A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 8 » Windows 8 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Know of a good source of info on updates?



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old July 19th 16, 04:12 PM posted to alt.comp.os.windows-8
Neil
external usenet poster
 
Posts: 714
Default Know of a good source of info on updates?

I've had it with updates screwing up my computer! Had to restore twice
in the last 4 days due to some update that is supposedly unobtrusive
(according to the sources I know of) causing a lock-up whenever the
computer was provided with access to the internet (WiFi or wired). No
malware detected by scanners, and no hardware problems. I've narrowed it
down to a handful of KB's, but no longer trust the info on them that
I've found, and of course, MS is pretty much useless in this regard.

Suggestions appreciated.
--
Best regards,

Neil
Ads
  #2  
Old July 19th 16, 05:23 PM posted to alt.comp.os.windows-8
Paul
external usenet poster
 
Posts: 18,275
Default Know of a good source of info on updates?

Neil wrote:
I've had it with updates screwing up my computer! Had to restore twice
in the last 4 days due to some update that is supposedly unobtrusive
(according to the sources I know of) causing a lock-up whenever the
computer was provided with access to the internet (WiFi or wired). No
malware detected by scanners, and no hardware problems. I've narrowed it
down to a handful of KB's, but no longer trust the info on them that
I've found, and of course, MS is pretty much useless in this regard.

Suggestions appreciated.


But you're talking about Windows 8.1 updates.

The KB page should give some rough details.
If a file manifest is listed ("win32k.sys"), then
you might have some idea what has been changed.
That file is the kernel. They have the kernel
doing stupid stuff, like font rendering. Which
should really be a user-level activity.

The catalog server carries the KB files now.
So at least some classes of files, are now on
the catalog server. Updates like '583 are not
on the catalog server, and can only be
requested by Windows Update, when the
qualifying conditions are met.

(How to get a separate installer for KB2600217.
Currently works in IE only, due to ActiveX plugin.
Details of the update would be on a support.microsoft.com page...
So the update and the description are in two separate places.)

http://catalog.update.microsoft.com/...aspx?q=2600217

If you have the handful of updates, you try them
against "Ask Woody" in Google and see if anything is known.

You can hide updates.

You can remove at least some updates. There
are some updates of the "black hole" variety
that cannot be reversed (short of restoring
from a backup, of course).

Windows Update, you should still have some
update settings, which cause the machine to
stop getting updates. I have some Win7 and
Win8 installs here, in that state. WU turned
off for safety.

With Win10, you can try the Metered NIC hack,
add a registry entry to the NIC claiming
the NIC is "expensive" for bandwidth. Which
can stop larger items from being installed.
On the previous OSes, it would be easier to
use the setting which has values between 0..4,
where I think 0 is Windows Update disabled.
And you should be able to get there from the
GUI. The fact the registry supports numbers,
isn't important in that case, as long
as a settings screen continues to work.

Paul
  #3  
Old July 19th 16, 07:08 PM posted to alt.comp.os.windows-8
Neil
external usenet poster
 
Posts: 714
Default Know of a good source of info on updates?

On 7/19/2016 12:23 PM, Paul wrote:
Neil wrote:
I've had it with updates screwing up my computer! Had to restore twice
in the last 4 days due to some update that is supposedly unobtrusive
(according to the sources I know of) causing a lock-up whenever the
computer was provided with access to the internet (WiFi or wired). No
malware detected by scanners, and no hardware problems. I've narrowed
it down to a handful of KB's, but no longer trust the info on them
that I've found, and of course, MS is pretty much useless in this regard.

Suggestions appreciated.


But you're talking about Windows 8.1 updates.

Hi,
Thanks... yes, this is for Win8.1.

The KB page should give some rough details.
If a file manifest is listed ("win32k.sys"), then
you might have some idea what has been changed.
That file is the kernel. They have the kernel
doing stupid stuff, like font rendering. Which
should really be a user-level activity.

There are several instances of win32k.sys in various folders, and even
more "win32k.sys.mui.c_xxxx" in other folders (about 2 dozen in total).
What would I be looking for in those files that could shed light on
their control of on-line access?

