WGA vs AutoPatcher.

[timeruner]

Raptor i have a suggestion that I hope makes sense, is it possible for you and the team to just create the Modules for all the latest security updates and then everyone manually download the latest security updates themselves, and have it set up that AutoPatcher or the Modules automatically slipstream the latest security updates with the last release of AutoPatcher?? that way you are not redistributing the updates yourself,you are only providing a way for everyone to slipstream the updates. for example, if I have the latest version of AutoPatcher on my computer, the only thing I would have to do is download the latest security updates and download your Modules, slipstream everything, and burn it to a CD. ps. I would try creating Modules myself, but that is beyond my knowledge.

[akaladis Veteran]

^ Yes, Gandolas messaged me on MSN about doing this. I think it's a great idea, until we solve the WGA/AP issue. It could serve as a nice tutorial too.

[ajschwab2004]

so your only gonna have links to the latest updates until this thing gets solved taht stupid?

[BigCheese]

Just carry on as usual. If Microsoft sends you a letter about AutoPatcher circumventing WGA, then you can try your best to comply with WGA.

[+M2Ys4U Subscriber¹]

indeed. Anything but carrying on is stupid IMO.

[evl422]

Is it just me or is there not even a prompt to check for WGA if you just manualy download the latest security patches from the Microsoft site?

(e.g. http://www.microsoft.com/technet/security/...n/MS05-038.mspx )

I only use the Lite version of Autopatcher so the only thing I'm aware of that might need WGA (but I don't use anyhow) is the Microsoft anti-spyware program.

So long as Microsoft aren't enforcing WGA on their own site, I don't see the problem with Autopatcher continuing? (And I'm sure somewhere I read that Microsoft have no intention of enforcing WGA on (critical?) security updates).

I don't want to see the Autopatcher team getting into any trouble over WGA, but I just don't see that it's an issue the way things are on the microsoft site right now? (i.e. you can get the updates from microsoft without any kind of hacks, cheats or whatever dubious methods you want to mention).

[DarkCircuit]

Is it just me or is there not even a prompt to check for WGA if you just manualy download the latest security patches from the  Microsoft site?

(e.g. http://www.microsoft.com/technet/security/...n/MS05-038.mspx )

I only use the Lite version of Autopatcher so the only thing I'm aware of that might need WGA (but I don't use anyhow) is the Microsoft anti-spyware program.

So long as Microsoft aren't enforcing WGA on their own site, I don't see the problem with Autopatcher continuing? (And I'm sure somewhere I read that Microsoft have no intention of enforcing WGA on (critical?) security updates).

I don't want to see the Autopatcher team getting into any trouble over WGA, but I just don't see that it's an issue the way things are on the microsoft site right now? (i.e. you can get the updates from microsoft without any kind of hacks, cheats or whatever dubious methods you want to mention).

586373387[/snapback]

In court, this thread alone showing legal concerns, and willingness to co-operate is enough to relax a judge. Carry on. You have not been warned, and MS loves to warn.

[CloudEngineer]

continue as is for now until they say something i mean, its not an impossible feat to get updates from microsofts site without wga as easy as searching file mirrors and downloading takes 20 seconds

and even without that security updates get pushed on your system automatically anyways so i see no need for concern..

[Digitalfox]

continue as is for now until they say something i mean, its not an impossible feat to get updates from microsofts site without wga as easy as searching file mirrors and downloading takes 20 seconds

and even without that security updates get pushed on your system automatically anyways so i see no need for concern..

586374913[/snapback]

That's true, if you switch on Aumatic Updates, even if you have a ilegal copy it will update with all available updates.. ( and yeah i have 2 legal copy's and one illegal ) ;)

[Bob Marley]

I Voted for Continue as usual and pay no attention to Microsoft. :D :D

AutoPatcher Rocks :yes:

[corrosive23]

Whats retarded is that if I download something like WMP I pass the validation test, but WU says my key was not issued by microsoft. WTF?

[mkk]

I am happy not to touch Windows Update ever again, for several reasons. I do not have to have otherwise useless (to me) services enabled, and I do not have to configure my software firewall to stupidly allow the generic svchost service access to the anything. Now what AutoPatcher does is removing the chore of manually seeking out the few hotfixes that I could really need for security reasons. I would not have to go through any validation procedure to get those hotfixes from the source.

But it is certainly wise for a project like Autopatcher to show good face and openly show concern for Microsofts practices, lest a certain lawyer wakes up from his/her lunch nap with too little to do. Because even if Microsoft executives would not mind at all about this projects existence, there are a number of corporate lawyers carrying 'letters of marque' allowing them to on their own accord go after anything that has the slightest potential to work against the intentions of their employee.

Thank you for your valiant work.

PS. Personally I would like to see a light package completely free from 'tweaks'.

Edited August 15, 2005 by mkk

[DarkCircuit]

Welll spoken, agreed with, and utterly true.

