Jump to content

noobie tries frogwalking the hairball ...


Molecule

Recommended Posts

In the course of trying to build a w2ksp4 machine (I'm an NT=Noobie Total -- and I am SO clueless!) (To me, the 98se model is so much more sensible, but let's not go there ...)

In anycase, I naturally started off by comparing the W2K update lists maintained by tomcat, theguy, autopatcher, jcarle, and ryanvm. And naturally, there are differences which I don't understand -- with no insult intended to the HARD work of the listkeepers. (I'm only comparing pre-Aug 07 KBs, since different lists have different cutoff points.)

To try to resolve the differences myself, I decided to TRY to frogwalk the Microsoft update system, from sp4 forward. I'll post the results of my frogwalk through hell as soon as I'm done (assuming I don't go completely crazy before hand!!) I've databased 209 of the 276 known records so far, and I'll have to go back and check early stuff, since I didn't know what I needed to put in the DB when I started out (and still don't!!)

In the process, it seems that I have learned that in order to "secure" LOL! an updated system with most recent supported components installed, I will have to track each version of the following components that is installed -- that is that installation of a higher version (of XML, BITS, .NET, MPcodecs, for example) does not remove open vulnerabilities in the dlls of the prior lower versions, since the dll and reg entries are not removed:--

W2K_SP4

BITS1.2 (=w2ksp4?)

BITS2.0

IE5.01 (w2ksp4=IE5.00.3700.1000)

IE6 (SP1=IE6.0.2800.1106)

OE5.5 (w2ksp4=OE5.50.4807.1700)

OE6 (IE6SP1=OE6.0.2800.1106)

XML 2.0 (=w2ksp4?)

XML 3.0 (=ie6?)

XML 4.0

XML 6.0

DirectX 7 (=w2ksp4?)

DirectX 9c

WMP 6.4 (=w2ksp4?)

WMPcodec 6 (=w2ksp4?)

WMP 9

WMPcodec 9

MDAC 2.5SP3 (=w2ksp4?)

MDAC 2.8sp1

.NET FW 1.1 (=w2ksp4?)

.NET FW 2.0

UpdateAgent 3.0

Installer 3.1

Can anyone confirm or advise on this list -- am I missing any? -- going too far> (no need to answer that one!)

1. My biggest noobie question concerns IE5. When IE6SP1 is installed (by hfslip/nLite cabs, or by exe manual), do the old reg hkeys and hdd dlls for ie5.01 get removed? In other words, if I install ie6sp1, (a) do I still have to manually remove ie5 first, or (b) do I have to maintain updates for vulnerabilities for ie5 as well, since its dlls and reg keys are still in the system?

Has anyone ever confirmed that ie5 is totally removed, when ie6sp1 is installed?

2. It looks like the other components build upon each other, so that xml(n) requires installation of xml(n-1), etc. If that is wrong, this is one clueless noobie, tangled up in a monopolistic hairball bigger than any sane person could ever imagine, who would sure appreciate some guidance. (Now that I've sunk my teeth into this task, I'm not pulling out now -- just need some guidance ... on frogwalking the update hairball ... or should I say moonwalking it?)

TIA ...

Edited by Molecule
Link to comment
Share on other sites


ACK! WHOA!!

Okay, first thing's first.

HFSLIP is a slipstreamer that replaces older DLLs of the same name with newer ones.

So, imagine if a vulnerability exists in the TCP/IP stack of your Windows 2000 SP4.

You will address it by downloading the appropriate hotfix, in this case 951748, and put it into the HF directory.

Now, once HFSLIP runs, your TCPIP.SYS file will be 5.0.2195.7162, which is the latest, and you don't have to worry about any other vulnerabilities of earlier versions. You don't need to track versions of components, though.

Just follow the Win2k update list, the official one for HFSLIP, and it's as simple as this: only put in to HF what we tell you! :thumbup If a new hotfix replaces an old one, the old is removed from the list.

