If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
Pass Test Text/Text
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: quoted-printable |
Ads |
#17
|
|||
|
|||
Test Text/Text
In message , Hot-Text
writes: "J. P. Gilliver (John)" wrote in message ... In message , Hot-Text writes: [] it not the Newsreader Pasay It's the News Server Aioe Text only They do not like Hot-Text/Html being ported So turn off the HTML! As you can see, your newsreader posts everything twice (as well as lots of garbage) when you leave the HTML on, so you might as well turn it off anyway. -- J. P. like this http://store.mynews.ath.cx/users/MPWG/Fix-Send.jpg Indeed! Have you done that? -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf I will miss the friendly warmth, the infectious laugh and that well-managed beard. But enough about Harriet. - Eddie Mair [on the early retirement of some of his colleagues], in Radio Times 13-19 October 2012 |
#18
|
|||
|
|||
Answer By: Mr. Gilliver
"J. P. Gilliver (John)" wrote in message ... In message , Hot-Text writes: "J. P. Gilliver (John)" wrote in message ... In message , Hot-Text writes: [] it not the Newsreader Pasay It's the News Server Aioe Text only They do not like Hot-Text/Html being ported So turn off the HTML! As you can see, your newsreader posts everything twice (as well as lots of garbage) when you leave the HTML on, so you might as well turn it off anyway. -- J. P. like this http://store.mynews.ath.cx/users/MPWG/Fix-Send.jpg Indeed! Have you done that? Yes Sir............................................... ....[G] |
#19
|
|||
|
|||
Conduit got me, indirectly!
On Thu, 10 Jul 2014 17:08:56 -0400, Paul wrote:
VanguardLH wrote: micky wrote: Conduit got me, indirectly! I did other things to IE also, starting with Manage Add-ons. But I've realized that IIUC I no longer have any security updates for IE 8.0.6001.18702. I thought I had saved all the security updates, but under C:\Windows is instead a bunch of $uninstalls, about 100 of them, sort of the opposite of what I'm looking for. Where on my computer might I find all the secuirty updates. Can I just run them in chronlogical order starting with the first one needed for IE8, or IE8.0.6001.18702? And will that put me back the way I was? In short, at Internet Options / Advanced / Lower half of the box,, I reset IE settings, and I'm asking how to get back all the security updates. I had figured that since I rarely use IE and I haven't personallized it much if at all, there was little or nothing to reset. Before resetting all it said was "Resets Intenet Explorer's settings to their default condition. You should only use this if your browser is in an unstable state. " But after I did it, I'm almost certain it explicity said that it had removed updates (maybe even said security updates, but I didn't copy over the message in the box.) See what you can get off the Windows Update site. I don't have WinXP to I think I went to this site, or another one you or someone suggested, Anyhow, I went somewhere and it looked like it had info, but then I turned my head for a couple minutes and when I looked back there were big letters saying support for XP has ended!!!! check. I've heard conflicting reports about the WU site having or not having the updates anymore. Using the WU tool or site does not save any updates Aha. but applies them. Unless you've used WSUSoffline to actually save the updates to wherever you want to separately store them (which should obviously not be to the same partition as where is the OS) then you don't have them to reapply. I guess everyone who considers using an OS after support ends should use WSUSoffline, but I never heard of it before. ;-) If it takes me more than 3 evenings to cleanup not just the malware but all its registry and file remnants, I've already spent more time than it would take to do a fresh install of the OS and apps and restore my data from backups. For Windows XP, I'd check if Microsoft still has the updates (both patches and security updates) at their WU site or if they only have some of the security updates. Have any image backups been saved for this computer? If you don't do backups then you deem your setup and data as non-critical and reproducible (whether true or not). The Baseline Security Analyser can list the security updates, if you were starting with a fresh install. It probably runs off the same manifest as Windows Update though. http://technet.microsoft.com/en-us/s.../cc184924.aspx Paul I looed at this page and iirc and if it was there to download, I dl'd the program, but I got distracted and haven't run it yet. That's why it's taken so long to get back to you and Vanguard. But it was good to go slowly because in the intervening period, I've had two ideas: 1) The computer in question runs winXP Pro SP3. I also have a laptop that runs XP Home SP3. How about if I copy all the required files dealing with IE from the laptop to the desktop. Will that work? Problem: What *are* all the required files? (Some of them are in C:\Windows\Program Files\IE.) But before worrying about this too much, see 2. 