components to transparently accomplish the same thing, so it would not be a huge issue to expand it to allow the administrator to add other apps to the list.

jon_saxon
jon_saxon

The basic problem with these updates coming within days of the OS release is that Windows 7 is still relying on the fundamentally unsecure, and evidently unsecurable, code base of Windows version 0.90. Back in 2003 I sent to the release of Windows Server 2003 and Microsoft told me that they had taken all their programmers off other projects and were focused on securing Windows. At this point, they don't seem to be finished yet. I try really hard not to be an anti-Microsoft bigot but six years after they pledged to fix Windows they haven't done so. If they can't do it in six years it will never get done. As a consultant, how can I recommend Windows operating systems to clients knowing it cannot be made secure?

BlueCollarCritic
BlueCollarCritic

When SQL Server 2005 came it out, the features that had previously been identfiied as security issues were now by default turned off or locked down when installed out of the box. The UAC, while annoying to most is better then nothing so long as it is confighurable (unlike in Windows Vista where it was all or nothing). And so it would be better to have UAC fully enabled when installed by default. This way no one would miss changing it or forget about changing it during an install. As for Windows Updates, the option to Check for updates should be enabled by default. This way duiring install there is a reminder about possible updates. I would not condone automatic updates b/c sure enough you'll get an update you wish you hadn't. The answer in general is for MS to loick down as much as possible for default installs but gove users the chance to change or disable these as well. This way those not computer savvy enough to know whats right woudl have a more secure system out of the box while letting the more tech savvy users change what they want to.

eldergabriel
eldergabriel

Whenever I install any operating system, one of the first things I do is install any and all available updates, as a matter of course. I find it odd that anyone in their right mind would give you a funny look by suggesting this be done.

bookkeeper
bookkeeper

While i agree UAC is a good thing and is much needed in today's computing, I also agree that it needs so be highly configurable for the company or users themselves. Everybody uses a computer at a different level and if user can't run their programs or do their work they will shut UAC off.

Hunt1
Hunt1

It only stands to reason that the first action when setting up a new OS is UPDATE. That puppy's image was created mounths ago, burned - paggaged - shipped. It is old befor you remove the shrink wrap. As far as UAC is I do feel sorry for MS as it is now a situation where they are damned if they setup a tight ship. Damned if they open it up a bit so the poor user is not bothered by sooo many security concerns. We deserve all the mall ware that comes our ....

emo_rocker1134
emo_rocker1134

OMG you have no idea how much this helped me. i have been trying to get my second vid card to detect for days. and i read this did a manual update and it installed. THANK YOU!!!!!

we
we

As someone involved with IT for 26 years, I concur 100% with the view that one must check for and apply updates after a new software install even if the software supplier has included an automatic web search and download. Some updates can only be applied once certain previous updates are applied and the computer is restarted. In my experience, assume nothing and work through the activity with caution! allen@rfclaw.co.uk

remjr
remjr

I did chec for updates because - well - it's Microsoft. Everything has been great with RTM until about a week ago and now my connection to my cable ISP is up and down like a psychotic merry go round. Have tried a few things to correct the problem but still haven't gotten to the bottom of it yet. Otherwise, I'm very pleased with Win 7.

TNT
TNT

I agree MS should give users some education on how to properly upgrade/install their new OS. Disconnect from all networks, upgrade, install anti-virus, check for updates. But the same thing happened to me after installing Snow Leopard on my Mac. I performed the install, then did a manual software update and found 10.6.1 was available. As for UAC, again, more education is necessary. If you make it configurable you have to let people know how and what the options mean. I'd do this at installation, similar to how you configure automatic updates. Mac's version of UAC is just as "in your face" but not configurable, so no education is really necessary.

dougr.adams
dougr.adams

Most IT pro's would automatically update as soon as they completed a new install (and have added the virus protection, before connecting to the internet). But there are a lot of home users that do not know the proper steps to protect themselves from the Bad Guys, so Microsoft might need to look at adding some suggestive prompts so those users do not mess up and make it harder on the rest of us.

