Slashdot Mirror
The Cost of Computer Naivete
wiredog writes "What happens when you put an unprotected Windows 98 box on a broadband connection? Two perspectives from two reporters for the Washington Post (frr,yyy): The User's " an odyssey that has taken $800 and roughly 48 man-hours over nearly three weeks" and Digital Doctor's "Her PC was in such bad shape, it required 10 1/2 hours of surgery to restore it to working condition.""
It is bad enough with 98, but what if the same experiment where conducted with XP, considering all the wild RPC attacks?
"Here's a spoiler: You're will die alone."-Triumph the Insult Comic Dog
..of my initial days of tinkering around with RedHat 6.x.
My old office had two RH boxes on a static IP. There was no such thing as an administrator. As a programmer, I was supposed to install all applications, configure them and also *ensure* it was up and running.
Got a call from the ISP two days later. They had shut down the machine because of complaints from other users - apparently some application from these machines were flooding the network (I never did find out what they were doing though). Got the ISP to restart them. Frantic googling and few "security guide" downloads later, I started exploring what was wrong with them (incidentally, I was *still* accessing those machines remotely - my office wouldn't pay for me to go to the site to check the machines). Turned out there were THREE rootkits installed on one of thsoe machines. Found the traces of one of the possible three attackers - was some IP space in netherlands. Later found that that range of IP addresses was actually under contention and was thought to be not allocated and probably belonged to some malicious/rogue ISPs (I haven't understood this part yet).
Not knowing much, I got them to reinstall the OS. Of the three, two rootkits appeared within 2 days. Another re-install, this time with the Linux security guide implementations for securing the box. Things were ok for about 2 weeks or so. I then had yet another attack and someone was using my box as a IRC relay host (or something) and I was still in trouble.
Finally, after some RH updates and more tweaks (and ipchains and iptables install/config), I was able to have reasonably secure machines.
Trial by fire, but I learnt a lot!
*shiver. I hate to think how it would have been, had those been '98 machines
http://efil.blogspot.com/
My mother's machine was the same way. Win 98, no windows updates for nearly three years. On a cable broadband connection, no firewall. Anti-virus wasn't updated since 2000.
Between an updated McAfee, Ad-aware, and a few other spyware removal tools - I spent nearly eight hours on getting her machine back to a working condition. Once I was able to back up her data, I formatted and moved her to XP Pro.
She had enough trouble learning XP - I wouldn't dare put Linux in front of her.
Almost 20 viruses.
Over 150 spyware components, files, etc.
Three hours of Windows Updates to download over a broadband connection.
Don't clickety-click on everything on your screen. Some of those links are bad.
And this is /., so no-one expects microsoft to be absolved, even if they did nothing wrong ;)
Things were going pretty well, and we left the systems on overnight. When we signed back on in the morning, my machine was fine; his machine had been compromised -- in grand style. We found the following:
The main data on the system was not compromised and while there was a minor virus infection, for the most part things were not touched. I should say, "things were not touched that we could detect" -- they could have taken a full copy of his HD for all I know, not that anything important was on there (it was just a gaming box).
He probably wouldn't have noticed the attack itself except that his processor wasn't all that hot and he was on a 10M/sec network card; between the heavy compiling and the constant sending of virii system performance had dropped noticably.
The fix?
Unplug from the internet, make sure no data on the box is needed, and format it back to the stone age. It isn't like reinstalls take a long time. (Backups are your friends.
Someone got into my pc using the LPD Root Exploit. Of course, I was stupid enough to put a Linux box on the Internet with no firewall! Still my personal experience from that time was the Linux had a problem!
Best Buy can have you arrested
The XP box, which caught Sasser, and probably a few other nasties, but I didn't bother looking, and just nuked the box.
The purpose of the exercise was to make a CD containing all the updates as of April, 2004 that a clean 98, 2000, or XP install required to be usable.
