Slashdot Mirror
UCSB Bans Windows NT/2000 in the Dorms
nick58b writes "The people in charge of the networks for all of the on-campus dorms at UCSB banned the use of Windows NT and 2000 on their networks citing security and network problems associated with them. While there are problems with NT/2000, Windows 98 and ME computers are still permitted. Students using these are "recommended" to upgrade to XP Home Edition. In other news, sales of Windows XP are way up at the campus bookstore."
Permitting Win98 and denying Win2k? For all it's faults, it's not as bad as the 9x series of exploits. Plus with Win2k up to SP3, it's likely more secure than XP.
Methinks someone wants to make some money...
I remember when I lived on campus I used to get a kick out of busting out with a "NET SEND ALL blah blah" command. Good way to annoy everyone with an NT box. Of course I'm sure this isn't the reason they banned NT/2k since it'll automatically pop up on XP boxes too. The funniest thing I did with NET SEND was to send out a message asking all the single ladies to IM my roommate.
Why did they not suggest GNU/Linux, FreeBSD, OpenBSD, etc? Everyone is almost certainly more secure than any out-of-the-box windows install (i say almost because i don't know if i'd trust a lindows install to be secure...)
I just don't get it. I was just at UMBC and they prohibit internet connections from anyone who doesn't have anti-virus software installed.
(you can still get on if you don't, but if they find out you lose your right to get online)
why not just suggest installing a more virus-resistant OS?
What comes first, finding a teacher or becoming a student?
We will always see through this kind of bullshit. The best we can do is to educate others without seeming too fanatical to be taken seriously.
Are you sure this isn't a hoax? Has anybody verified it elsewhere other than the given URL's?
I could see a whole whack of legal issues of this. It looks like a tough ploy to push students towards buying XP, as it's quite likely a lot of the PC's (laptops etc) won't work in 98.
I'm not sure that "freedom of os" falls in "freedom of choice", but very likely it will be brought up. Out of all the windows, I've found 2k to be the nicest for crashing, and with a lot less security issues than the other MS operating systems.
In other solutions, putting a well configured *nix router or VPN box between the campus and the 2k machines would likely mask what O/S is being used, what info would they be gathering over the network that tells them who is on 2k anyways?
Another tactic from Microsoft to force people to pay for an upgrade to Win XP? I wonder how much in donations Microsoft has given to UCSB.
Sure, some students will choose Linux as a result of this, but the percentage who do so will be small enough that Microsoft still profits from the 95%+ who upgrade to XP, especially since XP will give Microsoft tighter control over their PCs (all hardware changes must be approved by Microsoft!).
---------
There is inferior bacteria on the interior of your posterior.
This is such a bizarre regulation. I can't for the life of me understand why they would want the students to us XP Home in favor of 2000/NT. As others have said, the Home edition of XP is if anything less secure than Windows 2000, except for the fact that it excludes IIS. If i remember correctly, XP Home does not even support domain based networking instead using workgroups only.
I can't help but feel like there are other motives here than "securing the network." I don't think it's Linux cheerleading either. Linux is potentially a much much larger security risk when it's configured incorrectly.
The idiocy of some network admins never ceases to amaze me.
"Residents' computers were compromised with several well-known vulnerabilities and used for all manner of unfriendly purposes such as the installation of viruses like Code Red and Nimda on other residents' computers."
Oh, so you really meant to ban IIS, which is, after all, the software that contributed to most of these worms. Ironically, www.resnet.ucsb.edu is running IIS 5.0 on that very same evil Windows 2000 OS.
Want to know my guess at what happened? Since the admins weren't blocking web servers running on port 80 outside of ResNet, someone set up an IIS server and got nailed with Nimda, which then killed their ResNet web servers (assuming that they hadn't patched their web servers, which isn't much of a leap to make, considering they don't seem to understand the difference between Windows 2000 and IIS.)
"OpenSSL and Apache holes? Wow, let's ban Linux!" That's the same ridiculous leap they made in banning Windows 2000.
"While we understand that it is possible to run a secure Windows 2000 environment, past history has shown that this rarely happens on ResNet."
Nothing like insulting your users AND taking away their right to run a particular OS. You know, this IS an educational institution -- why don't you try educating them? Better yet, cut off ports that are spreading Nimda -- that'll make people figure it out really quickly.
This is ridiculous in every sense of the word, and I hope the students there organize and fight against this. If I lived there, I know I would be.
Simpli - Your source for San Jose dedicated servers and colocation!
Just what drugs are those admins on!
NT was bloat ware, but stable. 2K is Solid.
Unless you're some idiot paying to run IIS instead of running Apache for Free, I don't see where a security problem could be?
Add a personal firewall if you're that concerned. But recommending 9x or XP!
I'd check the Swiss Bank Accounts of all the Admins for recent cheques from Redmond!
-- "To ask a question is to show ignorance; Not to ask a question means you'll remain ignorant."
if youre caught in the dorms with a copy of windows xp, you win a brand new disk format and a fresh install of windows 2000. they say its because xp exploits someting on the network that they dont want to fix....i dunno.
just kind of funny
Gentlemen...BEHOLD!
-Dr. Weird
I am a student at UCSB and the reason this is being done is because the average user in the dorms does not have the ability to properly secure NT or 2K from its default setup, while the default setup of XP has been deemed more secure.
Some other options are to downgrade to Windows 98, get a free operating system such as Linux
(italics mine).
How can someone call a superior OS (notwithstanding the flawed perception that it is hard to configure) a downgrade, I nearly covered my monitor with coffee from that statement. If someone is forced to change OS's, that usually means wiping the drive. With a bare drive, I would suspect that Mandrake, Lycoris, Libranet and other distros would install much easier than would Win98. This is the end of my rant, but I will still continue to shake my head in disbelief.
Progress is man's ability to complicate simplicity!
wow some people actually defending windows 2k/NT....i must be in the wrong place =)
If somebody could elaborate the differences between 2k and XP. I'm don't really know much about what's different besides the cosmetic changes and the addition of extra crap (iMovie-esque things). And in this case, I really would like to know (out of curiosity mostly) what is different in XP that might make it more secure.
Also, like I said.. no Windows buff, but.. wouldn't the 9x stuff be less secure than NT/2k? Or is 9x just less stable, while the NT/2k stuff has more holes?
I tend not to really think about the differences between Windows versions and just think of it all as 'Windows' so this kinda interested me in a perverse sorta way.
"Caffeine is not an option. Caffeine is a way of life."
Just for the record, I work for Residential Computing at UC Berkeley (the analog of Resnet at UCSB, except it's at Berkeley :), so you know I'm not completely talking out of my ass.
...
This has been a topic of discussion recently at our office mainly because there have been a tremendous number of security issues relating to Windows 2000 (not so much with NT since these are students, not corporate users). I personally think that the move is a little drastic, but it will be interesting to see how this pans out at UCSB (especially how they will enforce it).
There will be people talking about how secure/insecure Win2K is. Allow me to give a common trait to all of the compromised machines:
1) Blank Administrator Password
2) Unpatched Windows (i.e. no Service Packs installed)
In nearly ALL the compromised machines, the computer is not updated and has a blank Administrator password.
The easy solution: install SP3!
An easier solution: set an Administrator Password!
All really simple solutions that would prevent 99% of the issues we have encountered thus far.
So I said it was a security problem. How is it a bandwidth problem?
Allow me to point to the DarkIRC and Nimda security bulletins we have written up by our security.
So you've got a zombie, what do you do with it? A number of things:
1) use the compromised machine in a DoS attack
2) use it as a FTP server
3) use it as a IRC bot
A script kiddie can just use a machine on a fat bandwidth pipe at will to his liking. It's definitely NOT fun when the pipe is already clogged as it is with folks and P2P apps.
So there you have... if you don't think it's a problem, it IS a problem. There are too many calls about this to our helpdesk to have it be a minor issue that everyone else makes it out to be.
In other words,
This must be about money. There's just no logical reason UCSB could possibly come to this conclusion...
Now rember its not computers that are insecure its the USERS IE some people in those dorms probly only have ever used a computer for AOL, don't you think it'd cost less to educate the users, I am still seeing Nimba hits on all the boxes i admin, it seems like some users havent gotten the point!
http://www.resnet.ucsb.edu
The site that is telling students they cannot use W2K is running IIS.
The student's machines get compromised, and resnet get's compromised so some Admin who would otherwise get fired for not installing HIS updates, scapegoats the student's.
