Windows Update without anti-virus program

By Spector ·
I recently installed Win 2000 without any service pack and I would like to update to the latest service pack and latest security update going on Windows Update.

My question is if it's safe to go to Windows Update without having any anti-virus progam installed? The computer is behind a physical firewll thou.
I've tried to change the computer local policy too go on our wsus-server so I don't have to fill in the gateway ip (when going to Win Upd), but when running wuauclt /detectnow wuauclt can't be found.

How does this work, is it a security risk to have gateway ip defined or will it only be risky opening a webclient? Does it matter if gateway ip is defined when restarting? Can some virus "slip in" under boot up?
Or can i surf on "safe" sites like Windows Update, Microsoft etc.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Easy answer is

by OH Smeg Moderator In reply to Windows Update without an ...

No it's not safe!

You should never connect to the Internet without Active and fully updated AV Product loaded.

If you do you will get an infection that will require a rebuild of the system again so you have saved yourself nothing by trying to save a bit of time and effort. It will cost you considerably more in lost time if you try to do this.


Collapse -

Internet access

by p.j.hutchison In reply to Easy answer is

You could get away with a firewall as as long as you are not browsing the net or using email you should be able to minimise vunerabilities while installing the latest updates.

Although having AV is advisable.

Collapse -

No such thing as a 'safe site', not when you consider ...

by OldER Mycroft In reply to Windows Update without an ...

All the <links> you must connect through in order to arrive at your destination.

Collapse -

But when updateing..?

by Spector In reply to No such thing as a 'safe ...

But if you installs a AV without internet connection and when your going to upgrade it how does this work? Where does the request for update go to? Doesn't that work as a "link" to the AV manufactors page, does it use https or some other method thats safe?

I know the I can install AVG AV which is free just to have som protection when running Windows Update. But to install a program on a clean win 2000 without no SP you'll have to update Windows Installer and lots of components first just to run AVG install. Then you'll have to download the component from another computer, it's a lot of USB-stick swapping...
Something I'll have to accept =)

Collapse -

Yes the AV product does connect tot he Internet to Update

by OH Smeg Moderator In reply to But when updateing..?

But when it does the AV Product is already running and while it may not be fully updated in the form of Virus Definitions it still has a level of Virus Definitions running to protect you.

The problem is that using the Internet to update is a series of different links to the Update Server and at any link infections can be introduced and are if you do not protect yourself from Infections you will get a Infected Computer and there is no computer Infected a Little Bit just the same as there is no person who is a Little Bit Pregnant they either are or they are not there is no in between state.

I did this once in a rush without realizing that I hadn't installed a AV product and the system was only on line for 30 seconds before I pulled it realizing what I had done. It only took another 2 hours to Wipe the HDD reload the OS, Drivers and AV Product so I could start again. I couldn't even install any AV Product because of what the system had picked up.

Didn't save any time at all and made things even harder.


Collapse -

That's true

by Spector In reply to Yes the AV product does c ...

Yeah that's true that the AV has protection even if it's not up too date...

But I've updated now using Windows Update without AV (stupid I know).
I've installed AVG and malewarebytes after to check if I got some infection. But it couldn't find any, not even a cookie.
I guess the Cisco firewall is doing its job.

Thanks any way for freshing up my memory concerning AV function.

Collapse -


by shasca In reply to That's true

Now that you are updated to the proper service pack level for communication with WSUS. wuauclt.exe /detectnow should work. Assuming you have a properly configured GP.

Collapse -

Haven't tried it

by Spector In reply to WSUS

It might work now, already got every update from win upd thou.

The computer isn't connected to the domain but can still reach the server which run the wsus (by ping it, mayby that's not enough), so I figured it might work changeing the local policy

gpedit.msc>computer config>administrative template>windows components>windows update> and state the url to wsus internal. But when I typed wuauclt /detectnow it said it could not find wuauclt.exe (or dll don't remember)

Related Discussions

Related Forums