[PsiMoon314]

@nw_raptor,

With the spread of live exploits (Zotob et al) for the recent PnP vulrability I would suggest that you start releasing the patches under MS05-039 ASAP :) While you are at it you could do the other August patches also.

I suspect that this one will "mutate" into a version which will work on XP SP2 even with RestrictNullSessions set correctly and the XP SP2 firewall turned on.

Getting these updates out there is only doing Microsoft a favour and I cannot see how they would object to that.

Kind Regards

Simon

[bucko]

Well I think AutoPatcher should continue Windows Update seems slow to me now even on broadband there updates may only be KB's but Windows Update just seems slugish on fully licensed WGA PC's. I don't think m$ will mind AutoPatcher because it offers security to dialup users (they do a CD version right?) and it takes them time to release the latest month ones anyway (no offence to them that is a good thing). So I think we should carry on as normal and don't m$ let you download updates from there download center and automatic updates?

[mossman]

Well I think AutoPatcher should continue Windows Update seems slow to me now even on broadband there updates may only be KB's but Windows Update just seems slugish on fully licensed WGA PC's.

586382281[/snapback]

Yes, I've noticed that as well

[dbpvr]

http://v4.windowsupdate.microsoft.com/catalog/en/default.asp

just go to the above link and click autoupdate at the botom of the list on the left side and you'll get the old ver 4 auto update which never used or uses GAP

duuh MS whats the deal lol

[ph_jon]

I opted for # 4... We must also comply with WGA.

[ajschwab2004]

They can't carry on and bypass the WGA or else they would being warez activites and thats against the rules.

[zendaver]

My two cents, Option 3.

A few other web sites are openly and with good intents providing Windows updates. Several have already been listed earlier in this thread.

For many of the alternate browsers there is this site:

http://windowsupdate.62nds.com/

Another individual patch site:

http://www.softwarepatch.com/windows/index.html

This Microsoft site seems to be a plain, non-WGA way to download patches:

http://download.microsoft.com

(someone else mentioned msdn could be used too)

Someone suggested going to their old update page (didn't try):

http://v4.windowsupdate.microsoft.com/catalog/en/default.asp

What I like the best about AutoPatcher is that I can have my own copy of all the files necessary to bring me up to date. When I get quicktime or acrobat, I keep their install files too. This helps greatly when trying to a full re-install to get me back up to speed with all my preferred goodies. I don't assume that I can just go get it all again later. Just try looking for really old MS software patches, software licenses are generally for perpetual use but the availability of patches seems to end at MS's whim (same for most any other sw company).

If you do get a certain note from Microsoft, I would strongly suggest complying regardless. If nw_raptor is the only one with source code then AutoPatcher has a single snuff-able point of failure.

As another alternative, it may be preferable to be pro-active and release future APs as just a shell of an auto installer with a list of download links to all the patches and where in a directory structure they should be placed. The AP program would need a bit more smarts to compensate for possibly missing modules. It should be easier, faster and smaller to get a release out. And undoubtedly there would be some people that would scrounge up the full set and nicely share via bittorrent. ;-) To help that last case it would be nice if AP could validate the MD5 hash of itself and all the modules. Only a very small monthly core set of AutoPatcher data files would be needed if the base AutoPatcher application continued to be its own download and the users retrieved their own patches (or shared bittorrent).

Thanks nw_rapter, your AP work is appreciated.

[DarkCircuit]

^ I 2nd that.

Your work is appreciated, and this post wins my "most clearly spoken, and true post of the day" award.

[dbpvr]

My two cents, Option 3.

A few other web sites are openly and with good intents providing Windows updates.? Several have already been listed earlier in this thread.

For many of the alternate browsers there is this site:

http://windowsupdate.62nds.com/

Another individual patch site:

http://www.softwarepatch.com/windows/index.html

This Microsoft site seems to be a plain, non-WGA way to download patches:

http://download.microsoft.com

(someone else mentioned msdn could be used too)

Someone suggested going to their old update page (didn't try):

http://v4.windowsupdate.microsoft.com/catalog/en/default.asp

actually MS is dropping WGA till they fix it as its totally hacked now via a patcher that

modifies the LegitCheckControl.dll file and gives perm full access to ALL downloads and auto updates from Microsoft as of 1 Aug (what 3 days after it was mandatory) and as the release group names the protection used by Microsoft "CRAP" LoL

Here's a company that we need to trust for a secure OS and they can't even secure their own anti piracy protection from piracy let alone from important security vulnerabilities roflmao

I mentioned in another post "do you think they are that stupid" well I guess I was wrong they are;))

Edited August 27, 2005 by dbpvr

[Shadrack]

Don't worry about Microsoft until they push something against you.

As for offline users not having these patches available...hmm, considering most of the windows updates are actually security fixes for computers connected to the internet i'm not sure where the problem is.

[+theblazingangel MVC]

@Shadrack, this thread is over a year old now...