Hekx Posted February 12, 2005 Share Posted February 12, 2005 (edited) Hello all, I was searching around for alternatives to Windows Updates, when I found this website posted on a discussion board. http://windowsupdate.62nds.com/ It is aimed at Firefox, Netscape and Opera users who want to be able to access a Windows Update site with the same functionality as Internet Explorer. I have yet to try it out but you need to install a plugin (according to the uninstall section on the site, named npupd.dll) which allows you to access and download the files through the site. This sounds very interesting and I'll likely give it a full test drive with precautions. Ididn't find any other discussions on this anywhere so I am really wondering on where it came from. [Edit] Just ran it, it picked up three new updates. Downloaded and installed smoothly. It only appears to be a plugin not an extension, easy to uninstall. Note: Be cautious when using this plugin (see later posts for reasons). Edited February 14, 2005 by Hekx Link to comment Share on other sites More sharing options...
elliot Posted February 12, 2005 Share Posted February 12, 2005 Wow nice. (Y) (Y) Link to comment Share on other sites More sharing options...
Code.Red Posted February 12, 2005 Share Posted February 12, 2005 Looks cool, I'll have to check this out... :yes: Link to comment Share on other sites More sharing options...
Midnight Mick Posted February 13, 2005 Share Posted February 13, 2005 Hmmmm I installed & ran the program, it found an Outlook express update that the normal v5 IE version didn't. Now I'm suspicious. Link to comment Share on other sites More sharing options...
easternBrain Posted February 14, 2005 Share Posted February 14, 2005 hey thats nice...... worked for me as well!! Link to comment Share on other sites More sharing options...
cork1958 Posted February 14, 2005 Share Posted February 14, 2005 Wow! Cool. Knew something like this had to come along someday. May NEVER have to use IE again now. Thanks Link to comment Share on other sites More sharing options...
kevcart3 Posted February 14, 2005 Share Posted February 14, 2005 Very nice find, good to see that someone has tried to address the windows update issue with all the latest browsers. Link to comment Share on other sites More sharing options...
cork1958 Posted February 14, 2005 Share Posted February 14, 2005 (edited) Hmm? I just tried installing this and get installation error using Opera 8.00 b7401. Nothing on their "known issues" page about the newest Opera. Also, make sure you look at the known issues page about the security info. Security Issues with the plugin There is a security issue with the plugin, so we recommend that you uninstall it when you have finished with this site. A website that recognises the WindizUpdate component can download and install software on to your computer almost without your knowledge. This should be fixed in the next release. There are currently no known websites that will take advantage of the WindizUpdate component. Edited February 14, 2005 by cork1958 Link to comment Share on other sites More sharing options...
vertigosity Posted February 14, 2005 Share Posted February 14, 2005 This sounds really nifty... if it actually works, and works well, and isn't exhibiting any sort of backdoor/trojanish behavior, this might mean I'll need to fire up XPLite and go on an IE killing spree on my machines later on today :devil: Link to comment Share on other sites More sharing options...
Colin-uk Veteran Posted February 14, 2005 Veteran Share Posted February 14, 2005 you can also download viruses from the same website http://62nds.com/pg/e90.php how cool! Link to comment Share on other sites More sharing options...
joshpo Posted February 14, 2005 Share Posted February 14, 2005 I would NOT use this unless I want to compromise the security of my machine. For Firefox users there is an extension which puts a link to Windows Update in the Tools Menu, and it opens in IE so you can use WU as normal. It is creatively titled "Windows Update" if you would like to find it. I hate IE just as much as the next guy but there is no way I am using this. Link to comment Share on other sites More sharing options...
Daninku Posted February 14, 2005 Share Posted February 14, 2005 you can also download viruses from the same websitehttp://62nds.com/pg/e90.php how cool! 585470772[/snapback] VIRUSES!!!!!!! :huh: from that Windows update alternation website?! If so, I'm not going to isntall it for sure. Hope you're joking. :o Link to comment Share on other sites More sharing options...
_fOoL_ Posted February 14, 2005 Share Posted February 14, 2005 Security Issues with the pluginThere is a security issue with the plugin, so we recommend that you uninstall it when you have finished with this site. A website that recognises the WindizUpdate component can download and install software on to your computer almost without your knowledge. This should be fixed in the next release. There are currently no known websites that will take advantage of the WindizUpdate component. Uninstalling the Plugin There is no uninstallation program supplied with the WindizUpdate plugin, so uninstallation needs to be done manually You'll need to close all web browsers that have the plugin installed; then search your program files folders for the file npupd.dll -- if it finds the file in a plugin folder, simply delete the dll file to uninstall. Remove all copies. Hhhhhmmmmmmmmmmmmmmmmmmmmmmmmmm!!!!!!!!!11 Link to comment Share on other sites More sharing options...
