Slashdot Mirror

People don't like your posts for several reasons.

1. You compare Apples to Oranges. Specifically a fully-hardened Windows system to an out-of-the-box Linux distro.

2. You're overly sensitive to little criticisms. This is easily seen by the thread you linked to on the PC Pitstop forum. (Side question -- why are you banned from there?)

3. Your childish references to things like "open sores" ranks you right down there with the people who call it "M$". Grow up.

4. You seem to confuse the OpenBSD crowd and their "secure by default / no remote hole in XX years / we are unhackable" attitude with Linux supporters. Though, admittedly, there are fanboys and fanatics in every camp.

5. Some of your indirect links are questionable. For example, from the PC Pitstop forum article you lauded this link on IPSec. http://www.analogx.com/contents/articles/ipsec.htm

I'm unsure how to respond to that other than to say WTF? That has as much to do with IPSec as your post does with ice skating. It is talking about configuring a host firewall and never mentions anything about, well, IPSec!

Finally, one of the main security benefits a Linux system has over Windows is the ability to REMOVE any component that isn't needed. Not just disable, but actually remove it totally.

Custom Linux kernels can be built to support only the hardware on a specific machine. Entire classes of devices, from the printing subsystem to networking can be removed totally. You can't do that with Windows.

Doesn't seem too hard. NetStat Live seems quite reliable. Of course, the ISP isn't going to just roll over if this contradicts their (secret) meter level, but it gives you some idea of what's gong on.

(THIS IS AN AMENDED & IMPROVED MODEL OF MY ORIGINAL PARENT POST FROM HERE -> http://it.slashdot.org/comments.pl?sid=237507&cid= 19408273 )

INTRODUCTION:

Windows CAN be secured very well, but, you have to go thru some "GYRATIONS/EFFORT" to do it, but, it IS doable (but not to any 100% levels, because again - see what I stated last paragraph of mine above).

BACKGROUND & INFORMATION + TOOLS YOU CAN USE TO HELP YOU SECURE YOUR SYSTEM:

Here I am running Windows Server 2003 SP #2, fully current patched by MS update pages, here (I check it every 2nd Tuesday of the month of course, on "Patch Tuesday's"):

http://www.microsoft.com/downloads/Results.aspx?Di splayLang=en&nr=50&sortCriteria=date

It is a personally 'security-hardened' model I have been working on for many years, using principals I learned & used since the NT 3.5x days onward to this version of the OS: As is now?

I score an 84.735 on the CIS Tool 1.x currently as of 06/01/2007!

(For CIS Tool - There are Linux, MacOS X, Solaris, & other OS models ports of this are available too by the way - not really "ports" strictly speaking, they require JAVA to run)

DOWNLOAD URL FOR CIS TOOL (for multiple platforms), from "The Center for Internet Security" here:

http://www.cisecurity.org/bench.html

(IMPORTANT: This tool IS invaluable in guiding you to a more secure OS, on any OS platform really!)

APK 14 STEPS TO FOLLOW TO SECURE YOUR WINDOWS NT-BASED SYSTEM (2000/XP/SERVER 2003/VISTA):

1.) Windows Server 2003's SCW was run over it FIRST (this only exists on Windows Server 2003, not on 2000/XP (you have to install this, it does NOT install by default) first to help security it (SCW = security configuration wizard, & it's pretty damn good believe-it-or-not, (@ least, as as starting point))...

Directions for its installation are as follows:

Start the Add or Remove Programs Control Panel applet.

Click Add/Remove Windows Components.

On the Windows Components Wizard screen, select the "Security Configuration Wizard" check box, as the figure shows. Click Next.

The Windows Components Wizard builds a list of files to be copied and finishes installing SCW. Click Finish.

DONE! Now, run it... it is very simple to use, and will help even TRIM services you do not need running (which saves Memory, other resources, & I/O to cpu/ram/disk etc. AS WELL AS PROVIDING SECURITY should any services you disable turn up vulnerabilities (this has happened before)).

Then, @ that point? I pull ANY Networking clients &/or Protocols in the Local Area Connection, other than Tcp/IP typically (& disable NetBIOS as well, because I don't need it here), on a stand-alone machine that is not dependent on Microsoft's File Sharing etc. on a LAN/WAN. I also disable that too!

2.) Disable Microsoft "File & Print Sharing" as well as "Client for Microsoft Networks" in your LOCAL AREA CONNECTION (if you do not need them that is for say, running your home LAN)!