SKDTech
SKDTech

The first thing that should be done on any fresh install of an OS is to manually update until no more updates are found. I would assume that the reason there is a delay before Automatic updates start looking for new items is twofold, A) during install Windows will ask if you want it to go ahead and download any available updates and apply them during installation and B) they quite rightly assume that many users will start installing applications right away. For those out there that disable UAC all I can say is that I hope you truly understand what you are opening yourself up to. UAC is but one useful tool in avoiding system infections by malware and should be enabled on any network attached machine.

Michael Kassner
Michael Kassner

I know you and your expertise is light years ahead most users. My feeble attempt here is to inform the un-informed so they will be safe as well. Edit: Spelling

Michael Kassner
Michael Kassner

Of users don't feel the same way. They go huh, when you ask them. The software is new, so it is good to go.

BlueCollarCritic
BlueCollarCritic

If anyone is looking for a way to somewhat control the UAC in Vista without having to go to the UAC Pannel and trun it on and or off then let me know. I have 2 reg files that enable or disable the UAC on the fly. I use these to turn of the UAC when I am not accessing anything that is not fully trusted (i.e. the Internet) and to enabled it when I need extra security in place. The 2 reg files work instantly and on the fly so there no reboot or similar needed.

Spitfire_Sysop
Spitfire_Sysop

The solution you describe is standard in any good software firewall with program control. I use Kaspersky and it has all the same prompts that UAC does and more. It allows for scripting and detailed allow rules. You can allow one type of change while still blocking others. Because this feature is redundant I simply turn off the UAC and let a real security company handle this sort of thing. I know M$ has come along way but they are still not up to par with contemporary solutions. As if they have no research arm that looks at the competition for ideas.

Michael Kassner
Michael Kassner

I think what you propose would be the best. Yet, typical users would go nuts, I suspect.

Michael Kassner
Michael Kassner

Still, ask a bunch of people and you will be surprised.

Michael Kassner
Michael Kassner

There appears to be malware that can adjust the settings out in the wild.

Michael Kassner
Michael Kassner

Try this test. ask several people if they do. I suspect you will be surprised.

Michael Kassner
Michael Kassner

I tell people to run updaters until they come back stating there aren't any. I have been caught by that a few times.

Lazarus439
Lazarus439

Coincidences do happen. What you describe sounds exactly like a dying cable modem. I had that same problem and finally called Cox tech support. When I told the tech what make and model cable modem I had, he said it was so old he didn't know any were still in service. I replaced it with a Linksys and life was calm again - at least insofar as my internet connection was concerned! :)

Michael Kassner
Michael Kassner

Is the worst of the bunch. If I understand correctly, their updater only checks once a week. So all system admins had to download the fixes for several zero-day exploits and push them out to the computers.

Lazarus439
Lazarus439

I've never understood why Secure Desktop is the default/recommended mode for UAC. As long as UAC doesn't lock the rest of the machine, it's not all that annoying and I like it. As I recall, changing UAC so that it would use NOT Secure Desktop (and asumming you tracked down the necessary registry hacks), was one of the highlights of Vista Service Pack 1.

fumerop
fumerop

Well, I have a Toshiba P305D-S8828 running Vista that's being upgraded to 7. It going on 1.75 hours and not done...At this rate, I'm afraid I'll be dead. I was told that it'll take about 20 minutes. The installed program said it might take hours. I'm afraid also to see what the update will be... So far it is too expensive and takes too long to upgrade.