Crap sysadmin and non technical management are the cause of this.
If they were so worried, wouldn't they be running Apache?
If voting were effective, it would be illegal by now.
The univeristy doesn't declare certain types of machines illegal, they just refuse to support them. I'd wager that very few, if any machines destined for college shipped with w2k pre-installed. This means owners of w2k machines either were knowledgable enough to install it themselves, or knew someone who was. Chances are they'll go to their savy friend for support, and not brave the lines at IT.
This isn't nearly the same situation as computers that shipped from Dell or gateway with no admin password set. That's something that could be easily overlooked. In these cases however, chances are the same people who installed w2k knew enough to at least put in a simple password.
And I think we can all agree at this point that a properly patched W2K Pro installation is just as secure (if not more so) as even a properly patched XP one. This really just has to be the case of college IT administrators being wooed by MS hype.
--an unbreakable toy is useful for breaking other toys--
Why is it that campus networks, where HIGHER education is supposed to be happening, that the networks are ran by complete half-wits. Doesn't anyone in a CS class know how to setup and maintain a network even a little better. And more importantly, aren't there student governments/councils that shoud be deciding these matters, not administrators. I still can't believe they're placing a ban on win2k, that's insane, and how the hell do they plan on checking the OS Ver anyways?
Ignore the "p2p is theft" trolls, they're just uninformed
The best thing to do is write a simple recursive batch file.
Batch file launches.
Batch file sends message.
Batch file launches itself.
Batch file sends message.
Batch file launches itself...
And etcetera.
Fun for the whole campus!
I am a student here at UCSB and I agree with the resnet staff because win2k/nt systems can be more secure than win9x/me but in reality they are not. Considering only a few people use win2k and those few manage to be the ones with nimda/code red/etc. They also agreed that if you have to run win2k they you can aslong as you secure the system and talk to them about it. They even went as far as giving all of the students antivirus software ... but the students decided not to use it. I think XP is allowed because it would be hard for them to block XP Profesional without blocking the Home edition.
PS: I don't think UCSB is getting anything from Microsoft, because they agreed to run Linux on most of the servers here.
just my $.02
I thought UCSB was trying to shed its image as a place where people go to avoid real work:
August 26, 2002 AP article:
"I am a student at UCSB and the reason this is being done is because the average user in the dorms does not have the ability to properly secure NT or 2K from its default setup, while the default setup of XP has been deemed more secure."
Oh, boy. You just took that hook, line, and sinker, didn't you? What exploits are running around on a default version of Windows 2000 that would cause problems with your network?
Answer: NONE.
The culprit you're looking for is IIS, which is NOT installed by default on Windows NT Workstation or Windows 2000 Professional. If you install IIS from the Windows 2000 CD, you will be vulnerable until you download the patch -- but to install IIS, you must explictly insert the CD after Windows 2000 is installed, find IIS, and install it. (By the way, this problem could be eliminated other ways, such as not allowing servers on port 80.)
The IIS version that ships with the Windows XP Pro CD is not vulnerable. But to say Windows 2000 is vulnerable to a common remote root exploit out of the box is simply untrue. IIS 5.0 is the scapegoat you're looking for.
Simpli - Your source for San Jose dedicated servers and colocation!
Throwing the book at Windows NT and 2000 is a pretty cheezy way to prevent network problems. And Windows XP won't make these problems go away.
The "problems" they mentioned were both IIS "flaws" which have been corrected for some time now. Any other flaws exploited will also most likely be present on Windows XP Home, which has IIS as well (called Personal Web Server; incidently you can install a version of it for Win9x as well.)
"But how would they be able to tell if you have the latest service pack installed," you ask? I say, "The same way that they will be checking to see what OS you're using."
This kind of thing is almost expected at a University that is dominantly Macintosh. I worked at Brown University, and it was the same way. The general idea is: Mac = Secure, easy, perfect, flawless and PC = Impossible, buggy, useless. And all this because Apple has always pushed their machines on the schools.
Then all these students get out into the workplace and say "Uhh... where's the Macs?"
- It's not the Macs I hate. It's Digg users. -
At the university I used to attend (Dakota State University), they wouldnt allow NT/2000 or Linux because they can be used as servers. Now of course they didnt seem to know that they could be used for non-serving purposes nor did they seem to know that 95/98/ME could be used as a server. This isnt to say they could tell what anyone was using but it does demonstrate how naive their computing services staff was (the students employed there generally knew better), and I doubt that they are somehow unique.
At least we can laugh at the leadin to it on the main page:
ResNet has ordered a preemptive strike against a dangerous piece of software loose on the residential network: Windows 2000. Windows 2000 was "primarily responsible for hundreds of major problems" last year along with Windows NT, according to the ResNet Windows 2000 Policy available online.
That is, if you exist. Only thing I could find was this and the server was horribly slow so I couldn't get much info.
How about all of you get on over and set up a table outside the campus bookstore? I don't think I should have to explain why.
Aren't NT, 2000 and XP derivatives in descending order? Wasn't 2000 based on NT? XP on 2000? And we all know that they all have security issues (not to mention XP slows the HELL out of people's machines), so why even bother banning NT/2K without banning XP as well? If they're so worried about security, why not make the latest service packs available to students instead?
And why does this announcment not mention anything about alternate solutions? Why not make Linux readily available, along with its latest security patches, as well as any other *NIX OSs (BSDs, etc)? If the kids want XP for wasting time playing overpriced, overhyped games, fine. But give them the option, will ya? At least spread the word to those "not-so-geek-ish" students who might not otherwise know that they have a choice beyond the "Seattle Solution."
Blog Prophyts - Right On, Man
It is odd that they've banned 2000. NT4 I can understand, as there will never be any more fixes for it, but with 2000 you've got the automatic update feature, and I've have thought that XP and 2000 would share many of the same vulnerabilities. On a similar note a badly maintained Linux box could also pose a security risk, but with less computers on the campus running it, perhaps it would be less likely to reach the critical mass required to cause a lot of problems.
To be honest, I think their problem is that they've got a lot of people running their own machines on their subnet and most of these people will not be very concerned with security - it's always going to be an accident waiting to happen. I would have thought they'd be better off altering their network topology to ensure that the student's computers were sectioned off from the rest of the Uni, perhaps grouping them so that the damage couldn't spread too far. If they're not doing that already, of course.
Is XP more secure than 2000 with SP3 or Windows NT with SP6(or is it higher now, don't use it)? I'll personally ridicule whoever claims that. Is XP more secure than NT/2000 with no service packs whatsoever? Yes.
Will it be any different when XP hits service pack 3 and nobody has it installed (or actually fewer than 2k boxes due to MS anti-piracy measures in their SP updates)? No.
The message is "you're too lazy to patch, so get the latest with the most patches pre-installed"
Kjella
Live today, because you never know what tomorrow brings
I mean really, why not just announce to the world that anything from 128.111.0.1 to 128.111.255.255 is probably now running XP?
Some other options are to downgrade to Windows 98, get a free operating system such as Linux
I think they meant:
Some other options are to:
o downgrade to Windows 98
o get a free operating system such as Linux
Having said that - superiority is in the eye of the beholder. Seeing as many of the W2K users didn't even set an admin password, I suspect W2K is going to be a better OS in their eyes than Linux, just from a usability point of view.
Sounds like a Microsoft sales person is influencing the University. Here are some reasons why Windows XP is less than perfect: Windows XP Shows the Direction Microsoft is Going.
What is interesting, and unfortunate, is that Windows XP's faults are mostly avoidable. It seems that the problems are sociological, rather than technical. Microsoft seems to have become self-destructive, like Tyco and Enron. (Okay, even more self-destructive.)
By far the best marketing for Linux and BSD is Microsoft. It doesn't have to be that way. The cost to a corporation for someone working at a desk with a computer is so high that the cost of Windows is not a deciding factor. Linux is beginning to win, not because of the price, but because people don't like to be abused, and don't like the ridiculous security risks: (from the article)
"... as of September 9, 2002, there are 19 security vulnerabilities in Microsoft Internet Explorer [pivx.com]. (On August 8, 2002, there were 22, so some progress is being made.) This is a terrible record for a company that has $40 billion in the bank. Obviously, with that kind of money, Microsoft could fix the bugs if it wanted to fix them."
I'm kinda pissed that slashdot completely neglected my submission of the same story (I submitted it 3 weeks ago), but I'll reprint what I said here here. Please give your comments, but I still stand by what I said.