3.) Use IP security policies (modded AnalogX one, very good for starters, you can edit & add/remove from it as needed) - Download url link is here for that:

http://www.analogx.com/contents/articles/ipsec.htm

(Search "AnalogX Public Server IPSec Configuration v1.00 (29k zip file)" on that page & follow the directions on the page!)

NOTE: This can be 'troublesome' though, for folks that run filesharing clients though. An alternative to this is using IP Ports Filtrations, in combination with a GOOD software firewall &/or NAT

"Remember: the next time someone says Linux is more secure than Windows, remember that things like SELinux and AppArmor really are what make it better, not just because it has a mean looking penguin!" - by CajunArson (465943) on Tuesday June 05, @09:30PM (#19405809)

Agreed, 110%... & the "100% secure" the initial thread post here states that somebody from RedHat stated is possible? ISN'T, no way (what one person can lock, another WILL eventually, unlock - more OR less + new threat types emerge constantly).

Windows CAN be secured very well, but, you have to go thru some "GYRATIONS/EFFORT" to do it, but, it IS doable (but not to any 100% levels, because again - see what I stated last paragraph of mine above).

Here I am running Windows Server 2003 SP #2, fully current patched by MS update pages, here (I check it every 2nd Tuesday of the month of course, on "Patch Tuesday's"):

It is a personally 'security-hardened' model I have been working on for many years, using principals I learned & used since the NT 3.5x days onward to this version of the OS: As is now?

I score an 84.735 on the CIS Tool 1.x currently as of 06/01/2007!

(For CIS Tool - There are Linux, MacOS X, Solaris, & other OS models ports of this are available too by the way - not really "ports" strictly speaking, they require JAVA to run)

DOWNLOAD URL FOR CIS TOOL (for multiple platforms), from "The Center for Internet Security" here:

http://www.cisecurity.org/bench.html

(IMPORTANT: This tool IS invaluable in guiding you to a more secure OS, on any OS platform really!)

APK 14 STEPS TO FOLLOW TO SECURE YOUR WINDOWS NT-BASED SYSTEM (2000/XP/SERVER 2003/VISTA):

1.) Windows Server 2003's SCW was run over it FIRST (this only exists on Windows Server 2003, not on 2000/XP (you have to install this, it does NOT install by default) first to help security it (SCW = security configuration wizard, & it's pretty damn good believe-it-or-not, @ least, as as starting point))...

Directions for its installation are as follows:

Start the Add or Remove Programs Control Panel applet.

Click Add/Remove Windows Components.

On the Windows Components Wizard screen, select the "Security Configuration Wizard" check box, as the figure shows. Click Next.

The Windows Components Wizard builds a list of files to be copied and finishes installing SCW. Click Finish.

DONE!

(Then, @ that point? I pull ANY Networking clients &/or Protocols in the Local Area Connection, other than Tcp/IP typically, on a stand-alone machine that is not dependent on Microsoft's File Sharing etc. on a LAN/WAN. I also disable that too!)

2.) Disable Microsoft "File & Print Sharing" as well as "Client for Microsoft Networks" in your LOCAL AREA CONNECTION (if you do not need them that is for say, running your home LAN)!

3.) Use IP security policies (modded AnalogX one, very good for starters, you can edit & add/remove from it as needed) - Download url link is here for that:

http://www.analogx.com/contents/articles/ipsec.htm

(Search "AnalogX Public Server IPSec Configuration v1.00 (29k zip file)" on that page & follow the directions on the page!)

NOTE: This can be 'troublesome' though, for folks that run filesharing clients though. An alternative to this is using IP Ports Filtrations, in combination with a GOOD software firewall &/or NAT 'firewalling' (or true stateful inspection type) router. All of these work in combination w/ one another perfectly.

(HOWEVER - Should you choose to use it, and do filesharing programs? No problem really, because you can turn them on/off @ will using secpol.msc & the IP stack in Windows 2000/XP/Server 2003/VISTA is of "plug-N-play" design largely, & will allow it).

4.) USE General security

"Windows makes no distinction between privileged and unprivileged ports, so any application that can open sockets can listen on port 80. That said, every port number (and every other object in the NT kernel) has an associated ACL, so it is possible to limit them on an individual basis." - by TheRaven64 (641858) on Tuesday May 22, @06:27AM (#19218865)

Programmatically, on a "per-application basis", the other respondents outlined (@ a kernel level, using NtAPI/ZwAPI calls) a method for you to explore here:

http://it.slashdot.org/comments.pl?sid=235621&cid= 19221887

Now, on this material next below?

