Slashdot Mirror
The Windows Security Nightmare
latif writes "Microsoft has set aside a $5 million fund for paying off informants on malware authors. In my opinion a good chunk of this money deserves to be paid to individuals who help catch the Microsoft employees behind the design of Windows Registry and Windows Update. As I found out, the two mis-features work together to deprive Windows users of all protection from malware. The details of my experience are in the article Why Windows is a Security Nightmare." In a related story, Anonymous Wussie writes "This guy had family with a problem: A Windows XP computer hit by worms that couldn't stay on-line long enough to get patched. His solution? A CD. This article describes the custom made CD he sent to his family member with patches, tools, and instructions to make a fresh install of Windows XP Home Internet safe. I know I'll be doing this in the future."
A typical Windows system follows a simple lifecycle: it starts out with a clean Windows installation, which gradually deteriorates as programs are installed, and uninstalled. Eventually, the Windows registry accumulates so much crud that the user is forced to do a clean install. When a user does a clean install that user's system loses all the previously applied security updates, and becomes a sitting duck for worms and other malware.
Thats why I'm such a FreeBSD/Mac advocate.
-Imidazole2
From article:
"so simple, even my grandmother could implement it."
As a 48 yo grandmother, I am offended that technical incompetance is equated with being a grandparent. I don't think anyone would have said "so simple even my grandfather could implement."
I am incidentally, a C programmer of 20+ years.
People always complain about their computers getting infected before they are able to download the patches - but this is easy to prevent if you just switch on the included firewall software.
Better make that a rewritable...
the CD held knoppix
It has no virus scanner, and they have never contracted a virus. As long as you aren't a dumbass (open random exes and stuff off the web), don't use outlook/IE (they use firefox and thunderbird), and run Ad Aware once in a while you should be fine. Running windows update automatic updates has never been a problem.
my windows security nightmare involves bill gates breaking all my boxen with a life size stainless steel Clippy.
A D-Link port-80-only firewall can be had at any number of electronics stores (heck, probably at Walgreen's too) for $79. It isn't a total solution, but it will protect a personal machine long enough to get the Windows Updates installed.
If the author is unaware of this, or not capable of installing such a device on his Internet connection, just how seriously can we take the rest of his essay?
sPh
This article describes the custom made CD he sent to his family member with patches, tools, and instructions to make a fresh install of Windows XP
I took the extreme opposite approach: I don't help family or friends with their Windows problems if they've asked me for advice and gone against it. (as written about in my journal last March.)
Trolling is a art,
all it takes it to issue "shutdown -a" and the 60 second shutdown screen disappears. you can then finish downloading patches
Wow...what a concept! I never would have thought of that.
You can get the same from MS, free.
Why would you put *any* unpatched box online, whatever the OS?
Microsoft should send XP SP2 CD-ROM to everyone that has registered Windows XP. After user installs and visits some web site, they enter into Microsoft award contest. 100 random users that install XP SP2 receive 50.000$ award each. I guess everyone would upgrade if they could receive an award.
Small price for Microsoft, great effect on security.
I know it was said in jest, to turn in the authors of windows registry and update as those at fault for the security problems, however I'm inclined to agree. Although some would say this is kin in the analog world to blaming a robbed homeowner who didn't lock every second story window and didn't buy baseball-bat-proof glass, I believe it's more along the lines of blaming a vehicle manufacturer for faulty locking mechanisms on its car's doors. All the while Microsoft is trying to catch the thieves running around with stolen cars, when it was their mistake in designing the faulty cars in the first place. Yeah, the analogy sucks, but it's the best I can come up with.
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
This is a serious problem, actually. During the height of the worms last summer, we saw hundreds of machines that got infected while in the middle of downloading updates. It even got to the point that the WinXP "firewall" wasn't good enough, since it loaded *last* in the startup sequence, and there was a good 20 seconds to 2 minutes (depending on the speed of the machine) when the machine was on the net and unprotected, even if you had enabled the firewall settings.
It's the bigger problem of running services by default. The average user doesn't need half of the services that run. Linux figured that out years ago - most services are off these days, and those that are on are fairly secure (ie: sshd). Even if some of these services are required for system operation (like some folks have claimed), there's no reason for them to be listening on addresses other than 127.0.0.1.
There is no sig, there is only Zuul.
http://www.microsoft.com/security/protect/cd/order .asp
Username taken, please choose another one.
Ah yes, brought to you by the letter V, as in VMS. IIRC it was a few digital VMS engineers that left and help build many of the more functional components of WinNT. And apart from the ACL, i believe the registry (at least for pathworks) was another digital innovation...
Never forget there is very little you can credit Microsoft with...
was have them type 'shutdown -a' at the command prompt and the rebooting would have stopped. I have helped people remove this worm many times using Remote Assistance, over dialup without any issues. The firewall software is going to cause more problems in the long run as it will block some of their games, or even him remotely accessing the machines in emergencies.
I cannot help but see the analogy here.
...etc.), and not the root cause (flawed security design, ...etc.).
Microsoft takes the approach of fighting the symptom (malware,
This is the same way many governments approach things like terrorism. They address it like a security problem only, that Intelligence Agencies and the Military/police handle. Why these ideologies developed, and what are the social, economic, and political reasons that lead to it is never even attempted.
And it is not only America, this has happened before in Ireland, Spain, Egypt and elsewhere.
Unless the root cause is studied, a correct diagnosis is made, and then remedial actions are taken, no amount of policing will fix the problem for good.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
That about 90% of the global population is using these products to run the world.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
This isn't anything new -- I've sent plenty of patch CD's with customized .bat/.cmd files along with stupid-easy instructions thanks to an autorun.inf that takes care of everything from hotfixes to updating DirectX and IE, even restarting the box when it's done..all without bothering the user with confusing dialog boxes. It helps quite a bit when your family has dial-up and can't even get to Windows Update before Sasser or equivalent hoses their machine.
But, then again, I've sent many times more Linux distro CD's to my friends.
$5 million seems like a pittance, though, when you consider the market capitalization of a company like Micro$oft. If I were a security researcher who'd just discovered the next devastating remote hole in M$ software, I'd hold them hostage for millions, considering that I need the money and they do nothing but spread FUD about Linux and fund SCO. I'd punish them hard, then donate the proceeds to the FSF to keep Linux Free. I guess M$ will have to expand their payoff budget pretty soon, considering how terrible their security is.
Software piracy is victimless theft.
"(AP) Dateline August 12, 2008. National and international commerce was brought to a halt as the "SugarCookie" worm infected and seized up the installed base of Windows 2006 computers. An FBI task force was able to determine that the worm was written by someone's grandmother who thought she was entering a cookie recipe into her computer. She was quoted as saying 'I did not know that Windows was so insecure that you could bring down networks with accidentally-written worm programs'"
Don't blame Durga. I voted for Centauri.
This really isn't a great way to do it. How about - install windows, turn on windows firewall, then install adaware, and keep patching regularly - I do this for lots of people and I never have a problem. The rich man's solution to this is to buy a router with a firewall - they really aren't that expensive, and let you use more than one computer on the line. As for Mozilla/Firefox being less suceptible to malware etc on a statistical basis, this is a no-brainer. People who would use an alternative browser also tend to be the type of people who patch their software.
If you're going to go after Windows employees, don't bother with the registry and update guys. Nail the guys who made ActiveX and Outlook.
There ya go, I'm an informant now. When can I expect my check? =)
Weaselmancer
Weaselmancer
rediculous.
I think it would benefit Microsoft and their developer community if they just would make Windows 2000 and XP Open Source. The dedicated, experienced, and loyal Open Source developer community would be able to enhance these operating systems to new levels.
We would have embedded Ogg Vorbis support in Notepad, a visual tool for ipchains using Paint, and most importantly, a Mozilla plug-in for IE so that a user could run a browser within a browser which would be inherently more secure.
Which is nice.
Patching Windows... the worst part is that you have to use a custom CD (patched Windows) to fix the problem. Simple solution. Get a computer that isn't infected. Download the patches/fixes. Pull the network cord from the infected machine. Install the patches locally via media. Then clean the worm after the hole is patched. Beats having to reinstall a custom-patched Windows fresh install. OR.... install linux, and save the trouble.
-- Friends don't let friends buy Nokia.
I'm sorry, but the security nightmare isn't Windows. It's the non-thinking morons who use Windows.
considering there are 80MB and 100MB downloads...and apples download servers suck compared to microsofts.
It has become clear that "being infected" is not a boolean, it's more like a severity percentage which, like in the biological world, is never exactly zero. We need the biological solution: you can't hope to patch all the holes, so instead you write additional software to try to keep the severity of infection small.
I think the biggest problem in making an update cd or instructions on how to update their computer is not getting the right programs together - it's getting them to properly use and learn how to be on top of security issues.
Case in point-
I return home for the semester break, and my sister's pc is riddled with spyware, malware, you name it. The thing is no longer functional, so I had to format the hard drive, yadda yaddda yadda...I gave her a full lesson, and made sure she knew exactly what to do. Yet a month later, the computer was back in the crapper again...She stated that she lost all of the programs she liked when I fixed her computer-
That's the problem...Unless I boot linux and pull the internet from the back of the machine, her pc will never be secure...No matter how many times you teach/tell someone about computers and online security, for most noobs or non-users, it just doesn't seem to click...
As far as issues with Windows Update...Best bet is to download from someone else's high-speed pc. I had a similar incident with SoBIG and a reinstallation of XP.
My MythTV HowTo
and have a hardware firewall, run ie and outlook express and have never had a problem. it can almost always be chalked up to not knowing how to operate things properly. i have made similar cds that are all automated. i used to sell them around the time the blaster worm came out on the side of the streets outside best buy etc for $20 a piece. made a few grand off that. best buy was chargin $80 for the same thing that my cd did =). either way... windows is only as safe as you make it. the only thing required to keep viruses from getting in a windows box is running the patches, and even that isnt that necessary if you have a firewall. all of the rest of the viruses are contracted through user error. poo!
Whose side do you think Microsoft is on? The consumer's? Internet Explorer safegaurds web surfers the way the nicotene in cigarettes enhances flavor.
Is it just me or did the article seem like a near-FUD rant?
How about creating a CD to make the internet safe from Windows XP
Maybe something that strips out the entire TCP/IP stack - a castration of sorts for the good of all mankind
My name is Bill and I pronounce Windows -- WeenDOHS
Will I be able to run my extensive library of software after I install it? And will my new network card work as well?
Thanks in advance.
We just haven't found them all yet.
Seriously, is this news?
That's what Mandrake Linux, for example, does (I'm sure many other *nix distributions do as well). Once installation is finished, a small component goes online and downloads all important patches which were made available since the CD it's sitting on was burnt. This makes sense to me from a security standpoint - it should be far easier to secure a single program with independent network code, than a fully up-and-running system.
If it weren't for fog, the world would run at a really crappy framerate.
But, if you don't believe me try this little test:
Take an iPOD, a Laptop with a wireless card in it, and a wireless access point to a retirement home. Place them on a table right next to an Internet connection of any kind. Now ask if any of the residents can get a song from the iTunes store onto the iPOD.
I'll put dollars to doughnuts you won't find a single resident who can do it. Not because they aren't capable of learning how, but because they really just don't care about that kind of thing anymore.
$.02
"I'm just here to regulate funkiness."
This article is the biggest piece of flamebait. Ever. It even tops some of the slashdot comments.
If the article had made an indepth study of the patching issues and what can be done about then, that'd have been great and we'd have learnt something new. Instead, he just goes on about how he was so stupid so as to not use his computer properly.
Windows registry is something that people love to rant about, but good grief, its a few megabytes (or hundreds) out of your multi-gigabyte system. Live with it. Don't worry about cleaning up your registry because you're never supposed to know it exists.
What's more - I can almost GUARANTEE that this guy was running everything as Admin. That is akin to running everything as root on linux. Wonderful. Now try writing an article about how you run everything as root on linux and you have security issues.
You're such a generous-hearted sweetheart.
Hugs and Kisses, your friends and family
XXX OOO
...why stupid people shouldnt use computers.
Just because its made by microsoft, that doesn't mean an idiot should administer it. It certainly doesn't mean its going to be secure and stable out of the box.
The huge divide between Unix/Linux and Windows is that Unix/Linux forces you to know what you're doing when you install something on your computer. Windows assumes the opposite.
However, if you do know what you're doing with Windows, problems of this nature are not really problematic. Fixing Windows without reinstalling is easy for competent administrators. Jeez, I can get around in Windows without a mouse and without explorer.exe.
Here's a hint guys: if something breaks on Windows -- don't install a program to fix your computer. It will break it further. Don't install registry cleaners -- they suck. Slick your system, ghost your system, take registry snapshots now and then. Don't install third party software on production machines without testing on crap boxes first. Do know your system in and out.
01100111 01100101 01110100 00100000 01101111 01110101 01110100 00100000 01101101 01101111 01110010 01100101 00101110
The author's slanted raving is over the top. I could just as easily read about some Linux newbie's nightmare experience trying to get all of his hardware to work or how they had to rebuild the kernel after applying some new module to their system.
My main gripe with how things are is that all new PC's should be delivered fully patched as of their configuration date. And since Microsoft has switched to their license subscription model they should ship out CD's to all licensed customers with all rollup security packs available. Just like a TechNet subscription operates for previewing beta products. I don't mean a user calls into Microsoft to request a CD. It's their place to send them out. Just like an auto company would mail out recall notices.
"Then I made the mistake of installing VMWare 30 day demo on my system. As soon as I booted Linux under it as a guest OS, the the sound card went bonkers, and started producing high pitched screeching sounds. I tried reboots which...."
What does this have to do with security?
"Finally, I had the bright idea of downloading a registry cleaner to fix things. The product I downloaded turned out to be some pathetic crippleware, and I uninstalled it. "
Did the author get this software from a link that said "Your computers registry may be broadcasting an IP Address! Click here!" ?
I've installed "clean" installs hundreds of times and managed to run windows update long before the worms had any chance to try to intrude. I've even done this on campus networks and cable modem networks which are notorious for harboring worms. I can't believe the complete INEPTITUDE of the author to do this.
"Worms and viruses are so stunningly effective on Windows only because Windows provides some atrocious functionality which makes it easy for worms to strike."
That's why you lock down windows so your users can't run custom software at STARTUP. There are several places (registry, win.ini, startup group) that can easily be restricted. By default they're not restricted because Aunt Tillie doesn't know how or want to log on to the administrator account to install software.
Perhaps, since he's posting on a tech-savvy site, he should be a little more tech-savvy?
If the registry or the filesystem gets bloated because of malfunctioning application uninstallers, how is that MS' fault? Blame the nitwits who wrote the malfunctioning application.
Every OS has security patches available - if lack of patch has been exploited that exploit would apply to *any* OS - not just to Windows. If someone decided to write malware for Linux an unpatched machine would be just as vulnerable. Windows is a big target.
we see things not as as they are, but as we are.
-- anais nin
Figuring out ideologies is a waste of time. During World War II, we didn't pick apart Nazism and Fascism, we left that for the endless documentaries on the History Channel. This is a war of cultures and should be handled like wars should be handled - brutally, or more precisely, Curtis LeMay style. The German and Japanese got really sick of war IIRC and have put it on the bottom of their priority list ever since. Sanatizing war and making guesses as to their Weltanshauung is best left for increasing tensions and threats of global annihilation back to cold war levels.
I skimmed through the article, which didn't have many technical details. Here's what we do at work:
:-)
You can integrate the service pack into the setup (which will be especially useful when SP2 arrives) so that it's installed at the same time. This works with Windows 2000 and up.
You can then use Sysprep (brief introduction) to automatically deploy the latest patches the first time the machine boots.
Here's a nice article on how to burn the result to a bootable CD.
It's a bit of work, and requires constant maintenance but it saves a lot of headaches in the long run.