I finally decided to install Apache. I had been running an ftpd for a long time to transfer files between home/work/family/friends but so many of them began asking for me to appeal to the least common denominator that I finally did the apt-get install apache. Honestly speaking it was the easiest fileserver I've ever set up. Granted I didn't look into authentication or restricting access yet. I simply wanted to install it and offer files. In terms of basic functionality apache was much easier to achieve liftoff than ftpd or samba.
/24, poking around for overflow vulnerabilities by sending SEARCH and GET requests with more than 8190 bytes.
Here's the rub that fits with this article: Apache was not up and running for more than 2 hours before I had 3 IP addresses, two of them on my own ISPs
Why can't these script kiddies be stopped? It is obvious what the intent was.
+++ATHZ 99:5:80
I'm trying to recover a spyware ridden winME (shudder) system at the mo. Nice Co-incidence.
I've been told by the owner that I can't reload it.
Now this is gonna take a lot longer than zapping it with the restore disks but this is what they want.
The point is - reloading it is the sensible option but the computer owner doesn't want it reloaded and is prepared to wait a reasonable amount of time to have it repaired. It may well take 10+ hours but "the customer is always right"!
"goatse? What's that? Anyone have a link?" - AC
Slackware also had NOWHERE REMOTELY CLOSE to the installed user base that windows 98 had. Windows 98 is in all likelihood still beating it.
Virus writers don't give a shit about Slackware. It's like saying that my car has better security because it wasn't broken into when I left it in the middle of nowhere for a week and noone touched it, as opposed to your car which you left in a shady alley way in Los Angeles.
Mod this obvious tripe down.
and a switch is definitely in order. when you have blight, nematodes, and rot in a soybean field, you have to rotate out of soybeans and plant anything else unrelated for several years to clear the land.
in the MS software monoculture, we are also at that point. pick Mac OS or Linux, but switch. you can't grow anything in that MS patch any more.
if you can't/wont, I have had multiple update choke-n-hangs with norton antivirus in the last year plus. each has finally been resolved by switching that user to Grisoft's AVG program, www.grisoft.com... and using Zone Alarm and Ad-Aware to deal with the other types of threats.
if this is supposed to be a new economy, how come they still want my old fashioned money?
Err, if you haven't noticed, many of the worst M$ security problems lately have affected only the WinNT codebase, including some that are WinXP-specific. As long as you're only running client apps, Win9x derivatives may actually be safer than the newer ones!
The problem here isn't the OS version, it's that she didn't install the necessary security apps before exposing her computer to a direct internet connection. True, WinXP includes a very basic firewall app, but ZoneAlarm is just as easy to install and probably works better anyway...
Why don't you set the hosts file to read-only.
I doubt that most spyware will assume that the hosts list is read-only, so they won't change the properties when attempting to write 'updates' to it.
don't take this the wrong way but, if the person is using a Win98 machine, chances are its an older machine and they want to keep it working. I have a friend who's using an old P200 with win98, she can't afford a new computer let alone a mac, the computer she has was gotten used. she's not too smart when it comes to computers and linux is a bit much for her. that in mind, she did get broadband, and hooked up without a firewall or anything. and immediately started getting stuff sent her way... she had the foresight to tell me this and call me in to fix it. it only took me about an hour to get it up with a firewall and cleaned from spyware. this isn't a flame but merely a first hand perspective on this "she should buy a mac or run Linux" idea. Its enough that I'm called over there at least once a week to fix problems it'd be worse if I had to go over there to show her how to do things in linux. I'd rather put out small fires than have to teach her linux. as for Macs well, cost is a big issue with her. she can't afford a mac. I know i know... but its true macs are expensive. and you know one thing mac pushers forget? if Mac ever did get 50% of the market share, guess what platform the script kiddies would be writing their viruses for... They don't write viruses for MS because MS is easy, and easily exploitable, that just makes their job easy, they write them for MS because MS has the market share and they can infect more pcs and cause more damage by choosing MS. same with spyware.
You mean the only time you were owned and knew it. With linux, software behaves consistently enough, that it's much more obvious when you've been nailed.