Well, I think this might help you some as well, as to limiting ports accesses on various ports WHOLESALE (Ip stack filtering) &/or on a user-defined basis (via IP Security Policies), below after this quote of yours, next:

"I've never seen this exposed to the UI though, so I've no idea how you'd go about doing it" - by TheRaven64 (641858) on Tuesday May 22, @06:27AM (#19218865)

You have this on ports, via a GUI method as mentioned above!

There are 2 ways:

1.) Port filtering

& alternately

2.) IP Security Policies (ontop of software firewalls (which also have some control here & at the application level no less) & hardware 'firewalls').

You may find this useful (or, others may, as YOU in particular may be aware of this stuff already, one never knows, but I am mentioning it here in detail anyhow for your reference, or for that of others who use Windows NT-based OS that have these features (Windows 2000/XP/Server 2003/VISTA):

FIRST - Read this article, for background. Mainly because it shows you how to limit/unleash various ports and what drivers act on them as filters, & @ what levels in the network stack for Windows:

TCP/IP Packet Processing Paths:

http://www.microsoft.com/technet/community/columns /cableguy/cg0605.mspx [microsoft.com]

IpNat.sys, IpFltDrv.sys, IpSec.sys, & TcpIp.sys in Windows 2000/XP/Server 2003/VISTA each has abilities for port restrictions!

This sounds like what you guys are looking for!

The steps below are basically how to use it (implement it) for limiting access to various ports, via GUI interfaces no less, in Windows versions noted above.

All of this & the tools noted can be used for LAYERED SECURITY in this manner (port filtering, IP Security Policies, software firewalls, & hardware NAT routers (true packet stateful inspection ones, & 'ordinary' NAT units as well)!

They ALL can be used simultaneously/concurrently, in layers, per the article from MS above entitled "TCP/IP Packet Processing Paths"

IPSecurity Policies are implemented in secpol.msc (this is the most complex of the lot, and I recommend "AnalogX's" model, as it works (but, can be troublesome with filesharing tools like EMule mind you), & can be downloaded here:

ANALOGX IP SECURITY POLICY OVERVIEW/HOW TO EXPLANATION:

http://www.analogx.com/contents/articles/ipsec.htm [analogx.com]

ANALOGX IP SECURITY POLICY TEMPLATE DIRECT DOWNLOAD:

http://www.analogx.com/files/aps-ipsec.zip [analogx.com]

(You can tune AnalogX's template model as you like above & beyond its original form for apps YOU use in particular)

AnalogX's IP Security Policy provides a good template to start with!

IP PortFiltering is done here/HOW TO, STEP-by-STEP:

Start Button -> Control Panel -> Network Connections -> Local Area Connection (or whatever you called yours) -> Properties Button -> (Next Popup dialog screen) -> Highlite "Internet Pro

"Windows makes no distinction between privileged and unprivileged ports, so any application that can open sockets can listen on port 80. That said, every port number (and every other object in the NT kernel) has an associated ACL, so it is possible to limit them on an individual basis." - by TheRaven64 (641858) on Tuesday May 22, @06:27AM (#19218865)

Programmatically, on a "per-application basis", the other respondents outlined (@ a kernel level, using NtAPI/ZwAPI calls) a method for you to explore here:

http://it.slashdot.org/comments.pl?sid=235621&cid= 19221887

Now, on this material next below?

Well, I think this might help you some as well, as to limiting ports accesses on various ports WHOLESALE (Ip stack filtering) &/or on a user-defined basis (via IP Security Policies), below after this quote of yours, next:

"I've never seen this exposed to the UI though, so I've no idea how you'd go about doing it" - by TheRaven64 (641858) on Tuesday May 22, @06:27AM (#19218865)

You have this on ports, via a GUI method as mentioned above!

There are 2 ways:

1.) Port filtering

& alternately

2.) IP Security Policies (ontop of software firewalls (which also have some control here & at the application level no less) & hardware 'firewalls').

You may find this useful (or, others may, as YOU in particular may be aware of this stuff already, one never knows, but I am mentioning it here in detail anyhow for your reference, or for that of others who use Windows NT-based OS that have these features (Windows 2000/XP/Server 2003/VISTA):

FIRST - Read this article, for background. Mainly because it shows you how to limit/unleash various ports and what drivers act on them as filters, & @ what levels in the network stack for Windows:

TCP/IP Packet Processing Paths:

http://www.microsoft.com/technet/community/columns /cableguy/cg0605.mspx [microsoft.com]

IpNat.sys, IpFltDrv.sys, IpSec.sys, & TcpIp.sys in Windows 2000/XP/Server 2003/VISTA each has abilities for port restrictions!