2) Yesterday, I had a braincyclone. Doesn't Belarc keep track of this? Indeed it does. It even includes a summary at the top right of the report, with a count of how many security updates are missing and a link to go to the part of the report that lists them. a) I ran it on the laptop and it listed 4 problems, but none with IE. Two with Adobe Flash, one with Adobe Reader iirc and one with Quicktime. I've already fixed three of them, by googling the update name, dl'ing and installing the update. If anyone wants, I can probably verify the first 3, but it would be easier for everyone if they just ran Belarc on their own computer and got info that pertains to it. BTW, I never turned down an update for the laptop, so I'm not sure how these four were missing. b) I ran it on the desktop, the computer whose IE I reset, and I guess I was impatient and clicked the icon about 4 times, because I got 4 reports in a row. The first 3 said Unknown with a question mark**, but the 4th one said 6 problem with security updates. Only 6, even after resetting. **Looking at the same 3 reports again, "Unknown" has been changed to "6 missing". I should have copied part of it before it changed, because it had a list of 50 or 100 security updates, almost all of which had green? checkmarks next to them, meaning they were there, and maybe none of which had red X's meaning they were not there. But some were blank in that column meaning "not enough evidence". This was true for IE, but they listed some other programs??, that I didnt recognize, and others that I did recognize, including .net-framework (sp?) , I think two entries for that with 7 or 8 total updates involved (none with checkmarks) and almost none of the security updates for those programs had check marks. But apparently Belarc later decided only 6 updates were missing, so apparentely resetting doesn't reset updates even though it said it did. " Missing Microsoft Security Hotfixes These required security hotfixes (using the 07/08/2014 Microsoft Security Bulletin Summary) were not found installed. Note: CIS benchmarks require that Critical and Important severity security hotfixes must be installed. Q931906 - Critical (details...) Q936960 - Important (details...) Q951550 - Important (details...) Q969856 - Important (details...) Q2538242 - Important (details...) Q2565063 - Important (details...) " BTW, I don't think I ever turned down an update for the desktop computer, so I'm not sure how these six are missing. I plan to open a new tab by clicking on each "details". So far, only the firsr one, which is incomprehensible so far, but I have had only a little time to look at it. BTW, this first one has been missing since 2007, so I've been vulnerable all that time, but it only relates to CAPICOM whatever that is. (and Biztalk 2004, that I know I don't have.) Wikip: CAPICOM is a discontinued ActiveX control created by Microsoft to help expose a select set of Microsoft Cryptographic Application Programming Interface (CryptoAPI) functions through Microsoft Component Object Model (COM)...... So if CAPICOM is discontinued, do I still neeed the security update? The next one is for 2007 Microsoft Office, but I don't have MS Office. Do I need the update? The next one is for the 2007 MS Office suite, but I don't have that. Do I need the update? The next one if for Virtual PC and Virtual Server. I was going to install Virtual PC but I never did. Do I need the update? The next one is for Visual C++ 2005 SP1 Redistributable Package: June 14, 2011, but i don't think I have that. I'll check. Do I need the update? The last one is for Visual C++ 2010 Service Pack 1: August 9, 2011. Do I need that. You know, on second thought, I think I did turn down some updates, for programs I didn't have. Was that bad? It' a bit confusing now. If I'd taken everything I woudln't have to look up these 6 things. |
#20
|
|||
|
|||
Conduit got me, indirectly!