An easier method, if you have a lot of machines with identical specs. Build a template machine with the OS installed, adding all the service packs, patches, etc. Use software like Ghost to make an image for deploying to multiple machines.
Who says the stuff you learn on an MCSE isn't useful?
That's what the "Teddy Bears of Doom" are/were all about. They were the people that beat up the programmers for buggy code. They were immortalized as one of the four random faces in the Windows 3.1 Easter Egg (I believe Gates, Ballmer, I forget but I think it was the project manager who left after 1 year cycling sabatical, and the Teddy Bear).
All /. readers know that Windows is insecure, possibly by design. Why, then, are people surprised when a Windows box can't stay up long enough to get patched? If these people are smart enough to install Windows, they should be smart enough to have the various service packs' network install somewhere close at hand.
a ds/s ervicepacks/sp1/network.asp
E.g.:
Windows XP Service Pack 1a
http://www.microsoft.com/windowsxp/pro/downlo
Further, anyone who puts a Windows box (patched or not) on a direct internet connection is insane. Buy a router or (if you have the knowledge) secure a Linux/*BSD box and route your net through it with NAT.
Is that so hard?
Ads? What ads?
The download was small less than 1MB, but as soon as I tried running it I learned that it requires at least service pack 2 to install, which I didn't have.
Did anyone else notice that little tidbit? Isn't that the same SP2 that's scheduled for release this summer?
I've got more mod points and GMail invi
umm... as far as i know the reason microsoft took the course of action they had been taking up until SP2 is so that a lot of the older poorly written software would work on XP. they have since changed their direction and SP2 fixes alot of serious issues as well as renders some of the older crappy progs written for windows inoperable.
In the days of Windows 98, you could put a Ghost image of your system on a bootable cd and just re-image every few months. I don't think you could fit an XP installation on 1 CD, DVD probably would work. That way all your driver's and apps could be already installed.
I don't get any worms on my Linux system... strange...
---
Lousy rotten karmic retribution.
First, I would say that I used to work at Microsoft Product Support Services as a temp, and I triaged XP calls among others (including IIS).
First, you have an incredible problem with overwritten patches-- something can easily happen which will overwrite a patched file with an unpatched one (I have seen this happen several time with production IIS servers, and in my experience this is the largest source of security compromises). Second, the firewall with Windows XP is not enabled by default for supporability reasons, and it is not really designed for small networks anyway (ICF is bypassed by ICS). The fact that Microsoft expects you to be online to get the updates is therefore a problem.
But finally, a point the article missed: Microsoft computers are designed to reduce usability technical support calls, NOT technical support calls regarding misbehavior. Therefore, thinks like Client for Microsoft Networks (SMB, DCOM, etc) are enabled on network interfaces by default. Sure GNOME uses CORBA, and many Linux distros used to make this mistake (CORBA listening on network interfaces by default), but we at least now only let it listen on loopback by default!
In short, I have absolutely NO confidence in Microsoft's ability to secure Windows. It could be done, but why? Especially if there is Linux?
LedgerSMB: Open source Accounting/ERP
Excellent!
Why do we have to pay so much for a product with so many security holes and problems. It feels like we are just beta testers for XP.
...and she has never run into a problem that SpyBot can't fix (aside from the occasional reboot when game software goes haywire).
I run Linux and have been hacked once about three years ago (back when I had a cable modem connection). The only reason I knew they hacked me was when I noticed an extra user with several p0rn media files in their home directory. It has gotten me into the habit of patching Linux regularly and being much more strict on my firewall rules.
I think the only real difference between Linux and Windows from a security standpoint is that in Linux you can usually turn off the offending service much more easily until a patch is available.
In all fairness, you first need to know where to find the checkbox before you can click it. ;)
This is my sig. There are many like it, but this one is mine.
software and the Internet ..
.. humans make mistakes!!!
is made by HUMANS. not robots!
Shock horror
they always have done.
they always will do.
I have used Windows for a long long time and have never experienced any of the problems that the author claims. It seems like he has a beef with Windows and generalizes for all installations. For example:
A typical Windows system follows a simple lifecycle: it starts out with a clean Windows installation, which gradually deteriorates as programs are installed, and uninstalled. Eventually, the Windows registry accumulates so much crud that the user is forced to do a clean install. When a user does a clean install that user's system loses all the previously applied security updates, and becomes a sitting duck for worms and other malware.
A Windows system doesn't deterioriate if you know what you're doing. The author clearly assumes that the uninstallation packages actually work. This is a fatal mistake. I always manually look in the registry for left-overs when I do an uninstallation. I just uninstalled Mozilla? I find all Mozilla folders underneath HKLM/HKCU and delete them too. This tends to work well except when dealing with COM object registration (which is a nightmare).
Then he tries to run a registry cleaner on his system. You know those warnings that say "MAKE SURE YOU BACKUP YOUR REGISTRY"? Well they say that for a reason. Back it up. Then when the shit hits the fan like the author said, he can restore from a boot disc.
Yeah the registry is a pain sometimes, but combined with some experience and know-how, you can keep a system running without having to reinstall.
wink, wink. ;-)
The cause of a virus is a virus writer. MS is treating it by putting a bounty on their heads. The cause of a virus writer is spam/promoting porn sites/having too much time on your hands/wanting to do something malicious or rebellious without having the balls to leave your house.
The root cause of spam/porn site promotion is the desire for money. The desire for money is caused by the desire for food/shelter/luxuries, the desire for that is the nature of any animal to try to survive. So you're telling me you'd rather have MS trying to eliminate those human desires? Hmmm...I guess it's time for the Monestary of Microsoft 1.0.
And the root cause of having too much time on your hands/wanting to do something malicious or rebellious is probably hormonal for teenagers and related to depression and/or a lack of a sense of morality for everyone else which may be caused by a breakdown of the traditional family. Hmmm, another argument for Microsoft to get into the religion business.
As a matter of fact the only way to get a working XP is by installing it, connecting to the 'net from behind a NAT router, downloading and executing/installing XP Antispy, a virus scanner and an HTTP filter, fixing a few Registry settings by hand and configuring the system not to use any of the stupid new "features", effectively turning it into Windows 2000. Do not attempt to do this without a NAT router, except if you like to reboot every 60 seconds.
/, even if it's not within the first 1024 sectors! anaconda tells you otherwise because it hates you!)
then you can connect to MS Update and try to get your updates (which probably requires disbaling the HTTP filter and some of Antispy's settings).
Seriously, Windows XP takes about a day to set up so you can start installing any programs besides what's absolutely required.
One thing I leanred when I switched to Linux - it's actually faster and easier to set up. Says someone who thinks of himself as a Windows poweruser...
Of course this does not apply to Debian Woody, Slackware, Gentoo and RedHat. (RedHat pretends to be user friendly, but the installer tries to trick innocent Windows emigrants into destroying their MBR. To Win emigrants (if there are any besides me): Don't believe the anaconda propaganda! RedHat/Fedora can boot from
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
Its not a perfect solution; but its a decent one.
;), and the user has cable modem already, AND the user is somewhat clueless (or you live 5 states away) this is a quick and easy configuration that will save them heartache and headache. And YOU heartache and headache.
If $80 isn't a big cost to you ( I realize all you Free Software people are just cheap penny pinchers
Besides, it doesn't have to be $80; I've seen them for $40. And it can allow them to have multiple CPUs share the same connection. And you can get the wifi version.
This is not THE solution for everyone, but its A solution.
In the future, I would want to not be isolated from my friends in the Space Station.
I could never understand people's horror stories when they can't patch *after* they've been hit with a worm. "I couldn't stay on the internet long enough to download the patch!" Well, why did you wait to download it until after you had a problem?
I can understand system admins who have 5,000+ machines to update and one patch can single-handedly bring down an entire company when they use a proprietary app. I don't get, however, how the average user who downloads Kazaa and seemingly clicks OK on every dialog box on the internet (and now has a browser that's more toolbar than browser) refuses to go to the Windows Update site.
The best example I've seen yet was talking to one person who got messages in the lower right (Windows Update) that downloads had been made and they didn't click to install them. They're reason: "I thought it was a virus". I mean, I know Microsoft is somewhat to blame here (system tray notifications are used for everything from critical problems to the system blowing its nose), but COME ON people. Windows is sitting there, waving a flag in your face, and you're just ignoring it?
The only solution is to have the system update itself by default, silently, without any user interaction whatsoever. Allow it to be disabled for me and other nerds out there, but force updates on everyone else. This is getting out of hand.
To all those who are replying with, 'duh, unplug the network cable.' How many times have you tried to lead your computer using mom, grandma, sister, brother through this? It just doesn't work in my family. NB: my mom is a physicist. Microsoft windows is used by the masses, not just tech savvy slashdot users.
I've been working tech support for an ISP for years, and this guys fundamental conclusion is correct - Joe User can't keep his system secure - he just can't. And Joe Sysadmin has a damn hard time of it himself.
The amount of "repair" functionality inside of MS products is a huge sign that users and developers are sick of the reinstall cycle, but that the OS design makes it very difficult to fix. Internet Explorer, Outlook Express, Office all have "repair my installation" tools built in, XP and ME have System Restore.
I have watched users get the Sasser virus, run system restore, have system restore break the XP firewall, cause a port lockdown, resolve the port lockdown so they can run windows update, only to become reinfected with the sasser. Maintainence of Windows is hard, OS reinstall is easy. OEM aren't value adding to the OS by providing solid maintanence tools, their providing restore disks, because writing such a maintanence tool is INCREDIBLY difficult.
I understand MS's need to stay commited to this design, at least through Longhorn and it's revs. But as long as you are, MS, please give us a non network dependent tool for maintaining and distributing patches and updates. Let OEMs and (in my case) ISPs ship critical fixes on CD so that we can help our users. Make System Restore a fine grained tool, where I can back up critical system files and DLLs, as well as the registry. Don't force me to go to a third party for a "registry cleaner". Provide me with the OS for the tools that I need and that vendors need to maintain the OS.
The free version of QNX comes with no inbound services enabled. Most of the standard UNIX-type services are available, but they're not installed by default. It's a pure client. In fact, it's very close to what the iOpener ran. Both dial-up and LAN connections are supported.
Mozilla 1.1 runs, but without Flash. There's a word processor, ABIword. The whole GNU toolchain is available. Unfortunately, OpenOffice hasn't been ported.
It's refreshing to run a system without all the Microsoft crap, or the Linux emulations of it.
Slashdot is so unbiased that they'll take anyone's blog about having troubles with windows and post it as being a credible source. (We won't mention how much money OSDN has at stake with linux for the time being). But this guy isn't a well respected, or even semi respected computer journalist. The site is laid out like its supposed to be a legitimate computer site, but the articles are all written by this latif guy and are few and far between...this site is nothing more than a blog of someone with a hate-on for Microsoft. Naturally, our champions of fair and unbiased reporting have jumped in and posted it as being something newsworthy simply because they can't hide the fact that they are trying to help linux succeed so that their own pockets are enriched.
slashdot, news for crazed liberal socialist zealots
The author's writing from Pakistan (forget Walgreens, US!=World), and most Electronics sold outside the US (and manufactured by a US company) is exorbitantly priced usually at [US_price * exchange_rate], which would probably work out to 50% of a middle class monthly salary in Pakistan. Not all countries have a standard of living as high as the US, you know.
But forget money...most computer users the world over aren't even savvy enough to understand that you need something called a "firewall" to keep them secure - earlier I used to have trouble explaining to people that they could get a virus by clicking on unknown stuff - now it's even *worse* - they can't digest the fact that they could get infected without doing anything at all - how can you expect them to understand or shell out more money (over the expense of owning a computer) for a box that doesn't mean anything to them? Microsoft should've included Firewalling software with their original OS, if they were worried about computer security - telling users to buy more hardware isn't the right solution.
Disclaimer: those are rough guesses/estimates - those figures are off the top of my head - I've lived in Asia/US and can appreciate the vast difference in the standard of living.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
is that a left-click, right-click, or a middle-click? cause i only have a one button mouse.
oh thats right, i'm running excel 97 on my macintosh. excel is a great operating system. which os do you run?
Well, since those weren't Open Source projects, chances are that they were developed by more than one guy. ;-)
My beliefs do not require that you agree with them.
"The whole idea of Windows Update is a joke. Using an unreliable and insecure network as the primary means of distributing security updates is simply idiotic."
Um...so, we aren't supposed to get software updates over the internet.
Carrier Pigeon, anyone?
Mod me down with all of your hatred and your journey towards the dark side will be complete!
Here's a possible solution I was discussing not twenty minutes ago.
1) add private network ip address (10.0.1.1) to existing public server
2) do no NAT or other routing on this ip
3) have squid running on 10.0.1.1 to accept connections from a handful fo addresses in 10.0.1.x or do proxy authentication
4) when installing/updating/troubleshooting windows boxes assign them a 10.0.1.x address and set windowsupdate to use the proxy
Windows update runs, the machine is on its own tiny network isolated from all legit traffic and can't compromise your network plus it it can't be infected from outside as it's safe behind the proxy. When you feel it's safe (you've got all patches, firewall, etc configured) restart with DHCP and get an address on your "real" network.
Or you could roll your own installation cd with the correct service packs and security updated included, but why fix a software problem with software...?
-dameron
Why in the world would he be running a windows based machine without some kind of hardware firewall? They are super cheap and will keep out these worms that are still around when you do a clean install. Its his own stupid fault not windows.
He also says he's on a dialup. Ugh...why even bother to get online then. If it were that important he should have downloaded the patches on a working system first so that he wouldn't of even had to get online in the first place.
All those problems are addressed by Windows Update. If the computer is shutting down have them open a "command prompt" window and type shutdown -a (abort). Whenever the shutdown starts just press enter in that window. Downloading the fixes from the OS is a much better way to solve those problems (all though the Vipers service guide is a nice touch) Also, download Win XP Service pack 2 rc1 This adds a lot of nice 'security' features. On my network I had very few (like four I think out of about 150-200) people get the sasser worm.
I could not help but find myself in quite a humorous state as I read that article. As a Support Analyst for a Fortune 50 company, I see many of the errors that the user was describing in the beginning of the article. Unforunately for him, he reinstalled the OS. All he needed to do was recreate his Windows profile.
The right click locking explorer and the functionality loss of Mozilla were most definely not caused by the Reg, but more likely caused by a corrupted NTUSER.Dat file in the profile folder of his machine.
Furthermore, if you are currently reading this article on your home PC and not sitting behind a firewall of some sort, please send an email to banme@slashdot.org with the attention line reading I am no longer worthy.....just kidding just kidding.
http://jayceecorder.blogspot.com
Michael has an opinion on this,what a surpise.
Buy Steampunk Clothing Online!
Son, I think it was a virus that took your name out of the will.
I guess all the work we did on the B1 level HPUX was just a waste of time.
-- ac at work
In a recent interview, Richard Clark (formerly Anti-Terrorist czar, now computer security czar for U.S.) pointed at Microsoft saying that they were the biggest threat to the internet and computer security. Of course, Microsoft had their guy in charge of security saying how secure their OS is. After all, they do come out with patches when they find a problem PB
Wherever you go, there you are.
The real problem with the story told in the article is that there was no firewall between the system and the Internet. It is simply no longer acceptable to connect Windows machines directly to the internet without a firewall.
That statement doesn't really change the conclusions in the article very much, but in the past I've reinstalled friends' windows machines and downloaded and installed all the updates without any trouble at all -- because I did it behind a firewall.
If you wouldn't leave your car parked unlocked with all the windows down in the middle of [bad part of town], then don't connect Windows machines up to the Internet without a firewall. The end.
I agree in essence but not not so much in degree.
As much as I can relate to the problems he is experiencing, this article is nothing more than someone's ranting poorly disguised in a cloak of professionalism. Posting one of those "Why Linux sucks" or "Why windows sucks" posts from usenet would have not been less amateurish.
