Slashdot Mirror
The Cost of Computer Naivete
wiredog writes "What happens when you put an unprotected Windows 98 box on a broadband connection? Two perspectives from two reporters for the Washington Post (frr,yyy): The User's " an odyssey that has taken $800 and roughly 48 man-hours over nearly three weeks" and Digital Doctor's "Her PC was in such bad shape, it required 10 1/2 hours of surgery to restore it to working condition.""
Geez... it takes 10 1/2 hours to install Linux these days? Have all distributions gone the way of Gentoo?
(Yeah I know, fair to Microsoft... on Slashdot!)
Windows 98 is 6 years old and isn't sold with computers anymore. This test just shows remaining Windows 98 users they should keep up to date or upgrade to XP.
It is bad enough with 98, but what if the same experiment where conducted with XP, considering all the wild RPC attacks?
"Here's a spoiler: You're will die alone."-Triumph the Insult Comic Dog
"Her PC was in such bad shape, it required 10 1/2 hours of surgery to restore it to working condition."
It takes me a lot shorter to install Win98 on a box and that includes saving any or all documents.
1.5 hours tops.
This is the sig that says NI (again)
It's said "Washington Post (frr,yyy)" Free Registration Required, Yadda Yadda Yadda.
In Soviet Russia, the profit overlords welcome you!
Whatever happened to:
Format, fdisk, re-install do da, do da?
Pull all the useful data off onto a spare disk and clean the machine. Just don't be like my neighbor, and wipe, then install your new os on the spare disk.
=================
Unix is very user friendly, it's just picky about who its friends are.
Very few machines are worth 10.5 hours for me. Factoring in labor, I can save a lot of money by saving the data elsewhere then FDisking and reinstalling the OS. Even considering windows install time, program install time, and configuration, I don't have 10.5 hours in it and the user probably has a less glitchy machine for it.
How many roads must a man walk down? 42.
I wanted to take a 98(non-second edition) box, no patches, no firewall, and no updates and visit a frew pr0n sites with IE, and see how much I could get it to be 0wned with spyware, plugins, popups, etc before it was rendered unsuable. Make it a competition to see how quickly it would bring the system down.
The screenshots would have been hilarious. If I only had VMware.
While Apple's track record on security isn't perfect, I hope she'll realize that she has these problems because she chooses to use Microsoft products. That it's a choice is debateable, given MSFT's documented predatory practices. However, it's ultimately up to her to stand up to the monopoly, since the government refused to.
If she buys an Apple Mac computer next time, she will have a computer that functions better, works better, and breaks much more rarely than her current Windows computer. It's simple, really.
(Me, I use Debian GNU/Linux because I value the freedom that is in Debian's goals. I recognize that Apple shares to some degree these goals, looking at its KHTML-based Safari goals.)
Flame me, since many of you will, but consider that whether you blame the creators of Gator, Microsoft, or worm writers, she would have a better experience on a Mac.
"choice"
|/usr/games/fortune
'Surgery' is a little misleading since it suggests hardware damage was incurred. If I was determined to use a metaphor, I'd go for 'therapy' :)
Prosperity is only an instrument to be used, not a deity to be worshipped. Calvin Coolidge
I find it interesting (and a little frightening) how otherwise educated people (reporters, for instance) can be so clueless in critical areas. Is this inevitable for people?
And yes, I do consider basic computer literacy a critical skill; your computer is not just an appliance. Letting your computer get 0wned is much like letting your car run out of oil.
----
"Ours was a free culture. It is becoming much less so."-Lawrence Lessig
Consider a hypothetical Win98 user. For the sake of argument call her 'my mum'. She runs a Pentium II-450 and uses it for email, word processing, web browsing and very occasional other bits of office. The computer runs all these tasks fine, but it really isn't powerful enough to run XP. Windows 2000 would make life better, but it will go out of support soon and if you worry about getting legal copies, it's not available in a home edition so it's very expensive. Windows ME can hardly be called an improvement.
So you're saying people in this position need to spend money to upgrade their hardware despite the fact that the current computer runs all the software they want to run at a speed they find acceptable.
Yes I know; install Linux.
In soviet russia stale jokes recycle you!
..of my initial days of tinkering around with RedHat 6.x.
My old office had two RH boxes on a static IP. There was no such thing as an administrator. As a programmer, I was supposed to install all applications, configure them and also *ensure* it was up and running.