This sounds like what you guys are looking for!

The steps below are basically how to use it (implement it) for limiting access to various ports, via GUI interfaces no less, in Windows versions noted above.

All of this & the tools noted can be used for LAYERED SECURITY in this manner (port filtering, IP Security Policies, software firewalls, & hardware NAT routers (true packet stateful inspection ones, & 'ordinary' NAT units as well)!

They ALL can be used simultaneously/concurrently, in layers, per the article from MS above entitled "TCP/IP Packet Processing Paths"

IPSecurity Policies are implemented in secpol.msc (this is the most complex of the lot, and I recommend "AnalogX's" model, as it works (but, can be troublesome with filesharing tools like EMule mind you), & can be downloaded here:

ANALOGX IP SECURITY POLICY OVERVIEW/HOW TO EXPLANATION:

http://www.analogx.com/contents/articles/ipsec.htm [analogx.com]

ANALOGX IP SECURITY POLICY TEMPLATE DIRECT DOWNLOAD:

http://www.analogx.com/files/aps-ipsec.zip [analogx.com]

(You can tune AnalogX's template model as you like above & beyond its original form for apps YOU use in particular)

AnalogX's IP Security Policy provides a good template to start with!

IP PortFiltering is done here/HOW TO, STEP-by-STEP:

Start Button -> Control Panel -> Network Connections -> Local Area Connection (or whatever you called yours) -> Properties Button -> (Next Popup dialog screen) -> Highlite "Internet Pro

"I think he meant getting to "port object permissions" on a programmatic level... with an API. What you are describing are filesystem Access Control Lists. He's talking about using ACLs on ports. Everything being an object in NT, and being able to have ACLs applied to "everything," is a good idea. As the grandparent said, the application developers at MS just have to use them." - by flydpnkrtn (114575) on Tuesday May 22, @09:03AM (#19219899)

Maybe using the native "port filtering" is a method (one way, prefereably used in conjunction with the 'other way', using IP Security Policies, in combination with it).

Read the article(s) below from Microsoft (regarding how IP Packet processing occurs in Windows OS) & AnalogX (regarding IPSec), first, & some of the steps you need to implement this AT A PORTS LEVEL!

"Basically the "Security tab" you see for files could be applied to individual ports." - by flydpnkrtn (114575) on Tuesday May 22, @09:03AM (#19219899)

You have this on ports, as mentioned above, in two ways: Port filtering, & alternately, IP Security Policies (ontop of software firewalls (which also have some control here & at the application level no less) & hardware 'firewalls').

You may find this useful (or, others may, as YOU in particular may be aware of this stuff already, one never knows, but I am mentioning it here in detail anyhow for your reference, or for that of others who use Windows NT-based OS that have these features (Windows 2000/XP/Server 2003/VISTA):

Read this article, because it shows you how to limit/unleash various ports and what drivers act on them as filters, & @ what levels in the network stack for Windows:

TCP/IP Packet Processing Paths:

http://www.microsoft.com/technet/community/columns /cableguy/cg0605.mspx

IpNat.sys, IpFltDrv.sys, IpSec.sys, & TcpIp.sys in Windows 2000/XP/Server 2003/VISTA each has abilities for port restrictions!

This sounds like what you guys are looking for!

The steps below are basically how to use it (implement it) for limiting access to various ports, via GUI interfaces no less, in Windows versions noted above.

All of this & the tools noted can be used for LAYERED SECURITY in this manner (port filtering, IP Security Policies, software firewalls, & hardware NAT routers (true packet stateful inspection ones, & 'ordinary' NAT units as well)!

They ALL can be used simultaneously/concurrently, in layers, per the article from MS above entitled "TCP/IP Packet Processing Paths"

IPSecurity Policies are implemented in secpol.msc (this is the most complex of the lot, and I recommend "AnalogX's" model, as it works (but, can be troublesome with filesharing tools like EMule mind you), & can be downloaded here:

ANALOGX IP SECURITY POLICY OVERVIEW/HOW TO EXPLANATION:

http://www.analogx.com/contents/articles/ipsec.htm

ANALOGX IP SECURITY POLICY TEMPLATE DIRECT DOWNLOAD:

http://www.analogx.com/files/aps-ipsec.zip

(You can tune AnalogX's template model as you like above & beyond its original form for apps YOU use in particular)

AnalogX's IP Security Policy provides a good template to start with!

