The way Windows does updates needs to change

[BYTE-ME]

One of the most problematic pieces of tech advice, which is given in knee-jerk fashion by nearly all technology columnists, is to "update your software." However, hackers are constantly innovating faster than tech companies can create solutions to stop them, including this month's Log4j flaw. In addition, software updates have been fingered as the culprit in a number of hacks including  the famous Solar Winds attack that hit more than 100 supposedly sophisticated business and tech companies  Software updates also often create new compatibility issues such as this Windows 10 update that created printing errors that Microsoft took weeks to fix. I've finally ditched all of that madness and disabled all updates as well as Windows defender, not only to avoid the problems I've mentioned but also to lessen telemetry and the data traffic MS wants to extract from my PC. Now I simply make backups of my clean, working OS, and put those backups on my NAS and in the cloud. That way if I'm hacked I can restore a working operating system, and wait until updates have been fully tested and vetted by MS users and then download those directly from MS's servers.  It's not an ideal solution but I just have had it with software vendors having remote access to modify my PC. Just my two cents.

Edited December 13, 2021 by BYTE-ME

[Tripredacus]

Log4j might be another issue entirely. One in which the vulnerability was known years ago, but the fixes seem to have been to fix the particular attack vectors that have been published. It seems that the 3 people who work on that particular portion only really lept into action once the exploit was made (in)famous on Minecraft especially server instances. It seems all of these are relevant to the current CVE as they are all about doing the same thing but using different vectors. But who knew you could just paste a string into the Minecraft console and get it to work.

https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645

https://www.cvedetails.com/cve/CVE-2019-17531/

But auto updates is always a bad thing, especially those programs that update to incompatible versions. In regards to modern Windows where disabling updates is more of a pain, I've recently been experimenting with blocking all Microsoft IPs/domains on a firewall and it seems to work alright. The obvious issue is that some websites can no longer be used, but I am doing this for 10 interfaces.

[BYTE-ME]

@Tripredacus. I just did a deep dive into your remote code links. Wow, what a mess. I found that stopping unnecessary services and blocking executables from communicating with the Internet with my firewall has almost shutdown all that automated garbage, at least according to Wireshark and Process Hacker. I'm modifying my router logs to make them spot more grandular activity and will watch those to make sure I'm making headway. But, like I said, it's an endless arms race trying to stay ahead of malware. Keeping my fingers crossed. 

Edited December 15, 2021 by BYTE-ME