Slashdot Mirror
The Cost of Computer Naivete
wiredog writes "What happens when you put an unprotected Windows 98 box on a broadband connection? Two perspectives from two reporters for the Washington Post (frr,yyy): The User's " an odyssey that has taken $800 and roughly 48 man-hours over nearly three weeks" and Digital Doctor's "Her PC was in such bad shape, it required 10 1/2 hours of surgery to restore it to working condition.""
To be fair, if you installed a stock version of Slackware from 1996 on the net, without a firewall, you would be subject to known exploits either in the kernel or the userland programs that were included in the stock distribution.
It's now a major pain to install a windows system from scratch, using the original CD.
You now have to
- think about getting the latest service pack first
- think about getting a firewall with its license key (love it when the firewalls ask to be registered before working, and need an internet connection to be registered!),
- think about getting an anti-virus (same story)
- then install the system (disconnected from the network, of course, so forget about "configuring an internet account" during the install)
- install the service pack
- install the firewall and the anti-virus and make sure that they're running
- go to windows-update and patch your system
- start to play.
This is an impossible task for 99% of the regular windows users, who don't even know what a firewall is and how to configure it. There have been improvements in the installation process of OSes and applications, in order to make it possible for reg. users, but all these efforts have been ruined by virus and worm writers.
And I'm not even talking about spyware, adware and spam...
I know what it installed by default. It installed your ethernet, brought it up, installed telnet, brought it up, and left you to log in with NO ROOT PASSWORD. Thats the uber-secure linux of the past.
Install that old slackware while connected to broadband, and if you decide to take a coffee break before logging in and setting the password (or if you forget to do it, or miss that line item in the install instructions) and you're fucked.
Hell, those were my Uni days. We'd have a ball in the computer lab watching the one TA (total stereotype smelly bearded hippy geek with a bad attitude) install some new linux terms, and we'd race him (and beat him!) every time to log in as root and do various stupid things.
Hell, I'd wager on 7 out of 10 student machines on the campus net never did get a root password set.
I don't need no instructions to know how to rock!!!!
You don't need any stinking non-Free software to make ghost images.
/path/to/image.gz
/path/to/image.gz | dd of=/dev/hda bs=128K
Here's how you do it:
0. Set up a recipient (either a second hard disk, a machine on the network - whatever - I do it over the network)
1. Boot Knoppix on the machine you want to ghost.
2. Mount the destination.
3. dd if=/dev/hda bs=128K | gzip >
To restore:
0. Set up the source.
1. Boot Knoppix on the machine you want to install.
3. Mount the source.
4. gzip -dc
Tips: Overwrite any free space on the machine you want to ghost with a huge file filled with 0x00, then delete the file. The disk image will compress much better as you've scrubbed the deleted files.
I use a system like this to ghost many machines at a time (an image server can easily deal out 30+ images at once). It'd cost a fortune to license many copies of ghosting software - with Knoppix and a very small shell script, I've got an automated system which will do many machines at once. (A typical 40GB fresh WinXP install with our apps compresses to under 1GB with gzip).
If you're doing WinXP, remember to either make a Sysprep build or use something like System Internals free (open source but not truly free) tool to change the SID and hostname of the machine when it's booted the first time. (This is the approach we use due to the limitations of sysprep).
Oolite: Elite-like game. For Mac, Linux and Windows
I saw this in the Washington Post yesterday and thought it interesting enough to send the reporter (Kathleen Day) a note, which follows, summing up my thoughts on the matter. I haven't heard anything back yet (and I don't necessarily expect to).
-Phil
Ms. Day:
I find it absolutely fascinating that problems such as the one you encountered are treated primarily as a user education issue. It's true that there are some things that everyone needs to know in order to use a computer. It's also true that savvy users can often avoid security mistakes. But one wonders, "Why is it that users *have* to be security-savvy in order to effectively use their computers?" I'd submit that the problems you wrote about are mostly the result of design flaws and not naivete. In many ways, I think the computer industry has set the bar far too low by blaming users for problems it has created. Put another way: what would you think if you had a car that would sometimes break down without warning if you drove it on the highway without first buying additional parts?
