WindizUpdate

[Hekx]

Hello all,

I was searching around for alternatives to Windows Updates, when I found this website posted on a discussion board.

http://windowsupdate.62nds.com/

It is aimed at Firefox, Netscape and Opera users who want to be able to access a Windows Update site with the same functionality as Internet Explorer.

I have yet to try it out but you need to install a plugin (according to the uninstall section on the site, named npupd.dll) which allows you to access and download the files through the site.

This sounds very interesting and I'll likely give it a full test drive with precautions. Ididn't find any other discussions on this anywhere so I am really wondering on where it came from.

[Edit] Just ran it, it picked up three new updates. Downloaded and installed smoothly.

It only appears to be a plugin not an extension, easy to uninstall.

Note: Be cautious when using this plugin (see later posts for reasons).

Edited February 14, 2005 by Hekx

[elliot]

Wow nice. (Y) (Y)

[Code.Red]

Looks cool, I'll have to check this out... :yes:

[Midnight Mick]

Hmmmm

I installed & ran the program, it found an Outlook express update that the normal v5 IE version didn't.

Now I'm suspicious.

[easternBrain]

hey thats nice...... worked for me as well!!

[cork1958]

Wow! Cool. Knew something like this had to come along someday. May NEVER have to use IE again now.

Thanks

[kevcart3]

Very nice find, good to see that someone has tried to address the windows update issue with all the latest browsers.

[cork1958]

Hmm? I just tried installing this and get installation error using Opera 8.00 b7401. Nothing on their "known issues" page about the newest Opera.

Also, make sure you look at the known issues page about the security info.

Security Issues with the plugin

There is a security issue with the plugin, so we recommend that you uninstall it when you have finished with this site.

A website that recognises the WindizUpdate component can download and install software on to your computer almost without your knowledge. This should be fixed in the next release. There are currently no known websites that will take advantage of the WindizUpdate component.

Edited February 14, 2005 by cork1958

[vertigosity]

This sounds really nifty... if it actually works, and works well, and isn't exhibiting any sort of backdoor/trojanish behavior, this might mean I'll need to fire up XPLite and go on an IE killing spree on my machines later on today :devil:

[Colin-uk Veteran]

you can also download viruses from the same website

http://62nds.com/pg/e90.php

how cool!

[joshpo]

I would NOT use this unless I want to compromise the security of my machine. For Firefox users there is an extension which puts a link to Windows Update in the Tools Menu, and it opens in IE so you can use WU as normal. It is creatively titled "Windows Update" if you would like to find it. I hate IE just as much as the next guy but there is no way I am using this.

[Daninku]

you can also download viruses from the same website

http://62nds.com/pg/e90.php

how cool!

585470772[/snapback]

VIRUSES!!!!!!! :huh: from that Windows update alternation website?! If so, I'm not going to isntall it for sure. Hope you're joking. :o

[_fOoL_]

Security Issues with the plugin

There is a security issue with the plugin, so we recommend that you uninstall it when you have finished with this site.

A website that recognises the WindizUpdate component can download and install software on to your computer almost without your knowledge. This should be fixed in the next release. There are currently no known websites that will take advantage of the WindizUpdate component.

Uninstalling the Plugin

There is no uninstallation program supplied with the WindizUpdate plugin, so uninstallation needs to be done manually

You'll need to close all web browsers that have the plugin installed; then search your program files folders for the file npupd.dll -- if it finds the file in a plugin folder, simply delete the dll file to uninstall. Remove all copies.

Hhhhhmmmmmmmmmmmmmmmmmmmmmmmmmm!!!!!!!!!11

[Hekx]

No problems for me, but thanks for the information on the websites other files.

The security risk does sound critical and it is probably best to wait for fixes before trying this.

I'm going to keep running it on limited privileges on an isolated FX install and see if it is up to any odd behaviour. :)

[Edit]

It might be worth forwarding some of these comments to the author/s.

I honestly think allowing manual install of the plug-in is much easier.

Maybe even a self-extracted archive would be sufficient.

As far as I can tell from monitoring the install, the only file it installs is "npupd.dll" into the Firefox plugins directory. Might be easier to get the .dll hosted for people to dissect. :p

Edited February 14, 2005 by Hekx

[62nds]

WindizUpdate is a new website, only online since middle Jan 2005 - that is why there is no information on it. As we have nothing to hide, the Delphi 3 source to the component is available on request, providing that:

* no part of it is redistributed in any format

* your findings are published, so verifying the accuracy of the claims posted at windowsupdate.62nds.com

An explanation of the security issue.

The WindizUpdate component contains an auto-installation feature. An authentication code is required before the component will install the requested software. However it is possible for a person to determine the algorithm being used, and so convince the component to install software from other sources.

Opera 8 Beta

The plugin is new, and is still under development; and suggestions are welcome. We're having an unexpected technical problem getting the plugin operating with build 7401

Viruses and Context

Yes, there are virus source code on the site and your virus scanner should alert you when trying to access them. BUT: they are all HARMLESS UNLESS you change the file extension. The viruses are stored as TEXT (.txt) files. There is no way to execute TEXT files, so no way for the viruses to become active.

Imagine typing in something like "X5O!P%@AP[4\PZX54(P^)7CC)7} $EICAR_STANDARD_ANTIVIRUS_TEST_FILE!$H+H*" into your word processor. This is actually a virus, and ALL antivirus products will recognise it as a virus, but does the act of typing this sequence on a page in your document mean that you have been infected with a virus?

Security

If you're running IE, you're already compromising the security of your computer. Firefox is open-source: if you want to find a security problem with it, there's no need to disassemble the program to look at the code. Open source makes it EASIER to find security problems... and only a few have been found. Compare that to the MS browser.