IP PortFiltering is done here:

Start Button -> Control Panel -> Network Connections -> Local Area Connection (or whatever you called yours) -> Properties Button -> (Next Popup dialog screen) -> Highlite "Internet Protocol (TCP/IP) -> Click the PROPERTIES button -> Click the ADVANCED button @ the bottom of this screen -> Go to the OPTIONS tab & highlite TcpIP Filtering & click the PROPERTIES button -> Check off "ENABLE TCP/IP Filtering on ALL Adapters" -> Permit only (a

"I think he meant getting to "port object permissions" on a programmatic level... with an API. What you are describing are filesystem Access Control Lists. He's talking about using ACLs on ports. Everything being an object in NT, and being able to have ACLs applied to "everything," is a good idea. As the grandparent said, the application developers at MS just have to use them." - by flydpnkrtn (114575) on Tuesday May 22, @09:03AM (#19219899)

Maybe using the native "port filtering" is a method (one way, prefereably used in conjunction with the 'other way', using IP Security Policies, in combination with it).

Read the article(s) below from Microsoft (regarding how IP Packet processing occurs in Windows OS) & AnalogX (regarding IPSec), first, & some of the steps you need to implement this AT A PORTS LEVEL!

"Basically the "Security tab" you see for files could be applied to individual ports." - by flydpnkrtn (114575) on Tuesday May 22, @09:03AM (#19219899)

You have this on ports, as mentioned above, in two ways: Port filtering, & alternately, IP Security Policies (ontop of software firewalls (which also have some control here & at the application level no less) & hardware 'firewalls').

You may find this useful (or, others may, as YOU in particular may be aware of this stuff already, one never knows, but I am mentioning it here in detail anyhow for your reference, or for that of others who use Windows NT-based OS that have these features (Windows 2000/XP/Server 2003/VISTA):

Read this article, because it shows you how to limit/unleash various ports and what drivers act on them as filters, & @ what levels in the network stack for Windows:

TCP/IP Packet Processing Paths:

http://www.microsoft.com/technet/community/columns /cableguy/cg0605.mspx

IpNat.sys, IpFltDrv.sys, IpSec.sys, & TcpIp.sys in Windows 2000/XP/Server 2003/VISTA each has abilities for port restrictions!

This sounds like what you guys are looking for!

The steps below are basically how to use it (implement it) for limiting access to various ports, via GUI interfaces no less, in Windows versions noted above.

All of this & the tools noted can be used for LAYERED SECURITY in this manner (port filtering, IP Security Policies, software firewalls, & hardware NAT routers (true packet stateful inspection ones, & 'ordinary' NAT units as well)!

They ALL can be used simultaneously/concurrently, in layers, per the article from MS above entitled "TCP/IP Packet Processing Paths"

IPSecurity Policies are implemented in secpol.msc (this is the most complex of the lot, and I recommend "AnalogX's" model, as it works (but, can be troublesome with filesharing tools like EMule mind you), & can be downloaded here:

ANALOGX IP SECURITY POLICY OVERVIEW/HOW TO EXPLANATION:

http://www.analogx.com/contents/articles/ipsec.htm

ANALOGX IP SECURITY POLICY TEMPLATE DIRECT DOWNLOAD:

http://www.analogx.com/files/aps-ipsec.zip

(You can tune AnalogX's template model as you like above & beyond its original form for apps YOU use in particular)

AnalogX's IP Security Policy provides a good template to start with!

IP PortFiltering is done here:

Start Button -> Control Panel -> Network Connections -> Local Area Connection (or whatever you called yours) -> Properties Button -> (Next Popup dialog screen) -> Highlite "Internet Protocol (TCP/IP) -> Click the PROPERTIES button -> Click the ADVANCED button @ the bottom of this screen -> Go to the OPTIONS tab & highlite TcpIP Filtering & click the PROPERTIES button -> Check off "ENABLE TCP/IP Filtering on ALL Adapters" -> Permit only (a

I couldn't find active links for one or two of them myself, but here's an updated list -- in some cases these aren't the original sites, which have disappeared, so obviously it's worth being extra careful with antivirus software... apologies for the mess of links; the filter doesn't like short lines...