One I love is:
"The product I downloaded turned out to be some pathetic crippleware, and I uninstalled it."
Who in their right mind downloads sw without doing at least a bit of research on on google to see if what other think of it, if it contains spyware, if it hijacks your browser, if it expires in 30 days, etc? Especially with something like a registry cleaner. Sheesh!
As far as large downloads are concerned it's not like linux updates are all smaller than 50K. Install Fedora core2 test and a full update takes a long time even over hi-speed.
windows was NEVER designed to be secure.
it was designed to be compatible..
easy to use and work.
Seriously,
why is every gaping hole in windows
frontpage news?
A typical Windows system follows a simple lifecycle: it starts out with a clean Windows installation, which gradually deteriorates as programs are installed, and uninstalled. Eventually, the Windows registry accumulates so much crud that the user is forced to do a clean install.
.conf files in /etc or old log files on your Linux box. Such files/registry entries are unlikely to interfere with anything, and when they do, it is far more efficient to handle individual cases rather than apply a blanket policy of erase and rebuild.
Half of the article seems like a rant against the Windows registry, and doesn't appear to even bring that point to a conclusion.
Sure, reinstalling can fix a lot of problems, but the machines I maintain (personal and work) do not get reinstalled unless there is a catastrophic failure. I know it's popular to believe Windows boxes need a reinstall every 6 months, but I have to question the "l33t skillz" of those particular users.
I've actually migrated installations from old hardware because I didn't want to reinstall my apps. Is there "cruft" in the registry on those system? Maybe, in the same sense that you have orphaned
I have to wonder if the author of the article is trying too hard to fix problems which aren't... registry "cruft" does not harm the computer. If there are lingering problems after software installs/uninstalls, it's due TO THAT SOFTWARE. Don't install it next time.
The company has to move away from its Windows roots in order to create a secure operating system environment.
Is this the article's conclusion? That Windows isn't secure? All this moaning about how hard it is to get Windows updates and the suggestion is to "move away from its Windows roots"? So the registry "cruft" is now a security issue because the "solution" to computer problems is reinstallation? That's quite a stretch...
I call FUD; I thought vague, unsupported claims were reserved for AdTI.
Cry me a river. A tool like Norton System Works that has both an installation watcher and a great Windows configuration diagnostic/repair tool would've solved his problems. Grabbing the first tool listed on Download.com when you type in "Registry Cleaner" is not the inteligent way to go about system maintenance.
What? I don't recall reading about the system constantly rebooting. (although admittedly I skimmed over parts of the article) He mainly complained about things uninstalling and breaking the system in the process. (He repeatedly got hit with the Blaster worm, not Sasser, and the restarts he mentions during that bit are because of WU not being able to run, not the worm itself, AFAICT.)
And suggesting that firewall will 'cause more problems in the long run' is highly reckless. Ports can be opened for games easily. If you know how to access your machine remotely, you should know how to open those ports beforehand as well. It's much harder to remove every worm you get hit with than to open a few ports here and there.
And I'm willing to risk my karma to let people know
I've got more mod points and GMail invi
Three cheers for Michael. He posts some of the most biased, flawed, venomous drivel on Slashdot. Hip, hip, hooray!!!
what differenciate dreams from nightmares is that in nightmares you worry about things. Well, a solution is not to worry about all what using windows implies, and will be your dream OS (at least until your wake up).
In fact, what makes people happy on using windows is their complete unawareness of what happens below, while it seems to run, and accept crashes, spam, reinstalls and so on, its ok. Probably most windows users are connected to internet without firewalls, don't even are aware of virus, worm, trojans, etc there, think that spams, virus, hangs, and even loss of information is something that must happen to computers every time, and things like that, they accept this as a truth.
Other solutions for the general public look not so like a dream. You must worry about hardware compatibility, about having separate users for doing separate things, on having a password (!), on when a program will run or not, a lot of things. Ok, they dont have Freddy waiting for you as soon as you close your eyes, but still you don't have the illusion that will be at the start something without any possible worry.
He couldn't have missed this:
http://www.microsoft.com/security/protect/
I had the same problem recently - I was repartitioning my HD to install Fedora on a second partition and, whoops! low-level formatted the whole thing by accident.
Since I regularly back up, and had done so, this was a blessing in disguise as it gave me an opportunity to clean up the cruft that accumulates.
But, like the author of one of the articles points out, I didn't have the patches to WinXP offline. Within 15 minutes of initial connection I had THREE worms on my computer! While removing and patching for them I acquired a fourth which I was not able to remove until the next day.
I guess I was lucky in that I knew what I was doing and was able to get that first critical patch applied.
Needless to say, I use Fedora more and more every day...
Install Linux?
My brother had a car that he had like NO idea how to take care of man. and he like filled up the oil and didn't put the cap back on and ran the car for a few days and a week later or something the car like DIED man, SO DEAD. I mean it's totatlly lame to expect my brother to know that even if the oil light goes back off there's probably still a problem. I mean cars should totally just work. You shouldn't even have to know how to drive or anything, and if you run into phone poles by accident somebody should like fix it for free or it should be made of plastic or something.
Seriously people, If you want to cruise on the info superhighway learn how to drive(get a firewall, AV, know how to work your box). If you don't know that stuff and something breaks its not MS's or Linus'es or anybody elses fault, its yours
I've said this before, as have others, but I must extend many props to the guys at Autopatcher. Just put the latest service pack and the Autopatcher installer and install them into a fresh install of XP (2000 version coming soon) and you are up secure (but we know that 'secure' is an extremely relative term). Just go to windowsupdate afterwards and see if there is anything that's been released since the latest autopatcher.
The great thing is, it has more than just the critical updates. It has all hotfixes and a bunch of extras too. It's great and you can show your appreciation for their hard work by paypal'ing a couple bucks their way. It makes life so much easier.
Quidquid latine dictum sit, altum viditur
Worms have nothing to do with firewalls. Worms propagate due to stupid users who don't have the sense to stay away from porn web sites and who automatically accept any ActiveX or Java they run across and who open any executable e-mail attachment they get. People need to be fixed, not Windows.
I've been there too many times myself, having foolishly volunteered to help friends and acqaintances "fix" their pc's. /me pats his natbox lovingly.
The virus writer is responsible for sure, and should be punished for what he did. That was not the point.
...etc.), meanwhile the disease can get worse and worse.
Just like those who exploit unlocked homes should be punished nevertheless.
However, the root cause is a vulnerability in Windows. That hole has to be plugged. Otherwise, another virus writer will exploit it, and another and another...
A good physician diagnoses the cause of the disease, and proceeds from there to treat it. A so so physician will only treat the symptom (Got a headache? Take a pain killer, Fever? Take an analgesic,
See the difference?
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
I'm running XP and my system hasn't had any viri / worms / spyware... for as long as I can remember. I simply patch my system each time a new patch is released, run a hardware firewall, zone alarm, turn off DCOM, messenger... (other exploitable services), and run a popup blocker.
And how many webservers run HPUX with B1 security? As he said, MAINSTREAM.
This article describes the custom made CD he sent to his family member with patches, tools, and instructions to make a fresh install of Windows XP Home Internet safe. I know I'll be doing this in the future."
I can't stay awake long enough to read the EULA, but making copies for other family members like this sounds like a violation.
It's simple: I demand prosecution for torture.
What vmware installs onto a system should not screw it up. This is just an incredibly lame attempt to blame the end user for someone else's engineering incompetence. AT WORST, vmware should only be able to hose your network connectivity.
A Pirate and a Puritan look the same on a balance sheet.
how about they write software that makes sense for a change?
--Nuintari
slashdot : where an opinion can be wrong.
I was going to post something less colourfully phrased if no one else had.
The author of the article is either inept or trolling. Unless you are doing something dumb like downloading tons of shareware apps, installing them briefly, then uninstalling them, the registry should be fine.
Of course, he *does* seem to be the kind of person that does exactly that, based on his "I downloaded a random 'registry cleaner' program and trusted it with my computer's stability, and now my PC doesn't work!" thing.
The hotfix issue is a legitimate complaint, but anyone who is running Windows 2000 (an enterprise operating system) at home should be comfortable with making slipstreamed install CDs - especially if the user is someone with dialup access who regularly formats and reinstalls their system.
I'm sure MS would be happy to provide physical CDs with the updates on them if more than a tiny fraction of users were willing to pay a small fee for the convenience. It's not like Linux users get magic free CDs mailed to them from the groups that package the distributions.
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
Best quote in the article: "Windows users are so accustomed to usability problems that they don't even recognize them as usability problems."
.NET fixes all that, spare me. As I pointed out, it has been true FOREVER that Microsoft has claimed that the next release of NT/Win2K/WinXP/Longhorn/whatever would fix all that.
...and formerly tame, humble consumer devices like televisions sets, cars, and cameras are getting computers built into them and are declining in usability too.
Unfortunately, this extends far, far beyond Windows. This is a problem for the entire industry.
It reminds me of the way nuclear power plants are (were?) licensed. If, during review, the nuclear regulatory commission finds a safety issue that is unique to the particular installation, the licensee must address it before it can be licensed. If, however, the licensee can demonstrate that the issue is actually "generic"--that is common to all nuclear power plants--the licensee need not do anything about it.
In the PC world, any problem that persists for more than a few years is not longer perceived as a problem. It becomes "generic."
The phenomenon is even getting worse over time, thanks to the general public's increasing familiarity with computers. During the eighties, when manufacturers were trying to seduce individuals into buying home PCs (and IT managers into abandoning those hard-to-use green screens for easy-to-use GUIs), usability disasters were treated as important. No more.
Computers hit their peak of usability sometime in the eighties and have been in steady decline ever since.
One of the biggest issues noted in the article is the instability of Windows over time as software packages are installed and uninstalled. But this is hardly limited to Windows. The irony here is that the ability to uninstall software properly was supposed to be a logo requirement for Windows NT 4.0 software, and one of the features that Microsoft used to urge its superiority to 3.5.
Unfortunately, software installation and uninstallation is not a trivial problem. To do it right would require a great deal of functionality that can only be performed by the OS, which would need, for example, to track which system components were in use by which applications. And it would need to have the ability to associate specific versions of system components with applications, so that it would not be vulnerable to the assumption that Version 3.6.1 of the Frammis Service is absolutely guaranteed to have fewer bugs and be totally backward compatible with every previous version of the Frammis Service that has ever been released.
And before sixteen people reply explaining that
Microsoft didn't solve the problem. They just sort of declared that it had been solved. Installshield and friends kludge their way through installations, merrily making clumsy guesses and assumptions about the history of the system and the needs of other applications and overwriting files and changing registry settings. SQA departments are happy if the installed application runs after installation on a clean OS with no other software installed and don't have the time or the mission to make sure that (say) installing the application doesn't break anybody else's application. (Indeed, one suspects that in some parts of the industry, it's consider a plus if installing one application breaks other applications, if they happen to be competing applications).
I could go on and on. (Indeed, I already have). In the world of PC's (and I include both WIndows and Macs--and nothing I've read makes me think Linux is very different), an awful lot of things don't work very well and NOBODY SEEMS TO CARE because it's "always" been that way. Laypeople have gotten accustomed to blaming themselves ("my computer hates me,") IT departments don't even expect computers to work properly after about three years; developers/hackers/sophisticated users enjoy the challenge of troubleshooting the latest glitch...
"How to Do Nothing," kids activities, back in print!
We should not just "figure out ideologies". We should figure out the REASONS these extreme ideologies develop.
...etc. So, it was easy to attack a well defined enemy, and have a declared state of war.
It is now a war for the US, but before that it was just extremist political dissent in other countries. Because it was not treated then by the societies that had it, it fled abroad and went out of control.
The analogy to Nazism and Fascism and wars against them is fallacious too. These were countries against countries, with defined armies, leaders, equipment, theaters of operations,
Terrorism is more amorphous, hidden, and clandestine. It does not have defined head quarters, nor armies, nor a theater of operation.
It is more like crime, than like war.
If it is to be defeated, it is by eliminating the cause(s) for it. Before these causes can be eliminated, they should be diagnosed and identified.
Oh, and I disagree this is a "war of culture", as much as the extremists (on both sides) want it to be.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
I can attest to this. Recently, a technician from my new ISP came to install ADSL on my machine, and when I returned home I discovered that the connection fell every one or two minutes, max download speed of 1Kb/sec and that the PC was not working to full speed as usual. (I blamed the ADSL drivers for this, but later discovered that it was the Sasser worm)
I did not want to reinstall everything, so I went for an alternate solution:
System Restore to the previous day.
It worked wonders! PC back to full speed, installed the ADSL drivers, net to full speed and finally succeeded in updating AVG virus definitions. I've had no problems since.
on Slashdot that has never had any of the horrible system malfuctions in Windows that are regularly written about in here.
As expected, pretty quickly the registry started accumulating all sorts of rubbish, and the system started exhibiting strange bugs. First Mozilla stopped working; reinstallations, uninstallations, upgrades did not resolve the problem, so I switched to Opera.
This dude is obviously doing something wrong.
Ronald said nothing. He flung himself from the room, flung himself upon his horse, and rode madly off in all directions.
Windows NT/2000/XP all have the ability to limit the damage done by virii and worms. I thought this quite nice and created accounts for everyone at my home sans admin privs.
That lasted about 5 weeks. Why? Because every damnable application requires admin priv to install. Huh? Why does turbo-tax need admin? Why does nearly every damned game in the universe need it?
All have admin now. I seem to be hit with some piece of malware once a week or more. My time is valuable (to me anyway) and so I've instructed my "users" to save anything they really want on the network disk -- A Linux/Samba server. It's just plain easier than having them run to me all the time to install Martha's cookbook program or Tiny-tots goes to visit grandma.
Let's save a little bit of the blame here for the app developers too. They are just as guilty at generating the current situation as Mickeysoft.
IMHO, the registry is messy, not secure, and an old technology. Fortunatly, Microsoft will ditch the registry all together, in Longhorn, as I recall reading in a couple articles. .NET, for one, doesn't require any registry editing at all! You can, however...
I think they're going in favour of something called manifests. Can't remember the details, but I believe it's an XML file that describes the program.
People discover the meaning of life between getting piss drunk and the following hangover.
Come on.. homeboy needs a firewall BAD!
A simple Linksys NAT box would do the trick. Network administration 101: know what ports you have open, what protocols they run and what their vulnerabilities are. This goes for any operating system.
If your system gets a worm via a port you didn't know it had open then you should consider it a valuable lesson.
Well, while i agree with most of the point made, there are simple steps to prevent worms.
At my parent's home, there is a Linux box doing NAT, so, in the box, the windows box on the local network are protected from any worms. They end up having enough time to download all the necessary patches from Windows Update.
Recently, I reinstalled my windows XP. But before reformatting, the first thing i did was to burn a firewall like zone alarm. I then install my box without being connected the internet, and proceed to install the firewall. It is only then that i download the patches.
Else, it would be just plain nightmare.
I may be missing something here, but as I understand it the windows registry is just a repository for configuration information. The real problem lies in the system config settings that are exposed in the registry eg. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run & the general lack of access control to update such keys.
/etc/init.d directory - except of course the default permissions mean you normally need root access to do that, making unix a little more secure by default. Otherwise, the /etc directory performs a pretty similar function to the windows registry.
On a unix box a virus could achieve similar effects by writing itself into the
Okay, I read through the article and just have a few questions.
1) Which OS that if you reinstalled from the original installation disks (which is what he is doing) would be able survive on a live internet connection long enough to download all the most recent patches and updates?
2) He knew he was going to re-install - why didn't he download SP4 (or already have it downloaded most likely) and make a CD with it before he wiped his system?
3) Along the same vein, why didn't he download the additional patches before wiping the system?
This particular case is more of poor planning on the part of the system rebuilder.