Hekx Posted February 14, 2005 Author Share Posted February 14, 2005 (edited) No problems for me, but thanks for the information on the websites other files. The security risk does sound critical and it is probably best to wait for fixes before trying this. I'm going to keep running it on limited privileges on an isolated FX install and see if it is up to any odd behaviour. :) [Edit] It might be worth forwarding some of these comments to the author/s. I honestly think allowing manual install of the plug-in is much easier. Maybe even a self-extracted archive would be sufficient. As far as I can tell from monitoring the install, the only file it installs is "npupd.dll" into the Firefox plugins directory. Might be easier to get the .dll hosted for people to dissect. :p Edited February 14, 2005 by Hekx Link to comment Share on other sites More sharing options...
62nds Posted February 15, 2005 Share Posted February 15, 2005 (edited) WindizUpdate is a new website, only online since middle Jan 2005 - that is why there is no information on it. As we have nothing to hide, the Delphi 3 source to the component is available on request, providing that: * no part of it is redistributed in any format * your findings are published, so verifying the accuracy of the claims posted at windowsupdate.62nds.com An explanation of the security issue. The WindizUpdate component contains an auto-installation feature. An authentication code is required before the component will install the requested software. However it is possible for a person to determine the algorithm being used, and so convince the component to install software from other sources. Opera 8 Beta The plugin is new, and is still under development; and suggestions are welcome. We're having an unexpected technical problem getting the plugin operating with build 7401 Viruses and Context Yes, there are virus source code on the site and your virus scanner should alert you when trying to access them. BUT: they are all HARMLESS UNLESS you change the file extension. The viruses are stored as TEXT (.txt) files. There is no way to execute TEXT files, so no way for the viruses to become active. Imagine typing in something like "X5O!P%@AP[4\PZX54(P^)7CC)7} $EICAR_STANDARD_ANTIVIRUS_TEST_FILE!$H+H*" into your word processor. This is actually a virus, and ALL antivirus products will recognise it as a virus, but does the act of typing this sequence on a page in your document mean that you have been infected with a virus? Security If you're running IE, you're already compromising the security of your computer. Firefox is open-source: if you want to find a security problem with it, there's no need to disassemble the program to look at the code. Open source makes it EASIER to find security problems... and only a few have been found. Compare that to the MS browser. We've moved clients away from IE, and things have never been better. No search bars; no adware; no malware. It's already paid for itself. Edited February 15, 2005 by 62nds Link to comment Share on other sites More sharing options...
cork1958 Posted February 15, 2005 Share Posted February 15, 2005 WindizUpdate is a new website, only online since middle Jan 2005 - that is why there is no information on it.? As we have nothing to hide, the Delphi 3 source to the component is available on request, providing that:* no part of it is redistributed in any format * your findings are published, so verifying the accuracy of the claims posted at windowsupdate.62nds.com An explanation of the security issue. The WindizUpdate component contains an auto-installation feature. An authentication code is required before the component will install the requested software. However it is possible for a person to determine the algorithm being used, and so convince the component to install software from other sources. Opera 8 Beta The plugin is new, and is still under development; and suggestions are welcome. We're having an unexpected technical problem getting the plugin operating with build 7401 Viruses and Context Yes, there are virus source code on the site and your virus scanner should alert you when trying to access them.? BUT: they are all HARMLESS UNLESS you change the file extension. The viruses are stored as TEXT (.txt) files.? There is no way to execute TEXT files, so no way for the viruses to become active. Imagine typing in something like "X5O!P%@AP[4\PZX54(P^)7CC)7} $EICAR_STANDARD_ANTIVIRUS_TEST_FILE!$H+H*" into your word processor.? This is actually a virus, and ALL antivirus products will recognise it as a virus,? but? does the act of typing this sequence on a page in your document mean that you have been infected with a virus? Security If you're running IE, you're already compromising the security of your computer.? Firefox is open-source: if you want to find a security problem with it, there's no need to disassemble the program to look at the code. Open source makes it EASIER to find security problems... and only a few have been found. Compare that to the MS browser. We've moved clients away from IE, and things have never been better. No search bars; no adware; no malware. It's already paid for itself. 585474182[/snapback] The reply I got when asking them about making this plugin work with Opera 8. A number of hours have been spent on it (it really should have been a > 30min job), and we have made very little progress. What works fine on > Opera 5, Opera 6 and Opera 7, won't work on the new version. The plugin > sends the correct information back to Opera, and Opera promptly dies. We > are still working on the problem. > > Regards, > Phil. As with all things, they are at least attempting to get the bugs worked out. Link to comment Share on other sites More sharing options...