1by1 (play MP3s), AriskKey (recover passwords), AutoRuns (enumerate startup tasks), BurnCDCC (burn ISO images), CD (basic CD player), CDex (rip CDs + convert MP3/WAV), Copier [0X Copy Machine] (scan + print), CWShredder (clean spyware), DComBob (tame DCOM), DirLister (make quick file lists), Discover (force windows onscreen), DupeLocater (find and clean), FileRecovery [PC Inspector] (undelete), Folder2ISO (use with BurnCDCC), FoxitReader (read PDFs), GUIPDFTK (split/join PDFs), HijackThis (find spyware), HJSplit (split/join files), Identify_Boards (identify hardware), KatMouse installer (due to MS drivers), LCISOCreator (make ISO image from CD), Leaktest (test firewall), Microsoft keygen (people lose things), MultiRes (change res + force refresh), Multi Timer (stopwatch), NoteTab Light (text editor), NTest (test monitor setup), OnTop (pin windows to foreground), Process Explorer (task manager), ProduKey (recover passwords), Registry Commander (virus cleanup), ResHacker (examine executables), Rootkit Revealer (just in case) ShootTheMessenger (turn service off), Shred by AnalogX (simple filer shredder), TedNPad (unicode text editor), TFT (dead pixel locator), UNPnP (tame SSDP), UPX (compress executables), UnitConverter (what it says), utorrent (basic torrent app), VCdControlTool (mount ISO images),

There's this program available for Windows called FastCache which has been more than handy when my ISP's DNS servers have gone down and so forth. You use it as a nameserver by setting your DNS addresses to localhost, and it caches entries for several days.

It's not something you typically thank every day, but when for whatever reason DNS fails for me, it's a lifesaver.

Does anyone know of equivalents of this on Linux/Mac?

Why should we assume Microsoft or any OS maker (cause others have been guilty too) are printing realistic reqs that are based on OS + apps when more than two decades of desktop computing say otherwise?

Sure, maybe that bootleg Vista beta didn't require 1GB of RAM, but maybe the retail release will. If I'm not mistaken, Vista is doing a lot under the hood outside of graphics that XP did not. If this 1GB *is* based on OS + apps, how did Microsoft reach that conclusion? I doubt it would be Vista + various AnalogX and TinyApp programs. Would it be Vista + MS Office 2008 or Vista + nextgen FPS game?

I did a fair amount of video processing on an XP machine with less than a 1GB of RAM. It kinda sucked, so playing Devil's Advocate here, I suppose that 1GB could have in mind a lot of MPEG2 and WMV transcoding.

It's A record is so 404 DNS can't find it . Is this the first case of the /. effect crashing the Authoritative DNS servers, or something more sinister?

Pcalc - A very nice calculator with no stupid number buttons to get in the way. For when you don't need something complex that can do graphs and animations.

TClockEx - A nice little desktop utility that lets you configure the format of the system tray clock any way you want. (Note: Does not look good in XP unless you use the classic theme)

Lyric software that searches automatically while mp3's are playing and include 10's of thousands of Karoke files that when paired with Vocal Removing Software allows me to have improvised karoke nights in my living room with any song that I can get lyrics to.

Would a utility such as AnalogX's MaxMem help the situation? I use firefox all day every day (being a web developer) and I haven't noticed any memory problems. (MaxMem runs all of the time keeping my physical memory free)

Link to download MaxMem

Tagmaster by AnalogX

Great windows utility that will change MP3 ID tags and rename the files. Can be used on one file, or on all the files in a directory!

use a simple, free, NTP client and tell it to resync your clock every hour or so, and you are safe :)
Use either the service built-in one in w2k+, else I recommend Atomic TimeSync, check also their other freeware, some are pretty neat!
PS: no, I do not work for them!

All of the AnalogX tools.

Personally, I use the Atomic Time Sync (NTP), MaxMem (RAM Scrubber) & SuperShredder (Secure deletion tool), but there are countless others.

EAC is an audio grabber for CD-ROM drives

Anything from Systernals

Anything from AnalogX

Anything from GNU Win II

Anything from TheOpenCD

If anyone is interested, you can also use this
client to monitor the traffic live. Found it off of the ITR page.

BFD!! I did this years ago with a USB wireless NIC and AnalogX's Proxy

Yeah it says it's ok to broadcast music ripped from cds, and downloaded legally from places like iTunes.

Does anyone use this yet? I was wondering if you have the ability to mix songs and use a microphone to talk, or if its just like a playlist. I'm guessing it's the second option here, in which case this idea isn't really new. I remember using this to do the same type of thing with winamp.