Michael Kassner
Michael Kassner

How many Windows 7 installs will be vulnerable until the second Tuesday of November.

h.tokins
h.tokins

Have tried to network as per Microsoft Instruction sheet. Does not work. Tried networking my XP and can see my Windows 7 computer and according to the instruction whendouble clicking on the Win7 PC I should get promted for credentials. I don't. Same with Win Vista PC. Am using Windows 7 Home Premium OS.

jon_saxon
jon_saxon

I am not trying to be contrary but I do not understand why several people believe UAC is "a good thing." First, UAC only exists because Windows is so vulnerable. Linux does NOT have and does not NEED UAC. Secondly, UAC relies on the least savvy person in an organization to decide if something related to security should be allowed or not. If the average computer user does not know that they need to update their OS out of the box then they certainly do not KNOW whether process A should be allowed to proceed on their computer or not. Thirdly, UAC in Vista was so chatty and so annoying that it essentially became background noise and computer users quickly became conditioned to allow every request because they usually don't know what they are being asked to do to begin with and have no way to evaluate the request UAC is making to begin with. Can you imagine the cost to an IT department if every UAC request generated a help desk call? UAC annoys computer users and conditions them to allow things to happen when they have no way to rationally decided whether it should happen or not. But it does allow Microsoft to push the onus of security flaws in Windows back to the people who purchase and use it. UAC is not a good thing.

rongolini
rongolini

I never checked whether Windows update was set to "automatic" until such time as all network connectivity ceased. There was an updated driver installed for the motherboard based LAN hardware that rendered my system useless. Neither System Restore nor Repair helped nor did a restore from Windows Home Server. I have set the Update to Notify. What a waste of time this update nonsense is.

ddgeekgrrl
ddgeekgrrl

I like UAC and wish I could use it in our environment. Unfortunately, one of the major software applications we use needs to have UAC disabled in order to run properly. This app was puchased before I started here, so I have simply inherited this mess. My opinion of software that is not revised or patched to be able to run in a secure environment probably does not need clarification. However, I do make it clear to management that we are less secure because of how this application needs to run. It's all I can do. The rant continues in my head ... (LOL!)

bob
bob

Hopefully at some point, Microsoft will add in an option to tell UAC to disregard specific applications that are trusted and you don't want to keep telling UAC they are okay everytime they run. At that point I might actually leave UAC turned on.

s-f
s-f

One of the first options when installing is connecting to the Internet to get latest patches and such, which I used this weekend... I still ran a manual Windows Update when done, and still had patches to install... That strikes me is odd... If I installed directly from the DVD without the Internet option, it wouldn't...

Ocie3
Ocie3

One of the fellows started his post with the statement: "The only real problem I have with UAC is that you cannot specify programs that should always be authorized to run. ...." Oh, that would be a real problem for me, too! For quite a while I've suspected that Vista UAC did not have enough granularity, and your description of it in your article made me frown, wondering if that is the only configuration that Windows 7 allows. Well, at least Microsoft is consistent, if you compare UAC to I.E. "Security" zones. Like akaufman, I would probably disable Windows 7 UAC and continue to rely upon the firewall for Application Behavior Blocking (the feature which allows a user to control application behavior) and Network Access Control. When the firewall presents a dialog, it has a "create a rule" option that I can enable so that the query does not occur again when the program tries to do something that I want to allow it to always do. With regard to privilege escalation, there is (or used to be) a utility available called "Drop My Rights" which could be used by an administrator to do as the name says. But I run everything that accesses the Internet in a Sandboxie sandbox, and dropping admin rights is a sandbox configuration option. Unfortunately, a program like iPodder doesn't [i]need[/i] admin rights but if I run it without them, it doesn't work. So using it becomes a vulnerability in the Best Practices armor.

Michael Kassner
Michael Kassner

I would be concerned about running with admin privileges all the time though. Do you set up a limited user profile?

Alzie
Alzie

Is this normal for UAC to pop up when a program calls home to check for updates? It strikes me as overkill. I can understand if I get a warning that HP update wants to install a program that I should be warned, but just to call home seems a bit much. I'm still using XP and I won't bother upgrading to Win7 until I replace my computer. I'm not being anti Win7 here, I have serious doubts how well it would run on a box this old. Thanks

jon_saxon
jon_saxon

Michael, The alternatives appear to be Mac and Linux. Personally, I am really close to making the switch at home. The only other option is for Microsoft to fix the security flaws in their software and that isn't likely to happen any time soon.