Not if the person who hacked your box knows what they are doing. You could have been rooted for a year and not know. Again, this is because Linux, the thing is consistent enough to where another user (even one that has rooted your machine) can do plenty of other stuff on your machine without your being impacted by it at all.
I don't think I'm alone here; problems like this (although not this exact one) were how I learned about computers. It's during these agonizing multi-hour sessions that you really get a glimpse of what goes on behind the curtains.
;-).
I learned how to build and modify my own box after many agonizing sessions installing new hardware, much like the doctor in the Post story who couldn't get her printer working for love or money. When you go through all the troubleshooting procedures for figuring out why your new RAM, hard drive, or video card doesn't work you learn very quickly how it all goes together. The second or third time you do it is much easier.
I was never really all that interested in computer security until my first Linux box got rooted. Luckily for me I had it configured for a graphical login where all accounts were listed as icons, or I might never have noticed that there was an extra account. After that I became a computer security nut, getting updates from 5 different sites and configuring multi-tier systems. Being interested in security is also what got me into OpenBSD. The experience I got with OpenBSD was extremely useful for me in getting one of my first IT jobs; I think my broad experience with multiple Unices is what got me that job and allowed me to be successful there.
Troubleshooting problems like these, annoying and frivolous as they may seem at the time, is a great way to become the guy that people go to for their problems. Now whether or not *that's* desireable I'll leave up to you
"He's more machine now than man, twisted and evil."
But still back in 1996 Linux was made with high speed networking in mind. Windows 95, 98 were made with mostly dial up networking in mind. Linux in 1996 wasn't even seriously trying to invade desktop or even much of the server market. At this time Linux was just trying to go "Hello!!! We exist and we can do a lot of stuff that you 10k Unixes can do for free." So it was busy porting all the Unix utilities to it. So we had netscape 3.0 which didn't have enough features to support the viruses and spy-ware. While Windows 98 Has the market share Apple was dead, Unix was dead Linux was just a bit player for hackers. So Microsoft worked on putting on features to the product to sell more, and to kill off netscape. Integrated everything, that was the buzzword of the late 90s. No one really (Who had enough say at Microsoft) had foresight of todays problems to make windows 98 still run in 1994. So features were added. And if Linux had the technology at the time there was a good chance that they would do the same as well.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Realistically, I would anticipate a similar result if I were to directly connect an unpatched Red Hat 5.1 machine to the Internet. After all, Windows 98 and Red Hat Linux 5.1 are both technologically obsolete, having been released on June 25, 1998 and May 22, 1998, respectively. They are over six years old, and both were available for purchase. Why should Microsoft support Windows 98 if Red Hat doesn't support RHL 5.1?
On the other hand, Red Hat Linux is open source; thus, anybody is capable of backporting patches to their version of the operating system, whereas Windows users remain dependent on Microsoft. Additionally, the operating system still does possess a substantial user base, whereas users of RHL 5.1 are much more likely to have already updated their machine(s). Most importantly, Microsoft is probably financially capable of supporting Windows 98 indefinitely.
I ultimately believe that it is Microsoft's responsibility to provide support for Windows 98 unless they develop an alternative method for the end-user to properly secure it. Not everybody is willing to endure the inconvenience of installing a new operating system every two years, and the Internet certainly doesn't benefit from a prodigious cache of unsupported, vulnerable machines.
Do you like German cars?
Windows 98 is 6 years old and isn't sold with computers anymore. This test just shows remaining Windows 98 users they should keep up to date or upgrade to XP.
First, no it doesn't - they didn't do the necessary control experiment, which would be leaving an unpatched, no-AV machine with XP hanging around on the broadband network. Do that and your box is fried a lot faster than 98.
...I have some Win 98 boxen around here, as well as some Win XP/2K. I have MANY more problems from the newer boxes, mainly because most of the newer worms are no longer "compatible" with the older machines.