micky wrote:
On Thu, 10 Jul 2014 17:08:56 -0400, Paul wrote: VanguardLH wrote: micky wrote: Conduit got me, indirectly! I did other things to IE also, starting with Manage Add-ons. But I've realized that IIUC I no longer have any security updates for IE 8.0.6001.18702. I thought I had saved all the security updates, but under C:\Windows is instead a bunch of $uninstalls, about 100 of them, sort of the opposite of what I'm looking for. Where on my computer might I find all the secuirty updates. Can I just run them in chronlogical order starting with the first one needed for IE8, or IE8.0.6001.18702? And will that put me back the way I was? In short, at Internet Options / Advanced / Lower half of the box,, I reset IE settings, and I'm asking how to get back all the security updates. I had figured that since I rarely use IE and I haven't personallized it much if at all, there was little or nothing to reset. Before resetting all it said was "Resets Intenet Explorer's settings to their default condition. You should only use this if your browser is in an unstable state. " But after I did it, I'm almost certain it explicity said that it had removed updates (maybe even said security updates, but I didn't copy over the message in the box.) See what you can get off the Windows Update site. I don't have WinXP to I think I went to this site, or another one you or someone suggested, Anyhow, I went somewhere and it looked like it had info, but then I turned my head for a couple minutes and when I looked back there were big letters saying support for XP has ended!!!! check. I've heard conflicting reports about the WU site having or not having the updates anymore. Using the WU tool or site does not save any updates Aha. but applies them. Unless you've used WSUSoffline to actually save the updates to wherever you want to separately store them (which should obviously not be to the same partition as where is the OS) then you don't have them to reapply. I guess everyone who considers using an OS after support ends should use WSUSoffline, but I never heard of it before. ;-) If it takes me more than 3 evenings to cleanup not just the malware but all its registry and file remnants, I've already spent more time than it would take to do a fresh install of the OS and apps and restore my data from backups. For Windows XP, I'd check if Microsoft still has the updates (both patches and security updates) at their WU site or if they only have some of the security updates. Have any image backups been saved for this computer? If you don't do backups then you deem your setup and data as non-critical and reproducible (whether true or not). The Baseline Security Analyser can list the security updates, if you were starting with a fresh install. It probably runs off the same manifest as Windows Update though. http://technet.microsoft.com/en-us/s.../cc184924.aspx Paul I looed at this page and iirc and if it was there to download, I dl'd the program, but I got distracted and haven't run it yet. That's why it's taken so long to get back to you and Vanguard. But it was good to go slowly because in the intervening period, I've had two ideas: 1) The computer in question runs winXP Pro SP3. I also have a laptop that runs XP Home SP3. How about if I copy all the required files dealing with IE from the laptop to the desktop. Will that work? Problem: What *are* all the required files? (Some of them are in C:\Windows\Program Files\IE.) But before worrying about this too much, see 2. 2) Yesterday, I had a braincyclone. Doesn't Belarc keep track of this? Indeed it does. It even includes a summary at the top right of the report, with a count of how many security updates are missing and a link to go to the part of the report that lists them. a) I ran it on the laptop and it listed 4 problems, but none with IE. Two with Adobe Flash, one with Adobe Reader iirc and one with Quicktime. I've already fixed three of them, by googling the update name, dl'ing and installing the update. If anyone wants, I can probably verify the first 3, but it would be easier for everyone if they just ran Belarc on their own computer and got info that pertains to it. BTW, I never turned down an update for the laptop, so I'm not sure how these four were missing. b) I ran it on the desktop, the computer whose IE I reset, and I guess I was impatient and clicked the icon about 4 times, because I got 4 reports in a row. The first 3 said Unknown with a question mark**, but the 4th one said 6 problem with