Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Windows Security Nightmare

Posted by michael on from the it's-funny-because-it's-true dept.

latif writes "Microsoft has set aside a $5 million fund for paying off informants on malware authors. In my opinion a good chunk of this money deserves to be paid to individuals who help catch the Microsoft employees behind the design of Windows Registry and Windows Update. As I found out, the two mis-features work together to deprive Windows users of all protection from malware. The details of my experience are in the article Why Windows is a Security Nightmare." In a related story, Anonymous Wussie writes "This guy had family with a problem: A Windows XP computer hit by worms that couldn't stay on-line long enough to get patched. His solution? A CD. This article describes the custom made CD he sent to his family member with patches, tools, and instructions to make a fresh install of Windows XP Home Internet safe. I know I'll be doing this in the future."

10 of 969 comments (clear)

  1. Use the Firewall by Anonymous Coward · · Score: 4, Informative

    People always complain about their computers getting infected before they are able to download the patches - but this is easy to prevent if you just switch on the included firewall software.

    1. Re:Use the Firewall by liquidsin · · Score: 4, Informative

      Third sentence of the article: "This was the case with a family member's computer running Windows XP Home." Further down, he also talks about putting XP SP 1a on the disc.

      --
      do not read this line twice.
    2. Re:Use the Firewall by pyros · · Score: 4, Informative
      Unlike in the Unix world, where you solve all these problems by simply not running as root. You might not be running as root, but how are all those various programs listening on ports below 1024 running, enk?*

      Usually the process is launched by init as root, the port is bound, and then the process forks, calling setuid and setgid to loose root privileges. It's also not unheard of to chroot the fork too. So you're left with a program running in a sandbox without root privileges, bound to a privileged port.

      * - bold added to separate GP quote from parent quote, not for emphasis on any particular content in the quote.

  2. You Mean digital? by Mordaximus · · Score: 4, Informative
    the Microsoft employees behind the design of Windows Registry

    Ah yes, brought to you by the letter V, as in VMS. IIRC it was a few digital VMS engineers that left and help build many of the more functional components of WinNT. And apart from the ACL, i believe the registry (at least for pathworks) was another digital innovation...

    Never forget there is very little you can credit Microsoft with...

  3. all he had to do by xplosiv · · Score: 4, Informative

    was have them type 'shutdown -a' at the command prompt and the rebooting would have stopped. I have helped people remove this worm many times using Remote Assistance, over dialup without any issues. The firewall software is going to cause more problems in the long run as it will block some of their games, or even him remotely accessing the machines in emergencies.

  4. this is just a good example of... by mgoodman · · Score: 4, Informative

    ...why stupid people shouldnt use computers.

    Just because its made by microsoft, that doesn't mean an idiot should administer it. It certainly doesn't mean its going to be secure and stable out of the box.

    The huge divide between Unix/Linux and Windows is that Unix/Linux forces you to know what you're doing when you install something on your computer. Windows assumes the opposite.

    However, if you do know what you're doing with Windows, problems of this nature are not really problematic. Fixing Windows without reinstalling is easy for competent administrators. Jeez, I can get around in Windows without a mouse and without explorer.exe.

    Here's a hint guys: if something breaks on Windows -- don't install a program to fix your computer. It will break it further. Don't install registry cleaners -- they suck. Slick your system, ghost your system, take registry snapshots now and then. Don't install third party software on production machines without testing on crap boxes first. Do know your system in and out.

    --
    01100111 01100101 01110100 00100000 01101111 01110101 01110100 00100000 01101101 01101111 01110010 01100101 00101110
  5. RTFA by interiot · · Score: 5, Informative
    RTFA, please.
    • Actually, Microsoft does offer a security update CD, and is willing to ship it to customers free of charge. But, as always Microsoft has made a mockery of a decent idea. First of all, 2-4 weeks are needed to deliver the CD. Then there is the problem of availability, the CD is not available everywhere (I live in Pakistan, and the CD is not available for Pakistan). Also, the CD Microsoft is offering is horribly out of date. There is no fix for this last problem, if Microsoft starts updating the CD every other week, then people will start asking for a new CD every other week. Obviously, shipping a CD to every customer every few weeks is quite an expense, and Microsoft doesn't want that. So, the Microsoft Update CD is there just for moral support.
  6. Run QNX on the desktop by Animats · · Score: 4, Informative
    One safe option is to run the free version of QNX on the desktop.

    The free version of QNX comes with no inbound services enabled. Most of the standard UNIX-type services are available, but they're not installed by default. It's a pure client. In fact, it's very close to what the iOpener ran. Both dial-up and LAN connections are supported.

    Mozilla 1.1 runs, but without Flash. There's a word processor, ABIword. The whole GNU toolchain is available. Unfortunately, OpenOffice hasn't been ported.

    It's refreshing to run a system without all the Microsoft crap, or the Linux emulations of it.

  7. Re:offended by Turambar · · Score: 5, Informative

    A troll is a post carefully crafted to attract predictable responses and/or flames. The moderator probably read the post, saw the poster was "andy666" and thought some guy was trolling. It was a mistake.

    After looking at andy666's posting history, the moderator should have known that andy666 really is a French grandmother named Andrea Tilley, who apparently has a grandchild old enough to post the parent article, and isn't happy that her grandchild considers her technically inadequate for this job. Wow - French and thin-skinned; but I repeat myself.

    It's SlashDot - what do you expect?

    --

    Turambar
    ------------------------------
    Common sense is not so common.
    --Voltaire
  8. Downlaoding all "Windows Updates" is possible by comcn · · Score: 5, Informative

    I had this issue just the other day. I found out that Microsoft provide a "hidden" option on Windows Update to allow downloading all patches for a certain operating system.

    The following URL describes how to do it: http://support.microsoft.com/default.aspx?scid=kb; en-us;323166

    Basically, go to Windows Update, click on "Personalize Windows Update", and then turn on "Display the link to the Windows Update Catalog", and save. You then go back to the main page, where you can access the windows update catalog and download to disk all current patches for a particular OS automatically.

    When I found that I was very pleased.

    I think there is software to automatically install it all from disk, too, but I haven't had time to look for that, yet.