. htm#policy
/ 020211opfoster.xml
8/30/2002 2:49:15 AM
I'm writing this to the people in charge of Resnet policy, but also to people using Resnet. An outright ban on Windows 2000 will prove to be a costly and ineffective policy for increasing the security of Resnet.
1. Software and Bugs
Windows 2000, like any operating system, is a complex bundle of computer code. Like Windows XP, GNU/Linux, or MacOS, people find bugs in the software from time to time. Certain malicious people try to exploit the bugs to damage networks, reputations, etc. Other people develop software patches to fix the bugs.
Oftentimes, bugs are found with application software, like web browsers, web servers, e-mail clients, and the like. The operating system is generally not at fault. In this case, it just so happened that problems with some Microsoft application software were found in 2001 and combined creatively to create a series of rather devastating worldwide attacks.
2. Who is to Blame
It is important to realize that Windows 2000 was not the vulnerable software in these cases. Rather, bugs in Internet Information Server and Internet Explorer were exploited; they were the cause of the widespread effectiveness of the worms called "Code Red" and "Nimda." In other words, there are computers running Windows 2000 that are not and never were susceptible to Code Red, and there are devices not running Windows 2000 that were susceptible. Similarly, there are plenty of computers not running Windows 2000 that helped spread the problem through the Nimda worm.
Thus, these problems cannot be blamed on Windows 2000. Where does the blame lie? Programmers are bound to make mistakes, especially in an environment where a for-profit company is trying to produce and sell a modern operating system. Since few pieces of software are ever bug-free, it is ultimately up to system administrators and everyday users to make sure that their systems are as secure as possible (or practical). One of the ways to help increase the security of a computer is to apply security patches once they are released.
3. Patching Problems
A properly maintained computer is like a properly maintained car. Using a two-year-old unpatched computer on the Internet is like driving a car too fast on a twisting mountain road during an ice storm on bald tires. Using such a system or driving such a car is asking for trouble.
The bug in IIS that made it vulnerable to Code Red was announced two months before Code Red. The bug in Internet Explorer used by the Nimda worm was announced a full 5 months before Nimda. Yet even today, nearly a year after these attacks, thousands of machines worldwide are still unpatched. In other words, they are either infected with Code Red, or vulnerable to it. Unfortunately, many of these machines are likely to remain unpatched forever.
With that in mind, we turn now to the proposed ban of Windows 2000.
4. What problems does it solve?
Windows XP is not vulnerable to Code Red and Nimda. So upgrading to Windows XP does protect against certain problems.
5. What problems doesn't it solve?
It does not change the fact that improperly configured or improperly managed systems are vulnerable. It does not protect against attacks that have yet to be developed. It does not help educate users about ways to make their systems more secure. It does not help users of other operating systems running vulnerable versions of Internet Explorer. It does not protect against the thousands of other vulnerabilities that plague other operating systems. It does not stop denial of service attacks and port scans (that for some reason were blamed on Windows 2000 by the Resnet web page).
6. What problems does it cause?
Bugs that were introduced during the development of Windows XP could conceivably outweigh the bugs that were patched during that time. It would be naive to think that every bug in Windows XP is also present in older Windows operating systems.
The Products Use Rights document for Windows XP now includes a clause saying that Microsoft may access and change the operating system and its components without your agreement, and in fact without your knowledge. Suggesting that users of Resnet upgrade to Windows XP puts them in a position where they agree to relinquish control of their computers. Incidentally, versions of Windows 2000 up to service pack 2 do not contain this clause.
The ban of an operating system creates a dangerous precedent. Nowhere in the Resnet Acceptible Use Policy has there been any mention of the ban of a specific software product. The AUP does state that users cannot interfere with others, or with the proper functioning of the network. However, anyone would be hard put to prove that Windows 2000 was the sole cause of any problems by virtue of any fundamental and uncorrectable security flaws.
7. What are the costs of the upgrades?
As always, these costs are generally borne by the end users. They must acquire and install the software and learn to use it. This costs time and money and doesn't appreciably increase the security of the network.
8. What are the alternatives?
Requiring that users patch Windows 2000 systems would take less time and money. Verifying that a system was patched by probing the computer for the Red Alert vulnerability is no more difficult than fingerprinting the OS and checking that it is not Windows 2000. Certainly, installing a patch is a less intensive operation than upgrading an operating system and dealing with any problems and incompatibilities that may arise, so support problems faced by the RCCs are fewer.
In conclusion, the proposed Windows 2000 ban is both costly and ineffective. It seems as if the Resnet staff has already decided on implementing this "solution," which is lamentable. As there has been no discussion of or opposition to the ban on this forum, I felt it was necessary to provide a different opinion.
9. Resources:
Resnet Policy:
http://www.resnet.ucsb.edu/information/win2k.html
http://www.resnet.ucsb.edu/information/use_policy
Code Red:
http://www.cert.org/advisories/CA-2001-19.html (exploit)
http://www.cert.org/advisories/CA-2001-12.html (bug)
Nimda:
http://www.cert.org/advisories/CA-2001-26.html (exploit)
http://www.cert.org/advisories/CA-2001-06.html (bug)
Windows XP PUR:
http://www.microsoft.com/licensing/resources
http://www.infoworld.com/articles/op/xml/02/02/11
--
"Extra Anus Kills Four-Legged Chick" -- Headline
They are banning W2k because it is more server-centric...and as such is more vulnerable than say WinXP, which is a desktop variant. Which makes Win2k a great target for virus writers. The reason being, these servers almost always have some sort of broadband and are always high-spec. This means that the virus can spread most effectively/efficiently when it exploits NT/2k...
I am certainly not saying they are right, but that having been said...
Some enterprising Linux vendor should immediately send a team of reps to this school (tomorrow morning if possible) to give away free copies of their newest version with Open Office and free support for everyone (Mandrake anyone?). It will cost them some money, but look at it this way, every student that switches will be a Linux advocate when they reach the corporate level (they already dislike M$'s desktop variant...or they wouldn't be running NT/2k). And they will probably always use that distro when possible.
If the UCSB admins were smart they would have conveniently posted information about how to make Windows 2000 Profesional reasonably secure.
Things like installing Service Pack 3, setting accounts correctly, banning the use of personal web servers on a client machine, and mandatory installation of a good antivirus and/or firewall program would have saved the UCSB sysadmins a lot of headaches.
Real students(not geeks) don't have money to buy new version of windows.. they rather get drunk and shag fat local chick. ...) most of students would even pay for access:)
They get new windows from the internet.. and campus should just put up ftp server with winXP availbile to anyone;) (heck put on few divx movies, unreal tournament 2k3, jenna jamerson XXX,
http://www.microsoft.com/windowsxp/home/howtobuy/u pgrading/matrix.asp
i thought it was interesting how they specifically said to upgrade to xp home. microsoft specifically says xp home has to be upgraded from 98/me, and NT/2k can only go to xp pro. so ucsb consultants are gonna help people FFR or what?
am i right?
or did someone already say this...
being a die-hard *nix user, seeing stuff like this cracks me up . . . . check out what netcraft says they're serving the page announcing the win2k ban on.
typical
"You never want a serious crisis to go to waste." - Rahm Emanuel
Next they should ban the rest of the MS OS'es.. (for security reasons, of course!;) ) and then only allow people to run GNU/Linux and other free *nix OS'es!!! Now there's a good plan
They're implementing a policy that I don't see a clear way to enforce. Shut off IIS and how are they going to remotely identify which version of Windows you're running? A queso or nmap scan maybe? Are those accurate enough in determining which Windows is which? Are the Windows police going to come around dorm by dorm and make sure you're running XP? They're telling me I have the choice between running the utterly unstable and insecure 9x or running the utterly insecure and spyware riddled/expensive XP. I run Linux personally almost all the time, but if I need Windows for something I run 2000 Pro. And if I saw someone trying to pull this on a network I was using, I'd likely just ignore it. Worst that can happen is they catch you and you just say "Sorry, didn't see that announcement." Moral: Run what you want, but be a responsible netizen and patch your stuff/use a good password.
-----
How can you have any pudding if you don't eat your meat?
If more people used port scanning they wounldn't have so many security problems in the first place.
Are they going to ban firewalls next?
Have security auidits from time to time that include various measures to determine a computer's vulnerabilit using portscans, etc. If one's computer is found to be vulnerable or compromised, remove it's access to the 'net at large, and have all its DNS routed to some security page that contains a library of fixes, patches, instructions, so that even the least computer literate would be able to discover what is needed to restore the system to a state that is safe for the network.
