Hey all…. I go by the handle of “antibotnet @ yahoo.com” at Yahoo Answers > Security. Here is a new question I am blogging as answer contents are pretty standard ven as a “form answer” for these type standard questions you meet over and over again, all slightly different:
Should I disable updates then update programs when necessary?
“I’m a rookie network administrator. I sysprep my machines twice a year on a schedule. I’m thinking this time I should lock down the usual but also disable all updates from all software and Windows 7. When an update comes along that is worthy I can then update the machines individual. Last time I used GPO it uninstall all the programs instead of installing them. Very odd. I’ve heard it is “unsafe’ to not always update your OS but I’m thinking almost everything were using is web-based. What do you all think?
Note: I will always let AVG update. ”
This is very specific to your network usage in security and allowances. Anywhere from a Home Network all the way up to Home/Small Business (and anything in between) is indicated and you were not specific. Generally, I don’t know anyone that would give away this type consultation for free, as generally IT Security et al freelancing can start with a preliminary environment evaluation at price, (which is what I do) adding hourly flat fee starting at $150.00 and then a contract price for specific services rendered — which is apparently what you are seeming to ask for free – a Preliminary Environment Evaluation, or onsite impression of existing set up.
TIP: Basically as far as computer security, the general recommendations are all things up to date all the time. Security Updates are not eye candy. They are for specific necessary defense which left undone can cause a liability for you personally according to whatever the network usage is. SEE the infamous JiffyLube case whereby they were held responsible. That should put you in the right frame of mind and away from bad disingenuous advice.
TIP: Windows Updates have historically not been found at fault at all when applied when some programs/softwares may have been “broken”. This has been historically the software creator(s) fault – NOT Microsoft Windows Updates. That is one example of less than acceptable IT people that ignorantly always chronically blame Microsoft for all the “woes” that are, in reality, virtually always self made or lax third party softwares faults.
TIP: Security wise – ALL softwares are to be up to date ALL the time with vendor updates. Secunia PSI is excellent. Installed softwares are a “SOFT TARGET” for cyber criminal crimewares now to gain entry into the system or network.
Have Hardware Firewalls been activated additionally – and as well in modems ?
NOTICE: Security Updates via Windows Updates are ONLY sent out each Second Tuesday of the month (if any, usually are) which has been dubbed “Patch Tuesday”. If there is an Emergency Patch such as for a new “zero day threat” – these are issued as soon as ready – immediately – as an “OUT OF CYCLE PATCH” as an emergency patch.
IMPORTANT: It is difficult to determine your “twice yearly” updating mentioned as you did not give specifics. Try and be very particular and clear about items with detail. If you meant Windows Updates – well as you can see, and as you mentioned, you are definitely a “rookie network administrator ” as you say and the PCs in network are most likely in severe need of upgrading immediately.
If you meant OS (operating system) Upgrades twice yearly – that does not make sense as these Upgrades have been the releases of XP, Vista, Windows 7 and then 8 – as example and years apart, not occurring ” twice yearly”.
ADVICE: Considering cyber events as corporate “Blended Threats” , CEO type Phishing targeting, bots, I would re-evaluate your “security solution” mentioned as bi-yearly patching and AVG Business. There are a good handful of products well above in quality and documented defense such as Trend Micro for one. You can be polite to a mutt – but will it defend you as completely as a well trained thorough bred ? Or run away squealing and yelping ?