Internet Explorer 5 is entirely replaced by version 6 when you use HFSLIP to slipstream 6. I can't really link anywhere else as a source for that claim, because honestly, no one knows more about IE 5 and IE 6 than the guys here in this subforum :sneaky:

The same is the case for every other component. Let's even take DirectX 7 as an example. DirectX 9c not only replaces all of the 7 files, it also adds a bunch of them, so version 7 is totally replaced. If an older DLL never gets installed, it's registry entires don't, either (except for one single DX 7 key in one of the HIVE* files, but I don't want to get too far off topic).

I will address the others I haven't so far off the top of my head:

BITS1.2 (=w2ksp4?) correct, it's in 2ksp4

BITS2.0 subsumes earlier version

IE5.01 (=w2ksp4) correct, and it's patched by monthly hotfixes

IE6_SP1 subsumes earlier version

OE5 (=w2ksp4) correct, and it's patched by monthly hotfixes

OE5_SP3 No, it's OE6 SP1, technically, and this is also patched on a monthly basis

XML 2.0 (=w2ksp4?) Yup

XML 3.0 (=ie6?) No, not particular to IE6, but included in the Post SP4 Rollup

XML 4.0 May be installed separately and does not replace 3

You are correct in surmising that XML 5 isn't specific to Win2k, but rather came with MS Office

XML 6.0 May be installed separately and does not replace 4

Details on MS XML packages and versioning information

DirectX 7 (=w2ksp4?) Correct

There was a DirectX 8 for Windows 2000, and even hotfixes for it, but let's not even go there

DirectX 9c subsumes version 7 and 8

WMP 6.4 (=w2ksp4?) Correct

WMPcodec 6 (=w2ksp4?) Correct

WMP 9 Does not totally replace version 6.4, but don't worry about it

WMPcodec 9 Does not totally replace version 6.4, but having earlier codecs is fine

MDAC 2.5SP3 (=w2ksp4?) Correct

MDAC 2.8sp1 subsumes earlier version

.NET FW 1.1 (=w2ksp4?) Does not come with Win2000

.NET FW 2.0 Is totally optional

UpdateAgent 3.0 This replaces the Automatic Update in win2kSp4, but not all of the DLLs.

Installer 3.1 This is an add-on that is necessary and nothing quite like it came with Win2k

I hope I've answered your questions!

Edited by fdv
Link to comment
Share on other sites

thanks! fdv

that helps alot. when I found out that xml4 doesn't replace xml3 .net2 doesn't replace .net1.1, etc., i grew suspicious of my ignorance, and began to wonder whether or not some (or all) of the other components were upgraded the same way. I rooted around MS for hours, and frankly only got more frustrated. wikipedia was some help, but it's nice to have a confirmation.

in general then, "slipstreaming an update" means replacing an old version dll with a higher version dll, with the same name.

but that also means that installing a new version wouldn't necessarily pull old-version dlls off the system. since they are no longer used, they in effect become "sleeper dlls," which lie outside maintenance scruteny. we have registry cleaners to remove hkeys that point to no dlls, but I don't know of any utility to remove sleepr dlls that aren't protected by a registry key (?) as you suggested, if there is any forum on the planet that would have focused on this and nailed it down, this is it, so I should stop worrying ...

(When I took my first class, in the early 60s, using Fortran version 0.1 beta back when, (lol), one of the first things we were taught about was about memory rollovers. (the computer was itself as big a small room -- it was an IBM ??? -- and memory was a huge 8-bits!) for one of our first lab exercises, we had to program an overflow, using punch cards and paper tapes, and submit a report analyzing the result ... Although today's click and go culture is quite different, the overflows are the same, as are the illusory "profits" from monopoly, universal humiliation by false accusation, and programming lackadaisia. The predicates of this whole multimedia-push culture are the biggest learning curve for me.)

thanks, again.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...