Sweet Windows security widget!!!
Major geek-fu with this one...
Let us say that you are building a windows system from scratch and you then connect it to the internet to download all of the 60+ security patches. The problem is that while you are connected and downloading, your system will be vulnerable to attack before the patches are installed.
This utility allows you to download a stand-alone CD-ROM with all of the security patches for a given platform (W2K, XP and W3K Server) and this can be done from any system -- specifically, a system that has been recently patched.
The utility then creates an ISO image that you burn to a CD-ROM. Alternately, it can create an ISO on a DVD with all three operating systems -- a handy item for your traveling IT toolbox.
Check out
heise Security and their DIY Service Pack:
Installing Windows updates without an internet connection
Looking for manageable Windows updates even without an internet connection? Our offline update 3.0 script collection downloads the entire body of updates for Windows 2000, XP or Server 2003 from Microsoft's servers in one fell swoop and then uses them to create patch packages on CD, DVD or USB stick. Those in turn allow you to update as many PCs as desired.
Have you installed Windows Windows XP fresh from the original CD and then headed over to the update website lately? If not, be ready for an unpleasant surprise. For a system running XP Service Pack 2, the website recommends that you download 60 updates at an overall data volume of around 40 MBytes. And don't forget: that number keeps growing with each Patch Tuesday, as the monthly event of new patches released each second Tuesday of the month has been dubbed.
For its part, the Redmond crew doesn't see the update flood as any reason to rush the release of a third Service Pack for XP - all indications are that any potential SP3 would come out in the second half of 2007 at the very earliest. For better or for worse, until that next service pack does roll off the assembly line, users will have to connect their PCs to the internet to bring their OS up to date.
The update dilemma
Anyone installing Windows fresh from a CD or who acquires a PC with a preinstalled instance of Windows is in a tricky situation: to protect the machine against the various dangers of the internet, one must first install all current security updates to plug the countless holes in Windows and Internet Explorer. To fetch a copy of the updates, however, Microsoft requires that your computer be connected to the internet.
That is risky: anyone using a slow modem to surf the net will have to wait several hours until the 60 updates - some 40 MB in all - dribble their way through the connection. In the meantime, one visit to a rigged website is enough to let a bug get a crucial first toehold in the machine.
The situation is particularly precarious for Windows 2000 and Windows XP without Service Pack 1, as these versions have no built-in firewall and hence are helpless against the omnipresent worms circulating on the internet. A virgin system of this kind brought online can be compromised before you can even install a security update.
Serious geek fu! The only possible issue is that the utility creates an administrative account while it is operating (it deletes it when it is finished) but someone having physical access to the computer while this utility is running could create a backdoor account of their own without you knowing. Don't start the utility and then leave for lunch.
Posted by DaveH at December 15, 2006 11:36 AM