BlueCollarCritic
BlueCollarCritic

I did forget to add (b/c I assumed this was a give) that there must be an option for unattended installs to change the default locked down settings else this default setup of being locked down out of the box will not be embraced by admins who would need the ability to change this kind of thing bia an unattended install.

Ocie3
Ocie3

all it has to do is install a "patch" or two in the right places in the respective executable(s). That is, it can do that unless UAC stops it cold -- but UAC will probably display a dialog asking the user whether to allow the process to run, right??

dleippe
dleippe

If you have one or more Windows computers running pre Win 7 you can't use the new "HomeGroup", so you use a Workgroup. If you don't use a "Microsoft Certified Firewall" you have to manually open certain ports to be able to file and print share with other computers on your LAN. So far I can't get the Windows 7 machine to be able to read or be read by other computers in my LAN(XP Pro SP3, W2k SP4). I have to disable either my A/V suite Firewall or my "certified" Win 7 Firewall in order to see and be seen. I have created port rules per Microsoft lists for both firewalls.... The Win 7 machine is a dual boot machine. The XP boot runs on the LAN with the other machines just fine.

TNT
TNT

The graphics arts owes its profession to Adobe. Their software is truly the best at what it does. That said, their security, update system and licensing enforcement are horrible. Flash and Acrobat are constantly exploited; their update system is slow, difficult and not timely; and using Mac Server's controls for locking down applications that can and cannot be run by users breaks their license monitoring software and disables their applications. Adobe needs to hire someone who knows what they are doing in this regard.

SKDTech
SKDTech

On my machines UAC uses the secure desktop but does not block everything out until you answer yea or nay. It comes up in the background if i go to something else and merely halts the program that initiated the prompt until I come back and let it continue or shoot it down.

Lazarus439
Lazarus439

...doesn't matter. Unless the installer (the person at the keyboard, not the software) turns off Windows Update, the machine will check every morning at 3:00 AM and install whatever updates it finds. Presumably these would be the same updates you found when you ran Windows Updates manaully. If the installer does turn off Windows Update, the second Tuesday of November still doesn't matter because the machine will never get updated. (Unless it's in a domain with WSUS running).

Hunt1
Hunt1

IF you are running or trying to run any software that may change to system you must provide a Root password before the orperation will start. I am not bashing LINUX I love it. But it is not for many of my users, no skill or desire to learn no software. Secure maybe right now it lake Mac is just not a big enough target. Lets discuss this when Linux hits 20 million plus users.

Neon Samurai
Neon Samurai

A UAC type mechanism has been in Linux distributions for as long as I can remember. sudo - the base cli command which allows a user to run a command with root privaledge provided they've been granted permission to do so. ksudo, gsudo - graphic message box interfaces for the applicable graphic desktops. It does feel like a defensive reaction in Windows. It's more of a warning claxon "hey, something wants to do something as administrator.. quick, panic.. system will be locked until you respond." The similar function exists on other platforms as a permissive notice but other platforms are not trying to break a long standing habit of always running as administrator. Hopefully the blackened background and big central text box makes it a little more obvious for the average user. Enabling the password prompt by default would also help. I'd expect this to effect home users more though as a business install with AD server should distinguish between user and admin more or provide better ways to temporarily escalate privaledge. Your third point is dead on also. By prompting for a password, hopefully the user pauses for a moment to think why they are being asked. The default OK button isn't enough and users are less likely to take the manual step of increasing the interuption. With Vista, it quickly became just another OK or password prompt; white noise. Hopefully it remains a more effective notice in win7 for those who don't blindly disable it. The irony; UAC was designed to annoy users. MS has admitted that UAC was intentionally annoying to anger users enough to hopefully force third party developers to write within the new Windows way. Writing software with better recognition of privaledge speration good and very much needed given the amount of software that still unjustly demands admin rights. The bad part was the intentionally invasive implementation of a function other platforms have had for a decade now. I'd also like to see more information about disabling UAC through software. It depreciates the effectiveness of a security feature if it's simple to disable it. With malware that can disable AV, UAC shouldn't be much challenge. UAC could have been a much better implemented. Escalation is a needed function but UAC has not been the best example of it.

brycetelfer
brycetelfer

Linux definitely has the equivalent of UAC, it is called sudo.