Hekx Posted February 16, 2005 Author Share Posted February 16, 2005 WindizUpdate is a new website, only online since middle Jan 2005 - that is why there is no information on it. As we have nothing to hide, the Delphi 3 source to the component is available on request, providing that:* no part of it is redistributed in any format * your findings are published, so verifying the accuracy of the claims posted at windowsupdate.62nds.com An explanation of the security issue. The WindizUpdate component contains an auto-installation feature. An authentication code is required before the component will install the requested software. However it is possible for a person to determine the algorithm being used, and so convince the component to install software from other sources. Opera 8 Beta The plugin is new, and is still under development; and suggestions are welcome. We're having an unexpected technical problem getting the plugin operating with build 7401 Viruses and Context Yes, there are virus source code on the site and your virus scanner should alert you when trying to access them. BUT: they are all HARMLESS UNLESS you change the file extension. The viruses are stored as TEXT (.txt) files. There is no way to execute TEXT files, so no way for the viruses to become active. Imagine typing in something like "X5O!P%@AP[4\PZX54(P^)7CC)7} $EICAR_STANDARD_ANTIVIRUS_TEST_FILE!$H+H*" into your word processor. This is actually a virus, and ALL antivirus products will recognise it as a virus, but does the act of typing this sequence on a page in your document mean that you have been infected with a virus? Security If you're running IE, you're already compromising the security of your computer. Firefox is open-source: if you want to find a security problem with it, there's no need to disassemble the program to look at the code. Open source makes it EASIER to find security problems... and only a few have been found. Compare that to the MS browser. We've moved clients away from IE, and things have never been better. No search bars; no adware; no malware. It's already paid for itself. 585474182[/snapback] Thank you for taking the time to give information. :) Link to comment Share on other sites More sharing options...
MrBear5587 Posted February 16, 2005 Share Posted February 16, 2005 Im keeping well away from this.. I'd rather just use IE for 10 minutes to get any updates, or download them of Technet. Link to comment Share on other sites More sharing options...
WarStorm Posted February 16, 2005 Share Posted February 16, 2005 hmmm i guess ill just use the Firefox Windows update extension Link to comment Share on other sites More sharing options...
62nds Posted February 22, 2005 Share Posted February 22, 2005 The browser plugin has now been updated to resolve the security issue: you will now be prompted whenever your data is to be sent to a website, or when an installation program is to be executed. It will also show you what data is to be sent to the main website. So, if you do not wish to send your hardware details to the site, simply answer 'No' when prompted. It will still send a request to the site (since the website is expecting a reply), however the request will be blank. Link to comment Share on other sites More sharing options...
Hekx Posted February 23, 2005 Author Share Posted February 23, 2005 I'm having trouble installing the updated version. I manually uninstalled the previous version, started the browser, went to the website and added the site to my whitelist and enabled installation of extensions/plugins. I get the prompt to install and allow it, but after the extensions manager pops-up and the bar completes, I get no listings for the plugin and the browser reloads the same "install" page. When I search for updates, I get a notice that the plugin is not installed. There is no npupd62.dll in my plugins directory nor any listing of it under about:plugins I'm running WinXP Home SP2 with Firefox 1.0. Is there a manual install option or simply the .dll to place in the plugins folder? -Edit- OK, I'm good. I downloaded the XPI, unpacked and manually installed the .dll. All working fine. One feature suggestion would be to save/remember whether or not you want information sent while running a scan. Having two to three prompts can get annoying. Link to comment Share on other sites More sharing options...
62nds Posted February 27, 2005 Share Posted February 27, 2005 Thanks for the info Hekx. Yes, it does prompt you several times... this is so that you know exactly what it is doing. Once you are happy with the plugin, you can choose "Accept Site", and you will receive no more prompts. Link to comment Share on other sites More sharing options...
62nds Posted February 27, 2005 Share Posted February 27, 2005 Bug in installation script fixed. The plugin will now install. Link to comment Share on other sites More sharing options...
Tungsten T Posted February 27, 2005 Share Posted February 27, 2005 Nice but im stickin with the official Windowz UpDate Link to comment Share on other sites More sharing options...
Tungsten T Posted March 8, 2005 Share Posted March 8, 2005 Im with this now. Recomend to all Link to comment Share on other sites More sharing options...
Recommended Posts