Basically, you'd be looking at doing the following things. Multiple outbound providers, which will need another routing table built for the second link. Then you'll need to dive into QoS to split up your traffic into your definitions of bulk (HTTP, FTP), priority (Gaming), and drop (P2P). I notice that you have no default set up, but I leave that up to you. Finally, you can use iptables to mark and NAT your traffic out the right interface.

Under Windows, you would need some advanced routing software I think. ISA may do it, but I doubt your budget allows it. By default, Windows does have the ability to enforce QoS terms, but you'd need something to apply those QoS marks (I doubt that games commonly mark their packets with ToS)...which means a bridge in front of the Windows router. Might as well use a Linux router instead.

If anybody knows of a way to get a Windows box to route based on ports, I'd love to hear it.

Oh, and a simple solution for the exact problem you describe (which I don't think is what you really want) would be a proxy for the HTTP and FTP link, and a router for the other link. All HTTP and FTP requests would be sent out the proxy, everything else would go the default route (to the router) which could be configured to drop P2P and route everything else. Optionally, you could do QoS on the router to prioritize certain traffic. If you go that route, I'm fond of AnalogX Proxy (for Windows) because it's free and simple. Of course, that does require client configuration....unless you use Transparent Proxying.

www.analogx.com
It's free (as in money) and this guy has lots of cool little apps for win32.

Nothing to do with obscure ISP bandwidth usage, but HOW is Joe Bloggs winders user know what their bandwidth usage is?

I get your point, but I think most people that use > 2gigs per day probably have some concept of what bandwidth is and if they want to know their usage, analogx has a pretty neat program for windows:

analogx.com

It does monthly totals, daily as well I think or at least since last reboot, and instantaneous transfer rate. It's a pretty slick program. they have a lot of other cool things there too. I don't think it is gpl'd but it is free.

• thttpd *n*x open-source, 50KB executable, I'm running this on a floppy/486 firewall
• Simple Server Windows freeware, <1MB executable
• Serving ditto
• TinyWeb Windows, Delphi source, BSD-ish licence, 53KB executable
• Simple HTTP Server Windows/Linux shareware, <100KB executable

Go to Analog X and download a free program called NetStat Live. The program shows your current CPU utilization, upload and download transfer rates over time *and* tracks your total amounts up/downloaded for the month.

I've been using it for a couple of years and it works flawlessly.

...quick and dirty Windows utility...

AnalogX's TagMaster is pretty slick.

If you're going to have someone offsite helping you, you could keep using SMTP, put it on a non standard port, and have your friend proxy your smtp packets. For *nix-ish systems it's easy. On Windows boxen, Portmapper is what I used to play a MUD using 443 on the machines at work.

AVG AntiVirus (free for home use)

Mozilla.org: Suite (browser, mail/news); Firebird (browser); Thunderbird (mail/news) [all free]

OpenOffice.org office suite (free)

Kerio Personal Firewall (free for home use)

WinAMP multimedia (free)

Trillian IM client (AIM, ICQ, IRC, MSN, Y!) [free version available]

AdAware privacy protector (free for home use)

AnalogX random ultilities(many freebies)

There doesn't seem to be a huge lack of free products that ship with most Linux distros, and I don't use it as a general OS enough to point to anything specific, hence most of my list (but not all) is Windows only. Sorry.

-bZj

Everyone's taste is different, so I'd question the appeal of the songs to teenagers. It almost seems like the song selection is specifically targetted to GenXers (us old farts that are 25-35) that like to reminisce.

It'd be nice to be able to pop in a CD of your favorite song, and Karoake to any of your favorites. Most ghetto blasters and bookshelf systems had that function built in for free during the Karoake fad, so I couldn't see how difficult it may have been for them to do have done this to the PS2 game version.

The game, on the other hand, would need to isolate the vocals much more accurately (the "invert-and-add" technique typically is "good enough" but not perfect), then compare your singing to it. The game itself probably does it either by having vocals and instrumentals on separate tracks, or storing the info their algorithm needs in binary format separate from the music.

(As a side note, I noticed what I assume is Cher's "Believe" up there. I wonder how many people will be able to mimic that :) )

Ok first of all, we're using windows 98 for almost all the installs. We have a "no non-work related programs" policy, but enforcing it is more theory than fact because windows 98 doesn't have user-level control like win2k or XP does (unless I'm missing something here).

Second, our employees use AIM and MSN to talk to clients who are overseas. So we can't prevent them from installing those.

I basically have to go around telling our employees "try remember to close programs you aren't using."

I also have installed MaxMem on a few user PCs, but that doesn't always solve the problem.