Michael Kassner
Michael Kassner

Difficult to find. I don't let Windows get updates for anything other than MS products.

Michael Kassner
Michael Kassner

The new UAC may be doing some of that. I in the middle of researching the differences.

Michael Kassner
Michael Kassner

That is why I wrote this piece. All the different ways to install make it impossible to tell what to do in each case. I settled for just pointing out, it's best to run Windows Update after the install is done. Thanks for clarifying. I wasn't on the Internet when installing. To afraid of that.

h.tokins
h.tokins

Unable to use my home network coupling up my Xp and Vista PCs to this Windows 7. Microsoft seem to think that all computer O.S. must be Windows 7.

ultimitloozer
ultimitloozer

Apparently it is due to a difference in how the software was written. For example, Apple Update (for QuickTime, Safari, etc) doesn't pop up the UAC prompt until it tries to install the updates. The HP Update applets will pop up the prompt immediately and not bother you again when it actually starts running the updates. I personally consider this a design flaw in the HP model and believe that Apple handled this correctly.

Michael Kassner
Michael Kassner

There is an exploit or a proof of concept out and about that changes the settings as well. So, MS may have to change it.

Michael Kassner
Michael Kassner

Are at work. Security and convenience are diametrically opposed.

Michael Kassner
Michael Kassner

I wasn't exactly sure how that worked. I use WSUS at all of my clients.

ultimitloozer
ultimitloozer

Unless MS has changed its MO regarding AU, if the system misses a scheduled update check, it will perform the check at the next opportunity (when the system is turned on and connected to the internet again). It will normally download any updates it finds at that time and wait to install them at the next scheduled time or when the system is shut down again (whichever comes first). At least that was the default behavior with XP and Vista. I have seen nothing to indicate that is has changed with Win7, but I have not tested it yet either.

Michael Kassner
Michael Kassner

The computer to be on. Or does the 0300 request queue until the computer gets turned on?

jon_saxon
jon_saxon

I think the consensus here is that Windows UAC is NOT the same as Linux sudo. I believe the consensus is that sudo is much more like the Windows "runas" command. UAC does not require any authentication or privilege elevation to run. It will run simply based on the concurrence of the logged in Windows user. Again, let me know if I am overlooking something here.

Neon Samurai
Neon Samurai

I was thinking of the GUI interface and effect of blocking the request from running if incorrect or canceled. The more accurate comparison would be runas cli with sudo assuming both had no need of the IE/Xorg graphic layer being available. kdesu and runas gui interface with graphic layer available. I'm also a fan of su.cmd. Add applicable runas /u:name cmd.com command line and have a handy password protected root shell.

jon_saxon
jon_saxon

I am not sure I conclude that sudo is the equivalent of UAC. The Linux sudo command is more like the Windows runas command. You said, "sudo - the base cli command which allows a user to run a command with root privaledge provided they've been granted permission to do so." The key difference is that system administrators in *nix have to grant users the right to use sudo. UAC requires no special access to be granted. UAC allows you to shoot yourself in the foot while it claims to prevent you from doing so. In fact, UAC practically begs you to point the gun at your foot and pull the trigger. Let me know if I am missing something about the sudo command.

Michael Kassner
Michael Kassner

May be an improvement. I researching that right now.

jon_saxon
jon_saxon

I am not sure I conclude that sudo is the equivalent of UAC. The Linux sudo command is more like the Windows runas command. I have never had sudo nag me constantly about whether I want to permit something to happen on my Windows PC. In addition, the systems administrator can grant access to sudo to specified users. UAC allows any user to allow something to take place on a computer. Let me know if I am missing something about the sudo command.

s-f
s-f

Vista did this too, but it still used IE in the background...

jamesgrimes
jamesgrimes

What I am meaning here is that, in the past, once you click onto Windows Update via your start menu, it opened Internet Explorer to do the update. However, in Windows 7, Windows Update maintains its own user interface to handle updates. What this looks like is that Microsoft does not want to use Internet Explorer to update Windows, thus making Internet Explorer less tied into the Windows 7 operating system. This, I think, is a very good thing.