:)
You could call it brunr's shitlist or something like that. since I just thought of it right now
I attend the University of Saskatchewan, and our computer store is telling everybody who gets a new computer to upgrade to WinXP Pro from XP Home. See here to see for yourselves at the Campus Computer Store.
:)
I myself use MacOS X which is also supported, as is OS 9. I can even get access to their Mac software library. It's neat.
If you're a CS student, you can get all MS OSs for free with your MSDN access, as well as Visual Studio, and lots of other fun software. Thanks to that access, my PC is using Windows 2000 Advanced Server, for its AppleTalk support
God save our Queen, and Heaven bless The Maple Leaf Forever!
the school should set up an 2000 native domain, control all PCs on the network thru group policy, install office XP to block ALL attachments be DEFAULT, us winXP software restriction policy, distribute hotfixs with GP, assign apps with GP, make all students users, ban all legacy applications, apply the hi-secure template, use commons sense, make the network admins do their jobs completly and make all students pass a basic computer competency test(so at least all the people wasting their time learning useless stuff come away with something)and then hope for the best!
or use win98- oh wait that would be just plain silly. of course ME would be the best OS of all!!
I partied there last night, and when I woke up, I had no idea how I wound up on that couch...
Will UCSB pay for a new windowslicense (xp), a faster cpu(xp) and more ram(xp)?
I'm the Online Editor for the Daily Nexus (the newspaper site that article links to). We've been Slashdotted, LOL. Thanks guys.
The site is still up and running though. Thank god I rewrote the site's PHP code, otherwise, we'd actually be down.
What if I do not want the spyware of sp3/WinXP or give ms the right to install apps without my permission on my pc?
....not to mention the sp3 EULA states that ms may install aditional software packages and change the EULA without my knowledge! Change the license without notifying me?
I strongly advise anyone who has installed w2k on several pc's to not install media player 7 or sp3. Why? I am afraid ms will accuse me of pirating and will have the power to deactive my os or install god knows what on my system. ALso hackers could use this to pretend their virii are microsoft upgrades. I know xp mainly does product activation but the eula'a are getting more and more similiar and are sharing much of the media player updates and code. Media player is key for Microsoft's palladium strategy. I no longer use my older machine which now uses linux but ms can still accuse me and be the judge and jury over any copyrighted dispute between my pc's. This is true even though I have one valid license for win2k pro. Go read the EULA? It states that ms can kill the license of your os at any time for no reason!
Why should I risk being hacked or bend over to the almighty gates? It really pisses me off that I am held hostage here. Be gald I do not go to your school. I have a very valid case why I should not switch to XP and would certianly bring it up to the deans. Even if ms will noy do any of things mentioned in the euls or deactive my copy of windows, I still will not upgrade out of principal. Security be dammed.
http://saveie6.com/
While this, at first, looks like a good laugh at the expense of Redmond, it is still what it is: Censorship.
I suppose the admins can ban whatever they like since its their network, but still...
Ask yourself this question: What outroar would've happened if you substituted "Debian Linux" where it now says "Windows 2000/NT" ??
I'm not trolling. just trying to view things in a fair manner...
...is for someone to implement moderation and karma for real life. So this sort of thing, and the others we always hear about, would be continually buried under a flood of (-1 WTF?), (-1 Hello, civil rights?), (-1 Contradicts laws of physics), and (-1 Just Plain Wrong), and fade, like the first posters, trolls, and goatse.cx links, into -2 obscurity...
I was I had the mod points to drive your post into the gutter.
Remember that article "/." had about a week ago about stealth-monitoring? Nimba on a properly set-up system will stand out like a beacon. Also a mail proxy with attacment-filtering can also help. Back that up with a policy that any machine caught compromising the system will be barred (maybe permanently). Give the student an incentive to care about the condition they keep their OS in. Distribute a disk(s) to all W2K and NT users with a program that makes the changes to defaults, including auto-update.
They recommend installing an OS with an EULA that allows Microsoft to root your box?
If you were blocking sigs, you wouldn't have to read this.
We all know that Win2k is a hell of a lot more secure than win98/ME and probably just as secure as XP....that aside...
Why don't they do what my university did.....if your machine was detected trying to propogate nimda or code red, the smart switches disabled your jack. Getting it re-enabled meant calling Information Services Division and proving that you had cleaned up and protected your machine (downloading and installing the free copy of Norton Antivirus they provided).
It really seems to be a good system. Plug in an unregisterd NIC - blam - jack turned off and MAC address added to a blocked hosts list. Plug in a hub with more than one machine behind it...jack turned off. Run an unauthorized web server...jack turned off, mac address added to blocked hosts list. etc. etc. etc.
I'm suprised other large institutions don't do the same thing. It sounds like it would save a lot of headaches.
I'm out of my mind right now, but feel free to leave a message.....
The University of Notre Dame is doing basically the same thing. Though they do not cite security reasons, they have stopped all support of Win9x. And if anyone thinks the schools and M$ are not in bed, then take a look at the increase in academic pricing. Windows used to be $25 (as well as Vis. Studio, et al) but now they've gone to $45. Funny how that happens as soon as they mandate the upgrade to a new OS. And WinXP is just as vulerable to all the worms that 2k is (for the most part). For example, I accidentally left a share open for no more than one hour and the open folder was filled with Nimda. In other news our LUG is planning an install fest in the near future.
what I don't understand is... how does this make XP a better choice?
there ARE known vulnerabilities of XP pre-SP1 you know... and it's not like people who doen't do updates will just all the sudden start to religiously do updates. and if the users arn't setting a admin password on 2K, what, you think they suddenly get enlightened at the campus bookstore and decide to set a password for XP?
FURTHERMORE -- i am figuing that most people will come home and do a UPGRADE from their 2K / NT machines -- which means that all the settings (blank password) will carry over nice and happy... worse yet -- the old "do not automatically update my machine" setting will probabbly carry over too, making the upgrade even less effective.
i mean, in the end you are forcing these poor students (hey, i was a student, i was poor, and everyone i knew was poor (or had better place to spend money, like strip clubs or beer)) pay for the equivalent of two service packs. wtf? later you will force everybody to buy palladium because they didn't patch XP up _just_like_now_?
for that kind of effort (helping everyone upgrade etc), hold a fscking 1 hour session on how to manage your computer... add in some talk about how to hide your pr0n browsing so your gf / room-mate don't dig up your history files etc to spice things up / get good attendance. and have a copy of SP3 somewhere local where everybody can get it without killing the bandwidth will probabbly help. (burn some CDs and give out for free, maybe?)
My life in the land of the rising sun.
KCL, UK ban linux, stating You may not run any Unix operating system since they can represent a serious risk to network integrity. Any student found running a Unix system (e.g. Linux) connected to the College network will have that system disconnected.
I tried emailing them a corrected version, but their email address was down - so much for network integrity.
"You are encouraged to run a Unix based operating system since they dont
suffer serious risks to network integrity like Nimda, Code Red and Outlook
Worms. Any student found running any insecure system (e.g. most windows
boxes) connected to the College network will have that system disconnected."
Confusingly they do allow the unix based Mac OSX.
to just do what they do at the University of Maryland and block Netbios and SMB? Seems like it would be more difficult (and costly) for them to just force people to upgrade to XP when a number of security vulnerabilities also exist for that. Sure blocking these services isn't a catch-all solution, but neither is forcing people to use a newer yet still buggy version of Windows.
Windows 9x/Me is permitted but NT/2000 is not? So I guess security reasons can be ruled out.
Will work for bandwidth
P.S. The upcoming Windows .NET server will not install IIS by default--at least the Standard and Enterprise editions won't... I don't know what the Web server edition will do, but it'd be amusing if the web server edition didn't install a web server by default :)
What? The computers with 2k installed were too secure for them to gain access to and search for pirated material and P2P software?
Friend: "The NIC is misconfigured..." Me: "No prob, I'll just telnet in and fix it." *Silence*
Claiming it causes:
Transmission of virus' and makes it hard for other students to sleep with their ears to the wall.
Interactive Visual Medical Dictionary
Maybe they should take the money they make on all of these XP sales in the campus bookstore and re-direct the possitive cash flow to IM training. How about a course on inter-campus firewalls? No...that would be too easy...let's just make every student, who already are on a tiny budget, spend more money for something that they don't need or want.