I shake my head when people surf the net without routers. It's like using a sitting on the lid of a public toilet without any paper between you and the seat. get a damn router
did you forget to take your meds?
You can throw AAW and NAV at the typical user and hope the computer will remain scumware free, but the best defense is the user learning to not trust any arbitrary website and download.
Calling atheism and agnosticism a religion is like calling bald a hair color.
Since we have 2 win2k boxes and multiple bsd boxes I always have some harddrive with my collection of patches. You can just rename them by prepending the download date like this:E
2004-04-13-Windows2000-KB837001-x86-ENU.EX
and rebuild a machine behind a NAT box while calmly reading a magazine. Yes, it does suck that we need a network appliance between our hosts and the internet but this isn't a windows-only problem, it's just much much worse on windows for many obvious reasons.
Keeping local copies of patches and having a secure network to set boxes up is just what I consider the cost of doing business (on M$, on BSD/Linux you just turn the service off until you dl the patch).
Unplug the antenna? Put a metal cage around the computer?... Maybe unplug the router and kick *everyone* off the network. I bet the latter would be the MS recommended solution: right up there with not clicking on links and typing them in by hand to avoid the deceptive URLs.
Underloved Movies and Pub Quiz: donotquestionme.org
AutoPatcherXP is an excellent collection of patches and updates that I've included on CD (along with some other tools) for our user's home computers. It contains about 300Megs of updates/patches/apps and is relatively up to date with all of the critical patches. :(
After running AutoPatcher, only a few critical updates are needed off of windowsupdate's site. Unfortunately, MS04-011 is one of the critical patches NOT included with AutoPatcher.
Wait a minute. I got it. You could play with your magic nose goblins.
latif wrote: As expected, pretty quickly the registry started accumulating all sorts of rubbish, and the system started exhibiting strange bugs. First Mozilla stopped working; reinstallations, uninstallations, upgrades did not resolve the problem, so I switched to Opera.
He is not terribly descriptive of the registry rubbish or strange bugs. I can certainly empathize with his trials and tribulations, but I suspect the VMWare trial was only one of many applications installed.
The only useful information is the anecdote about being hit with the worm as soon as the internet connection is made. And the good advice would be that you need Service packs and patches installed before you connect ANY machine directly to the internet.
The only thing missing from the article was the part where the author says "I switched to ReactOS and lived happily ever after."
Have you Meta Moderated t
One of the difficult things associated with Windows is that you can't always get online to download the updates. Where I live, the majority of people still use dialup, and gathering the Windows updates is like sucking peanut butter through a straw. The other problem is that alot of people don't know what updates really are, and how they can affect their pc. Also, try getting the most recent patches for an OS that is not the most current one (or shockingly, one not connected to the internet). MS makes it really hard to download and install updates on a machine that is not running the latest OS and has a slow (or no) connection to the internet.
I for one welcome our new [insert main topic] overlords.
MS will mail you a cd for free (no small fee, but then i didn't finish the form to verify this)
some linux distros do provide update ISOs, so you still need to get someone to download and burn them for you. but then if you didn't to a network install , that was probably how you got the originals anyway.
Wow. Think of what you're saying. You're telling users that they need to shell out almost a hundred bucks for a device that will allow them to safely download updates. Has Microsoft security gotten so bad that we're just going to accept that you need to buy a firewall just keep your OS up to date? Does anyone else see a problem with this?
Three points:
1) Yes, it is that bad. WHY is the DCOM/RPC stuff activated on internet-facing interfaced by default????? This shows clearly that Microsoft simply is more interested in corporate supportability over security. ( Correct answer should be: You have to reconfigure your interfaces for DCOM).
2) ICF is a horrible solution for a networked environment. It might work (for XP, not 2000 as in the article) for a single computer, but since ICS is not effected by ICF, this is unmaintainable for networked computers. Furthermore, you ahve no host/network permissions in ICF, so you can't say "Allow RPC from my computers, but block them from others" as you can with IPTables.
3) Even if you had good security, having a separate hardware firewall is a good idea. I am selling such firewalls based on old donated/recycled computers for about $100 plus installation labor. They run Linux and IPTables, and offer ACL support, logging, port forwarding, report generation, and other features. They are designed to be run by someone with some basic networking and Linux skill, but web-based interfaces may eventually be offered (over SSL and intranet-facing only).
LedgerSMB: Open source Accounting/ERP
The overall tone of this article comes off as another thinly veiled "Linux is sooo much better than M$" diatribe that it is not funny. Come on take some responsibilty for your own cluelessness and educate yourself on how to live in the real world.
Microsoft takes the approach of fighting the symptom (malware, ...etc.), and not the root cause (flawed security design, ...etc.).
I hate it when uninformed people make blanket statements like this.
For the past year Microsoft's main focus has been security. They stopped development in many major products, Windows in particular, for a month so that people could attend seminars on writing secure code, and ramp up to the company wide security initiative.
Say what you want about the current state of the code, but in the near future we will start seeing some serious improvements.
Many users need a simplified appliance that does a very limited set of things.
There are plenty of (admittedly non-networked) electronic appliances that people use frequently that do NOT require constant fixes and patches.
People need an OS/UI that provides a very simplified way to do basic things - read/write documents, browse the web, and email. Some also need simplified spreadsheets, checkbook management, and other similar software.
All of these things could be provided in a simple, safe way. But everyone has been stuck since 1984 on creating this whole desktop mess.
Don't expect users to learn complicated things. Most refuse to learn it, just like they refuse to learn how to maintain a car. Of course in the case of the car, they were instructed at purchase time that certain maintenance was required. Then the company that sold the car typically will mail notices (nags) about due maintenance.
Reminds me of the old Bill Gates comment about if GM made cars. I don't like GM, but many people would be better off if cars were indeed made by GM.
.sigs are for post^Hers.
$399 - Windows 2006 SE Security Edition $200 - Windows 2007 SE SP1
The writer of the article complained that the stand-alone patch for Blaster required Service Pack 2, which he did not have.. Maybe keeping up-to-date on the latest patches would have helped him? Nobody who I know got sasser because I set their machines to automaticly download and install the latest patches.
Not a Twitter sockpuppet... but I wish I was.
Custom Update CDs are by far the easiest way to fix most of your family members problems without actually having to be there (or netmeeting ect...)
/release" (die network!)
My custom CD auto runs upon insertion, and with the help of a little autoit script, it does this
- Pops up a windows telling them to politely leave the PC the hell alone (and updates the status along the way)
- Locks all user keyboard and mouse input (don't want them screwing anything else up)
- Executes "ipconfig
- Runs the latest McAfee Stinger (silently)
- Runs the latest McAfee Command Line scanner from the extracted SuperDat files
- Checks Whether its 2000 or XP and makes sure that the latest SP is installed, if not, it installs it (and then reboots)
- Installs all the latest Critical Updates for that OS
- Updates their McAfee or Norton Anti-Virus with the lastest dats on the CD (unless older)
- Runs Spybot (copies config file over first, which autostarts/autofixes everything upon running)
- Verifies that several of the services are set to the correct status (stopped/disabled or started/automatic)
- Installs a registry file to help speed up the menus, ect...
- Reboots
This has saved me more time than I can possible count. Before switching to this method, my life was hell (not to mention how high my gas bill was), now I just Fedex them a Updated CD anytime they call, and 99% of all problems are solved.
If "Window Security" were really a Nightmare, that would mean we would eventually wake up and discover it was only a dream. Unfortunately, in this case, it simply ain't gonna happen.
The whole idea of Windows Update is a joke. Using an unreliable and insecure network as the primary means of distributing security updates is simply idiotic. This is like asking people to walk through a minefield to get to a shelter.
And yet, people still want Windows. I work in a high-tech call center, and people still look at me with blank stares when I tell them I don't use Windows at all at home.
Q "What do you run for anti-virus?"
A "Nothing. Linux isn't as succeptible to viruses"
Q "What about spyware?"
A "Same thing. I don't run anti-spyware either because I don't get it. Oh, and I can update my computer without rebooting too"
I've even had a laptop running nothing but Slackware, and technical people _not_ believing that Windows wasn't somehow still on the machine! People just don't see computers with anything other than Windows. If computers = Windows, then how can people get sick of Windows and not be sick of computers? The fact is, Microsoft has done a brilliant job of equating computers with Windows, to the point where even most technical people don't see any other option.
I think my job as an Open Source advocate is to just let people see Linux run on a computer, and let them follow the inevitable logical conclusion themselves.
Ruby on Rails Screencast
Well, how long did it take them to do that?
...etc. ...etc.
And when was that again? Just a few month ago as I recall?
The current state of the code may improve a bit, but that is not the end of the story.
There are certain 'design' issues that no amount of secure programming can circumvent. Things like:
- Requiring Admin privileges to run certain user programs
- HTML and Java script for email
So, do not be too optimistic that this is a cure all.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
Sounds reasonable.
Kind of like cancer. You can keep cutting out tumors, but unless you remove the carcenogens from the environment, they'll just keep coming back.
This guy's an idiot. He installs crap and unreliable third party applications and drivers on his system and then blames Microsoft! The article was a rant about security, so why the comments about the registry? It seems that was a dig based on some other personal dislike. He admits he placed his trust in some third party tool to clean his registry! Seems rather foolish.
/etc, /lib, rc scripts, etc. Just as time consuming and frustrating to fix. Just as painful for incompetent and computer illiterate people. Just as many people running with root level priviledges. Just as many boxes cracked automatically before security updates can be downloaded.
... oops!).
If Linux were as popular as Windows, there would just as much poor quality crap coming out for it trashing
I ran Windows 2000 for 3.5 years with the only problems coming from Creative Labs DXR3 and SoundBlaster Live! drivers, and Mozilla's graphics resource eating issues. I won't buy anything from Creative Labs again, and Mozilla have fixed their bugs. I only had to re-install Windows after I accidentally trashed the first part of its partition playing around under Linux (Grub, Lilo, dd
As we all know, computers, aren't meant to be in the hands of users, but strictly confined to (some) admins.
There is a solution that any knowledgable admin can use : whenever a new service pack is out, you create an updated Windows installation cd (or dvd) that include the latest service pack => When reinstalling, you do that from SP4k or whatever, and it gives you an nice, almost secure config to start updating from...
Also, a standard practice in my home is the use of Ghost just after the installation of all the basics softwares and updates...=> ditto.
Now, a solution I have personnaly used on a friend computer after the usual "crashed before it even updated" episode : I booted her compuer using knoppix, downloaded the latest service pack and quite a bit of separate updates on a separate partition and then made an install without the net on...Ironic, using Linux to get a windows install running...
Also (but that is only true on my own home network) I use a dedicated firewall (yeah, Linux) on my network, and I only keep open the ports I need...So, if I need to make a "virgin" Windows install, the firewall protects me from the nasty worms/exploits/whatsoever...
Repeat after me : No Lusers in my Computer room ! 8)
(Happily supporting my dad since Windows 3.11, I made my preceding comments a rule... backup often, streamline your updates, use a dedicated firewall...and NEVER let your dad (or any Luser) with a root/administrator account...btw, he's still using 98...
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
Doesn't this tell us something when linux doesn't even need a cd to install itself, but if you want to even get online with windows...you need a fucking cd to patch all the fuck ups they left in it? This whole problem would be solved if they would place the patches on the computers at the factories they make them in. Then when these idiots get their new gateway computers they don't help spread worms and virus's around the internet. But what does it matter, I am sure that microsoft will probably just create a new way for them to cause problems that they will get paid to "fix".
If carrots got you drunk, rabbits would be fucked up. - Comedian Mitch Hedberg R.I.P. 03/30/68-2/24/05
It's Redundant if it's covered in the article.
I remember when legal used to mean lawful, now it means some kind of loophole. - Leo Kessler
This is pretty typical of the FUD articles about Windows or Linux that /. has been publishing lately. Windows zealots send in articles written by MS puppet "research organizations" that belittle the OSS folks; then the Linux zealots respond in kind with this article.
It's really simple, people. Informed users will lock down their systems and know how to patch appropriately, regardless of their OS. Uninformed users will never lock down their systems or will get fooled into opening an exploit backdoor, regardless of their OS.
I'm interested to know which registry cleaner it was that was crippleware and rendered his machine unbootable.
Also, any others known to watch out for?
I don't mind shareware with limited functions if I'm told what they are up front, but if the vendor springs surprises on me they deserve to go down in flames. I buy products that are useful, but surprise crippleware is worse than useless because it burns my time.
Assembly is the reverse of disassembly.
Well said, sir!
Everyone should use CHX-I as a packet filter. It's not a piece of shit like zone alarm or norton or any other CLICK HERE TO BLOCK PAKATS firewall.
if you insist on using Windows, get used to learning to live with malware. Sooner or later it will get installed on your system. The only secure Windows system is one without network access in any way, shape, or form.
I downloaded the XP SP1a on a Linux box after reformatting my machines and then reinstalled them without net access and applied the CDR the Linux box burned. I also had antivirus tools, software firewalls, etc to install.
Malware can be installed by visiting the wrong web page, try spelling microsoft.com wrong sometime and see what the bogus site does to your system. If you think only ActiveX does this, what about XPI in Mozilla, malware is written in both ActiveX and XPI bundles now.
Make a wrong turn on the information highway and get owned.
My Linux box is fine, except that it suffers from RPM and PKG hell. Which is about as bad as DLL hell, I guess?
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Just set your clock back. Worked for me and lots of others I know. Take as long as you want to get the patch over your 56K
I have xp pro and one of the worms that hit gave me 20 seconds to resolve the issue before the computer shut down. Damn that was fun. Quckly access the net, search for the patch, download the patch - computer shuts off. Repeat until you are quick enough to beat the worm. It was like a horrible video game...
(Sponsored by cheeseSource for President 2012)
...didn't he just format the box, turn on the XP built in firewall, then go online and get patched?
Really - talk about being a drama queen.
A PC destined to be on a network should not have to be unplugged from the network first in order successfully get on the network.
Is that really that hard to understand?
He seems to think that as a Windows installation ages, the registry accumulates cruft that eventually makes the system unusable.
The presence of unused registry entries may take up disk space, and slightly slow registry lookups, but it's not going to significantly impact system performance.
I've got systems that have been running on the same windows installation for over 4 years, with plenty of installation/de-installation.
More than likely this guys had a host explorer extensions or system tray applets that he forgot about. The important thing is to vigilantly clear out old services and auto-run entries.
"autoruns", available free at sysinternals.com, will show you every piece of crap that runs automatically when you login. You can use autoruns to delete the entry, or to figure out what programs to de-install. I've also had good success using this tool to whack mal/spyware.
You can also audit your services. Sort the service list by everything that in a "running" status, and stop/disable those services that you know you no longer need.
In my experience, it's the Windows users who don't know what they are doing that are always telling me how they had to "wipe their system and reinstall windows". I've only once met a system that I couldn't repair (a failed Windows XP upgrade).
Once again, all those issues are bing addressed. Your original post stated that windows wasn't addressing the problem. It is. Their existing design decisions (out in the market) are horrid, like the ones you mentioned. But they are working on fixing it. Will they succeed? Who knows.
BTW - The admin requirements for running user programs isn't a fault of Microsoft. Run any of their apps, and you'll see they graciously handle limited priviledge account. The real offenders are 3rd party vendors. Microsoft can hardly be held accountable for that.
To: questions@techuser.net
//
Subject: Solution to your install problem.
Just read your article at http://www.techuser.net/index.php?id=47
Here is how to avoid worms and messenger spam during patching:
Turn on the XP firewall.
Do this BEFORE going online. You can do this by going to the network control panel, getting the properties for your net connection, click the "Advanced" tab then click "Protect my computer...".
You will find this renders you immune to blaster et al while you patch your machine.
Regards.
For someone who claims to have a Masters Degree in CS he's not too bright is he?