We've moved clients away from IE, and things have never been better. No search bars; no adware; no malware. It's already paid for itself.

Edited February 15, 2005 by 62nds

[cork1958]

WindizUpdate is a new website, only online since middle Jan 2005 - that is why there is no information on it.? As we have nothing to hide, the Delphi 3 source to the component is available on request, providing that:

* no part of it is redistributed in any format

* your findings are published, so verifying the accuracy of the claims posted at windowsupdate.62nds.com

An explanation of the security issue.

The WindizUpdate component contains an auto-installation feature. An authentication code is required before the component will install the requested software. However it is possible for a person to determine the algorithm being used, and so convince the component to install software from other sources.

Opera 8 Beta

The plugin is new, and is still under development; and suggestions are welcome. We're having an unexpected technical problem getting the plugin operating with build 7401

Viruses and Context

Yes, there are virus source code on the site and your virus scanner should alert you when trying to access them.? BUT: they are all HARMLESS UNLESS you change the file extension. The viruses are stored as TEXT (.txt) files.? There is no way to execute TEXT files, so no way for the viruses to become active.

Imagine typing in something like "X5O!P%@AP[4\PZX54(P^)7CC)7} $EICAR_STANDARD_ANTIVIRUS_TEST_FILE!$H+H*" into your word processor.? This is actually a virus, and ALL antivirus products will recognise it as a virus,? but? does the act of typing this sequence on a page in your document mean that you have been infected with a virus?

Security

If you're running IE, you're already compromising the security of your computer.? Firefox is open-source: if you want to find a security problem with it, there's no need to disassemble the program to look at the code. Open source makes it EASIER to find security problems... and only a few have been found. Compare that to the MS browser.

We've moved clients away from IE, and things have never been better. No search bars; no adware; no malware. It's already paid for itself.

585474182[/snapback]

The reply I got when asking them about making this plugin work with Opera 8.

A number of hours have been spent on it (it really should have been a

> 30min job), and we have made very little progress. What works fine on

> Opera 5, Opera 6 and Opera 7, won't work on the new version. The plugin

> sends the correct information back to Opera, and Opera promptly dies. We

> are still working on the problem.

>

> Regards,

> Phil.

As with all things, they are at least attempting to get the bugs worked out.

[Hekx]

WindizUpdate is a new website, only online since middle Jan 2005 - that is why there is no information on it.  As we have nothing to hide, the Delphi 3 source to the component is available on request, providing that:

* no part of it is redistributed in any format

* your findings are published, so verifying the accuracy of the claims posted at windowsupdate.62nds.com

An explanation of the security issue.

The WindizUpdate component contains an auto-installation feature. An authentication code is required before the component will install the requested software. However it is possible for a person to determine the algorithm being used, and so convince the component to install software from other sources.

Opera 8 Beta

The plugin is new, and is still under development; and suggestions are welcome. We're having an unexpected technical problem getting the plugin operating with build 7401

Viruses and Context

Yes, there are virus source code on the site and your virus scanner should alert you when trying to access them.  BUT: they are all HARMLESS UNLESS you change the file extension. The viruses are stored as TEXT (.txt) files.  There is no way to execute TEXT files, so no way for the viruses to become active.

Imagine typing in something like "X5O!P%@AP[4\PZX54(P^)7CC)7} $EICAR_STANDARD_ANTIVIRUS_TEST_FILE!$H+H*" into your word processor.  This is actually a virus, and ALL antivirus products will recognise it as a virus,  but  does the act of typing this sequence on a page in your document mean that you have been infected with a virus?

Security

If you're running IE, you're already compromising the security of your computer.  Firefox is open-source: if you want to find a security problem with it, there's no need to disassemble the program to look at the code. Open source makes it EASIER to find security problems... and only a few have been found. Compare that to the MS browser.

We've moved clients away from IE, and things have never been better. No search bars; no adware; no malware. It's already paid for itself.

585474182[/snapback]

Thank you for taking the time to give information. :)

[MrBear5587]

Im keeping well away from this..

I'd rather just use IE for 10 minutes to get any updates, or download them of Technet.

[WarStorm]

hmmm i guess ill just use the Firefox Windows update extension

[62nds]

The browser plugin has now been updated to resolve the security issue: you will now be prompted whenever your data is to be sent to a website, or when an installation program is to be executed. It will also show you what data is to be sent to the main website.

So, if you do not wish to send your hardware details to the site, simply answer 'No' when prompted. It will still send a request to the site (since the website is expecting a reply), however the request will be blank.

[Hekx]

I'm having trouble installing the updated version.

I manually uninstalled the previous version, started the browser, went to the website and added the site to my whitelist and enabled installation of extensions/plugins. I get the prompt to install and allow it, but after the extensions manager pops-up and the bar completes, I get no listings for the plugin and the browser reloads the same "install" page. When I search for updates, I get a notice that the plugin is not installed.

There is no npupd62.dll in my plugins directory nor any listing of it under about:plugins

I'm running WinXP Home SP2 with Firefox 1.0.

Is there a manual install option or simply the .dll to place in the plugins folder?

-Edit-

OK, I'm good. I downloaded the XPI, unpacked and manually installed the .dll.

All working fine.

One feature suggestion would be to save/remember whether or not you want information sent while running a scan. Having two to three prompts can get annoying.

[62nds]

Thanks for the info Hekx.

Yes, it does prompt you several times... this is so that you know exactly what it is doing. Once you are happy with the plugin, you can choose "Accept Site", and you will receive no more prompts.

[62nds]

Bug in installation script fixed. The plugin will now install.

[Tungsten T]

Nice but im stickin with the official Windowz UpDate

[Tungsten T]

Im with this now. Recomend to all