As I see it, there are two design weaknesses that contributed to the problems that you wrote about. First, basically anything you do on a machine running Windows is done with full administrative privileges. In one way, this makes sense: you own the machine, so you should be able to do anything you want with it. The problem, however, is that this blind trust allows malicious software to do pretty well whatever it wants. Most other operating systems (Mac OS X, Linux, and Unix) require you to take some special action (usually typing a password) in order to install software or alter the operating system. While this can't prevent you from choosing to install malicious software, it makes it quite difficult to do so unknowingly. To stretch the car analogy a little further: people can't modify your car's engine without your knowing about it because you have to open to hood in order to reach it. Computers should work the same way.
The second problem is that Windows doesn't make a strong distinction between programs (the applications that you run) and data (documents and the like). This makes several attacks a lot easier, as malicious programs can sneak onto your machine by masquerading as data when you are browsing the Internet. For most non-Windows operating systems, there's something that you have to do explicitly to say, "This is a program and it's OK to run it." If Windows has these protections, there still wouldn't be anything to stop someone from maliciously sending you data you didn't want--but your computer wouldn't be able to then run that data as if it were one of your programs.
It's a mistake to say that anything is totally secure. There have been (and will continue to be) successful attacks on operating systems other than Windows, of course. But I think it's a mistake to think that Windows has so many (and such severe) attacks just because of its dominant market position. True, it's low-hanging fruit for those with a malicious bent. But it's also so much easier to attack Windows because of the way it's been designed.
The very concept of a computer virus depends on both of these two factors. Take away the administrative powers, and the virus has little if anything to infect. Remove the confusion between programs and data, and it becomes much more difficult for malicious software to spread. Many regard it as unnecessary to run antivirus software at all on non-Windows systems. While I'm personally not sure that's a good idea, it does give one an idea of the relative security levels involved.
I think these security problems may ultimately threaten Microsoft's market position. The bad design decisions that are part of Windows weren't made because Microsoft is dumb (quite the contrary: they employ a lot of very smart developers and architects). They were made for market-driven reasons. Lots of old software (dating back to old versions of Windows and the even older days of MS-DOS) simply won't run in a more secure environment. As
In his case, he needed
- a CD with all of the relevent tools and updates
- a windows boot disk with CD support
- an understanding of the windows command line in order to copy a subset of these tools to a convenient folder on the hard drive from the CD
- The knowledge to run these tools from Safe mode, and how to get there in the first place
- Include in the subset of tools one that can fix the broken LSP setup.
tips - I deal with this stuff all of the time. The best data on this stuff can be found in articles at spywareinfo.net - the forums are not bad either, although spywarewarrior.com also has good forums. also good to have is this list of known rogue spyware cleaners, along with this list of Anti-Spyware Orphans & Outcasts[LSP or Layered Service Provider is a piece of software that can be inserted into the Windows TCP/IP handler like a link in a chain. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, rendering the user unable to access the Internet. Spyware is good at this, and some cleaners leave a broken LSP behind.
With the correct tool, the fix takes seconds. Without the tool, you need to uninstall and re-install the winsocket, or else the same with the entire network support. Otherwise you fall into the trap this poor bloke got into.]
My current recommended free antivirus is Avast! Home Edition, which is very low maintenance for the home user, and requires registration for the free license. It also protect a number of common Instant Messenger clients, as well as several common P2P clients. It is better than AVG in my opinion, and detects many trojans as well as spyware.
You can get a system that is so hosed that it will not boot, not even into safe mode, even under XP. The solution there to remove the hard drive, drop it into an external drive enclosure, and hook it up to another system where you can use scanning software to do a basic clean so you can boot in the original configuration. Once it boots you can install cleaners from safe mode, and then run cleaners from inside every user account.
"It is a greater offense to steal men's labor, than their clothes"