"no amount of policing will fix the problem for good." The solution is replacing insecure software with strong solutions. This is happening at a rapid pace as I type this. Is there a problem with this?
Azurite is fine covellite is mine.
Looks like wild west "Wanted" posters. In what century we are?
When a friend or family memeber comes to me for tech support, I listen to the problem (one time, and I shit you not, my sister thought her computer was broken because the top of the minesweeper window that she opened was off the desktop, so she could not close it. She thought it was because she had bought an AMD Athlon instead of an Intel Celery.), assume a grave expression, and tell them that their computer is hosed and they need to buy a new one.
1) run any security updates
;)
2) strongly suggest not using Outlook
3) Completely lock down the "Internet" security zone in IE and force users to add sites that don't function properly (due to scripting turned off) to "Trusted Sites" (which has scripting on)
4) Strongly suggest that users use Firefox instead of IE wherever possible
5) Install antivirus software
6) Install Spybot Search & Destroy and AdAware
This keeps most spyware, virii and worms out.
As a curious side-note, the first thing I do with a new OS X install is...
1) Apply security patches
2) There is no Step 2
... To go with that whine?
At first, I thought he had a valid complaint, but then as he goes through his shopping list of ills, he generalizes and skips over potential fixes any tech worth his salt would pursue. (and these are quite simple enough for any reasonably intelligent user to perform. I have instructed my own father over a the telephone, how to perform these items)
1) I have an IBM Thinkpad A22m, purchased in November 2001. It came with Win2k.
Only once have I performed a system reinstall (3 weeks ago or so) to free up hard drive space from numerous programs, and not because of any issues with the operating system.
In the 2 1/2 years I've used this incarnation of Win2K, I have applied Critical Updates from MS as they were released. I also ran McAfee 6.0 (retail), and IE 6 was the browser of choice.
Until this last fall, I did not run any type of popup blocker or spyware utility.
Prior to starting the system reinstall, I visited the Windows Update site, and used thier tool to determine what updates I had installed. Each item that I no longer had the files for, I d/l again, and burnt all the hotfixes and updates to a CD.
I did the same thing for the most recent drivers for this laptop, as well as for all the peripherals I had.
Then I compiled a list of utils that I find invaluable (Avant Browser, Adaware, Spybot, SpywareBlaster, and other goodies) and put on a CD.
Now, I have the orginal Win2K install CD for the laptop, a CD with all the drivers, a CD with the hotfixes / SP4 and handy utils. (plus CDs for the original applications,such as MS Office, Photoshop, etc)
The whole idea is to not put the machine on the net until it's relatively secure.
So now, I format the drive, and boot from the OEM Win2k CD. 45 mins or so for the install, then another 45 to install SP4 and the hotfixes (using MSs qpatch util, I don't have to reboot the machine until after all the hotfixes are installed)
At this time I turn off Windows Messenger Service, and finish installing my utils. That takes about another 30 mins.
Now, the machine is secure from pop-ups, spyware, viruses, and most MS OS-based exploits.
Time, about 2 hours. It takes me longer than that to setup and patch a RedHat 9 machine.
I'm not crazy,I'm actively irresponsible.
he's paying him back. He's showing him that it's much better to not get your computer hosed in the first place, so he IS paying his dad back for his education, in exact kind. Adults can be wrong, but there's no easy way to point this out to them, in a father/son situation. And it worked according to the post, when his father realised what a PITA it is, what it really costs,both in cash in what might be done to his machine or credit card or other personal info, or how he could be used by a malicious zombie-running blackhat, etc, and how easily preventable it was,so he learned something useful and practical.
I think a lot of people honestly do not know that the primary reason they might get hacked is not to get their personal information, but to use their machine to distribute hacked warez and spam email and kiddie porn. So, it's much better to do what it takes to help people understand the ramifications of their actions-or non actions, and to perhaps take a more critical look at the software they are running. To me, it's like a traffic ticket (paying to have your machine cleaned and fixed), you are SUPPOSED to learn something (stop being a no-nothing lamer) about your behavior driving your car (computer) on the public road (internet).
Once people are REALLY aware of it, then they have a chance to correct the problem. If you can't get their attention in the first place, they won't ever learn. Sometimes it takes a fine to do that.
I FULLY support ISPs or private network admins yanking access to the network from infected machines. They don't do it enough, IMO, and if it happens to me because my machine gets hosed and zombied and I don't deal with it in a timely manner, then too bad for me, too. I'd rather be told about it if I don't know myself, and losing your net access is both protecting the innocents, and getting your attention for a problem. And if THAT then kept being pushed back up the food chain to the vendors, where they had to code better, release less often, and be forced to offer products good enough they could be warrantied, then I'm all for that, too.
It shouldn't take 20 years to come up with a more secure out of the box operating system that is network capable, is the real bottom line, no matter which one you are talking about.
You'd see it get chaotic in meatspace if any manufacturer were allowed to sell "caveat emptor" products with no government required warranty, of course they would skip doing quality work then, because there would be very little risk to them. It's time software played by the rules every other manufactuer has to play by, especially if they demand IP ownership and patents and huge profits. They want it treated like a normal product, swell, but let the law treat THEM like any other product as well.
both IS a good idea. And also instant karma justice, ie, go armed, like we are supposed to, protect your own self and property right at the exact time they are threatened. What the analogy to being armed is on the internet I don't know, but it would be nice to be able to have more proactive self defense.
Okay, let's get one thing straight. The only reason Windows is so easily attackable (and why Mac OS X and Linux are not) is that Windows ships with 10 million services running and listening on well-known ports. It's not the registry (although that contributes to instability over time), it's not Windows Update (although that could be much better designed - resumability, and fewer reboots!). The reason Windows is so vulnerable is it has far too many open avenues of attack.
Try to hack a default OS X install, or many default Linux installs - sorry, *no* ports are open by default, so what can you attack? At best you minght be able to DDOS the box, or some upstream piece of network equipment, but you can't crash or hack the box itself.
On my OS X box all I have open is SSH and everything else configured to only listen to localhost. If you manage to crack that, I have a lot more to worry about.
I don't know what kind of crack I was on, but I suspect it was decaf.
After this experience I cannot help but laugh at the 'usability' problems Windows users are reporting about GNOME and KDE. It has become pretty clear to me that Windows users are so accustomed to usability problems that they don't even recognize them as usability problems. But, as soon as these people move to a different environment they start complaining simply because the new environment does not replicate the features and bugs of Windows exactly.
The other big lesson from all this is that most Windows users are incapable of 'securing' their systems. This is precisely why an unprotected system gets attacked in a matter of seconds, and spammers are still sending out Messenger service spam. Worse, Microsoft is directly responsible for this state of affairs. Windows encourage users to reinstall it every once in a while, and when they do, Windows Update actively prevents users from updating their systems.
The whole idea of Windows Update is a joke. Using an unreliable and insecure network as the primary means of distributing security updates is simply idiotic. This is like asking people to walk through a minefield to get to a shelter. I was able to download security updates off the internet only because the current generation of worms are not particularly malicious; they are just minor irritants.
Heh - if you think that's a joke - imagine some home user trying to configure their Linux system securely (as none of the installers from any of the *nix builds do it well), much less update necessary components as they come out with security updates, etc....it's just as bad, if not worse, than Windows and Windows Update...You make me laugh...
This is even easier than saying "Just buy Linux"
Go to walmart and buy a cheap router to sit in front of your computer at the house. Most out of the box only accept outbound connections. I work as a net administrator and I almost never worry about my box at the house...
Just a router guys, about the same cost as firewall software and doesn't use your CPU.
Are you sure the signal is too strong to be blocked by hand waving? Perhaps you're not waving fast enough.
- Get a fucking firewall.
- Don't install every spyware you see just because a web page tells you to. You'll notice a remarkable improvement in the longevity of your registry.
- Also note the large number of users who, though their systems originally came with windows, use a "pirated" copy anyway because of the utterly useless system discs which come with most new computers today.
-- 'The' Lord and Master Bitman On High, Master Of All
There was an offer from MS to get an all-inclusive CD with updates from 98 through XP, shipped free to your home. I requested it. I got email several weeks ago that my CD had been shipped. Never got here. Never heard back from them at all. If I just got the CD that MS offered to GIVE AWAY, I'd already be a step ahead of this silly game.
-j
Listen, normally I'm all about trashing windows for it's security. We all know what's wrong with it, no need to go into it again.
I also agree that the amount of reinstalls required is kinda ridiculous. Windows installations on a working PC run by a computer guy to deteriorate over time. I think this could be fixed by simplifying the registry somewhat.
However, this dude is blaming windows for things he should know better than to do. You went on the internet without a firewall? Why would you do that? What, exactly, did you expect to have happen? In XP you can enable the default firewall with a few clicks, so this issue has pretty much been fixed. Is it really productive to write a whiny article about an issue that Microsoft has already addressed, when there are so many more important security issues with the OS?
The other issue is, what OS is going to be secure upon reinstall??? I mean, you can trash windows for needing frequent reinstalls, but you can't blame it for being insecure upon installation. With OpenBSD I can do an FTP install of the latest release, which requires a large download, or with windows I can install from CD and install the latest SP, which requires a large download. Either way I'm going to be online with an insecure system...unless I have a brain and run a firewall, of course. Even if you have the latest release of your OS somewhere, chances are good that you're going to have to go online to download a few patches.
As far as the registry cleaner...I downloaded one of those too. I spent 3 seconds searching USENET and found an excellent one for free the first time. Do your homework = save yourself a headache.
The amount of reinstalls is ridiculous, no denying that. Simplification of the registry would absolutely be nice. However, the registry serves a purpose. Sure there are other ways of doing it, but it's obvious from the tone of the article that the author has never supported windows in an enterprise environment. There are more than a few times where the registry system has come in handy. With the amount of crappy software vendors writing crappy software that doesnt conform to any standard, I am overwhelmingly glad to have a more or less standardized place to store configuration information. As much as I hate to say it, Microsoft also does a great job updating the registry with information about their own installed products, which makes deploying apps which depend on those products far far FAR easier.
God...I can't beleive I'm even about to say this...but the author should also check out System restore, since he's oviously not that windows saavy. As much as I hate this feature, it does seem to work reasonably well in some cases. There are more advanced tools for backing up the registry as well. Rolling back a windows system is a reality and there are more than a few novice users who I support who have saved themselves this way.
I dunno...I mean the idea that you should have to reinstall so often is valid, and the idea that Windows should be more secure by default is more than valid, but this experience just seems like a really weak case for me. The idea that someone is going to avoid right clicking rather than reinstalling or put fucking VMWARE, of all things, on a system that is trashed to the point of not being able to right click just doesn't say much to me in terms of their qualification to write a technical article. I see the point the author is trying to make, but since XP has a firewall that is insanely simple to enable, I really don't see the point of whining about this.
The other thing is that, somehow, some way, I manage to avoid the problems he is talking about. I do the same kind of fiddling and BSing around, but somehow I have never had my right mouse button stop working or have a browser stop working despite reinstalls. If you're going to mess with the computer, have your shit together, have a firewall (or the latest service pack) on CD, and stop doing whatever you did to screw t
....indicate to people *before* you give them an account that firewalls and anti virus and keeping systems patched are all good ideas? Just slap ask them if they have a firewall and anti virus already, before you take their money and turn them loose on the net? Is it that hard to mention that before you finalise the contract with them? Or do you do that. I'm not trolling, just want to know what your normal procedure is. How about their email, can't you just send out an email with links to various firewalls and whatnot, or even offer them a courtesy CD their first month that have some programs on them, and tell them to use it first? Something like that? I mean, to joe consumer, their ISP is their first layer of networking administration, seems like it is at least partly the responsibility of the network guys to help educate and protect their users/clients.
I'm asking because I have NEVER been questioned by an ISP if I had a firewall, etc, just seems a critical point that they neglect. Hmm, I have to think way back now, I've had 6 ISP accounts since 95, 3 mom and pops, 1 from a rural community telco, and 2 big nationals. After you pay them or arrange for service and to get billed, the next step is just --> "what user name do you want,OK,that will be your email addy too, now what do you want for a password, OK, thankew, here's your account, buh bye and thanks for shopping at...." Never one time by any of those companies have I been asked, or recommended to have a firewall, or anything else security related for that matter.
seems that should change sometime....
$5 / month hosted VPS on linux = awesome!
He's obviously a little confused - he makes a leap from there being security issues to wanting to get rid of the registry and seems to confuse issues with the registry with patch issues. I don't think he quite knows what he's doing....
the man is a terrorist, pay him no attention
Enough bitching about the Windows Registry. This is probably the single most successful MS Windows feature. It was designed to deteriotate performance of a system slowly over time so that the users would eventually have to buy a new PC or upgrade to the next version of MS Windows. Especially now that even 3-4 year old PCs are "fast-enough" for most people except for a few high end users like gamers, without the self-detoriating performance feature enabled by the Windows Registry, not only Microsoft, but also companies like Dell, HP, IBM, Intel and AMD would be in deep doo-doo, perhaps resulting in a total economic disaster even worse than the crash of 2000 (or 1929)
We should be thankful to Microsoft for protecting our economy!
IANAL, but there is historical and legal precedence if the government were to go after Microsoft and other software companies for not educating its users about the harms that could come to them by using their products.
:P Of course killing people directly via lung cancer and killing them indirectly via a long series of crushing defeats until you just wish [Flanders] Gates was dead, is a different story. Couldn't help the Simpsons quote. Sorry. Still, I'm sure the stress level caused by computer crap causes health problems. Come on uncle Sam, do something!
When has the government sued a large corporation on behalf of the public good? Erm, lots of times. Not nearly enough though.
The tobacca settlements are a decent example
01100111 01100101 01110100 00100000 01101111 01110101 01110100 00100000 01101101 01101111 01110010 01100101 00101110
And to add something to it, one of the things that gets the most on my nerves is that educating users about this is near impossible. Even the ones with some brains.
Here my friend is pretty smart and although not an expert would probably understand simple security measures pretty well. The problem is that to explain it all to him I'd have to give him a long lecture where I'd come up as a paranoid security nazi, and give him the impression that I'm just exaggerating.
Seriously. I'd have to explain: The thing about the firewall coming up after the connection, the trojans, adware, and spyware, that this "cute" Bonzi Buddy thing is bad, that comet cursor is also bad, that just accepting the request to install an ActiveX is bad, that if you have a direct internet connection you can get infected before you can download an update, that despite the Service Pack being a 30MB download he's got to get it before doing anything else, that in some rare cases it will leave the machine unbootable, that Outlook Express is really problematic, that installing the latest IE version still means you have to get the updates for it separately, that running as Administrator is a pretty bad idea, even though using a normal account is a huge pain in the ass...
In comparison, security measures for Linux machines for normal users are actually simple! Don't run as root. If you install from the network, you're almost certainly getting the latest patched versions. If you install from CD, and don't install every server available, the updates will be small. And there are infinitely less places where you can be attacked.
My research lead me to write an article on this a while back, based on my own experience: XP-Out-of-the-Box: http://www.ameritech.net/users/mpr_support/XP_Box. html
I think it depends. If the person is just clueless and didn't understand your instructions, or tried to follow them and messed up, then I help them. But if someone willfully disregards what I told them, and it screwed up like I said, then they're making me dinner or something for me to fix it.
To me, it can be about petty point scoring, but it can also be about some jackass taking advantage of you. I won't engage in the former if my friends/family don't engage in the latter.