Got a call from the ISP two days later. They had shut down the machine because of complaints from other users - apparently some application from these machines were flooding the network (I never did find out what they were doing though). Got the ISP to restart them. Frantic googling and few "security guide" downloads later, I started exploring what was wrong with them (incidentally, I was *still* accessing those machines remotely - my office wouldn't pay for me to go to the site to check the machines). Turned out there were THREE rootkits installed on one of thsoe machines. Found the traces of one of the possible three attackers - was some IP space in netherlands. Later found that that range of IP addresses was actually under contention and was thought to be not allocated and probably belonged to some malicious/rogue ISPs (I haven't understood this part yet).
Not knowing much, I got them to reinstall the OS. Of the three, two rootkits appeared within 2 days. Another re-install, this time with the Linux security guide implementations for securing the box. Things were ok for about 2 weeks or so. I then had yet another attack and someone was using my box as a IRC relay host (or something) and I was still in trouble.
Finally, after some RH updates and more tweaks (and ipchains and iptables install/config), I was able to have reasonably secure machines.
Trial by fire, but I learnt a lot!
*shiver. I hate to think how it would have been, had those been '98 machines
http://efil.blogspot.com/
My mother's machine was the same way. Win 98, no windows updates for nearly three years. On a cable broadband connection, no firewall. Anti-virus wasn't updated since 2000.
Between an updated McAfee, Ad-aware, and a few other spyware removal tools - I spent nearly eight hours on getting her machine back to a working condition. Once I was able to back up her data, I formatted and moved her to XP Pro.
She had enough trouble learning XP - I wouldn't dare put Linux in front of her.
Almost 20 viruses.
Over 150 spyware components, files, etc.
Three hours of Windows Updates to download over a broadband connection.
Don't clickety-click on everything on your screen. Some of those links are bad.
I bet he didn't check the hosts file. I bet that was null routing the liveupdate DNS records.
Once the infections were removed, LiveUpdate still could not retrieve the latest virus-targeting data. So I gave up on that and uninstalled and reinstalled the entire Norton AntiVirus program, hoping that its update system would work afterward -- but it did not. I again tried to access Microsoft's Windows Update Web site, but IE still failed to respond.
Suspecting a problem with Internet Explorer itself, I tried to repair IE using the Add/Remove Programs control panel. That didn't work either, producing an error message that indicated some file or files necessary for IE were damaged or inaccessible. Trying to restore the previous version of IE, 5.5, yielded no benefit, either.
Finally, I abandoned ship, reinstalling the entire Windows 98 operating system to repair the damage to Internet Explorer and allow Kathleen's computer to access the Internet and update the Norton AntiVirus definitions.
I always check that file. It always gets hijacked. I'd be willing to bet that was his problem.
Things were going pretty well, and we left the systems on overnight. When we signed back on in the morning, my machine was fine; his machine had been compromised -- in grand style. We found the following:
The main data on the system was not compromised and while there was a minor virus infection, for the most part things were not touched. I should say, "things were not touched that we could detect" -- they could have taken a full copy of his HD for all I know, not that anything important was on there (it was just a gaming box).
He probably wouldn't have noticed the attack itself except that his processor wasn't all that hot and he was on a 10M/sec network card; between the heavy compiling and the constant sending of virii system performance had dropped noticably.
The fix?
Unplug from the internet, make sure no data on the box is needed, and format it back to the stone age. It isn't like reinstalls take a long time. (Backups are your friends.
From the article:
"What a revelation: Four programs -- one a firewall and three to combat spyware -- I downloaded FREE worked better than one I paid through the nose for. Why would anyone create these terrific programs for free? Often, as in the case of ZoneAlarm, they hope people will like the product so much they will buy an upgrade or, in the case of the spyware, pay to subscribe for upgrades."
She was right in the middle of the trees, and couldn't see the forest... yes, free software, even WINDOWS free software, works better and does what it says it does.
Talk about leading horses to water...
I finally decided to install Apache. I had been running an ftpd for a long time to transfer files between home/work/family/friends but so many of them began asking for me to appeal to the least common denominator that I finally did the apt-get install apache. Honestly speaking it was the easiest fileserver I've ever set up. Granted I didn't look into authentication or restricting access yet. I simply wanted to install it and offer files. In terms of basic functionality apache was much easier to achieve liftoff than ftpd or samba.
/24, poking around for overflow vulnerabilities by sending SEARCH and GET requests with more than 8190 bytes.
Here's the rub that fits with this article: Apache was not up and running for more than 2 hours before I had 3 IP addresses, two of them on my own ISPs
Why can't these script kiddies be stopped? It is obvious what the intent was.