(snipped)

If you have the handful of updates, you try them
against "Ask Woody" in Google and see if anything is known.

BTDT. Those that seemed to be innocuous were installed (security updates
and the like). Problem is, one or more are the problem.

You can hide updates.

Might be something to try, but does hiding disable _installed_ KBs?

You can remove at least some updates. There
are some updates of the "black hole" variety
that cannot be reversed (short of restoring
from a backup, of course).

Restoring is how I've narrowed down the problem to a handful of KBs. A
very time-consuming hack that I hoped could be circumvented.

Windows Update, you should still have some
update settings, which cause the machine to
stop getting updates. I have some Win7 and
Win8 installs here, in that state. WU turned
off for safety.

Yes. I only get notices of available updates. I'm not installing
anything else until I have better information about them.

With Win10, you can try the Metered NIC hack,

Not planning on doing Win10.

--
Best regards,

Neil
  #4  
Old July 19th 16, 08:48 PM posted to alt.comp.os.windows-8
Paul
external usenet poster
 
Posts: 18,275
Default Know of a good source of info on updates?

Neil wrote:

There are several instances of win32k.sys in various folders, and even
more "win32k.sys.mui.c_xxxx" in other folders (about 2 dozen in total).
What would I be looking for in those files that could shed light on
their control of on-line access?


The kernel runs in Ring0.

Drivers run in Ring0.

Your network service comes via a driver (at the lowest level).
A protocol stack rests on top.

The kernel fields calls from Ring3 userland,
and eventually, a driver might be used to
satisfy the call.

It's unlikely to be Win32k.sys, and more likely
to be a hardware driver, a change tn an AV
product, a change to the Windows Firewall or a
third party firewall.

The possibilities are endless. Including the
presence of malware.

There was one update Microsoft sent, quite a while
ago now, where it appeared they changed a file on
purpose, to "uncover" malware. TDSS root kit changes
atapi.sys. So Microsoft decided it would be cool
to update atapi.sys. Anyone with TDSS on the computer
had a crash (because TDSS patches atapi.sys as
part of its attack). It took the TDSS developer
almost two days to patch the mess and using
the command and control center, push out an update
to his victims, so that any other people suffering
from his malware, would not crash when the MS Update
installs. In some cases, the end-user is a tennis ball
in an unwitting game of tennis.

You'll have to review more than just some KBs,
to find an answer.

Paul
  #5  
Old July 19th 16, 09:43 PM posted to alt.comp.os.windows-8
Neil
external usenet poster
 
Posts: 714
Default Know of a good source of info on updates?

On 7/19/2016 3:48 PM, Paul wrote:
Neil wrote:

There are several instances of win32k.sys in various folders, and even
more "win32k.sys.mui.c_xxxx" in other folders (about 2 dozen in
total). What would I be looking for in those files that could shed
light on their control of on-line access?


The kernel runs in Ring0.

Drivers run in Ring0.

Your network service comes via a driver (at the lowest level).
A protocol stack rests on top.

The kernel fields calls from Ring3 userland,
and eventually, a driver might be used to
satisfy the call.

Since they're binary, I looked at a couple of those files in TextPad,
but didn't see much that would identify their association to the
internet problem I experienced.

It's unlikely to be Win32k.sys, and more likely
to be a hardware driver, a change tn an AV
product, a change to the Windows Firewall or a
third party firewall.

The possibilities are endless. Including the
presence of malware.

Fortunately, while in such cases there are many possibilities, I've
narrowed them to being one (or more) of about 10 KB files. If it was
malware, a restore wouldn't likely do much, and none of several scanners
turned up anything at all.

The symptoms are pretty specific; when updated, any access to the
internet causes the machine to lock up. LANs are not affected, so that
makes it unlikely to be a hardware or driver issue. When restored,
things work as before. In fact, I've been writing these posts on the
affected machine, which now has the recent KBs hidden. I would like some
quality information about them so that I can see which ones are likely
to act like a "denial of service" attack.

You'll have to review more than just some KBs,
to find an answer.

Probably so, but at least it would be a start.

--
Best regards,

Neil
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 11:54 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.