All the above is weighed against my relationship with said person, naturally.
in my opinion a good chunk of this money deserves to be paid to individuals who help catch the Microsoft employees behind the design of Windows Registry
Ofcourse everyone is entitled to his or heir own opinion but before bashing the windows registry *design* you should really find out what you are talking about! Is there any other centralised security system in other operating systems that allows fine grained acces control of individual settings with acces control lists that can be as simple or complex as you want? (try regedt32 instead of regedit, try the security menu) Is there any other operating system that allows you to set which people can mess with what setting of every piece of installed software? Do you want web coding monkeys to mess with every webserver setting but the SLL crypto strengths? go ahead, its one click ahead. Do you want the people who do word macro`s to mess with all the macro related word settings *but not the security ones*, just click and it will work across a whole network. Is there any system that intergrates this with strong kerberos based authentication? Is there any other design that allows for a single panel that has the security relevant features neatly packed together in a nicely documented form? I am not saying the security control panel is as good as unix hardening tools ofcourse, the design is right. Also it gets extended by the NSA what more do you want?
From a security point of view only default strong encryption is missing in the windows registry. Microsoft can and in my opinion should be blamed for not documenting each and every registry key to the fullest (except the security ones), if they did other windows coder would follew! Also the backup system sucks and the registry should not fragment as bad... but that implementations.
From a security *design* point of view, the microkernel NT design combined with individual file encryption, ACL`s everywhere, acces logging/auditing should be a secure systems architecs wet dream. (The diffrend layers for diffrend families of systems calls (win32,win16,posix(it excists!) and dos) should be a nightmare) Ofcourse microsoft didn`t spend time on these features just couse they worry about design (think win9x) but the DoD does. Why miss out on a customers like that? All they need to do is have the features on the checklists and they get a techincaly worthless certification that makes great business sense.
Now if we where to talk about *implementation* and where to look at the huge mess of undocuemented security critical RPC accesable code implemented without a care in bufferoverflow/race condition prone ways while running with full privileges.... smells like a recipy for disaster. But that is an implemtation mistake, the design is rock solid! It has to be, its nicked from VMS ;-)
At work, we have security policy that any new PCs bought pre-loaded or any new rebuild, cannot be connnected to our network without first running 2 CDs. These CDs contain current SP, virus software and recent DAT, STINGER, M$ patches that address worms ( Doom, Nachi,sasser), plus docs. The user must configure virus and WindowsUPdate to use our servers. After all this is done, THEN user is allowed to connect to network. Works great. These CDs cover NT, W2k, XP and 2003 ( and 64bit versions).
This guy had family with a problem
/. headlines.
I have family with a problem, too!
Actually, it's more like my ex-wife's family that has a problem, but either way, I usually don't discuss it in
Different strokes for different folks, I 'spose.
I'm dismayed that any reference to Mac security usually gets smacked down in comments here, whenever the subject of Windows insecurity comes up. "Just wait til the worm and virus writers target Macs."
But here's an idea. Buy a used Older Mac for under $50 to download your Windows patches, then burn them to CD and transfer them to your PC. Doesn't hurt to have a backup plan.
Or you can go to this link and it will explain the process of integrating sp2, hotfixes, drivers, and apps you may want all onto one cd or dvd.
I prefer this to using ghost which may or may not work on different machines and does clean installs of everything.
Can I get an eye poke?
Dog House Forum
Well, first off, there's nothing to stop you doing this now. You can just download all the patches individually and burn them to a CD. But what's the problem with this?
The short; this just means you'll be distributing virii by sneakernet. (Which is, admittedly, much slower than the Internet, but none the less...)
You know, back before we had this newfangled "interweeb", we still had virii and worms. They were passed around on corperate networks, from networks to other machines and networks by floppy disk, and also they were sometimes distributed on BBSs with sloppy sysadmins.
A "sharable" disk means that, instead of going through the effort of downloading those hundreads of megs of patches, I can just go copy a friend's disk. A copy of a "friend or an aquaintence"'s disk, however, is not a copy from a trusted source. Where did they get the disk from anyways? Who did they copy it from? It would strike me as very easy to craft a disc which would install a few intentionally malformed patches.
There are a couple of solutions to this problem. You could, for example, make your machine compare a the cryptographic hash of each patch against a known cryptographic hash. In order to get the known hash, however, you'd have to connect to that ol' public network again, with an unprotected machine. Since this functionality does not exist in current versions of Windows, you would also need some kind of initial patch from Microsoft to pull this off.
Another fix would be to cryptographically sign everything with a public key cryptosystem. This works great, so long as noone breaks your cryptosystem and/or finds the private key. Again, the functionality doesn't exist in today's implementations of Windows, so you still need another initial patch. (At least, as far as I know... I suppose XP might have signed updates; I've never tried to forge one.) This might be promising for future versions of windows. Microsoft has already bet your system security on a public key system with signed .NET objects, so this isn't so bad.
Both of these can easily be circumvented by a "sharable CD" that uses autorun to install nasty things before you install any patches at all. Of course, autorun is another feature of windows with questionable security.
In the end, the public network isn't really such a bad tool for delivering patches. Microsoft's implementation could be improved upon; upon installation of a "fresh" copy of XP, for example, the install could connect to the net and download all required patches prior to opening any ports on the system. (You don't need RPC to download patches, afterall). This is, more or less, the idea behind having the personal firewall enabled by default (only that's a little more kludgey).
On the Mac, you usually install a piece of software either by double clicking an installer or by moving one file from the CD to your hard drive.
To uninstall software you just drag the application folder to the trash.
"It is difficult to get a man to understand something when his salary depends upon his not understanding it."
I'd rather just use your Mac, too. When can you bring it over? There is a catchy new pop song that I want to download from iTunes....
I've been able to put together recommendations for family members that are pretty reliable as far as stopping viruses and various worms before they get installed, but not spyware. With spyware the best I've been able to come up with is tools to remove this crap AFTER it gets installed. To me that is just not an acceptable situation because the damage is often done by then. There is a real need to increase to security in terms of the install process. To me this is the real problem with Windows security right now.
As a 48 yo grandmother, I am offended that technical incompetance is equated with being a grandparent. I don't think anyone would have said "so simple even my grandfather could implement."
You just contradicted yourself. Make up your mind: are you offended because the remark makes assumptions about grandparents, or because it was sexist?
In this case he blames two things - Windows Update and the Windows registry. Let's consider arguments from the perspective of HAVING A BRAIN:
First things first: Yes, it is problematic to patch a vulnerability via the network if a worm that exploits that vulnerability is attacking you while you're trying to patch, but this problem is not specific to Windows Update and his hardly a reason to condemn it. I have seen Windows Update (along with critical update notification) used by the most technically inept people and have been surprised when checking their computers to find that they were actually patched up to date. Windows Update does not solve every security problem (such as the time lag between vulnerabilities becoming known and patches becoming available) but it's infinitely better than the old days when software updates had to be physically distributed.
As for the writer's second point about Windows Update working together with the Windows Registry to deprive Windows Users of all protection, he offers no specifics about this alleged connection. He simply makes the vague statements that pretty quickly the registry started accumulating all sorts of rubbish and eventually, the Windows registry accumulates so much crud that the user is forced to do a clean install.
Yes, it is possible to accumulate crud in the registry. This is not reason to blame the Microsoft employees behind the design of Windows Registry. What makes a mess of the registry is the crud that YOU PUT INTO IT. In my experience using good quality software from reputable sources causes relatively few real problems. On other hand, if you go around downloading all kinds of applications that you know little about only to find out that the product I downloaded turned out to be some pathetic crippleware, should you blame this on Microsoft?
There are times when a registry cleaner might help, but these tools should be used with utmost caution and require a deep understanding of what you are doing. Used stupidly, you just might find that the next time I rebooted, Windows refused to load. Gee, what a surprise.
I have two pieces of advice for the opinionated twit that wrote this slanted diatribe:
1) Next time you are considering placing an unpatched system on the Internet to download patches, put it behind a dirt-cheap LinkSys|D-LInk|SMC router. It would have saved you a lot of pain.
2) Next time you are thinking about trying out unknown software or taking a chainsaw to the Windows Registry, DO A FRIGGING BACKUP FIRST YOU MORON. Then you might not have to moan about being forced to do a clean install.
A Master's degree in computer science and he doesn't have a firewall in place?
Dear me, what are they teaching them in these schools?
Funny, all I did for my Dad's computer (Windows XP) was apply Service Pack 1 and install Symantec NAV2004. He uses Outlook and has no problems. Only problem he ever had was trying to install the Gator Time and Date Manager (I have no idea why he even attempted this in the first place). Because of that, I had to install Ad Aware and Spybot S&D. But regardless of all this, the thing that has saved him most was his good ol' $40 Linksys router. The combination of smart computing (by the user), updating virus software, and applying patches when needed (i.e. service packs, or specific updates when they are deemed critical enough) should keep most users safe from just about everything. Just remember to tell the user not to go clicking on or installing anything they can. It's really not that hard.
I think that Motorola and other cable modem makers should provide a basic ethernet router with NAT between their public IP and the IP of the internal network. Your NOT going to get Roadrunner and others to do the right thing and install a cheap Linksys router between the Cable Modem and the PC so just build a cheap 1-2 port router into the Cable Modem. The Cable Modem/Router with NAT won't provide for the ultimate security, but will help against these worms immensely. Also, these cable modems/roters should also put a LCD status screen and a few simple buttons on them. Press one to block the internet when your loading a new Windows install and blam....no wormies. When the install is complete, press button 3 or whatever to open up Windows Update and Windows Update ONLY. When your updates are installed, press for to open up most commonly used ports (which may already be open).
Microsoft should also fix this crap too. One great and easy example is have a one button application that creates a CD with all patches you have downloaded. Then when doing a install/re-install, if after x amount of time after release, ask for this disc. If you don't have one, then it should configure your system such that only the Windows Update website can work. Then it will auto download/install the patches. Or...and now I may be giving them too many ideas, change Windows Update such taht it uses port knocking in this situation. WU could even use a different port every time.
Gorkman
You sound like one of those misguided liberals who would try to psychoanalyze someone mugging you. Exploring the root cause is a luxury, not getting your head bashed in is a priority.
I had this issue just the other day. I found out that Microsoft provide a "hidden" option on Windows Update to allow downloading all patches for a certain operating system.
; en-us;323166
The following URL describes how to do it: http://support.microsoft.com/default.aspx?scid=kb
Basically, go to Windows Update, click on "Personalize Windows Update", and then turn on "Display the link to the Windows Update Catalog", and save. You then go back to the main page, where you can access the windows update catalog and download to disk all current patches for a particular OS automatically.
When I found that I was very pleased.
I think there is software to automatically install it all from disk, too, but I haven't had time to look for that, yet.
There are so many problems with what you wrote in this online article, I do not know where to begin. I will though.
You are complaining that by installing, uninstalling, and reinstalling open source, shareware, and retail software that you get mixed results as far as system performance and software reliability. Hmmm.
So you reinstall your system from scratch using a version of a operating system that is known to have remotely exploitable flaws and you get hacked as you were not using a firewall. Hmmmmmm.
You stated in your online article, 'Windows encourage users to reinstall it every once in a while, and when they do, Windows Update actively prevents users from updating their systems. '
Where to start with this statement. Microsoft wants users to reinstall their operating systems 'once in a while'... Who ever said this? The version of the Windows Update client which you are using works very well for everyone else.
'It is pretty obvious that such updates cannot work in the presence of the Windows Registry.'
Another bizarre statement. Do you understand what you are talking about?
I will stop here as I need to get some work done ( I could almost go line by line ).
I love reading Slashdot for stuff like this. Idealism is great, like beating up on Microsoft, but please come armed with facts and logic. This whole article is devoid of any of these pesky things.
Sorta off topic I know but...
Is there any way that I can get ALL of the windows[98/2000/XP] updates using linux? The only way I have found so far is to manually click and download each file. There has to be an easier way!
It seems like it would be an excellent way to patch windows and to get some people who wouldn't run linux to experience it. (I know people who have just seen the knoppix desktop and been impressed.)
I do security
http://www.microsoft.com/security/protect/cd/order .asp
(Pakistan) that's either a pretty good bet or completely racist depending on your point of view.
Include an image of a 'unlocked' ( i.e. sysprep ) bare install, with all patches applied.
They can just blow away the mess they have now and get it back and running in no time.
Sure its not 100% legal to be distributing a 'copy' of windowsXP around to your family, but if they own windows in the first place who is really going to bitch?
Be sure to include a mepis or other UNIX run-from-cd too.. just so they can experience it..
---- Booth was a patriot ----
I've been doing the same for my family members, but with an extra touch. Same type of software (plus the latest stinger) but create an autorun menu driven cd. Something like AMenu for CDs works just fine for me. Or you can search google for some nice cd autorun apps.
You need people like me so you can point your fuckin fingers and say, "That's the bad guy." So what that make you? Good?
I for one respectfully disagree with the author!! Smells of troll... but that being said all the items he lists in his article smells of a first graders use of ANY computer. IF windows is patched properly AND the sound use of an idiot-proof FREE firewall is installed and used AND a FREE antivirus program is used then windoze is no more susceptible to online hacks than any other OS. The issue is and will continue to be the mail client. Seems MS missed the boat with that one BUT... maybe its not really the clients fault for if most clueless isp admins filter out the crap BEFORE the client gets it then whats the issue?? I use Linux-BSD etc for almost everything here other than gaming but dammit windowz is Still used by most of my clients (Pharma houses) and we will just have to deal with it. MS (or someone else) NEEDS to get give the mail admins the tools to get rid of this crap before it hits the desktop.....
*--- Sometimes a majority only means that all the fools are on the same side. ---*
Think of the extensive wear and tear als result of this clawling. Knee-strenghend pantalons will be tomorrow's IT fashion!
I'm going to buy stocks in the tailor industry right away.
Okay, there are some valid points in this article. However, I would argue that "registry bloat" is a side effect of users that install crap software. They usually end up with a dozen or more "system hobos", along with their spyware. This is a symptom of user incompetence, not a failure of the O/S.
I was following him until that bit about getting hit with MS.blaster while downloading a 35MB file over DIALUP! Either he got infected over the totally saturated dialup connection or from his local lan. If it was his LAN, then I put him in the category of hopeless user or MCSE holder. If it was his dialup, I call bullshit. I have worked as Sr. Sys/NetEngineer at several ISP (millions+ passings). The configuration at our sites would prevent any RPC based traffic from propagating over dialup access servers.
Sounds to me like he "sexed up" this article to prove his point.
I am not great fan of Bill Gates, but I use the software that gets the job done. (Windows!, Solaris, Linux, RTOS/VxWORKS, Gentoo!) In my experience, O/S bigots are worse than those LUsers that wake me up on sunday mornings with news of my eternal damnation.
KDE and Gnome are following the same path to h-e-double-toothpicks.
Lots of people open up gconf-editor (or worse, judge it from screenshots), and their only reaction is "OMG ITS TEH REGISTRY! BILLG PWNZ GNOME! EEEEEEEEVVIIILL!!!1!"
It's not at all the same. First, gconf stores stuff in many small xml files, not one big easily-corrupted binary file. If some app's settings get corrupted, I can change one those files with a text editor and fix it, just like a traditional *nix program. Second, it's simple to remove cruft. I can rm -r ~/.gconf/apps/blackjack, and every trace that gnome-blackjack has left in gconf will be gone. Compare that to Windows, where people still have bits of Netscape 4.0 in the registry. Third, information on shared libraries isn't kept in gconf, so it's no help in the sort of browser helper object and DLL hijacking tricks that malware uses on Windows. Lastly, since gconf is many small files, it provides a finer-grained access control than the windows registry. All the user-editable gconf files are in the user's home dir, so one user running some bit of malware can't infect other users. Nothing running without root privledges can corrupt system-wide gconf files. It's all-around much safer than a registry.
0 1 - just my two bits
MS took a very conservative approach the first time around. They didn't enable the firewall because they knew thousands of products (including their own) would break. Who wants to have a line monitored 24-7 from kids who cannot connect to Battle.net because the ports are being blocked?
This time around, they're like "screw it". I can't say I blame them.
In college back in 77 I had a physics professor who was at least in his 60's if not 70's. We were all shocked one day when we found out not only was he a huge Steve Martin fan, but he watched SNL every night.