security updates. Only 6, even after resetting. **Looking at the same 3 reports again, "Unknown" has been changed to "6 missing". I should have copied part of it before it changed, because it had a list of 50 or 100 security updates, almost all of which had green? checkmarks next to them, meaning they were there, and maybe none of which had red X's meaning they were not there. But some were blank in that column meaning "not enough evidence". This was true for IE, but they listed some other programs??, that I didnt recognize, and others that I did recognize, including .net-framework (sp?) , I think two entries for that with 7 or 8 total updates involved (none with checkmarks) and almost none of the security updates for those programs had check marks. But apparently Belarc later decided only 6 updates were missing, so apparentely resetting doesn't reset updates even though it said it did. " Missing Microsoft Security Hotfixes These required security hotfixes (using the 07/08/2014 Microsoft Security Bulletin Summary) were not found installed. Note: CIS benchmarks require that Critical and Important severity security hotfixes must be installed. Q931906 - Critical (details...) Q936960 - Important (details...) Q951550 - Important (details...) Q969856 - Important (details...) Q2538242 - Important (details...) Q2565063 - Important (details...) " BTW, I don't think I ever turned down an update for the desktop computer, so I'm not sure how these six are missing. I plan to open a new tab by clicking on each "details". So far, only the firsr one, which is incomprehensible so far, but I have had only a little time to look at it. BTW, this first one has been missing since 2007, so I've been vulnerable all that time, but it only relates to CAPICOM whatever that is. (and Biztalk 2004, that I know I don't have.) Wikip: CAPICOM is a discontinued ActiveX control created by Microsoft to help expose a select set of Microsoft Cryptographic Application Programming Interface (CryptoAPI) functions through Microsoft Component Object Model (COM)...... So if CAPICOM is discontinued, do I still neeed the security update? The next one is for 2007 Microsoft Office, but I don't have MS Office. Do I need the update? The next one is for the 2007 MS Office suite, but I don't have that. Do I need the update? The next one if for Virtual PC and Virtual Server. I was going to install Virtual PC but I never did. Do I need the update? The next one is for Visual C++ 2005 SP1 Redistributable Package: June 14, 2011, but i don't think I have that. I'll check. Do I need the update? The last one is for Visual C++ 2010 Service Pack 1: August 9, 2011. Do I need that. You know, on second thought, I think I did turn down some updates, for programs I didn't have. Was that bad? It' a bit confusing now. If I'd taken everything I woudln't have to look up these 6 things. Q931906 - Critical MS07-028: Vulnerability in CAPICOM Q936960 - Important office2007-kb936960-fullfile-x86-glb.exe (Office 2007) Q951550 - Important Vulnerabilities in Microsoft XML Core Services Q969856 - Important Vulnerability in Virtual PC Q2538242 - Important Visual C++ 2005 Service Pack 1 (msvcr80.dll and friends) Q2565063 - Important Visual C++ 2010 Service Pack 1 (Msvcp100.dll and friends) None of those are directly related to IE. And some of those, are the sorts of things the Baseline Analyser prints on the screen. For example, even if you have Office Viewer programs (like a PowerPoint Viewer), but not a real copy of Office, it still pulls in fifteen patches. For IE, you would want the latest cumulative update to your particular version. This is the only one I have bookmarked, but there was at least one other patch for an IE exploit after "end of support" (late April maybe ?). Cumulative means you only need the last one of the series. This would likely get you pretty close. http://support.microsoft.com/kb/2925418 (Mar.11, 2014) This might be the late patch for IE. http://support.microsoft.com/kb/2964358 (May 1, 2014) Apparently I picked that up at the same time as KB2936068. http://support.microsoft.com/kb/2936068 (Apr.8, 2014) The last two are not cumulative, so you could install those three in date order. That is, unless you can find a cumulative later than Mar.11, 2014. I wonder how the Windows Update mechanism, keeps track of these patches that are being thrown aside ? Sounds pretty messy. How would Windows Update know which ones to invalidate or toss ? Paul |
#21
|
|||
|
|||
Conduit got me, indirectly!