- - - "Some people hate the English. I don't. They're just wankers. We, on the other hand, are colonized by wankers."
Actually, no. See the resnet page, which says See also the Resnet forum thread where a user says They even went as far as giving all of the students antivirus software
How is this related to Windows 2000 being fundamentally broken? Are you saying that only Windows 2000 users neglected to install their anti-virus software? Is this because they were using Windows 2000 instead of another OS? Otherwise, that statement is not relevant.
I think XP is allowed because it would be hard for them to block XP Profesional without blocking the Home edition.
XP is allowed because there are certain problems in Windows 2000 which do not exist in Windows XP. Nothing more, nothing less. See the above links. Banning one and recommending another hurts the network in general at least as much as it improves certain aspects of security.
--
"Extra Anus Kills Four-Legged Chick" -- Headline
When I see a wildcard ( * or % ) I enumerate it to "all", and I usually say "all" if I am talking to somebody else.
So, um, yeah. net send * / net send all, same thing to me.
The most recent M$ press release shows that XP sales in academical circles skyrocketed for the last weeks with a record 5 times increase. "This shows that XP is getting a higher than expected level of acceptance among the students, soon it will probably take a good segment of the market out of the concurrency". "JustInTime4PR" Corporation, specialized in market analysis added that this boost is particularly significative of the tendencies - "When did Linux had such success? This proves our predictions that the boost this OS had was merely temporary and just a backward effect of some customer dissatisfaction while waiting for the new and improved XP. Now XP took the lead and probably we are not going to hear of Linux for long... The fact that Linux developers were always lenny to add "Start" button on desktop made them loose the moment.Till now Linux ain't desktop ready and barely can achieve it..."
According to other sources, there are chances that this new sales record will be beaten when more and more Universities will attain a bigger level of acceptance for XP...
So much about objectivity of various security issues...
Remote Desktop.
Yes. It's iterative, not recursive.
The formmer applies to repitition, the later aplies to an expression in which the result is reapplied to the expression.
Think of it like this:
You're a dirty old eternal man. And you boink a girl. The next day, you boink her again. Next day you do it again. And again, and again. etc.
That's iterative.
Now say you boink her once. She has 7 puppies. They grow up and you boink each one of them once too. Two of them each have a litter of 4. They grow up and you boink all 8 once. etc.
That's recursive.
It's doing the same act. But doing it to the result of the previous act.
Well, I guess the answer is obvious.
Good news for anyone whose handle is in some form of l33t sP34k and has been looking for a good place to try all the exploits described in BugTraq.
However, if I were a CS student there and got that notice, I'd be looking hard into transferring as of the next semester.
Getting an education in the area of computing is hard enough without having to use a network where the admins have admitted in writing that they are clueless.
I suspect they're going to live to regret this. Unless they really enjoy cleaning up messes.
Tech Public Policy stuff
but I'm trying to be polite...how can (apparently otherwise) intelligent uni students fall for this?..corporate exploitation at it's unappealing extreme..notice there's no actual denigration of the product, it's just those "dumb users" (and where, slashdotters, have we heard this before?) who can't make it work... all to get the "upgrade to XP Home" message from your friendly campus bookstore...\ cranky bull.
Hmmz... I wouldn't be surprised if MS would forbid any linux machines on it's campus, but this is quite the other way around! Now users are actually forced to buy a new OS (or download a free one of course), because they cannot run the most stable Windows OS (2k).
:S
What's next: no, you cannot use Nokia cellphones, because they cause to much interference in comparison to others? or you cannot buy cookies because they crumble to much in comparison to bread and they give clean-up problems?
So much about free choices
They should actually rename this topic to a YRO-topic.
sig(h)
Can they really do this? What grounds is there for an objection? The end user operating system should not be their determination when it's used in dorms, even if used in their network.
What I really dislike is that they've dictated terms, this is something that has been coming for a long time, now await this madness or political correctness to grow.
some one must be getting a bribe or kick back for this one. why play fair when you can buy the people in charge with a little bit of money.
Imagine that a colege it person stating that becuase MS IIS is insecure they will not allow win2kpro without MS IIS on their networks..
Like how many win2kpro users install MS IIS? Try zero..
Yet they allwo win95 and win98 two of the most insecure windows version on theplanet on their networks..
Did he or she get padi off by MS?
Don't Tread on OpenSource
you change your school mascot to the Blowfish and you can run OpenBSD for free.
four-oh-four
After all, how are you going to exploit a win9x machine when it is only up for 5 minutes at a time before it crashes?
That's all this amounts to. They run around scared with half or less of the knowledge and understanding required to make such decisions. And even in light of the information, they go with their knee-jerk reactions rather than a scientific approach.
...anyway... off the subject...
All of this taking place in an institution of higher learning? It's just amazing. I can imagine this happening very easily in some corporate setting, but not in schools. I guess the number of the enlightened isn't as large as I once suspected.
FUD rules the day once again.
Personally, in addition to my Linux boxen, I like my Windows2000 machine. After service pack 3, I can now use my video camcorder again to do video editing... (now if I can just bring myself to erasing all this useless porn to clear spact to do so...) Before I get blasted with "why not use Linux?!" first I'll just say I'm a lazy bastard and I just don't have the urge to read the thousands of HOWTOs associated with whatever is required to do the same with Linux. I think I'll switch to Mac OSX before I try it with Linux.
It's scary and creepy the way some people think. It reminds me of the last time I was ruled out from having a job at my last interview. In this case, I listed Linux, HP/UX and AS/400 as other operating systems I am capable of administering to. They proudly touted "we're a Microsoft only shop here" as if that were some great accomplishment -- a badge of honor. All I could think was "oh, so you only know how to do your job with a mouse running 'wizards' to accomplishing the things MS thinks you want to do."
I heard there is black magic on the WindowsNT and Windows2000 and so I do not allow such magic on my network. Get thee back Devil2000!! Get thee back!!!
Isla Vista (I.V) is one of the most notorious college towns out there. Between the 3 or 4 deaths in a suburb of 10 thousand in the last 2 years due to inebriated stupidity, drugged kids driving cars over people, the complete lack of sidewalks, and the near ubiquity of venereal diseases (It's nicknamed H.I.V), then you have to contend with the outrageous rents in Santa Barbara (be prepared to share a room or live in a slum if you want to pay less than $550 a month). Every weekend people wheel kegs out on to the lawns of Del Playa Road and you end up with a bunch of hazed students passed lying passed out all over the place while some white trash guy is either trying to molest, rape or ghb his way into some stupid girl's pants. UCSB isn't too bad but I'd like to see IV burn to the ground.
Machinegestalt
Your rights are being violated!
It's the American way!
What you need is some student protests to get Linux on the campus!!
While MS OSes are notably insecure, I wonder what the University's policy is towards OTHER insecure OSes - like a Linux box that isn't secured properly. Do they run audits and checks against every Linux machine on their network to verify against known hacks ? It seems to me like they should, if only to be consistent.
I thought Microsoft Operating Systems were so easy to use that anybody could administer their own machine. If not then why bother with windows?
and Slashdot isn't screaming????
If they banned Linux wouldn't the community be up in arms?
If the issue noted here is not a fatal flaw in W2K/NT but rather lack of administration of those boxes then how far behind this ban is a ban of Linux?
Distribute a disk(s) to all W2K and NT users with a program that makes the changes to defaults, including auto-update.
ns, most schools that I've been to which offer network access will supply a disk to simplify setting up the computer for their network. It's fairly simple to put together some scripts that check the version being run and set it to update the computer from the internal network or windows update, as well as change (or prompt the user to change) any non-secure settings.
-PainKilleR-[CE]
They tried to be even more extreme and ban any Operating System that could run server software.
Lets think about this one.
.
.
.
Can anyone think of an OS that wouldn't be ban?
This policy lasted for about a week.
Help Brendan pay off his student loans
On securityFocus (bugTraq) database are listings of thousands of remote exploits and hacks.
None exist for MacOS 8.x and 9.x. including latest 9.2
I am not talking about unix based Mac OS X (which has had over 30 exploits so far).
The Mac OS is the BEST way to run a web server on the internet. There are some high performance (though 400 dollar) web servers that make it even better.