Just because people get old, it doesn't mean they lose touch with what's popular or current. We just like to think they do so we can feel superior to them.
that the term I was looking for...
You can update your Windows cd so that it install directly with the latest service pack/patchs...
the how-to for doing that is on the net somewhere, mostly command-line the last time I was looking at it, but damn usefull...
Alas, as a parent says, most "normal" users will never use it... They would have to know there is a command line thingy in XP first...
A GUI'ed tool to create such cds would be good for karma, anyone has a link ?
Also, Ghost is no freeware...an almost ideal tool, except it doesn't boot from cd anymore, you have to install on Windows first, then make a ghost... sad...
I heard there was a few linux cd distro doing just that, imaging and recovery... again, anyone has links ?
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
cool. now write me a hello world ya old bitch.
has av scanner, is bootable, small enough to put the service packs on the cd too. has ntfs access. http://www.inside-security.de/insert_en.html
1) Diatribe about Microsoft product ...Self-deprecating humorous reply to one's own post...
2) Suggestion to use an open-source browser
3) Aside about the benefits of an underdog OS
4)
5) RECURSIVE karma profit!
FTC warranty info
From that page, scroll down some:
Implied Warranties
Implied warranties are created by state law, and all states have them. Almost every purchase you make is covered by an implied warranty.
The most common type of implied warranty--a "warranty of merchantability," means that the seller promises that the product will do what it is supposed to do. For example, a car will run and a toaster will toast.
Another type of implied warranty is the "warranty of fitness for a particular purpose." This applies when you buy a product on the seller''s advice that it is suitable for a particular use. For example, a person who suggests that you buy a certain sleeping bag for zero-degree weather warrants that the sleeping bag will be suitable for zero degrees.
If your purchase does not come with a written warranty, it is still covered by implied warranties unless the product is marked "as is," or the seller otherwise indicates in writing that no warranty is given. Several states, including Kansas, Maine, Maryland,
Massachusetts, Mississippi, Vermont, West Virginia, and the District of Columbia, do not permit "as is" sales.
If problems arise that are not covered by the written warranty, you should investigate the protection given by your implied warranty.
Implied warranty coverage can last as long as four years, although the length of the coverage varies from state to state. A lawyer or a state consumer protection office can provide more information about implied warranty coverage in your state.
---this is why they don't "sell" you software, they "license" it, and in the fine print it is most prominent that it has no fitness for purpose, or merchantability, etc.
That's the part that is a scam, IMO,it's leaglistic legislated snakeoil fraud, and needs to change. It's like GM offering cars "for license" instead of "for sale", and because they got 100 yards mileage on them driving them on and off transporters before they get to the dealers saying they are "used" and "Licensing" them to you for big money "as is". That would be stupid and a scam, and it's the same with software that they "license" but everyone on the planet can see they "sell".
And if you are saying "too bad, that's the contract they click agree on", then I agree, that's why I think it should be outlawed,the law NEEDS to be changed, maybe from a serious major class action suit, because it's a freeking sale, and it needs at a minimum implied warranties like every other product out there. I'm just the kinda guy gonna call a spade a spade, that software is sold. there's free software, then there's for-sale software, everyone knows the difference. They can legal mush mouth it all they want to, it's still sold, that's how most people treat it and think of it, so it needs a warranty, for merchantability and fitness of purpose and so on.
I've become so fed up with the traditional "windows rot" that I decided that only my own, full-disk-image savepoints will do.
These days hard-disks are cheap. Set up a Linux server with partimage and a large disk, boot the windows workstations with SystemRescueCD, and make your "savepoints" at those times you install drivers, etc. Make sure you partition the disk into "system" and "user data". Partimage works great even on NTFS if you're careful to defrag first.
I can't understand how making and distributing custom Windows CDs doesn't violate copyright and Microsoft EULAs.
May we never see th
Install OS.
Download free Firewall and install it I recommend Zone.
Download free AV and realtime scanner and install it I recommend Avast w/ all RT scanners running.
Connect to MS update.
Begin collecting SPs, patches and updates.
I just did this in 3 hrs with a complete upgrade from Win95 OSR2 to Windows 2000 using only the Win 2000 install CD.
It was not until someone here managed to snag a virus in the jpi cache directory a week later which was automatically quarantined by the RT/AV scanner that I even thought about potential problems.
Any decent systems administrator approaches Windows secuirty in this way: Firewall FIRST, then download patches, then download and update AV software.
Most american ISPs (dial-up and broadband) now turn on the XP firewall when you install their custom dialer/spyware/etc. installs, which is a good thing. Having SP2 preinstalled will be better.
Why not devote your life to more interesting passions?
Seriously people, If you want to cruise on the info superhighway learn how to drive(get a firewall, AV, know how to work your box). If you don't know that stuff and something breaks its not MS's or Linus'es or anybody elses fault, its yours
Microsoft claims "security" as a feature of their products. Requiting 3rd party software and 3rd party hardware in order to connect to the most common network on the planet means that either Microsoft is lying or you are wrong (or both). Yes, people should take better care of their property, but that doesn't excuse the maker that ships knowingly bad software.
Learn to love Alaska
should this not read ....
1) Apply security patches
2) goto step one till your brain hurts.
However, the root cause is a vulnerability in Windows. That hole has to be plugged. Otherwise, another virus writer will exploit it, and another and another...
You make it sound as if Microsoft doesn't do anything when security holes are found. In one sense, you have people complaining because there are too many patches, but then others complain because "MS isnt doing enough to secure their product".
Slipstreaming only *INTERGRATES* SPs all other hotfixes are applied after install (aka rollups).
This is lame!!! Hotfixes, patches, and whatever MS wants to call a patch (this week) should be slipstreamable. IE should be able to update/patch the installation files.
What MS really needs to make is a tool that requests the user to insert their OS disk and the tool automatically creates a ISO with all the patches applied to the installation files.
The writer of the linked article is "smart" enough to blast Windows on Security, but not smart enough to patch a Windows system from behind a firewall. It is not that hard. We can't let people like this carry the ball for the open source movement. Let him (or her you feminist wackos) carry the water, or maybe ER's jock strap.
This is what needs to be done to windows to fix most of these problems. User accounts SHOULDN'T be allowed to install programs into the OS's system folders. Even if you mess up your user account it should not effect the OS in any way.
I tried running as a regular user on Windows XP Home edition before. Unfortunately, about 90% of programs are impossible to run after installing them as an Adiminstrator user under Windows XP. Of course, a lot of this is from programmers always assuming that whoever runs the program is a memember of "administrators" and thus try to do things like read/write configuration files in the programs directory instaed of creating configs in the USERS home folder (Documents and Settings).
XP Home addition also has a very poorly designed system of user rights for admin vs. regular users. You can't even set folder permissions! I guess they think that only those who purchased the "Professional" eddition of XP deserve that feature.
The problems encountered by the author A. Almost certainly did not require a reinstall and B. His difficulty with the reinstall could easily have been avoided. First off, "cruft" in the registry only happens if you have a strong penchant for constantly installing/uninstalling poorly written software. You can get plenty of free registry cleaning utilities, or you can just use the built in registry editor, or just ignore it completely (the "cruft" generally doesn't hurt anything). Why Window's security mdoel is responsible for VMWare or Linux screwing up your sound card I don't quite understand. The right click problem is a bug I've never heard of it, I'm willing to bet something you installed tried to add something to the context menu and screwed it up. To avoid being infected after a reinstall, just activate the built-in firewall during the install or before connecting it to the net. You also apparently condemn Microsoft's issuing patches over Windows Update? How else should they do it? Are you gonna run around to everyone's house with a box of CD-R's? The registry has always been a generally dumb idea, but it's been relegated to glorified config file status anyway, and most registry problems are easily fixed. The registry has nothing to do with the various worms anyway, they all exploit holes in various other parts of the opertaing system (or internet explorer). The idea of updated windows cd's is a good idea, which is why Microsoft supplies the tools to do it. Also, Microsoft announced it was reversing it's policy on allowing pirates to install SP2. Basically the entire article is a rant about a guy who screwed up his computer, and got infected reinstalling like a million other people. I realize MS bashing is a sport here on Slashdot, but there is no substance here besides just '1 guy pissed off at microsoft, not gonna take it anymore."
I have found that WindowsUpdate site fails to work on many proxies.
Nice pigeon holding there! Predefined labels too.
Should I say that you sound like the knee jerk crowd who overreact at every turn?
No one psychoanalyzes a mugger, or tries to talk sense in a break and enter thief.
Those are extraordinary situations anyway. The important thing is what to do afterwards to prevent (or minimize the probability of) a repeat of the same thing?
Do you overreact and shut yourself at home and never go on the street again of fear? Or carry a gun and shoot anyone who approaches you physically, even if they are a homeless guy asking for a dime?
If you really think exploring the root cause after the fact and planning for the future is a luxury, then we are all doomed if we think this way in major events, like Sept 11.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
MS will ALLOW pirated copies of XP to update. And if you've been around long enough, you remember the confusion of .ini files. The registry was seen by the entire industry as a step forward. Well, the IIS 6 metabase is moving to XML format. Maybe the registry is next. And get a faster connection. And I don't need to rebuild my desktops annually or otherwise. Get a dialup router.
Or design their cars to put their seat belts on for them. Oh wait....
I've said it before, I'll say it again. People who can't be bothered to patch their systems should have automatic patching on. MS should just turn it on by default. They've tried before, and we always get scaremongering about how MS is going to take our rights away. Well, it's time we realize that, quite frankly, Microsoft knows better than the vast majority of PC owners about properly securing their system, and if people can't be bothered to keep their machines safe, we should at least let MS try.
That statement sounds insane to us around here, but that's just because we geeks know what we're doing, and would prefer to be in charge (or at least choose who we want to be in charge.) Joe Sixpack doesn't know what he's doing, and yet we still let him be in charge anyway. That's just asking for trouble, and when you connect all those computers together, trouble for one means trouble for all.
The problem here is that Microsoft is really partly to blame. You can't have a survival of the fittest approach to software development when the source is closed and only Microsoft has access to what its takes to fix the problems in the software they sold you. The consumers of Microsoft's products are getting screwed when they purchase defective items, and then screwed again when they have to patch and purchase anti-virus remedies for them. When it comes to tools (compilers) you can't blame the toolmaker for something malicious with the tool. In this case, though, it is Microsoft as infrastructure player that's pissing on the parade. An OS is a foundation or like a road: built to hold things on top of it. When the guy pouring your foundation screws up you should be able to sue him for more than the cost of the concrete. Time to hold Microsoft's toes to the fire again, this time for real.
Not sure if Linksys or equivalent easily available
in Pak or as affordable as here.
I agree connecting a Windows box directly to the
Internet is suicide -- but Microsoft sells all over the world -- poor countries, 3rd world countries, many still running old obsolete version like Win95, 98.
Easy for us to criticize but not sure that enough
information on security, hardening, firewalls in
available in native languages or in an accessible
format.
Windows registry accumulates so much crud that the user is forced to do a clean install
Not if the user has half a brain and 60 bucks.
Anyone who knows anything about Registry cruft knows about OnTrack System Suite (now Vcom System Suite).
It scans the Registry, then scans the directory structure and reports garbage Registry entries.
A green/yellow/red Deletion Table is presented to allow cleaning out the junk.
Of course, reinstalling corrupted pieces of Windoze is another issue.
gewg_
It seems to work fine with raw squid, 'though Dansguardian and other filters can screw it up.
-dameron
My main beef with Zone Alarm is that by default, it blocks outbound VPN sessions and doesn't inform you like it loves to do when it blocks inbound session attempts. You can add the VPN server to the trusted zone, but that's after you realize what's going on. When troubleshooting connectivity issues, you never expect that the client computer is blocking its own outbound connections and it takes a while longer to realize that the client you're troubleshooting over the phone has this software installed. IMHO (And most security professionals agree), a personal firewall shouldn't block outbound sessions unless it's working at the application layer and has pattern definitions for known viruses. My second beef with it is that it announces every inbound session attempt it blocks in a way that makes it sound like it's stopping puppy rapists from doing their thing. Sure, you can change this behavior, but they intentionally set the defaults this way to take advantage of the uneducated users (The majority of the people that would install their software). When I did support for a local ISP, I had plenty of calls from people that were getting "hacked" by our DSL equipment. The software had them scared shitless of the Internet and all the background noise that came with it.
BlackIce has the same behavior.
So here we have two firewalls that block outbound sessions (WTF!?!) and like to prey on n00bs.
-Lucas
These guys are apparently anti-Mircrosoft too.
Ok, you know, this type of stupid bullshit should NOT be posted to /. MS bashing is one thing, but when you publish a "news article" that is full of out and out lies, then it's just plain yellow journalism.
As expected, pretty quickly the registry started accumulating all sorts of rubbish, and the system started exhibiting strange bugs.
What the fuck are you installing??? My current HTPC was built on Windows 2000 server in February of 2000. It's been running 24/7 since then, and has hundreds of pieces installed, removed, updated, moved, etc since then. It's my test development box for ASP (which in my case means it's had 3 different versions of MS Office installed for twiddling with the various exposed COM components to be used in web pages.) It's connected to my TV and acts as DVR/multimedia machine and I've installed dozens of various multimedia apps over the years to test and play with (zoom player, two-three different versions of the ATI multimedia system, Winamp, etc). The hardware has been upgraded numerous times, and is about to go through another cycle. I don't experience ANY "strange bugs".
Then I made the mistake of installing VMWare 30 day demo on my system. As soon as I booted Linux under it as a guest OS, the the sound card went bonkers, and started producing high pitched screeching sounds.
Did you ever think it MIGHT be that guest OS? Linux support for sound cards is sketchy at best (yeah, I said sketchy at best). Regardless, I've got VMware installed on my desktop and have installed dozens of Linux distros on it. I've also used Basilisk II to run Mac OS 8 sessions. I've NEVER had a problem like that.
The Messenger Service spam was only a minor inconvenience as I knew how to turn it off;
Really? They why the fuck didn't you do it before you went online? For that matter, why didn't turn on the firewall before going online? I'll tell you why: while you try to come off as a person who knows what they're doing, all you end up doing is coming off as a user. A user who, granted, knows what the registry is or Windows update, but a user nonetheless. Your opinion, therefore, on anything "I.T." is worthless and void.
Ah, no, I see. I decided to look around your site. You're a programmer. The worst kind of user. That's right, programmers are users. They usually end up fucking up their systems beyond repair, then call the people who really know how a computer works to come fix it...or, they reinstall over and over again. Your opinion is, therefore, even less worthwhile than a user's.
Thanks for playing. Please come back
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
The MSD program, in both DOS and Windows incarnations, comes from Word. WinWord 1.0 sports MSD vers 1.0, and later versions of WinWord sports a windows version of the same thing.
MSWord is the stomping ground for the crappier ideas we see in Windows, although the dreaded Clippy comes from no other than MS-Bob via Office to Windows XP.
OS/2 - because choice is a terrible thing to waste.
When I trashed my NT installation (my own fault, I deleted a Linux dual boot without uninstalling lilo first), I used a Knoppix cd to get back online and figure out exactly how stupid I was.
/MBR. Which worked fine, even off a DOS 5 disk.
The recommended course of action on the Microsoft web site involved some Byzantine complexity using Norton Disk Doctor. I (a) don't have NDD and (b) didn't believe a word of it.
Fortunately some random googling reminded me about FDISK
The irony is that the reason I had deleted the Mandrake installation was I wanted to replace it with the Knoppix one.
Although I have seen reboots where the registry gets toasted for no reason at all.
I have seen people get a computer with the 90 day tril of Norton on it, decide the want the full version, uninstall the trial version and install the full version and it fails (due to 20 taskbar apps the manufacture bundles with the software).
The "overall" context of slashdot is that Linux zelots say that linux is cool and Windows zelots say that Linux is not user friendly and unitl it can match what Microsoft does...go away.