Michael Kassner
Michael Kassner

I felt that way initially as well. Yet if you inspect packets, they are all port 80, so I assume that IE is still involved in some way. Actually, the way you described is how I updated since Win2K, unless I had WSUS in place. Yet, maybe I am not understanding your statement.

jamesgrimes
jamesgrimes

With Windows 7, the process to update has changed. In the past, it was a matter of opening Internet Explorer, and going to the update site. However, with Windows 7, its just a matter of going to the start menu and then all programs, and Windows update is one of the last icons before getting to the folders. Windows Update via Internet Explorer, I doubt, will ever support Windows 7.

s-f
s-f

I agree I felt like I was risking a problem such as a Network failure or a Worm, but I did a full backup before starting, have a good hardware based firewall, and ran a full AV scan (with Avast) afterwards... One problem I was afraid of is I might need a critical driver not on the DVD, which was the deciding factor for an online update... Hopefully CT'Update will start supporting Windows 7 soon, then I can just have updates on CD/DVD... (Won't include drivers tho)

Michael Kassner
Michael Kassner

It is just being cautious, I guess. I just don't think we can say for sure that everything is OK. Kind of the "never say never" syndrome.

TheShawnThomas
TheShawnThomas

maybe I'm naive or ignorant but if I'm behind a good hardware NAT firewall that is setup correctly then the only thing I have to worry about during install is something that is already on my network. And if I know I'm clean there as well then what is the harm in being connected while reinstalling? I typically don't install antivirus until the last thing as the slow down (even a small one) increases the time to do the reinstall + the 40 other apps that go along with a typical working computer on my network. And of course anything suspect is not allowed to be connected in the first place.

SKDTech
SKDTech

It is not a wise idea to be connected during installation. I was just pointing out that it is part of the install process. My typical installation method is to do a clean install of the OS, then install my AV and anti-malware apps from a known clean copy, then I connect to the network and start pulling all available updates before I ever open a browser.

Michael Kassner
Michael Kassner

I have done that same thing many times. I am glad it's working now.

Michael Horowitz
Michael Horowitz

My mistake. The workgroup on my Win7 machine was not the same. I had changed the default workgroup to match my LAN but then rolled back some system activity and the workgroup change with it. When the Win7 workgroup was in sync with my LAN, all was well. User error.

Michael Horowitz
Michael Horowitz

My networking problem was with Windows 7 professional. Other LAN based PCs were XP. Only machine sharing files was XP Professional. No domains, just workgroups. All PCs were in the same workgroup. Win7 machine could see shared files when accessing the XP Pro machine via its IP address, but no machines showed up in the network neighborhood feature of Win7 (whatever its called). No homegroup being used.

ultimitloozer
ultimitloozer

The only networking feature in Windows 7 that works for Win7 systems only is HomeGroup. Other than that, the only other networking problem I have seen in a non-domain setup that resulted in either sporadic location of other systems or never finding a specific computer was due to them not belonging to the same workgroup.

Michael Kassner
Michael Kassner

I am finding several members with this problem. I didn't, but I was using Ultimate.

h.tokins
h.tokins

Have found a 30 page script at Microsoft Win7 to XP and Vista. Now working through it but seems I must play about on my Vista and xp computers to get a handshake.

Michael Horowitz
Michael Horowitz

I too could not see the WinXP computers on my LAN from the Windows7 machine. The XP machines can each see themselves just fine. All machines are in the same workgroup. No matter, I've long been in the habit of referencing computers by their static IP address. Its the only reliable approach and it worked from Windows7

Michael Kassner
Michael Kassner

When you get it figured out, please let us know what you found.

Editor's Picks