Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stop Christmas-Gift PCs From Feeding Worms

Posted by timothy on from the cognitive-dissonance dept.

An Anonymous Reader writes "If you recently set up a new PC with Windows XP, or if you had the pleasure to do a 'reinstall from scratch,' you probably found that many XP systems as they are shipped today are not patched against common issues like Blaster. Given that these worms are still going strong, it doesn't take long for a new system to be infected. In particular, if you have to connect it to the Internet to download all the patches. Well, help is in sight. The SANS Institute released a paper entitled Windows XP: Surviving the First Day." (Read on below.) Update: 12/24 17:59 GMT by T : Thanks for reader Bill Curnow for the updated link. Update: 12/24 19:15 GMT by T : Besides the workaround suggested below, Roblimo has a good suggestion on avoiding the first-day-of-Windows altogether.

"With many screen shots, it will walk you through the procedure to enable the XP firewall and downloading the patches without getting infected while doing so. This could be the (free) stocking stuffer that may save Christmas for your folks ;-). Given that its probably to late now to start downloading your favorite Linux distro."

But if you do have the time and bandwidth, and you're stuck on Windows, a nice live-CD distro like Knoppix or Mepis means you can download patches without racing the worms, and install your patches while offline. (And if you have time to download 50MB, you have time to grab Damn Small Linux.)

3 of 416 comments (clear)

  1. Need for Microsoft patch CD by jaredmauch · · Score: 4, Interesting
    Microsoft needs to ship everyone who does "Product Activation/Registration" with them a CD that includes the patches necessary to secure ones systems. Yes, it will always be out of date, but at least you won't get infected with some 1-2 year old vulnerability.

    People should return non-patched systems that are shipped from the manufacturer, and return systems where the install CDs don't put them to the same patch level they are shipped with.

    while this isn't a cure-all solution to the patch mania that is necessary, but will go a long way to help bring up the baseline security of all these end-user hosts on the internet.

  2. Re:Easy Alternative by B3ryllium · · Score: 5, Interesting

    No, the proper technique is called a "reach around". You reach around behind the box, unplug the network cable or phone line (I caught a worm over dialup once, that was the most hilarious thing ever), and consider yourself lucky.

  3. Here on the Hell Desk... by uncleroot · · Score: 5, Interesting

    I do DSL tech support for a large telco with a three letter name starting with "S" and ending with "C" and I have to bite my lip every time these poor, dumb people call in connecting their brand new Dells and Compaqs to the DSL with no firewall and not a clue as to what Windows Update is and why they need it. The reason I bite my lip is that Windows Update and firewalls are outside my scope of support and I was already told by my team lead not to waste time helping people with that stuff. Even worse, offical training tells us to leave the Windows firewall off when configuring a PPPoE connection - I am not making that up!

    It's sad and irresponsible to let these people wander onto the Internet with their unprotected Windows computers like dogs wandering onto the freeway.