cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Anussia
Blue Screen Again
Posts: 34
Registered: ‎03-01-2017
Location: US
Views: 358
Message 1 of 9

System Update - a real gain?

I wonder if actually System Update is not decreasing system security by introducing vulnerabilities which hadn't been existing without System Update installed. How are common observations in this matter let's say last 12 months?

EyeDeeNo
WWAN
Posts: 212
Registered: ‎02-06-2017
Location: US
Views: 333
Message 2 of 9

Re: System Update - a real gain?

Three threads on the same subject?

 

First thread: Open gates for Lenovo System Update

How to open Windows Ransomware Protection Controlled Folders Access' gates for Lenovo System Updates?

What are the executables running in context of System Updates and which app paths have to be added to  CFP's  list of exceptions?

 

I use a paid AV that does a better job with regard to ransomware protection.

 

Second thread: System Update hits accuracy

Let's say in last 10 months how good was the rate of System Update found update hits?

Lot of missed updates observed in that period?

 

And this thread.

 

But anyway, I have stopped relying on System Update and Vantage app a while ago found going to Lenovo's support product page for my device a much better option and I check the page everyday as it is easy to have it bookmarked in the browser.

I still keep System Update and Vantage installed, IDK why bc they're small and would it be a Lenovo computer without them ha-ha.

 

Guru
Posts: 724
Registered: ‎01-04-2018
Location: US
Views: 317
Message 3 of 9

Re: System Update - a real gain?

System updates consist of several different parts. There are security updates, which update Windows Defender with the latest malware information and patch vulnerabilities.

There are feature updates, which likely wont introduce a vulnerability since they're just features, like the new Windows Key + V copy and pasting feature which is super useful. It's not likely that there's going to arise some vulnerability from this.

Then there are firmware updates. This is where it's most likely a vulnerability may arise. If the firmware is newly created, it may have some vulnerability not discovered yet. However, the chances are minimal. The chances of being hacked even if there is a vulnerability is minimal, why? Read on.

Lets say I'm trying to find a vulnerability in Windows. They just released a new update, and I'm going to try and find a way. A few months later, "Aha! I've made significant progress, now I only have to bypass the... Oh no.. they've released another update. The vulnerability I was targeting either doesn't exist anymore or wont give me the access I wanted because of restructuring.. NO!!"

NEW vulnerabilities require someone to look at the update and find it to exploit. If there were no updates, hackers would have all the time in the world to find vulnerabilities in a never changing system.

It's impossible to create a completely safe system. But finding a vulnerability is like trying to solve a complex puzzle. If when you're piecing it together the design of the puzzle suddenly changes, you have to start over! This is why the vulnerabilities usually found and talked about are things that exploit certain aspects that have been around for YEARS.
Anussia
Blue Screen Again
Posts: 34
Registered: ‎03-01-2017
Location: US
Views: 296
Message 4 of 9

Re: System Update - a real gain?

I wonder how can one treat those three as same subject. The fact all them address Lenovo System Update still doesn't mean it is the same subject. I one carefully reviews the question(s) asked in each one will see these are three different problems. For comparison there are plenty of threads here addressing

Anussia
Blue Screen Again
Posts: 34
Registered: ‎03-01-2017
Location: US
Views: 290
Message 5 of 9

Re: System Update - a real gain?


@EyeDeeNo

 

But anyway, I have stopped relying on System Update and Vantage app a while ago found going to Lenovo's support product page for my device a much better option and I check the page everyday as it is easy to have it bookmarked in the browser.

I still keep System Update and Vantage installed, IDK why bc they're small and would it be a Lenovo computer without them ha-ha.

 


That's the approach I started with directly past Lenovo machine got delivered. However it generates high level of efforts to be conducted manually. Manually performed process is not current state of the art and highly prone to errors. Resources needed for doing that job I prefer to charge with less automatable tasks. Therefore appx. 1 year ago me switched to tool-supported update process.

Anussia
Blue Screen Again
Posts: 34
Registered: ‎03-01-2017
Location: US
Views: 288
Message 6 of 9

Re: System Update - a real gain?

Thanks for nice feedback. However I cant see it addresses the question raised. Asked question does not mean that System Update alternative comming into consideration is no updates at all.

Guru
Posts: 724
Registered: ‎01-04-2018
Location: US
Views: 250
Message 7 of 9

Re: System Update - a real gain?

Not sure what you're getting at. Updates are good (when you don't hate them).

Look at Windows XP/Vista. Just using one of those puts you at a MUCH greater risk. Again, NO system is perfect. These older systems haven't received updates, so the latest versions of them haven't changed in years, and there are vulnerabilities which have now been discovered in them because the structure hasn't changed; people have had all the time in the world to look for and exploit all the little things in these older systems because of that.


Even right now there are vulnerabilities is ALL devices. Updates will patch the ones that are found by "white hat" hackers.

So NOT updating SECURITY features is not smart. There's no alternative as I see it. You either update or you don't.

Anussia
Blue Screen Again
Posts: 34
Registered: ‎03-01-2017
Location: US
Views: 218
Message 8 of 9

Re: System Update - a real gain?

Sorry for that lack of argumentation for question raised. Lenovo System Update is simply a piece of software each other software of any kind is. Lenovo System Update is simply built by human as each other software. Therefore there is certain potiential to show vulnerabilities as in case of each other software. I wonder if Lenovo SU's intended functionalities overweight the decrease of system security by all vulnerabilities it is drawn by.
Guru
Posts: 724
Registered: ‎01-04-2018
Location: US
Views: 201
Message 9 of 9

Re: System Update - a real gain?

You mean the software itself? There's no vulnerability in the software. Or I should say, there's no reason to look for one. The only way to use the software to your advantage is to either hack Lenovo themselves and change the files which the updater looks for (which would be extremely difficult), or hack the software when you've already gotten access to someone's computer (which would be completely pointless). If you already have access to the computer, then you don't need to exploit any vulnerability in that software.

And most hackers are looking for vulnerabilities that'll allow them to target a good chunk of people. Company specific vulnerabilities are never what hackers look for. Finding a vulnerability in Windows 10 is a lot better than finding one in Lenovo software.

Understand that just because there's a vulnerability, doesn't mean that exploiting it would do you any good. A vulnerability in the Operating System is what they're looking for.

Check out current deals!


Shop current deals

Top Kudoed Authors