Yes, it's security by obscurity, but that's good in addition to having current antivirus signatures! With the XP/2K machines, we can't patch them fast enough to keep them clean on our notoriously insecure university network. The 98 machines are dedicated to running some specific lab hardware, and are sufficient to the task. They aren't getting replaced, or upgraded. Well, I did upgrade them from 95, but even I'm not that crazy. ;)
-Looking for a job as a materials chemist or multivariat
So what's the solution for Jane Boxwine?
I just worked on her PC. Nearly exactly as you've described.
The solution was simply to install one of the many free antivirus packages out there (I used AVG) and AdAware as well as a helping of Windowsupdate.com. Microsoft was gracious enough to realize that Win98 users will need support for a long time coming.
After removing half a dozen viruses (virii... whatever) and 500 spyware/adware "objects", the PC runs fine.
Life is the leading cause of death in America.
Not if the person who hacked your box knows what they are doing
That's lacking proper perspective. I know of only a few dozen people who could successfully deceive ps and netstat at will, and all of them have far more important things to do. I know of many other people who probably have the skill to do it but have no interest in poring over the source code to actually figure it out. Then there's the matter of writing a properly deceived edition, compiling it, and placing it on the victim's machine. Script kiddies use rootkits, which are typically kernel modules, and most Linux enthusiasts will switch their kernel once or twice a year which would require that the kmod be recompiled.
I'd say the single best thing to do is watch netstat. Of course, doing this had me infuriated one time when gconfd was hosting a remote network connection. Even after several hours of looking through Gnome documentation I had no reason why this would have been happening.
Ironically, Windows, even 2k or Me, do not have a program which is as neat and tidy as netstat. I don't know if this is by design or by idiocy, but the best thing you can do is set the network monitor to look at total traffic incoming and outgoing (IP and TCP byte count). When I did this I noticed that both IP and TCP byte counts would go up even if I launched Wordpad.exe and started typing. I didn't want to get too paranoid so I turned it off.
+++ATHZ 99:5:80
Reformat and reinstall seems to be everyone's
answer. Personally, I see that as a final resort.
Do you have any idea how long it took me to get my programs runnning the way I like them? That "personal" data is spread across a registry that, in this case, was probably not good enough to backup and just restore.
I've NEVER reformatted a computer unless it was a new hard drive. NEVER. My job is to keep four different schools' computer networks (all mixed 95, 98, 2K and XP) up and running, everything from mouse cleaning to network installation. I've NEVER had to reformat any of the PC's.
Personally, I run 98, on my main desktop machine, ever since 98 was launched and before that 95 was on my previous main desktop machine that WAS STILL WORKING 5 years later when I decommissioned it (now a Linux router with the original hardware still going strong and the Windows partition still working from a LILO prompt).
Reformat and reinstall is a stock answer that means "I don't know how to fix this." or "It's too big a job for me to be bothered with." My computer has gone up the creek any number of times (99% bad drivers/software, 1% user stupidity, 0% viruses or other rubbish) and it's always salvageable, proof is that I'm running the same machine here and now.
It's 98SE... it's on the net (broadband), it's patched up, it's got AdAware, SpyBot, Zonealarm (with antivirus, though it's disabled because I don't run anything I don't know... never had a virus except a brief glimpse of one from a computer magazine's cover CD demo of SIN... no damage, detected and fixed within a few hours).
People like this poor unfortunate person don't know that their PC is not an appliance. It's not Plug and Play (no matter what MS or Linus may tell you) but it *should* be by now. We put a man on the moon 40 years ago but we can't stop a twelve-year-old writing software that bypasses Microsoft's security. This shouldn't be a poke at the user who had this problem or the techy who took so long to fix it... the problem is much deeper... it's not even a case of user education... user's should NOT have to worry about things like this.
Reformatting someone's PC is damnright rude. They use that PC, they don't want to have to go through all the business of setting up and installing their programs again. It may save you time, but it costs them twice as much in the long run.
