Slashdot Mirror
Stop Christmas-Gift PCs From Feeding Worms
An Anonymous Reader writes "If you recently set up a new PC with Windows XP,
or if you had the pleasure to do a 'reinstall from scratch,' you probably found that many XP systems as they are shipped today are not patched against common issues like Blaster. Given that these worms are still going strong, it doesn't take long for a new system to be infected. In particular, if you have to connect it to the Internet to download all the patches.
Well, help is in sight. The SANS Institute released a paper entitled Windows XP: Surviving the First Day." (Read on below.) Update: 12/24 17:59 GMT by T : Thanks for reader Bill Curnow for the updated link. Update: 12/24 19:15 GMT by T : Besides the workaround suggested below, Roblimo has a good suggestion on avoiding the first-day-of-Windows altogether.
"With many screen shots, it will walk you through the procedure to enable the XP firewall and downloading the patches without getting infected while doing so. This could be the (free) stocking stuffer that may save Christmas for your folks ;-). Given that its probably to late now to start downloading your favorite Linux distro."
But if you do have the time and bandwidth, and you're stuck on Windows, a nice live-CD distro like Knoppix or Mepis means you can download patches without racing the worms, and install your patches while offline. (And if you have time to download 50MB, you have time to grab Damn Small Linux.)
you insensitive clod! :-)
Carousel is a lie!
This is the mistake people make over and over: there has to be some big fancy fix that will simply make the problem go away. There isn't, and there never will be. Security is a process. You educate your users, you install appropriate isolation and filtering technology, and you work hard to keep it all up to date.
I have two really big issues with firewalls: they are too complex to reliably provide any serious level of isolation; and they meddle with all your network traffic, causing no end of headaches. "Personal" firewalls tend to screw up anything you attach to your computer, even USB devices. Campus firewalls limit the services you can access on the public internet (one place I worked allowed http and telnet, and nothing else) and every change in these limitations involve endless hassles with your IT people, plus the risk of creating a security hole. They're a constant temptation to Murphy's law. And yet somehow people find them appealing -- they sound magic. Give me a simple NAT isolation node any day. They disable most P2P software, but most of us don't use that stuff anyway.
Cool, this guy wrote a whole article about how he encourages his kids to use Linux, and thus be completely unprepared for getting jobs in corporate America! Bravo! Now he can complete the job of declining education standards in this country, and make sure that his kids learn absolutely NOTHING of value in college (well, aside from the how various liquors taste, and how to hold your alchohol).
Not every parent gives their kids free beer for a gift!
Manipulate the moderator system! Mod someone as "overrated" today.
You're crazy if you think I'm giving Katina a computer running Windows or Mac OSX. She, like her sister, is getting good ol' reliable Linux...
Yes I am crayz, but why isn't she being given a Mac?
- as stable as Linux...check
- easier to use than Linux...check
- nicer looking than Linux...check
- more support by major software/hardware vendors...check
So I forgot - why was it again that you wanted to give your mom a Linux box vs. OS X? Oh yes, that whole open source ideology, which Apple only partly adheres to. Other than that, Linux has 0 advantages over OS X in a novice home desktop environment, and countless disadvantages.
What an excellent reason for choosing your gift