Hurray for the unkrackable unhackable macOS!!!!!
shame on linux and even OpenBSD
If you need to run Win2k for some reason, just use VMware with vmnat. Just be sure to have konqueror or mozilla on your linux/vmware box in case they check the user_agent string. Of course, vmware doesn't support directx, so if necessary, run a heavily stripped down 98se/win2k (is there a win2k lite?) system. With all the hacks to strip it down into a lean gaming OS, it would be hard to call it windows anymore.
thats all UCSB, not just resnet. whatever, just wait until a good XP virus/worm gets out and screws everyone all at once.
Well the other day I was talking to a friend who just did a compleate study for a large companey here in canada he works for. The study, should tye move from 2000 to XP. things taken into account are advantages and disavantages for the change, security, and ease of movement. Probaly more but hey I was not taking notes. And gess what, the resport says that there realy is no advanatage to move to 2000 and XP only has some more things built into it (which can be more issues then they want to deal with). Security, 2000 has proven itself some what secure, and no real security advanatage could be found. and cost, well M$ would have basicaly screwedthem out of a LOT of cash for basicaly nothign big.
Personaly I have tryed XP, and reality is, its 2000 with a new look and more crap built into it. And I have had issues with som much software bult and integrated right into windows before. So adding more is seen as a bad thing unless m$ can put out beter quality code.
So in all honesity, I have seen no reason personaly of by study for anyone to waste there hard earned cash on XP if they are alreasy running win2000.
now my next thought is, how can the collage justify forcing people to either buy a copy of XP or pirate it (and we know the free thing well be more popular). I would not be suprised the university has grants or somthing from M$. But hey what do i know right.
Also one last note, if the school is wanting security why are they not forcing fire walls instead, or better yet making students use linux. Just a thought here
my 2 cents plus 2 more
The people in charge must be rerading grc.com too much about the evils or WindowsNT..
What about the various flavors of unix with SSL vulnerabilites? If these these kids can't run "windows update" successfully and keep their windows systems patched, what makes the IT morons at UCSB think they can keep their unix systems patched?
-ted
What do you bet that they have an agreement with Microsoft to do this and each sale of XP (at normal retail price, naturally) is a major markup from an agreed upon bulk purchase amount. Buy low, sell high, eliminate the competition. That's the American way!
Migor knows what you are doing in your dorm room.
Migor Sees all.
Migor cares not what you run, for Migor is your new king!!!.
Um, here is something they could try, how aout providing a link to MS Windows Security toolkit. It performs a pretty strict lockdown. I am not saying it is 100%, but it takes care of the majority of the problems the were discussing. Also jsut have them run the default of the IIS lockdown tool. There problem solved, easily and freely. Who are they to say what OS a student can and can't run, so much for freedom of choice or preference.
Here is a fun little prank that I did back when I was in school (1993-1997):
.login). Anyway, one day at the beginning of the semester, I was feeling a bit mischevious. I was in one of the larger labs and it was packed to the gills with students trying to register. I logged on to the REGISTER account and did something that was similar to ctrl-z suspending and suspended the registration app. Now I had a command prompt. Next, I used the VMZ equivalent of write(1) (...gosh, what was it?) and sent a message out to everybody else using the REGISTER account--literally hundreds of students...
:)
When I was a freshman at Vanderbilt University, we used the campus VAX to register for classes. It worked like this: you would go to one of several large computer labs on campus and log onto the VAX as user REGISTER (or something). Once you logged in, the registration program would fire up automatically (via the VMS equivalent of
ALERT: THE REGISTRATION SYSTEM WILL BE CLOSING IN 30 SECONDS. PLEASE MAKE YOUR FINAL CLASS SELECTIONS AT THIS TIME.
The first thing that happened when I sent the message was several hundred PCs beeping loudly all at the same time. And immediately after that...you should have seen the looks of panic on all those sorority girls' faces!
Slashdot hates Microsoft
Slashdot hates Censorship
What does Slashdot hate more?
Censorship against Windows.
Shit, I think those are pigs in the window.
Only NT4.
NT4's policies are pretty bad. It defaults to a blank administrative password, an administrator username of "Administrator" (and there are ways to obtain the administrator username if this is changed, anyway), sharing all the drives as hidden "administrative shares", *resharing* them at the next boot if you disable sharing...
The best thing to do is just axe the Server service. I've seen so many remotely exploitable boxes (probably ~70% of home NT4 users had this open) that it would blow your mind.
Then if you upgraded from NT4 to 2k, it would keep the same configuration...
May we never see th
its funny how sales of xp are up but arent most windows software at universities like 5-10 bucks anyways?
Better yet, why don't the recommend an upgrade to a Mac? :-)
"Politicians find new names for institutions which under old names have become odious to the people."
Microsoft is listed as a Cumulative Donor of $100,000 to $499,999. Really not a bad investment on Microsoft's part:
1) donate $300,000 and "advise" school that NT and 2000 are not secure.
2) offer new OS at reduced price to school book store.
3) report increase in new OS sales to invest ment community.
Hmmmm... I wonder how many other schools will follow suit?
I don't quite understand why it's just NT and 2000.
I think all of us know here the security history of all MS operating systems, and XP is ramping up to be the worst of them, and they reccommend that?
Interesting, UCSB. You're half way there, go all the way!
-- Note: If you don't agree with me, don't bother replying. I won't read it.
back in the day. Our resnet admins used to scan for Administrator accounts with out a password. I goto Baylor. They also did not approve of anyone running a web site, but they left port 80 open to servers. But just to becareful and aviod some trouble I just ran my site off of old gopher ports.
See Sig! See Sig Zig! Zig Sig Zig!!!!!
Read the link; they don't just refuse to give tech support to users of Win2k, they block Internet access to Win2k machines. So, in other words, Win2k is illegal on ResNet.
If you actually read the linked story, you will find that the college is willing to pay the bill to give students a better OS.
Unfortunately, the increased hardware requirements of XP over earlier windows versions may become a problem for some students. Hopefully, the college has recognized this and will provide win98 assistance also (not that win98 is better than XP Pro, but it's not much worse than XP Home (NEVER NEVER buy XP Home, regardless of what the school says).
Huh, I did read the story, but I must have rad too quickly. Um, well, I read their statement. Was that the same as the story? It's been so long ago. Hours, even.
I work for ResNet at the University of Rochester and we recomend that all incomming students with PC's buy them with either Windows 2000 or Windows XP Professional. We specifically would not like them to have XP Home as then they will not be able to VPN into the wireless network as well as other things. While we don't like Windows ME, we still allow users who already have it to continue to use it and will support it if any problems arise. In fact, if you have Linux and can't get the internet to work, we will help you out to the best of that consultants abilities. It's silly to limmit what operating systems users can use, especially for security reasons. When we had an outbreak of Klez and Nimda last year, we licensed Trend Micro for the entire campus and setup an online install for all students and then had the RA's do a hall program telling everyone who didn't already have an up-to-date antivirus to load Trend which updates itself automatically.
Instead of telling people they can't use an OS cuz it's insecure (even if it's not), they should educate their users on how to make it secure and then deal with those who are still at risk.
Residential Computer Consultants will be available to assist with these upgrades, and Windows XP Home is available in the UCSB Bookstore at student rates. Students on financial aid can receive an augmentation of their award to cover the cost of the upgrade.
Perhaps I'm being paranoid here, but this sounds like a scam... I can't think of any other reasons to only ban a few versions, yet push for the latest version of windows, in the book store of course...
-- Note: If you don't agree with me, don't bother replying. I won't read it.
"Is XP more secure than 2000 with SP3 or Windows NT with SP6(or is it higher now, don't use it)? I'll personally ridicule whoever claims that."
Try this...
Set your local administrator to a blank password on both your Win2k and XP desktops.
Now try to connect to the administrative shares(C$, etc) across a network from another machine.
On XP a blank password on a local account is more secure than a weak password, as it blocks all network access for such accounts.
As for the patches... It's easier for the UCSB staff to suggest people upgrade than to explain to them how to apply patches. Although Win2k/XP is pretty easy to patch if you use the automated update service.
This will at least solve your blank Admin password problem...
"To protect users who do not password-protect their accounts, Windows XP Professional accounts without passwords can only be used to log on at the physical computer console."
I don't know if this also applies to Home. I can't find anything suggesting it does, and do not have an installation I am able to test on.
IS there really anything else that needs saying?
Come on, this is obviously all about selling new software to freshmen from the campus bookstore. UC schools (and probably other schools) pull stuff like this. They feed off the ignorance of most computer users to make a quick buck.