It would take a few hours to fix this PC, if you did it properly... especially with reboots, crashes etc in between, but fewer and fewer technicians bother... it annoys me as a technician that people still think formatting is an answer... it's not... it's an admission of defeat.
I had a bug-ridden laptop brought to me a few months back, with Win2K. AdAware showed over 300 seperate pieces of crap on it, not to mention viruses and being unpatched for over three years (it had been on the QE2 cruise liner all that time, with only occasional internet access). It was cleaned, pruned, had a few bits installed to prevent it happening again (as the user is a bit of a tech-dummy) and it's running fine, without the need for a reinstall.
Bad defaults, hole-y operating systems, no thought of a "dumb" user in the design process and lack of a decent auto-update (hey, MS, why not send out a free update CD to every single Windows registered owner and have a single-download EXE online, updating it about twice a year?) are the problems here, not the user.
Oh, and I miss the days of a DOS boot floppy with an up-to-date Virus scanner on it... You need control of the entire computer to properly flush out a virus without getting yourself reinfected or into "this file is in use" trouble, especially on the DOS-based Windows. There's no point virus-scanning when you're running the virus scanner off your hard drive... how do you know that's not been compromised? I'll leave that idea there for the next generation of virus writers.
They also get owned through dial up. Just as fast. Once again, the slowness of the connection itself masks the fact that the thing is broken. It makes the user think that dial up is unusable, when I've shared a dial up connection with my wife under Linux without problems. Dial up users are also targeted by a special class of worms, porn dialers, which can cost the user plenty. I've heard users tell me about their computers dialing on their own in the middle of the night. Nasty.
With all the broken Windoze boxes out there able to launch all manner of attacks, the web is a really ugly place right now.
Friends don't help friends install M$ junk.
- wuftpd
- sunrpc, portmapper
- imapd
- sendmail!!
- bind!!!
- openssh
- openssl
- apache
- php
- samba
I'm sure I forgot a dozen other common packages, but you get the idea. Any outdated, Internet-connected system is a disaster waiting to happen.I have a friend who recently had to take her computer in to Best Buy and spend $210 for them to diagnose, remove viruses/spyware, and install protection. It took them 2 days to do this. All of this because she is very computer illiterate (she uses it for email, visiting websites) and her mom is even morseo.
I tell them time and time again not to open strange email attachments and to keep automatic updates turned on. Still, even though neither of them will admit to ever clicking on "bad" emails or visiting spyware infested websites, the Best Buy techs managed to find over 30 different types of spyware installed.
``Computers are still expensive (when compared to other electronic devices), and I think when you've spent that much on a PC you sort of expect it to work.''
Or, when you buy such an expensive machine, you learn how to use it and take good care of it. Back in the day when computers were still uncommon in households, the people who used PCs were very aware of the virus threat and had backups and virus scanners.
These days, even though the virus threat is a lot bigger and gets more publicity, people just don't seem to care. Most people I've talked to (after they got infected) told me that they knew their computer could get infected, but they expected it not to happen.
Several months ago, some institution conducted a study that found that users actually blame their ISPs for virusses. They consider it the ISPs responsibility to keep virusses out of their system. This shocked me, and I wrote a letter to the newspaper that published the findings, explaining that the ISPs have nothing to do with it and you don't even want them to filter what gets to your computer and what doesn't. I also explained that a lot of exploits are only possible because people chose to run known insecure software. Hopefully it educated some people. I am afraid, though, that people just won't take responsibility for their own computers.
Please correct me if I got my facts wrong.
I, at one point, thought this too. However, when you think about it, it's really kind of asinine.
Here's why I believe this: The computer is a tool, just like a car, a microwave, blahblahblah. The end user just wants it to work. Just like they turn the key on the car, turn on the microwave, blahblahblah. The answer of "Her solution is to bite the bullet and really learn to use a computer." really isn't addressing the issue of the fact that it's supposed to be a tool that I turn on and use, not have to be a CS major/have years of experience/whatever they percieve it takes to fix it to understand it. This moves the onus of fixing a programmatic problem (holes that should be patched/shouldn't exist/aren't obvious to someone who is usually unqualified to address it.
