Computer Hope

Software => Computer viruses and spyware => Topic started by: ALAN_BR on November 03, 2008, 11:03:00 AM

Title: Security Patch software Download junk - can I help it go away ?
Post by: ALAN_BR on November 03, 2008, 11:03:00 AM

Before I permit a Patch Tuesday update I clean out old files I no longer need, and archive a disk image just in case their fixes damage my system.

Once the Patch is installed and still works after a few reboots I would like to archive another disk image.  Unfortunately I can only fit 22 images on my external drive, so I have to wait a week or two for Windows to clean up after itself and purge several hundred MBytes dumped by the update in C:\WINDOWS\SoftwareDistribution\Download\

I do not understand why it is not purged immediately it has been installed.

How can I speed it up ?
Would I be lucky if I disconnect from Internet time sources and set the date forward one month and reboot the computer a few times ?
And how many times should I reboot.

The above is something which generally annoys me every month.

Additionally, a specific annoyance that his broken this camel's back :-

A few days ago M.$. announced an emergency patch fix to deal with a new threat that could install itself, but unlike anything previously known this threat could install without any user interaction.

I now find that they modified the code 14 August, and downloaded 16 different version and variants.  There are 4 different executables held in :-
C:\WINDOWS\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR
Focusing on just one of them :-   ntoskrnl.exe   2,189,184   14/08/2008 16:11:10
this also appears with the same date but different sizes and times in sister folders ...\SP3QFE and ...\SP2GDR and ...\SP2QFE

The ...\SP3GDR version has been installed in C:\Windows\system32.
"Spare" copies are also in C:\Windows\system32\dllcache and C:\Windows\Driver Cache\i386.
Why so many "spare" copies ?

The ...\SP3QFE version has been copied to C:\WINDOWS\$hf_mig$\KB956841\SP3QFE
Why ?
Is this Plan "B" ready for when Plan "A" breaks the system, or ready for when hackers defeat Plan "A" ?

I assume that ...\SP2GDR and ...\SP2QFE are for people who have not progressed beyond SP2.  What about people who stuck at SP1 - are their defences to be left wide open ?

In addition to ntoskrnl.exe, there are also ntkrnlpa.exe, ntkrnlmp.exe, and ntkrpamp.exe.

Finally, I observe that earlier versions of ntoskrnl.exe also appear in
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE and KB929338 and KB931784.
These 3 are dated 2005, 2006, and 2007.
Is it my responsibility to purge Hot Fixes, and how long should I retain Hot fixes before purging ?

Regards
Alan