This Program is fantastic for killing popup ads. and better yet, it's free. you can export your list so you can use the same list on other machines, and you only ad the popups that you want dead to the list. so, at first, you'll be busy adding them to the list, but eventually your system will kill a series of 5-6 popups just with pow sitting with its tiny footprint in the system tray.

Is AnalogX Proxy, which is quite popular with spammers.

As for the not traceable, well I wouldn't count that out. What if someone really knew what was happening, deiced to download, and isolate the program with the intent of finding them?

Yes I know they could use anon proxys, but then there is the chance that the anon proxy is not an anon proxy. I wouldn't be surprised if just like honeypots fake anon proxys start popping up with the intent of catching their real ip.

Only problem I see is that the spammers are willing to take the risk and also start using chains of proxys. But wouldn't doning that make things too slow?

IMO too much time is spent ranting about how Tha Man is keeping the $30/mo broadband user down by not allowing the minority who know how to run a secure server to use their residential line as a commercial line. We should be putting a hell of a lot more energy bitching about the masses of clueless users who randomly click on any email attachment they get, setup their P2P apps in slut-mode, and otherwise connect to the Internet in such a way that they become:

1. just another hop for viruses to propagate through
2. just another misconfigured AnalogX proxy or Lovgate infected SMTP/NNTP open relay
3. just another DDoS drone host

Its a myth that spam only comes from networks in Asia that don't give a damn. It comes from Ma and Pa's Windows 98 box that got infected with one of several variants of Lovgate and helps spam the planet, all from their speedy little DSL/cable connection.

Before the /. community jumps down AOL's throat at this carpet-bomb tactic, we need to realize that it is a business response to the realities of security on broadband networks. If users took responsibility for their connections and had good firewalls, anti-virus and intelligent email practices then this problem probably wouldn't exist.

use this link instead fsck'in netster

Now comanies will find that their browsing customers won't/can't visit and will be forced to abandon popups!

I think this is a great victory for Cyberspace.

Proudly typed on Phoenix.

(oh ya BTW, AnalogX has a popup buster that seems to not be affected by their 'protection' works with IE/Neo/Mozilla)

Now comanies will find that their browsing customers won't/can't visit and will be forced to abandon popups!

I think this is a great victory for Cyberspace.

Proudly typed on Phoenix.

(oh ya BTW, AnalogX has a popup buster that seems to not be affected by their 'protection' works with IE/Neo/Mozilla)

Of course, this doesn't help them against the pop-up stopping software I turn on when I'm "forced" (by an inconsiderate or evil website - which, oddly enough, does not include www.msn.com) to use IE - "POW" from AnalogX. It's by no means perfect in that you have to see a popup at least once for it to be able to kill it, but one time is the last time until they change the title.

Not on a Windows machine... Use IPSec to lock down the exact protocols and ports you want. This is kernel-level port blocking, so is better than the TCP/IP Filtering capabilities Windows provides. IPSec can also be used to secure your communications via Kerberos.

...(c'mon, I know you're out there), use AnalogX Atomic TimeSync and set it to get the time from time-b.timefreq.bldrdoc.gov. Cheap, Easy, Effective.

(Dear lord, my clock was a minute off! AAAAGH!)

Phew, what a long winded way to say: KLOC in any form is a useless metric.

I was rather hoping for positive suggestions regarding better alternative, and especially some shiny references to back them up for when I take them to my boss.

The best metric I've found is simply "Time until feature complete". Just that. Elapsed time between a feature being requested and it going live in the field with no bug reports coming back. Anything else is largely bunk. Trouble with that is that it's very hard for twitchy bosses to deal with the interim stages. "Time to code complete" is easier for them to monitor and deal with, but as anyone who has actually supported a product will know, that's only the beginning of a piece of software's life. Push the time to code complete back by a week, and you can save yourself month of grief later. ;-)

whoops correct link, I'm such a dumbass

Check out http://www.analogx.com/contents/download/network/a ts.htm, the program can get it's time from you, the NIST servers (i.e. use a laptop to get the time from the internet and then use it's corrected time to set the time on your primary server.) or from your GPS solution.

Before I posted, I actually did check my rhyming program for words ending in -rbation besides "masturbation", and the only other result was "perturbation". I decided that that probably wasn't what you were searching for, though ... guess I was wrong. :-)

Why not go to the Analog X website and download POW! - Automatic popup killer...

Might be a solution to your problem... Works for me anyway...

Why not go to the Analog X website and download POW! - Automatic popup killer...

Might be a solution to your problem... Works for me anyway...

-Legion