+++ATHZ 99:5:80
For example, a tax accountant would probably think you clueless if you ended up having a big tax bill on April 15. Paying your taxes properly is a critical skill, since everyone has to do it.
Or a doctor would think you clueless if your cholesterol was over 200. It's (usually) quite simple to keep your blood cholesterol low.
Unless it has happened to them or someone they know, most computer users are unaware of things like spyware, virii, etc.
bun-fhuinneog agam!
and a switch is definitely in order. when you have blight, nematodes, and rot in a soybean field, you have to rotate out of soybeans and plant anything else unrelated for several years to clear the land.
in the MS software monoculture, we are also at that point. pick Mac OS or Linux, but switch. you can't grow anything in that MS patch any more.
if you can't/wont, I have had multiple update choke-n-hangs with norton antivirus in the last year plus. each has finally been resolved by switching that user to Grisoft's AVG program, www.grisoft.com... and using Zone Alarm and Ad-Aware to deal with the other types of threats.
if this is supposed to be a new economy, how come they still want my old fashioned money?
It's now a major pain to install a windows system from scratch, using the original CD.
You now have to
- think about getting the latest service pack first
- think about getting a firewall with its license key (love it when the firewalls ask to be registered before working, and need an internet connection to be registered!),
- think about getting an anti-virus (same story)
- then install the system (disconnected from the network, of course, so forget about "configuring an internet account" during the install)
- install the service pack
- install the firewall and the anti-virus and make sure that they're running
- go to windows-update and patch your system
- start to play.
This is an impossible task for 99% of the regular windows users, who don't even know what a firewall is and how to configure it. There have been improvements in the installation process of OSes and applications, in order to make it possible for reg. users, but all these efforts have been ruined by virus and worm writers.
And I'm not even talking about spyware, adware and spam...
Windows 98 is 6 years old and isn't sold with computers anymore. This test just shows remaining Windows 98 users they should keep up to date or upgrade to XP.
First, no it doesn't - they didn't do the necessary control experiment, which would be leaving an unpatched, no-AV machine with XP hanging around on the broadband network. Do that and your box is fried a lot faster than 98.
...I have some Win 98 boxen around here, as well as some Win XP/2K. I have MANY more problems from the newer boxes, mainly because most of the newer worms are no longer "compatible" with the older machines.
Yes, it's security by obscurity, but that's good in addition to having current antivirus signatures! With the XP/2K machines, we can't patch them fast enough to keep them clean on our notoriously insecure university network. The 98 machines are dedicated to running some specific lab hardware, and are sufficient to the task. They aren't getting replaced, or upgraded. Well, I did upgrade them from 95, but even I'm not that crazy. ;)
-Looking for a job as a materials chemist or multivariat
You don't need any stinking non-Free software to make ghost images.
/path/to/image.gz
/path/to/image.gz | dd of=/dev/hda bs=128K
Here's how you do it:
0. Set up a recipient (either a second hard disk, a machine on the network - whatever - I do it over the network)
1. Boot Knoppix on the machine you want to ghost.
2. Mount the destination.
3. dd if=/dev/hda bs=128K | gzip >
To restore:
0. Set up the source.
1. Boot Knoppix on the machine you want to install.
3. Mount the source.
4. gzip -dc
Tips: Overwrite any free space on the machine you want to ghost with a huge file filled with 0x00, then delete the file. The disk image will compress much better as you've scrubbed the deleted files.
I use a system like this to ghost many machines at a time (an image server can easily deal out 30+ images at once). It'd cost a fortune to license many copies of ghosting software - with Knoppix and a very small shell script, I've got an automated system which will do many machines at once. (A typical 40GB fresh WinXP install with our apps compresses to under 1GB with gzip).
If you're doing WinXP, remember to either make a Sysprep build or use something like System Internals free (open source but not truly free) tool to change the SID and hostname of the machine when it's booted the first time. (This is the approach we use due to the limitations of sysprep).
Oolite: Elite-like game. For Mac, Linux and Windows
I saw this in the Washington Post yesterday and thought it interesting enough to send the reporter (Kathleen Day) a note, which follows, summing up my thoughts on the matter. I haven't heard anything back yet (and I don't necessarily expect to).