On Wed, 23 Jul 2014 01:40:41 -0400, Paul wrote:
" Missing Microsoft Security Hotfixes These required security hotfixes (using the 07/08/2014 Microsoft Security Bulletin Summary) were not found installed. Note: CIS benchmarks require that Critical and Important severity security hotfixes must be installed. Q931906 - Critical (details...) Q936960 - Important (details...) Q951550 - Important (details...) Q969856 - Important (details...) Q2538242 - Important (details...) Q2565063 - Important (details...) " Q931906 - Critical MS07-028: Vulnerability in CAPICOM Q936960 - Important office2007-kb936960-fullfile-x86-glb.exe (Office 2007) Q951550 - Important Vulnerabilities in Microsoft XML Core Services Q969856 - Important Vulnerability in Virtual PC Q2538242 - Important Visual C++ 2005 Service Pack 1 (msvcr80.dll and friends) Q2565063 - Important Visual C++ 2010 Service Pack 1 (Msvcp100.dll and friends) This list looks a lot like my list, but has more info, and it looks something like my descriptions of what I found when I clicked on details, but not quite. Did you just combine my descriptions with my list, or did you get your lines somewhere else? None of those are directly related to IE. Slap myself in the forehead. I noticed that wrt to the laptop, but somehow missed that fact about the desktop. And some of those, are the sorts of things the Baseline Analyser prints on the screen. For example, even if you have Office Viewer programs (like a PowerPoint Viewer), but not a real copy of Office, it still pulls in fifteen patches. I have the PowerPoint Viewer. So is that why Belarc though I should have the update? You say it pulls in 15 patches, but without Office, I don't actually need them, iiuc, right? But what about Open Office, doesn't that have vulnerabilities too? It will update when I start it? But can an exploit run before the update finishes? For IE, you would want the latest cumulative update to your particular version. This is the only one I have bookmarked, but there was at least one other patch for an IE exploit after "end of support" (late April maybe ?). Cumulative means you only need the last one of the series. This would likely get you pretty close. http://support.microsoft.com/kb/2925418 (Mar.11, 2014) This might be the late patch for IE. http://support.microsoft.com/kb/2964358 (May 1, 2014) Apparently I picked that up at the same time as KB2936068. http://support.microsoft.com/kb/2936068 (Apr.8, 2014) The last two are not cumulative, so you could install those three in date order. That is, unless you can find a cumulative later than Mar.11, 2014. Thanks again. I'll do the earliest one at least tomorrow. I wonder how the Windows Update mechanism, keeps track of these patches that are being thrown aside ? Sounds pretty messy. How would Windows Update know which ones to invalidate or toss ? Good question. Paul |
#22
|
|||
|
|||
Conduit got me, indirectly!
micky wrote:
On Wed, 23 Jul 2014 01:40:41 -0400, Paul wrote: " Missing Microsoft Security Hotfixes These required security hotfixes (using the 07/08/2014 Microsoft Security Bulletin Summary) were not found installed. Note: CIS benchmarks require that Critical and Important severity security hotfixes must be installed. Q931906 - Critical (details...) Q936960 - Important (details...) Q951550 - Important (details...) Q969856 - Important (details...) Q2538242 - Important (details...) Q2565063 - Important (details...) " Q931906 - Critical MS07-028: Vulnerability in CAPICOM Q936960 - Important office2007-kb936960-fullfile-x86-glb.exe (Office 2007) Q951550 - Important Vulnerabilities in Microsoft XML Core Services Q969856 - Important Vulnerability in Virtual PC Q2538242 - Important Visual C++ 2005 Service Pack 1 (msvcr80.dll and friends) Q2565063 - Important Visual C++ 2010 Service Pack 1 (Msvcp100.dll and friends) This list looks a lot like my list, but has more info, and it looks something like my descriptions of what I found when I clicked on details, but not quite. Did you just combine my descriptions with my list, or did you get your lines somewhere else? None of those are directly related to IE. Slap myself in the forehead. I noticed that wrt to the laptop, but somehow missed that fact about the desktop. And some of those, are the sorts of things the Baseline Analyser prints on the screen. For example, even if you have Office Viewer programs (like a PowerPoint Viewer), but not a real copy of Office, it still pulls in fifteen patches. I have the PowerPoint Viewer. So is that why Belarc though I should have the update? You say it pulls in 15 patches, but without Office, I don't actually need them, iiuc, right? But what about Open Office, doesn't that have vulnerabilities too? It will update when I start it? But can an exploit run before the update finishes? For IE, you would want the latest cumulative update to your particular version. This is the only one I have bookmarked, but there was at least one other patch for an IE exploit after "end of support" (late April maybe ?). Cumulative means