microsoft windows update?

[mikk]

I turned on the pc this morning and (unusually) the microsoft update page loaded it self automatically, the first time this has happened (I think). The page looks genuine but there is no security symbol, ie. the padlock at bottom right? this is the url h**p://update.micr**oft.com/win**wsupdate/v6/default.aspx?ln=en-us
Can anybody tell me if this is genuine?

 

[spiney]

Yes, it's genuine!

If the URL/(cgi) shown on your web browser is one known to be Microsoft, then there's no way a malicious 3rd party can directly "intrude into" that particular TCP connection (however, it's also a good idea not to have any additional windows open, at the same time!).

If in doubt, reassure yourself by going to the main Microsoft website www.microsoft.com , then from there to Windows update, where you can re-install the update software on your computer (Microsoft will first test that your copy of windows isn't illegal).

Why the padlock has vanished, I can't say, but you can always ask Microsoft via an email.

(PS, I'm not saying that malicious software can't separately try to connect to your computer, once you're online! To prevent such attacks, use anti-attack software, eg like Winpatrol (free), also - of course - a known good anti-virus/spyware program).

 

[PaulR]

AFAIK the padlock only shows if it's a secure connection and any address beginninh http isn't. Secure connections always (I think!) begin https.

 

[spiney]

AFAIK the padlock only shows if it's a secure connection and any address beginninh http isn't. Secure connections always (I think!) begin https.

True enough, but I think this is going to confuse poor Mikk !

What I was saying was, if you've made a particular TCP connection, then this can't be directly "hijacked" by a 3rd party! For, example, if your browser window URL shows that you're connected to the Microsoft website, then it must really be Microsoft, this can't be faked!

However, once you're on the Internet, it's then possible for various "malware" to independently open additional connections, maybe invisibly to the computer's owner, quite apart from the browser's open window! That's why we use protection software, eg Winpatrol!

Of course, a HTTP link sends just plain text, which can be "read" at points it travels though (by reading router table records, using network analysers, various other software, etc). So, secure socket layer (https) additionally encrypts the data using public/private key. For example, when sending credit card details for shopping. However, that's a different issue, about keeping sent data secret, not about the hi-jacking of an existing connection.

Whether Microsft send windows updates https I don't know, have never actually looked (!), but there seems little point, I suspect as usual they use their own secret proprietry system .........

 

[mikk]

Thanks spiney, better to be safe than sorry. I use AVG and thought I was pretty safe but I take your point about stuff opening in windows unbeknown to the user. I once got a huge phone bill when my pc decided to dial a premium rate number while I was unaware - I take it that winpatrol alerts you and blocks it.

 

[BarMoo]

I turned on the pc this morning and (unusually) the microsoft update page loaded it self automatically, the first time this has happened (I think). The page looks genuine but there is no security symbol, ie. the padlock at bottom right? this is the url h**p://update.micr**oft.com/win**wsupdate/v6/default.aspx?ln=en-us
Can anybody tell me if this is genuine?

If Automatic Update is ON, you will have recieved the latest WGA update (22/06/06) KB905474. It is genuine.

On boot, this update will check whether your OS is genuine and if its not it displays a rather embarrasing message to say such. It also has a habit of phoning-home to MS on a regular basis from what I can see.

If you don't like it talking to MS, say if your internet connection is always on, you can configure your Firewall to block "Generic Host Processes for win32 services". Blocking this process will not affect you PC in any other way.

Obviously, this blocks any updating - which I prefer to do by hand (having first made sure there is a convenient hack at hand).

See attached thumb for my Sygate firewall setup.

.
.