Hell, I work for a shop that's like this: The user's use a PC by mandate for the most part. They use it as a tool. They just want it to work. These people keep a lot of techs in work.
I'm not saying that the user is totally out of the woods for some of their own problems. I've cleaned enough spyware off machines to know that some people are just stupid, and willfully do commit acts to put spyware and stuff on the machine. These people don't need to use a PC until they've had it drilled into them that "yes" to everything will lead to problems, or at least cost them to pay someone to fix it.
EveryDNS. Use it. It works.
AC's need not reply
Ghost, DriveImage, PartitionImage, whatever you want to use fer godsakes people make a backup of some kind.
...but still not one person I know has a proper backup of their machine.
I don't know how often I've had to explain to people that backup software is only really useful if you make the backups BEFORE the problem occurs. waiting until you have a problem does absolutely no good.
Not even the ones who already have the software to do it.
Umm $45.00 X 10 hours would be $450.00
He states that he billed her 800.00 total.
That is a lot more the $45.
I would hope computer people have more morals than used car sales people or politicians.
I maintain computers for a set of Curves for Women gyms owned by a couple of friends of mine. I run into the spyware/malware problem all the time.
Each gym uses DSL to connect to the internet. While working on one of the computers this weekend, I noticed that McAfee Personal Firewall (I stopped using Norton a while ago) wasn't seeing any inbound events, unlike the other gyms where it sees 10,000 to 20,000 events per week. A little investigation showed that the DSL modem at this site has a built-in DHCP server/router/firewall/NAT function. Seems like the DSL providers are getting a clue and building necessary capabilities into the hardware that the customer has to have just to connect to the Internet.
Don't underestimate the power of The Source
To be honest, I think the thing to do is to print out the article for the hypothetical user, and point out that this is what happens if you don't install critical updates, a firewall, virus protection and Adaware
Spybot S&D makes the host file (in which in can store a lot of ad/spy-related hostnames to point to 127.0.0.1) read-only. It's been doing this for ages, so I'm guessing spyware makers will have found out about it by now.
SCO employee? Check out the bounty
And i'll say it agian..
t s.zip
1. Run Spybot.
2. Run Ad-Aware to clean up what Spybot missed. (which is not much)
3. Load a Hosts file filled with nearly all of the nasty URLS in which the 'wares originate.
Were do you get his hosts file, you might ask?
http://www.pelicancoast.net/~nighthawke/hos
Do a file search for hosts and replace it with this one and enjoy your sparkling-clean system as it roars off the blocks at boot and purrs all day long.
First rule of holes; When in one, stop digging.
My girlfriend's aunt's computer was acting up, and they asked if I could fix it. They complained about pop-ups mainly. When I sat down at the computer, it was just excruciatingly slow. After I finally got the hardware properties to display, I saw that they were running a 2.6 GHz P4 with 512 MB of RAM and a Radeon 9800 Pro. But spyware alone had brought that computer to its knees. It was a mess.
I installed Ad-Aware and Spybot and let both of them run, and just got rid of everything. I removed a ton of crap with Add/Remove Programs, as well (lots of online casino shit and other useless garbage). I then removed those irritating TVMedia pop-ups by booting into Safe Mode and removing the necessary programs and running Hijack This.
I explained to them that, by running Spybot and Ad-Aware regularly, as well as keeping Windows up to date with Windows Update, they could keep their computer mostly clean. But one point I made very clear to them was never to use Internet Explorer unless absolutely necessary. I downloaded Firefox for them and set it as the default browser. I explained that Internet Explorer was probably the cause of 90% of their problems, because it's possible for websites to install things silently by using it or any number of other undesirable things. So I made it very clear that they should stick with Firefox. I also uninstalled Kazaa and installed Kazaa Lite for the kids.
