Is updating necessary? Short version: Yes!

Here's the comprehensive version:

I perfectly understand what you're talking about: When I installed SP2 the first time I hated it. Performance deteriorated, some things didn't work as expected anymore. Flight Simulator didn't run as smooth as before, that itched me the most. I reinstalled XP with SP1. But I had no internet back then and no USB 2.0. devices.

Then I got internet @home, set up an old abandoned PC for it and deliberately (!) got it infected, just to see what helps and to be motivated to learn about that stuff. Then I bought a router and installed a lot of security software and felt safe...until February this year. I surfed harmless (!) sites and suddenly a browser hijacker wanted me to buy fake software from "Teslaplus.com" and I had some other nasties, too.
But how? All my ports were closed and hidden (firewall plus a NAT router) and my antivirus was up-to-date? This thingie came possibly through the "WMF exploit" - an XP vulnerability that became known a few days before. Malicious code was hidden in images and could be executed, then loading more unwanted stuff. There was no way to prevent this from happening for all that security software!

The only vaccination against this was a patch. That's why hotfixes are so
essential: We live in the era of "zero day exploits" which means that malware exploits vulnerabilities the same day they're found. These vulnerabilites are buried deep in the bowels of XP and no security software can deal with that. Only fixing the system itself helps and that's what SPs, patches and hotfixes do.

A Service Pack is a collection of essential patches. These patches are
"cumulative", they patch the basic system and the updates on it. Sometimes a hotfix takes out some functionality which is reinstated later by a patch, but hopefully safer. If you dont have them all, even old malware can infect your computer easily. Remember, SP2 is from 2004!

"But then I run some software to cure it" you might think... Yes, in most cases the malware is known by some anti-something-software and can be removed. Mind you, the bad guys don't sit on their fingers. "Rootkit" is the buzzword: The point is to avoid infections in first place, because they can't be detected that easy anymore. Only cheap, known and dumb rootkits leave clear traces. My "Teslaplus" stuff incorporated such a "dumb" rootkit: By hovering over the tray icon of the AV scanner I could see that it behaves strange. But the malware actually tried to switch off my AV guard. The essence is: Today's malware attacks security software and tries to hide itself from being detected. This is mostly done by exploiting security loop holes. Whenever such a hole is patched, another one is found and needs another patch.

The good news is: Doing my internet stuff on an old 500MHz machine, I I had the impression that one of the patches after SP2 improved the performance again. A little bit at least.

(Oops... what an opera... :cheesy:)

Completely agreed with Xpenetrator.

The short answer is yes for several reasons.

1) The absolutely critical patches (aka 0-day patches) patch vulnerabilities that normal anti-viruses/firewalls etc don't catch, nor protect against.

For example, at another site I belong to, someone found a specific website (not given here for obviosu reasons) that infected the entire computer through simply looking at this certain webpage. No "install option", no nothing. After several experts looked at it, it had to do with how Java configures, and how it loads when first activated. This was something that Java had to start fixing immedeadly.

please consider that there are many antivirus packages, firewalls, rootkillers...blah, blah, etc, etc......

Yep, sure are correct. However, you wanna guess how AntiVirus programs protect their computer? They watch for vulnerabilities, and then patch them after the fact. One such place is MalwareResearch (it's a closed forum). Here, experts disect certain viruses/downloaders/rootkits, etc. And watching on the side are the security companies.

Also on this topic, most AVs and firewalls and such don't blockeverything. For this very reason, we have some very knowledgeable people who still get infected.
___________________

On a last note, there have been instances where unprotected computers hurt the protected ones. One such example was the DDOS attack on CastleCops' website. (CC is one of the leading authorites in malware defense). This attack was armied by zombie bots--in other words, unprotected computers that had been hacked. Even some firewalls are awful. Windows' own firewalls sucks, for example. It only scans incoming signals, not outbound ones.

Finally, having massive amounts of firewalls, AVs, etc, give a false sense of security, in my opinion.

One of the best ways to protect is to use common sense while browsing. However, this alone isn't enough. A strong firewall, and a strong AV are prerequesites for safe browsing online. In the end, to top it off, Windows Updates are the finishing touches to top it off.

Its sort of like this. Seatbelts weren't initially in cars. However, as deaths due to car accidents increased, car companies began to add them in. Sure, they added a great annoyance to those sitting in the cars. In addition, many did not wear them. However, those that wore seatbelts had safer crashes.

Now, just substitute 'Windows Update' for 'seatbelt' ;)

In conclusion i think it was a good question to ask and i really appreciate the respect shown to me here in this forum.

Nooo, thankyou!

I love questions like this. :mrgreen:

Thanks again for the rep, and I hope ya stay around here more.

In conclusion i think it was a good question to ask and i really appreciate the respect shown to me here in this forum.

That was a good question indeed! Thank you! I'm glad that everybody can read this now and think twice about not getting updates. 'Stein summarized it much better than me and added very important points to the topic: "Social accountability", "false sense of security" and "browsing habits" or "read and think before clicking on something". He surely knows what he's talking about. And can this tongue lie? :mrgreen:How do you stop the updates from making other programs and devices irritable. And thus making us irratable?
Yes, I hate that too. The only way is to wait for the update to be updated. :cheesy: Recent example: WMP was partially damaged by a hotfix to make it safe, later MS released another patch to restore it's functionality again.

Thanks for the rep points and BTW, I found nothing that could offend somebody in your postings.

Wow, what a great thread!
I write this response partly to congratulate and also to 'bump' in the hope that more members and guests can read up on how an excellent question and great responses can better help us all to stay safe, and hopefully one step ahead of the bad guys!!

Well done to all three of you, i sincerley believe this is one of the best forum threads i have seen in a long time....

Cheers for the insight (reps well deserved and added to by digitalocksmith)

if you dont update windows media rouge websites can infedct you through it if you play media from them

Hi,

actually i have the same question as 1image. i learned something from the replies that you all put up.

However, i have one question to ask...if the user has only the "Power User" right, :- they couldn't installs software nor delete or modify the system files. Do they still require the windows update?

Please advice. Thanks alot. Appreciate for any inputs.

Justin (Singapore)

? that makes no sense please try again

What he was trying to say is when a user is provided with a limited account feature.. Where the particular users does'nt have the rights to install or remove a S/W.. Yes this question is not related to the topic. The Virus and other nasties comes using the internet. So if you switch it of you don't have to update your Windows nor you have to be worried about the virus and the nasties :D

i was just wondering why do you think Windows XP professional would be necessary for a student?

thanks.
:icon_eek:

yes, for connection to domains e.g college network. Also it has IIS which is good if you are a comp/sci student.

You can probably get it free through your college/uno - look into it

I have been searching for days on Googal, Yahoo, Ask! etc. with no clear answer to the question "Is Updating Windows Xp Necessary" but I finaly got the answers I needed here. Thanks everyone.