When I was an incoming freshman at UCSD (in 1998), many students did not have network cards. The campus resnet handout they gave us said that students needed a network card to use the net connection in the reshalls. Fair enough. But then it STRONGLY SUGGESTED that students buy the network cards that they sold in the bookstore, "just to be safe so that they could connect to the network."
Not surprisingly, the they sold ethernet cards at a staggering markup in the bookstore (I think it was about $80 for a card that you could buy for $40 at Fry's). They also apparently were marking up the patch cables quite a bit!
I was very shocked when my suitemates came in first week complaining about how much they had to spend to get onto the network at the bookstore!
"You spoony bard!" -Tellah
In all reality, windows 2000 is probably the only windows OS that doesn't have some glaring irreparable security fault. XP is certainly more vulnerable to attack than 2K, I think they just want to sell copies of XP to line their pockets a bit thicker. Frankly, I can't blame anyone for not wanting to run XP... microsoft fixed their big, ugly GUI with a bigger, uglier GUI... whatever happened to your friendly command prompt.. oh yeah, that's right it's still used in linux ;)
Our greatest enemy is neither a single man, nor is it a nation, it is, as it has always been, our own greed.
I wonder if the system admins just got bored and started to think.. "Hrm, wonder what would happen if we banned win2k?"
I can picture the other one going.. "I dare ya!"
I am a student on UCSB's resnet.
You know the silly thing? The way they check to see if you have Win2k is thru a "registration" process by which you are not given a valid IP address (DHCP) until your MAC is registered the system. This involves accepting an agreement, etc, etc. Guess how they find out you're using 2k? Your HTTP request. It was rather simple for my friends using 2k to validate their MAC's on other peoples' computers, or on their own computers (if they dual boot) and then return to 2k, easy as pie.
What kind of bs is that?
Tony
If I went there, I'd be insulted that the network admins say 'we KNOW everyone with a win2k system is a moron and wont patch it'. Wouldn't it make more sense to (at the very least) demonstrate your knowledge of basic system security before being allowed on the network (like disabling or uninstalling IIS, which i'm fairly confident is the primary reason they're doing this), so competent admins (like myself) wouldn't be forced to 'upgrade'? An all-inclusive 'No Windows 2000 Allowed' policy is completely befuddling.
There's no chance I'd buy a copy of XP just to use their network. I'd talk to the guys in charge; im Sure there can be a compromise.
Want to run Win2k on the campus LAN, fine, you gotta become a member of the Dorm_1234_Whatever domain.
By taking this step and using win2k Active Directory, there are a number of steps the dorm administration can take to fix all of these issues.
1). Do not dole out (DHCP) an address unless the Win2K box is a domain member.
2). Drop Software Update Services (SUS) on a server and *FORCE* domain members to update those critical patches from MS.
3). Using the group policy, force complex passwords on the domain (yes, this will generate support calls, but then again, so will owned boxes).
4). Again with the group policy, force a local admin password (I'm 90% sure you can do this, but I cannot seem to find colaborating evidence -- anyhow, if it turns out I'm hallucinating on this one, there are a number of apps you can have the user run at login that force the entry of an admin password).
5). Use HFNetChk or it's GUI upgrade, MBSA to check those dorm boxes periodically (like, daily) for things like IIS.
6). For God's sake, bandwidth throttle the p2p stuff.
There's a lot more you can do with this scenario. Sure, it's more management, but the payoff is just that You Can Manage It -- rather than just react to broken box scenarios. All things considered, I think the arguement that says, "let's just band XYZ operating system" is very short-sighted. Essentially, we are saying let's ban a popular tool in favor of an unpopular one because not as many people spend time cracking the unpopular one. Sounds like a slippery slope towards a riveting game of Musical OS. And where will we all be when the record stops? Probably right back where we started.
Cheers,
-- RLJ
Anybody fancy working some XP exploits on their new 'secure' setup? Disclaimer: only joking (honest (-;)
Rake Free + Mac Poker: CardCrusade
I've known the guy that posted this for years, and I remember our freshman year in college, he ran an ftp server all year-- Anonymous login sharing basically you name it, and apparently people from all over the resnet were doing the same.. It's a problem of them not wanting to do crap, so they don't, then they find a scape goat-- FTP server installed on 2k, and they say "none of that"...
/ex
They should really pull their heads out of their asses-- Start *LOGGING* High usage IPs, and start banning those cards from accessing the network-- They do it at UCSC, and the effect was/is whenever I or anyone else needed bandwidth, I or anyone else got it.
Kill two birds with one stone, eh?
Also, while I've seen people mention the default installs of W98, and not sharing the HD, no one seems to mention that the moment you install networking in 98, Client for Microsoft Networks is installed by default, and any machine with it running on 98 is easily breakable...
...that I don't even have to bother with all of this mess. I use Linux and I keep an eye on the latest security updates. I don't have to worry about all of these inane and pointless virus problems and security settings. I don't need three or four applications running to defend me from viruses and operate firewalls. Poor Windows users.
Not to get off on a tangent about resnet and Windows 2000 but I simply must state once again: UPDATE YOUR FUCKING SOFTWARE ASSHOLES! If you visited Windows Update weekly or even fucking monthly for that matter, none of this would be an issue! They act as if Windows XP doesn't carry any of the components of 2000 and is less prone to security vulnerabilities. While it is in certain areas, it is the same core anyway! The only difference is that Windows XP had the ability to automatically find updates for you.
2000 has also had that capability as of almost a year ago and as of about 3 months ago, both 2000 and XP have the built in capability to download, install, and reboot your system for you in the middle of the night if you wish (or at what time you specify). Boy, that's really so fucking hard ain't it!
When you update your software it affects more than just your machine. It also affects the health of the entire network. While you might not give a shit, just making my point because here is obvious evidence that lack of updated software caused some shitty IT admins huge problems.
Funny how other universities don't seem to be banning 2000, sounds like 2 things to me...
1) Terrible IT admin. staff.
2) Lack of software updates because morons don't listen to the bubbles that come up and say "New CRITICAL updates are aviailable for your computer.
Click this balloon to download them for the most secure and reliable Windows experience."
Morons. Period.
The coolest voice ever.
You can (and should) run the Baseline Security Analyzer tool to find stuff like that. All the UCSB campus IT people need to do is get all their users to run the BSA assessment, and they should be OK as far as the glaringly-obvious vulnerabilities are concerned.
Dahlmann tightly grips the knife, which he may have no idea how to use, and steps out into the plain.
Probably the fish we are missing is DRM. If they all have WinXP installed, they all have some DRM and have signed a license saying more can be installed without consent. This mean that the U can cut down bandwidth usage by cutting the main bandwidth consumer, content. Getting the EULA and the basic libraries in place is key to effective institution wide content management. Service Pack 3 and media player, would also give them this, but other posters have discussed the difficulty of getting the patches out. WinXP guarantees that they can "manage" their network.
Okay, I have to ask what years you were at old Miskatonic. During the 90's the Macs seemed to get slower and move into smaller clusters [upstairs in the back corner]. By the year 2000 there was a Win2k cluster belonging to the previously Sun "closed shop" CS department. [Broke my heart.]
It seems that most of the universities and secondaries I've dealt with have largely moved away from the Mac. It is only with the new powerbooks I see them coming back.
As much as I like the "drive them to the Mac" theory. The simple fact that a WinXP license is cheaper than a whole new computer, and the cheaper replacement computers come with WinXP installed (or Mandrake but...)
Oh, I started in 1991 and took the slow route to graduating. Currently a state bureacrat in the department of Secondary Ed [all win2k.]
This is not a political statement. This is not legal advice. It's a frick'n Slasdot post. However: I'm Running For
the funniest thing I have ever heard! It also has a dark side though. Back when I went to college at Los Rios Community College and Sacramento City College, they never even HEARD of NT. I was ostracised and looked at as a joke for even suggesting someone use something other than DOS / WIN311 or win 95 /98. Instructors were clueless, they never heard of it. Fast forward to today and now everyone that breath's air and can fart has NT and they are still as clueless. It was better back then because LESS IDIOTS were out there, now the ENTIRE NATION is an IDIOT.
So, when are they going to get a clue? I have long since dumped windows for linux. And there is a learning curve. GOOD luck teaching the new breed of idiots how to use linux.
Security - bagh. These half-wit crap ass hormone driven idiots will NEVER grasp it.
NEVER!
Well, you can't force them to install something (unless they've already installed SP3 or XP) but you can force them to meet certain requirements in order to use certain services.
