Be cautious when "Cup" is installed with Win7. Do not forget to update it.

When talking to some colleagues about the installation of Windows 7 RTM final pressure disk version), I specifically pointed out that the Windows system update should be run after the system is installed. Several System Administrators looked at me and said they didn't think it was necessary.

Run Windows Update

When you select the time to install a new operating system, the last thing to do is to check for updates. Of course, I have used Windows 7 for a few months to release the candidate version. Microsoft will install the fix on every monthly patch update Tuesday. Too many vulnerabilities can be exploited by attackers.

Therefore, it is very meaningful to install Windows 7 RTM. After I check the Update time after each installation, I will be reminded that the following two key and four important patches need to be installed:

MS09-54: This security update addresses three of Internet Explorer's secret reporting vulnerabilities and one publicly disclosed vulnerability. If you use Internet Explorer to view a webpage, these vulnerabilities may allow remote code execution.

MS09-055: This security update addresses a secret report vulnerability that is currently being exploited by Multiple ActiveX controls public. If you use Internet Explorer of the instantiated ActiveX Control to view specially crafted Web pages, the vulnerability that affects ActiveX control compilation in vulnerable versions using the Microsoft activity template library may allow remote code execution.

MS09-056: This security update addresses two publicly disclosed vulnerabilities in Microsoft Windows. If attackers obtain access to the certificate used by the end user for authentication, these vulnerabilities may allow spoofing.

MS09-058: This security update addresses many of the secret reporting vulnerabilities in the Windows Kernel. If attackers log on to the system and run special applications, the most serious vulnerability may allow Elevation of Privilege.

MS09-059: This security update addresses a secret report vulnerability in Microsoft Windows. If an attacker sends a maliciously crafted packet during NTLM authentication, the vulnerability may allow dos.

MS09-061: This security update addresses three secret reporting vulnerabilities in Framework and Microsoft Sliverlight. If you use a web browser to view a webpage, these vulnerabilities may allow remote code execution on the client system.

In our conversation, an assistant thought the update was completed automatically. I didn't see this, so I'm glad to manually check Windows updates. Running Manual updates seems easier than fighting malware in a brand new operating system.

Do not forget UAC. Its functions have changed.

In Windows 7, Microsoft changed the way User Account Control UAC works. In this regard, I plan to introduce it in other articles. Depending on your opinion, UAC in Windows 7 can give users more choices or get into trouble.

If you need to change the User Account Control settings, select the user account to enter the control panel, and a new option will be found. There are four settings:

Highest security permission: "Always prompt", equivalent to the default mode of Vista.

Secondary security permissions: This is the default setting for Windows 7. When a non-Windows Executable File requires a higher permission, a prompt is displayed.

Level 3 security permissions: similar to level 3 security permissions. The difference is that you are prompted on the user's desktop, instead of a Secure Desktop.

Minimum security permission: In this setting, all protection functions provided by UAC are disabled.

As an advocate of security, I have to mention that Microsoft has indeed changed UAC. Many security-conscious people prefer "Always prompt" settings. Therefore, they need to adjust the settings. Other users hate UAC and immediately disable it. At least, now everyone is clean.

Last thought

I understand why the software should be released as soon as possible after the delay. But why not automatically run the update process after the installation is complete or at least prompt the user to check for updates.

My friends and I are still discussing the update process. What is your opinion? Will Windows 7 be automatically updated after installation?

"Discovering a vulnerability is good news, not bad news. This means we can do something to improve security. This does not mean that it has been screwed up ." Roger Johnston.