Although it seems people are keeping their Windows machines patched, the third-party applications are another issue. My family members still aren't adhering to the safe-browsing advice that I gave them so each "repair" is normally a complete OS wipe and reload.
After being asked to "fix" two laptops in a row with physically damaged DVD drives, I went ahead and dedicated a thumb drive to the Windows 7 install media. The process is simple and it actually speeds up the installation process. You also aren't dependent on potentially broken hardware.
The first step is to download the tool from Microsoft and install it. Next find a suitable USB drive that is at least as large as the installation DVD. Then, choose the source iso file and select USB device. Once the process is started, you will be presented with:
Once it is done, you will have a USB drive that you can use to reinstall or repair broken Windows 7 installations.
Another trick to speed up post-installation tasks is to use Ninite to create a single installation executable. If you haven't used Ninite before, its extremely easy. Just browse to the website and select the software you want to install:
Also, you can use Ninite for another purpose as well. Last year, I renamed the Ninite binary to updates.exe and left it on the user's desktop. I asked them to run it with admin credentials every few weeks. Although Windows Update was working properly, no one was patching anything else.
This year, I took it a step forward and created a task to run the updates.exe for them. Now they will be prompted for credentials every once in a while (possibly increasing social-engineering risks), but at least they will hopefully be better protected from client-side attacks.
First I copied to the updates.exe to the 'c:\Windows\Tasks' folder to secure its permissions. Then I created a task to run it every two weeks named "updates" with Schtasks:
schtasks /create /sc weekly /mo 2 /tn updates /tr c:\windows\tasks\updates.exe /rl highest
To test that the task is working properly:
schtasks /run /tn updates
The Ninite exe will only download applications that are either not installed or out-of-date.
Finally, Secunia's Personal Software Inspector (PSI) supports auto-updates for many products as well. You can get the install from here and just like Ninite, its free for personal use. It is a great tool which can be used by your non-"computery" friends and family to see what software they need to update. The dashboard is helpful and easy to understand.
I hope these methods equate to less OS installations next year and possibly less infected machines.
-Chris
No comments:
Post a Comment