Now their computer is running as it should. No more pop-ups or any shit like that. It took about 3 hours, but I did a damn fine job with that box, and they were grateful. All throughout that ordeal, I was thinking, "God I'm so glad I'm a Mac user."
Mum's computer doesn't have enough horsepower to run XP, but it does have enough horsepower to run all the viruses and spyware that she will accumulate? That sounds like false economy to me.
Anyway, I think your Mum's computer will run XP just fine with a few tweaks. Turn off all the visual effects, every one of them. And tell Mum not to turn them on again. Turn off unnecessary services (there are a bunch) and don't tell Mum how to turn them on again. Tweaking the services may take you a few hours (don't let Mum do it - do it for her), but in the end XP will run just fine. There are lots of XP-tuning sites out there that will give you loads of other advice - like turning of fast-user switching if Mum shares her computer - seek out those sites and heed their advice.
I have an old 433MHz PII-Celeron laptop with just 128MB of memory, and it runs XP just fine. It's not the fastest computer in the world, but for things like email, web browsing, and occasional Word processing, it does just fine. And it's far more stable than 98, which would crash daily even with just light usage.
Set Mum up with XP. She'll love it. And maybe she'll even bake you some cookies to munch on while you work.
Right on, somebody gets factual about 98. Thanks man.
Hate Microsoft all you want, but here's my experience with 98se: it works fine if you do a few simple things.
The big one is don't use MS apps. No IE, no Outlook, and no Word if you can avoid it. (OOffice can't do everything you need to collaborate with some publishers. It does a lot now, though. Many professionals don't need Word anymore.) This makes an stable box for joeuser who turns the computer off at night.
Run a lot of software over time and you will start getting the crash-happy MS experience we are all too familiar with. Install the Unofficial Patch. This cures it flat out. Every bit as good as reinstall. I haven't had done a reinstall on any 98 box since that's come out; it may be a permanent fix.
The recipie: install w98se + Unofficial Patch + O'Reilly Utilities + Tweak UI, and you've got a stable 32bit OS that runs almost all software and hardware, and with a low learning curve that you can hand to any joeuser. Add zonealarm and AVG and it's secure. (remember, you're not running the insecure MS apps because they make it instable.)
I'd love to have a Linux option that's this damn easy. We're not there yet. But we're getting close and I'm looking forward to it. Linux is so much better in other areas.
Also we're finally seeing apps and hardware that don't list compatibility with 98. These mostly work, but there's no longer enough 98 users to justify supplier testing. So we're finally seeing the end of the road coming for 98 as a do-everything OS.
But dual boot is a piece of cake with 98, meaning moving your joeuser on to Linux for the inevitable OS upgrade is easy. No need for XP.
Hope that helps somebody. MS deserves a lot of flak, but that's been overwhelming the fact that an excellent stable w98se can be easily set up for clients, friends, and family. Use those old disks if you've got them: it's *not* the blue screen hell you've been told.
Yeah, yeah, firewall, toolkit CD, spare hard drive, blah blah blah. How far do you want to take that? "What kind of half-assed tech doesn't carry around the kit to build a complete multi-tier corporate network from scratch?"
The bottom line is no one should ever have to reinstall the OS just to get rid of malware. Right, wish in one hand, etc.
When I went home for my sister's graduation last June, my parents were in a similar situation to this reporter. They had Windows XP and had never downloaded a Windows Update. Ever. There was too much stuff on the computer (financial records, etc.) to just blow it away and format from scratch.
After about 6-7 hours of actual work and about 36 hours of downloading (yes, dialup, in a rural area to boot), I had the system back to what appeared to be normal. They haven't reported difficulties since then, so I assume it's more or less stayed that way. Ad-Aware, Spybot, Norton Antivirus, mostly judicious and occasional heavy-handed use of regedit, and several boots into Safe Mode were the key. It's tedious, but it can be done, and sometimes should be done.
A lot of times reinstalling from scratch is somewhere between a false economy and a disaster waiting to happen.
-- Old Man Kensey