Stop Christmas-Gift PCs From Feeding Worms

← Back to Stories (view on slashdot.org)

Stop Christmas-Gift PCs From Feeding Worms

Posted by timothy on Wednesday December 24, 2003 @05:54AM from the cognitive-dissonance dept.

An Anonymous Reader writes "If you recently set up a new PC with Windows XP, or if you had the pleasure to do a 'reinstall from scratch,' you probably found that many XP systems as they are shipped today are not patched against common issues like Blaster. Given that these worms are still going strong, it doesn't take long for a new system to be infected. In particular, if you have to connect it to the Internet to download all the patches. Well, help is in sight. The SANS Institute released a paper entitled Windows XP: Surviving the First Day." (Read on below.) Update: 12/24 17:59 GMT by T : Thanks for reader Bill Curnow for the updated link. Update: 12/24 19:15 GMT by T : Besides the workaround suggested below, Roblimo has a good suggestion on avoiding the first-day-of-Windows altogether.

"With many screen shots, it will walk you through the procedure to enable the XP firewall and downloading the patches without getting infected while doing so. This could be the (free) stocking stuffer that may save Christmas for your folks ;-). Given that its probably to late now to start downloading your favorite Linux distro."

But if you do have the time and bandwidth, and you're stuck on Windows, a nice live-CD distro like Knoppix or Mepis means you can download patches without racing the worms, and install your patches while offline. (And if you have time to download 50MB, you have time to grab Damn Small Linux.)

8 of 416 comments (clear)

The title should have been.. by Poilobo · 2003-12-24 05:58 · Score: 5, Funny

Our Server: Surviving the Slashdotting

--
Sig (appended to the end of comments you post, 120 chars)
something wrong? by Stanza · 2003-12-24 05:59 · Score: 5, Informative

Bad link? It doesn't seem to work.

Try this instead.

http://www.sans.org/rr/papers/index.php?id=1298
Site slow, here's some quick n' dirty instructions by rebelcool · 2003-12-24 06:01 · Score: 5, Informative

I figure if you're reading this on slashdot you don't need screenshots to find your way around a monitor...

Obviously, this should be done before you plug the machine into any kind of internet connection.

-Go to Start and then Control Panel.
-Once in Control Panel, choose Network Connections
-Right click on your connection of choice (if there's more than one, do it for all of them) and choose Properties.
-Go to the advanced tab and check the Firewall check box.

If you want to know more about how to configure it and modify the settings, click the link below that checkbox for directions.

--
-
I feel for the home user... by aml666 · 2003-12-24 06:05 · Score: 5, Insightful

My systems are behind a Hardware Proxy and a software firewall. I feel safe and have not been compromised... yet.

Those poor home users who are not technically savvy are pretty screwed. They won't be able to figure out *nix and don't want to pay the bucks for Apple.

Microsoft should offer (no not MSN) a method for new Windows machines to dial direct for patches before connecting to the Internet.

This method should be over ridable for the safer crowd.

--
www.thejulingtoncreekplantaion.com
Re:Easy Alternative by B3ryllium · 2003-12-24 06:08 · Score: 5, Interesting

No, the proper technique is called a "reach around". You reach around behind the box, unplug the network cable or phone line (I caught a worm over dialup once, that was the most hilarious thing ever), and consider yourself lucky.
Here on the Hell Desk... by uncleroot · 2003-12-24 06:29 · Score: 5, Interesting

I do DSL tech support for a large telco with a three letter name starting with "S" and ending with "C" and I have to bite my lip every time these poor, dumb people call in connecting their brand new Dells and Compaqs to the DSL with no firewall and not a clue as to what Windows Update is and why they need it. The reason I bite my lip is that Windows Update and firewalls are outside my scope of support and I was already told by my team lead not to waste time helping people with that stuff. Even worse, offical training tells us to leave the Windows firewall off when configuring a PPPoE connection - I am not making that up!

It's sad and irresponsible to let these people wander onto the Internet with their unprotected Windows computers like dogs wandering onto the freeway.
Re:wormies worry me by NanoGator · 2003-12-24 06:41 · Score: 5, Funny

"If your 'Joy' stick fits in a USB port, you have bigger problems then the blaster worm."

The nice thing about flaming somebody over the internet is that you don't have to have a big dick to tell somebody they have a small one.

--
"Derp de derp."
The Best Christmas Present by teamhasnoi · 2003-12-24 07:15 · Score: 5, Insightful

You can give someone is a Mac. Mom got one a while ago, and I have made two troubleshooting calls. One was due to my Dyn-dns client I had installed to reach the box ( the mac hadn't been on for a bout a month), and the other was when I got an email saying, "I can't send email". Classic.
Compare that to a godawful dialup VNC session on a home shopping network XP box where I needed to fix blaster and the person didn't know how to get to system settings.
I sold a mac that day with "Guess what, buy a mac and you will never have to deal with this again."
(and I won't either, to myself) That's why it is the best Christmas present you can give yourself, if you are the designated "computer-guy". Not having to deal with other people's XP is worth its weight in Half-Life Gold, Al Franken, and Myth II: Soulblighter.