you only need the last one of the series. This would likely get you pretty close. http://support.microsoft.com/kb/2925418 (Mar.11, 2014) This might be the late patch for IE. http://support.microsoft.com/kb/2964358 (May 1, 2014) Apparently I picked that up at the same time as KB2936068. http://support.microsoft.com/kb/2936068 (Apr.8, 2014) The last two are not cumulative, so you could install those three in date order. That is, unless you can find a cumulative later than Mar.11, 2014. Thanks again. I'll do the earliest one at least tomorrow. I wonder how the Windows Update mechanism, keeps track of these patches that are being thrown aside ? Sounds pretty messy. How would Windows Update know which ones to invalidate or toss ? Good question. Paul The Baseline Security Analyser seems to think that the libraries that the Office Viewers use, bear similarities to the paid version of Office. Which is why my machine wanted so many of them. I don't know if yours will need fewer, with only PowerPoint Viewer. OpenOffice or LibreOffice are entirely different animals, free software, and Microsoft doesn't patch them. You download newer versions if you want to fix those. And I just Googled your numbers, like this, to find stuff. site:microsoft.com Q2565063 One search engine couldn't find the VirtualPC one, but google.com did. I only used the following link in the last few months, to check my system, so my PowerPoint Viewer went without patches for a long time :-) I pulled in all those patches manually, by Googling them and downloading them from Microsoft. My MBSA run is relatively clean now. Down to a thing or two maybe. I might have been missing about 20+ or so, on my first run. This is roughly equivalent to Microsoft Update. It could well use the same manifest files that Microsoft Update or Windows Update uses. http://technet.microsoft.com/en-us/s.../cc184924.aspx Paul |
#23
|
|||
|
|||
Conduit got me, indirectly!
micky wrote:
In short, at Internet Options / Advanced / Lower half of the box,, I reset IE settings, and I'm asking how to get back all the security updates. Resetting IE is changing it back to its default SETTINGS. No updates for anything are uninstalled. Resetting does disable all add-ons you installed for IE. Those are there in a default install of IE so they are disabled after a reset. http://support.microsoft.com/kb/923737 http://windows.microsoft.com/en-us/w...lorer-settings |
#24
|
|||
|
|||
Conduit got me, indirectly!
In message , micky
writes: [] I have the PowerPoint Viewer. So is that why Belarc though I should have the update? You say it pulls in 15 patches, but without Office, I don't actually need them, iiuc, right? But what about Open Office, doesn't that have vulnerabilities too? It will update when I start it? If Open Office does updates, then presumably yes, provided you've not disabled them. Microsoft won't do updates for Open Office, of course. But can an exploit run before the update finishes? [] Unfortunately, yes, in theory (for both Microsoft and other's products). How frequently this actually happens in practice, I don't know. -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf "Bother," said the Borg, "we assimilated a Pooh." |
#25
|
|||
|
|||
Conduit got me, indirectly!
VanguardLH wrote:
Resetting does disable all add-ons you installed for IE. Those are there in a default install of IE so they are disabled after a reset. Oops, should've been ... "Those are NOT there in a default install of IE ..." |
#26
|
|||
|
|||
Conduit got me, indirectly!
J. P. Gilliver (John) wrote:
micky writes: I have the PowerPoint Viewer. So is that why Belarc though I should have the update? You say it pulls in 15 patches, but without Office, I don't actually need them, iiuc, right? If Open Office does updates, then presumably yes, provided you've not disabled them. Microsoft won't do updates for Open Office, of course. Since the OP installed an Office viewer (and might've installed others, like for Word) then, yes, they get updated, too, when MS Office [full] gets updated. The OP *will* need the Office updates if he installed the viewers. |
#27
|
|||
|
|||
Conduit got me, indirectly!
On Wed, 23 Jul 2014 09:08:54 -0500, VanguardLH wrote:
micky wrote: In short, at Internet Options / Advanced / Lower half of the box,, I reset IE settings, and I'm asking how to get back all the security updates. Resetting IE is changing it back to its default SETTINGS. No updates for anything are uninstalled. Well that's good. and it corresponds with what I saw. Resetting does disable all add-ons you installed for IE. I don't think I had installed any. Those are there in a default install of IE so they are disabled after a reset. V. added: Oops, should've been ... "Those are NOT there in a default install of IE ..." http://support.microsoft.com/kb/923737 http://windows.microsoft.com/en-us/w...lorer-settings Thanks to all you guys, Van, Paul, and J.P. I red all the replies, even if I didnt comment. I"ve learned a lot. |
|
Thread Tools | |
Display Modes | |
|
|