So we talk two things here
- Is what a uber user does to keep a clean running Windows box, or how to be leet and run a linux box without those problems.
- Is slam OS's (both windows and linux), for what happens to the average user when you turn them loose on a machine.
The grandparent post is about what in general happens to an average windows user. No, they won't have security updates on hand. They don't have a hardware firewall if they are on broadband or know how to keep their machine from being hacked while waiting for 110 mb of MS updates to tricle in on their dial-up account.I make an extra $500-$600 a month removing malware for people. The average user is not able to remove it. It is not just "kill a few registry keys" for them.
And yes, it is Microsoft's fault. Just like it is to Apples credit that on a classic Mac, there are only 6 ways for a virus to infect a system discoveed between 198x and 1994, and since 1994 there have been 0 new ways discovered.
Evil toolbars, activeX compenents that hijack your browser. Email in outlook with spoofed extentions, the HTML/scripting engine that is intergrated into the OS so tightly that a hacker has a choise of exploting OS holes, HTML holes, or scripting holes via an executable, a script, or a web page and wacky, insecure defaults.
Yes, the average windows user has a lot of problems to contend with and since the internet, they have been in way over their head.
- Once upon a time, you just had to tell the clueless to make sure they don't leave a floppy in their drive between reboots and only open up documents not programs off of floppies and they would be fine.
- Enter the internet....Then only those clueless soles who went on line and were dumb enough to download warez got hit by windows related viruses in exe files.
- Then email virues and scripting problems hit.
- Then IE html expoits started being a problem
- Let's add spyware and breakage of the TCP/IP stack
- Now lets add crashing of the computer due to 20 background processes (most of them spyware and offcie faststart) bringing the computer to its knees.
- Then IE expoilts in the flakey HTML engine and ActiveX exploits.
- Now lets add Malware and Hijackware
- Then finally, the rash of worms from the last year or so.
If you look back at the list, the Classic Mac has basicly problem 1, 2 and 3. Mainly due to users running as administrator/super user. *nix Tends not to have these problems when users don't run as root.However, problems 4-9 are pretty much confined to Windows. I think Microsoft should fess up the fact.
For the average user to use a Mac, they just need to plug it in.
For the average Winodws user. They need a hardware firewall, Ad-adware, Spybot S&D, Antivirus, Zone Alarm, all installed and properly configured, in additon to being taugh to run as a non-administrative user, and to dowload updates and patches, to make sure to update their security software (ZA/Antivirus/AdAware) on a weekly basis. To not click on things, to backup the registry, create logical rollback points, etc, etc.
No the average computer user should not be allowed to buy Windows and think all they have to do is plug it in. They make me money by needing someone to clean up their machines and they impact my internet experience by slowing everything down with worms and encouraging spammers to keep up with their garbage.
vi +
What makes Windows popular is that business trusted IBM, IBM used MS dos. IBM tried and failed to lockdown the hardware market. MS was able to be installed on clones, thus making them legitimate replacements for IBM PC's. MS built a monopoly around the OS, was able to force major computer retailers to sell boxes with MS windows on them. We live in a world were Joe user has the choise of buying a box with Winodws preinstalled, or building/having built a box without windows and then installing their pirate copy on it.
That my friend, is why windows is so popular.
Now if you want to enter into a discussion about administering a windows box with GUI and 3rd party GUI tools vs. linux with CLI and vendor provided GUI tools, we can do that.
As I posted in an earlier thread. The Internet is the great equalizer. No network, Windows box is easier for Joe Sixpack to get and use.
Plug it into the internet and all of a sudden, the maintanence tasks required to keep the linux box running and secure vs. what it takes to keep the Windows box running and secure, and Linux has the advantage. Mind you I am talking about running Xandros or Mandrake, not LSF, Gentoo or Slackware.
But once again, due to Microsofts Monopoly, it is what is popular, not what is the easiest to use and administer.
vi +
If the author of the article in question had spent a fraction of the time he spent learning Linux on learning how to properly use Windows, he would not have had the problems he had.
...
... that any damn fool off the street will have to work at it a bit to really benefit from Linux ... yet they expect MS to make windows so that the same damn fool can use it with absolutely no problems of any kind with out any work at all to learn how to use it properly.
... about all the tiny simple half assed clues that those programmers could have included with their work to save me days of banging my head on the screen.
... and half the people here would blow me off as just Linux inexperienced while those same people praise the great work of the master windows god author to point out the criminal acts of MS/windows.
Funny thing about Linux users
They admit that to use Linux, you need to learn some real skills
I could go on for hours about the problems I've had trying to make various open source GIS softwares run in Linux
I bet I could re-write the author's article switching out MS/windows for PostGIS/GEOS/GRASS/TclTK/GDAL
Grow up! Linux is just as far from perfect as Windows is, just not enough people use it for it to be a worthy target of real exploits. Your great day of Linux will come, and you will be learned real good when it comes.
George Bush + Linux = "I will not let information get in the way of the fight against Windows"
Although I have always been able to get the PS output I have needed. I have never need mathamitcal formulas or grek characters, so YMMV.
vi +
Does cruft accumulate over time? Of course it does. But does it accumulate to the point of a complete clean reinstall yearly, as the original poster claimed in TFA? No, unless you are the guy who never met a program he didn't install. And even that guy could avoid the issue if he followed the logical maintenance path. Get rid of a program? Then get rid of the cruft - open the Registry and do a search & delete of remaining files associated with the program!
I wish Microsoft did a better job of requiring application uninstallers to remove all the entries the installer put in. But is it their fault that non-MS programmers write sloppy uninstallers? I don't have a solution to that, do you, Mr Advocate? Mr Original Poster?
I've been using Windows computers at work & home since DOS & Windows 3.11, and the only times I had to do a clean reinstall were (1) when my hard drive suffered a catastrophic head crash in sector zero, rendering my data unreachable, and (2) when I attempted to configure a dual boot of Windows 98 and Red Hat, and the Linux tool I used (instead of Partition Magic) over-wrote the partition table. Number one was nobody's fault, and number two was mine - the instructions said there was a "slight risk" but a google search later found many sites saying to never use that particular tool. Be that as it may, in neither case did cruft-buildup cause the rebuild.
In my current job I rebuild a lot of systems, both Mac & PC, and the predominent reason is to make sure all our standard applications are present with no residual data from the previous user. I upgrade a lot of systems to newer versions of their respective operating systems, now OS X 10.3 & Windows XP, predominently because my users want the newer features. I also support older systems attached to scientific instruments (microscopes/spectrometers/radiation counters/etc) which cannot be replaced or upgraded because the software & hardware are rev-locked. None of those systems has ever crashed because of cruft buildup.
It seems pretty obvious to me that OP & yourself are not very well versed in the support of the MS operating systems - and there is no reason you must be if you do not wish it - but if you don't know how to do so please stop saying it cannot be done just because YOU cannot do it.
Hmmm. Your ideas are intriguing to me and I wish to subscribe to your newsletter.
This doesn't seem to be part of Windows folklore yet; I mean, whenever you install Linux, you're made paranoid about running as root, but in Windows all you notice is how you can't install stuff, burn CDs, or bring up the flipping calendar anymore. Not a word about threats from the outside. People look at me funny when I bring it up. "About 90%", though? It's mostly games and (mostly older) Windows free-/shareware in my experience; Linuxy open source stuff generally behaves. And usually all the "bad" programs really want is write to their directories; they don't require admin privileges any more than writing to "my documents" does. Your mileage may vary, of course; maybe I'm just using an entirely different set of apps.
XP Home addition also has a very poorly designed system of user rights for admin vs. regular users. You can't even set folder permissions!
You mean you couldn't even, say, make a misbehaving app's folder writable for the 'users' group? Ouch. Well, couldn't you install these apps on a per-user basis then, a la "%userprofile%\nastybadprograms\(appname)"?
~Commander Obvious (sorry)
A more accurate analogy would be this: When you buy a new car from a car dealer you needed to do the following things before it even leaves the showroom:
Cut a new set of keys because the standard ones supplied with it were all alike.
Reprogram the electronic fuel injection computer because it has a bug which can crash it.
Change the tyres because the supplied ones were not all-weather ones.
Install seatbelts.
Install indicators and brake lights.
Install a bull-bar.
Install a fire-wall!
Which you find all ove the place - in preferences under the user, in preferences under the application, in the System folder, in the Library folder ...
Why is it that if OS X is supposedly a totally new Unix-like operating system, that 9 times out of 10 I can fix Mac problems by trashing the Preferences of whatever just stopped working? Wasn't that the OS 9 solution?
Hmmm. Your ideas are intriguing to me and I wish to subscribe to your newsletter.
Just click on the bonzaiBUDDY poster and let them take care of all of your security for you. Just trust the people who brought you bonzaiBUDDY just like the people who brought you bonzaiMicrosoft, buddy, and you will be fine. And hey, the lie they tell you about so-called 'worms' and 'viruses' slowing your computer down is a big fat lie! All you need to do is rush out and buy a brand spanking new super double-extra fast and so much wayyy better computer. C'mon, trusssst the bonzaiMicrosoft people. Have they ever hozed you before?
> Microsoft really needs to look beyond short term remedies to solve security problems. The company has to move away from its Windows roots in order to create a secure operating system environment. Microsoft has a huge research and development budget, and it just doesn't make sense why it cannot develop a security centered OS.
I wonder, have you looked at managed code?
Five years ago, Linux-heads made fun of the BSOD; now they make fun of Windows' security. Don't underestimate Microsoft. They will get security right.
We are not worthy! We are not worthy! /bows on knees
Oh, I see. So finally it is being spoken. Filesharing is terrorism. Mmm hmm.
BTW - The admin requirements for running user programs isn't a fault of Microsoft. Run any of their apps, and you'll see they graciously handle limited priviledge account.
*laugh* Now, maybe. Does anybody else remember when Microsoft Office couldn't run on Windows NT using NTFS because it expected to be able to put temporary files into one of the System folders?
Why didn't the guy in the story just install ZoneAlarm from a CD-R? That's what I do if I have to install Win2K on someone's PC (SP4, the latest, came out just before the anti-Blaster patch, so an SP4 machine will still get infected within minutes of being connected to Windows Update).
When I am king, you will be first against the wall.
I believe that 'dd' comes from OS/360 JCL's DD statement - see this page. There are some other pages that say the same thing.
The article behind the link was so familiar reading. Even though I nowadays try to avoid maintenance of Windows systems. The story also reminded me of my "Windows days", as well as something that happened just last night.
I happened to stop by mu ucles house where my father was setting up my uncle's computer. My uncle knows nothing about computers, but uses one for surfing and emails. My father on the other hand has fooled around computers as long as me, since 1981. He is a fan of Windows and now in his retirement helps his friends with Windows problems.
The problem was very typical. Reinstall of Windows (because of regitry problems) and upgrade from 98 to XP home (bad mistake)!
As soon as they connected to Ineternet to download patches, the computer got hit by SoBig and Sasser. And even the antivirus software on the CDs was no help - it was obsolite by the time the CD was pressed.
Luckily I happened to stop by and we could download with my secure laptop all the necessary updates and cleaners. The just move the files with USB-dongle to the sick (although fresh) PC.
All's well that ends well? - I think that my uncle will think twice if he ever buys a new computer, at least which OS he would like to have it run...
If all else fails, pull the plug and get out...
The Life is out there...
You're using Fedora, a bleeding edge release, and don't expect bugs and glitches?
The whole Point of the Fedora project is to alert the development team to issues and problems to allow redhat to produce tidier and more robust end-user products.
When a passenger of the foot, hooves in sight, tootel the horn trumpet melodiously
So each time windows needs to be rebooted I should first crawl under the desk to unplug the network cable, wait for windows to finish booting and then replug it?
Granted I seen people do sillier things to get around bad software/hardware but this belongs as a dilbert suggestion.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Are we talking a Windows laptop or a Mac OS X laptop?
Considering the source article, and all....
Up, Up, Down, Down, Left, Right, Left, Right, B, A, START
To uninstall software you just drag the application folder to the trash.
/.), but are you saying that Macs have no concept of shared libraries? That's the first big uninstallation problem (Apps A and B both depend on shared library C -- if app A is uninstalled, can/should it uninstall library C without affecting other apps?).
/etc (or whatever it's equivalent is)?
Now, I don't own a Mac, and know very little about how they actually work (other than what I read on
What about preferences? I've read Mac OSX is a UNIX like system, so are there no dot files in the user's home directory? Are there no system wide preferences in the
On any shared system, uninstallation is going to be a non-trivial problem, and I'd be surprised if it really is that easy to (un)install on a Mac.
Personally, I think there are many Linux based solutions (RPM, Deb, ebuild, etc) that, while they may have their problems, are far superior to anything in the Windows/Mac world.
"Save the whales, feed the hungry, free the mallocs" -- author unknown
On a unix system every program stores it's configuration in it's own file and it's own format. There is no standard way of separating system wide and user configuration. There is no way of taking a snapshot of the current configuration for a user so you can put the same configuration on a new machine. There is no way to roll back changes to the configuration. How is this better than the functionality the registry provides???
The interactive way to Go -- http://www.playgo.to/iwtg/en/
At the bottom of the referenced page, you'll set this lovely nugget of wisdom:
(Emphasis mine.)His article and FAQ shows him to be the 'average user' - knows enough to be dangerous, more than enough to complain, but not willing to take rudimentary steps to protect himself, such as actually going out and buying some personal firewall software. (Granted, he's in Pakistan, so CompUSA is not an option.)
I agree with his underlying sentiment - a user should not be expected to have to fix known and established holes in software, especially OS. But the "unix is just as insecure as Windows" was a hoot!
another evil thing is Registery Keys. These too have per/user permissions which makes it infinitely more frustrating to lock down a program or open one up to certain users/groups. I think this accounts for about half of the 90% of my programs. Again, it's just not worth it playing safari in the system registry trying to hunt down the correct registry keys to make things work.
not. First off windows 2000 is not designed for home users, thats why windows xp was released. Windows 2000 is for business users, who have an administrator that handles updates/fixes etc for them. Now if you are the administrator, the first thing you do when you are installing windows 2000 is to take out the network cable so that the install isn't interrupted at all. Then quickly install a firewall after the installation of windows 2000 is completed. Even zone alarm would work out and it would be installed quickly and quietly. Its standard settings pretty much protect you from anything. Now even before that you should untick client for windows networks and file and printer sharing for microsoft networks on your dial up connection before you connect and those vulnerable ports that the worms have been using would have been closed then. Giving you the necessary time to get the zone alarm firewall. Then you can take ur time getting service pack 4 without being effected by any worm. Having a firewall is a must on any computer connected to the internet. That is why microsoft is enabling it by default in service pack 2 for windows xp. Now as for windows xp users, all they gotta do is make sure the network cable is not plugged in when installing windows during a clean install and enable the firewall on the network connection right before u plug it back in. Then u can download all the updates you need no matter how long it takes you. The standard settings of the firewall in windows xp are just fine when enabled. And after installing all the needed updates, you can then install another software firewall if you want and can disable windows xp's firewall then. But my main point is don't be on the internet without a firewall on. Windows 2000/xp/2003 do have another firewall built in though as well. Go here if you want to read up on it. It's quite useful as it allows you to only block certain ports if you only need certain ones blocked instead of all of them.
My Gawd WTF...
A little advice: don't rely too much on your intuition of what is obvious. The poster you refer to (me) is between 30 and 40 (I'm not going to say which end of the scale I'm closer to ;) ). While this does not make me an elder, it does allow me to state with confidence that my "nuts have dropped" so to speak. There is no water left behind my ears, and I am not viewing the world through rose coloured glasses.
My simple point was -- and is still -- that in general, as people get older, they care less about the newest, latest, hip tech toys.
"I'm just here to regulate funkiness."