That said: I reiterate my previous coment that the purposde of XP is to get DRM onto all the machines. Thus allowing bandwith management by content restriction. Once you've installed XP they can do anything they want as long as MS signs off on it.
This is not a political statement. This is not legal advice. It's a frick'n Slasdot post. However: I'm Running For
sadly, and a little humorously, this sounds like a simple case of a lack of education of their users. it's sad/funny because it is happening at a learning institution. if they throw all of their first year students (or anyone that transfers in) to a basic computer class and instruct them on simple things like updating their system and pass out a guide, i think many students wouldn't have this kind of problem...
Large print giveth, and the small print taketh away
Simple restriction of services on Windows 2000 (like mandating "No IIS servers permitted") could remove most of the current exploits. This is a network administration issue that has obviously been solved by using a crutch instead of educating students and enforcing policies.
Weak, and pathetic.
UCSB should take some time to establish proper guidelines for use of Windows 2000 on the networks and create acceptable use policies that permit them to take action if there is negligence involved. How do the administration plan on handling FreeBSD, Linux, QNX, PocketPC, and MAC OS-X users...? Back of the Bus?
I am a sophmore @ UCSB and i think this whole thing has been made way too big a deal. 95% of us who go to UCSB dont give a shit about NT, and the other 5% will probably still use NT anyway. Why? because all of us here are binge drinking Bio majors who are too busy trying to maintain a 3.5 GPA and still get some play on the side. On another note, id like to remind you that the majority of people who are effected by this are FRESHMAN, since only freshman are guaranteed housing on campus, while most people just get off campus internet service through COX cable when they move to Isla Vista (where the majority of UCSB students live). Now that thats all cleared up, someone run to SOS and gimme a case of Nattie Ice and a pack of Parlies.
-CPM
---You're all I need, When the water runs deep, You're all I need, Now I cry my soul to sleep -- Collective Soul, Needs
I work for the University of California, at Berkeley, as a System Administrator for Residential Computing. We're the department responsible for the residential network - not the physical portion, but basically everything else. Last year, I was responsible for the security mailing list, meaning I took care of security, abuse, and copyright case for the 6,000+ students living in the dorms here.
Now, the following is in any way, shape, or form, official University Policy, or even opinion. Just my own thoughts & experiences on this subject. Now that that's out of the way...
The majority of the security problems on our network come from Windows 2000. At the beginning of this semester, and last semester, we were flooded with compromised computers - Code Red last year (hundreds of cases), and variations of DarkIRC (which exploits the "no Administrator password" problem) this year. We've spent thousands of dollars (on employee hours only) at least. When we hear about a compromised system, we it's Win2K (twice it's turned out to be Linux though =).
After the first six weeks (meaning, for us, right about now), we've gone through almost every Win2k machine & set an Administrator password, installed Norton, etc - BECAUSE THEY'VE ALL BEEN COMPROMISED. At least all the vulnerable ones. This keeps our Residential Computing Consultants (RCC's) pretty busy, but our network even busier. We lose a lot of bandwidth because of these people as well, which slows down the net for everyone else (we're capped at 60Mbps), and hurts their dorm experiences.
I would vastly prefer Win98 than Win2k on our systems. It's much harder to compromise, since to turn it into a server. Win2k already has all the tools a hacker needs to log in, and attack others - and without the Administrator password, it's all set up for this already! I don't know if WinXP is any better (since I'm not working as Security anymore), but hopefully it is.
It makes sense to get rid of Win2k. People have unpatched versions usually, and frequently no passwords, so they get hacked all the time. I wouldn't mind doing the same thing in Berkeley, but our primary philosophy is Open Network - we don't block anything, we don't tell you what to use, etc. We let you run servers if you want. We have a bandwidth limit now (5GB a week), but that's fairly new too, since we've only recently been capped (thanks to P2P - the dorms were using more bandwidth than the rest of the University combined!!). Other than that, however, Residential Computing is and strives to be the model ISP. We are mostly students ourselves, and so we know what our peers want. And in my opinion, they would all be better of without Win2k.
For more info about Berkeley's Residential Computing, check out http://www.rescomp.berkeley.edu =)
Beware of women who pay their rent in one dollar bills...
This is my digital signature. 10011011001
Call UCSB Yourself and talk to the manager of the network systems: Craig Welsh 805-893-5363
Forgetting about all the other insane stuff about banning NT/2000, why on earth are they recommending an upgrade to XP Home?? They arn't running a domain... or what...do they have one big workgroup? Insane really. All I can say is, if they arn't running a domain it doesn't matter what OS they ban...that network must be a total nightmare. I feel sorry for them....the students that is. heh
Hard work usually pays off over time, but procrastination pays off now.
I didn't see anyone pick up on this. A HUGE problem at our University isn't just a hack here or a crack there... We have people installing 'pro' versions of Windows software like Win2K and XP Pro, and for whatever reason they turn the DHCP server on.
We run behind a PIX. You turn on a DHCP server and you screw EVERYTHING up. No one gets out because they don't go through our authentication system properly.
One misconfigure 'pro' OS and you bring down the entire dorm network.
I don't know if this is a reason for their decision, but it is a real issue and it really happens in dorms.
ffakr.
Seriously I think a lot of people are a little too "Microsoft they must be un-secure and "they're the devil". There is a very nice tool easily downloadable from Microsoft's Security website that's called Microsoft Baseline Security Analyzer. I'm sorry but even a trained monkey could download the patches and check their computer for vulnerabilities. I know everybody likes to "stick it to the man" but honestly, the reason Microsoft is in the position they are is because they have a good business strategy, make a good product, and have good management team. I'm not a Microsoft leg-humper or anything like that, and I'm not saying that they don't have vulnerabilities at all but 95% of attacks on Windows computers are on ones that aren't up to date as far as vulnerability patches go. You want to know the best way to secure your computer if it's connected on the internet? Unplug it, dig a big hole in your backyard, rent a cement mixer, throw your computer in the hole, and fill in the hole. I don't care what OS or what type of computer you are on if somebody wants to get control or access to it and you're connected externally it's possible. Not likely considering the consequences (FBI or otherwise) and the level of skill of the majority of computer "hackers" --- not very good terminology by the way. Anyhow, just my two cents for whoever cares to read.
Our school has an edition that any student can install for free. XP Pro, at no cost to us. I think it only cost the school some 10K. A lot for a school of our size, but for the larger universities? Then again, one of our professors sold his soul to microsoft in order to get good deals.
the college is willing to pay the bill to give students a better OS
Ok dopey.. for you, and the rest of the world that doesn't quite get it yet, the word FREE in FREEBSD does actually mean that you don't actually have to pay for it.
The same goes for Linux.
Out of interest.. I don't see how a school can force people not to use a particular OS. I'd really like to hear the real reasons. Specifically, I'd like to see their plan on making XP more secure than NT or Win2K or 98, and no "SP1" (otherwise known as the 'let Microsoft rape/invade your computer for free' patch) is not an answer. Are they suggesting firewalls be set up? No? What a monolithic idea! Let's change the OS instead!
Firewall your PC
I've known many people who have worked for the computing services on the UCSB campus.
A few quick sound-bytes:
Most dorm computer users did not purchase NT-based systems of their own volition: they got them as part of a bundle or because mom and dad gave it to them. Therefore, they have had no real incentive to learn how to properly configurate their OS.
Thus, when someone leaves the admin password blank, they may not be more of a "security issue," as some have said, but they certainly become more of a pain in the ass: a logistical nightmare for the computing services people.
Hell, I've even had to teach people how to click "enable" on their network connections. And you expect them to set up an admin password?
Well, I'm in college, and my college almost exclusively uses Windows 2000. It's on all the lab computers (except for a couple Mac labs).
In fact, they actually RECOMMEND Windows 2000 in the dorms, and DISCOURAGE XP Home (scroll down about halfway), mostly because of the inability of XP Home to join Windows domains, which basically renders those machines unable to get on the campus network.
This worked great for me because I love 2000 Pro and am not a big fan of XP. I don't know what I would do if they banned 2000 like that. I wonder if there's any way to fake them out? I'm not sure how they check your Windows version like that...do you broadcast it when you try to connect? If so can you spoof as XP or something? One thing for sure, I wouldn't be running out to buy XP.
"One basic notion underlying Usenet is that it is a cooperative."
Having been on USENET for going on ten years, I disagree with this.
The basic notion underlying USENET is the flame.
-- Chuq Von Rospach
- this post brought to you by the Automated Last Post Generator...