-Phil
Ms. Day:
I find it absolutely fascinating that problems such as the one you encountered are treated primarily as a user education issue. It's true that there are some things that everyone needs to know in order to use a computer. It's also true that savvy users can often avoid security mistakes. But one wonders, "Why is it that users *have* to be security-savvy in order to effectively use their computers?" I'd submit that the problems you wrote about are mostly the result of design flaws and not naivete. In many ways, I think the computer industry has set the bar far too low by blaming users for problems it has created. Put another way: what would you think if you had a car that would sometimes break down without warning if you drove it on the highway without first buying additional parts?
As I see it, there are two design weaknesses that contributed to the problems that you wrote about. First, basically anything you do on a machine running Windows is done with full administrative privileges. In one way, this makes sense: you own the machine, so you should be able to do anything you want with it. The problem, however, is that this blind trust allows malicious software to do pretty well whatever it wants. Most other operating systems (Mac OS X, Linux, and Unix) require you to take some special action (usually typing a password) in order to install software or alter the operating system. While this can't prevent you from choosing to install malicious software, it makes it quite difficult to do so unknowingly. To stretch the car analogy a little further: people can't modify your car's engine without your knowing about it because you have to open to hood in order to reach it. Computers should work the same way.
The second problem is that Windows doesn't make a strong distinction between programs (the applications that you run) and data (documents and the like). This makes several attacks a lot easier, as malicious programs can sneak onto your machine by masquerading as data when you are browsing the Internet. For most non-Windows operating systems, there's something that you have to do explicitly to say, "This is a program and it's OK to run it." If Windows has these protections, there still wouldn't be anything to stop someone from maliciously sending you data you didn't want--but your computer wouldn't be able to then run that data as if it were one of your programs.
It's a mistake to say that anything is totally secure. There have been (and will continue to be) successful attacks on operating systems other than Windows, of course. But I think it's a mistake to think that Windows has so many (and such severe) attacks just because of its dominant market position. True, it's low-hanging fruit for those with a malicious bent. But it's also so much easier to attack Windows because of the way it's been designed.
The very concept of a computer virus depends on both of these two factors. Take away the administrative powers, and the virus has little if anything to infect. Remove the confusion between programs and data, and it becomes much more difficult for malicious software to spread. Many regard it as unnecessary to run antivirus software at all on non-Windows systems. While I'm personally not sure that's a good idea, it does give one an idea of the relative security levels involved.
I think these security problems may ultimately threaten Microsoft's market position. The bad design decisions that are part of Windows weren't made because Microsoft is dumb (quite the contrary: they employ a lot of very smart developers and architects). They were made for market-driven reasons. Lots of old software (dating back to old versions of Windows and the even older days of MS-DOS) simply won't run in a more secure environment. As
I maintain computers for a set of Curves for Women gyms owned by a couple of friends of mine. I run into the spyware/malware problem all the time.
Each gym uses DSL to connect to the internet. While working on one of the computers this weekend, I noticed that McAfee Personal Firewall (I stopped using Norton a while ago) wasn't seeing any inbound events, unlike the other gyms where it sees 10,000 to 20,000 events per week. A little investigation showed that the DSL modem at this site has a built-in DHCP server/router/firewall/NAT function. Seems like the DSL providers are getting a clue and building necessary capabilities into the hardware that the customer has to have just to connect to the Internet.
Don't underestimate the power of The Source
I do this for a living. I work a regular job trading futures, but I've been playing with computers since I was 6 or so. It is the easiest money to make. I could charge tons, but I just charge around $100 bucks for 1-6 hours of work and usually people are so happy I make everything work that they give me food and beer.
It boils down to having a USB key with 5 programs. They all fit on a 16MB key. Sometimes if I know my client has a virus program ahead of time I will download the definitions, but not that often.
People's problems are always the same. Virus and spyware. I don't recommend that most people use a software firewall since everyone just gets click happy. I usually tell them to just get a router. I have yet to get a call back from any of my clients and each time I do see them they say they never have any problems. They also like the fact that the router is just a one time buy rather than constantly buying new software and upgrading. I know there are free programs out there, but most people just don't trust them (beats me why).
In his case, he needed
- a CD with all of the relevent tools and updates
- a windows boot disk with CD support
- an understanding of the windows command line in order to copy a subset of these tools to a convenient folder on the hard drive from the CD
- The knowledge to run these tools from Safe mode, and how to get there in the first place
- Include in the subset of tools one that can fix the broken LSP setup.
tips - I deal with this stuff all of the time. The best data on this stuff can be found in articles at spywareinfo.net - the forums are not bad either, although spywarewarrior.com also has good forums. also good to have is this list of known rogue spyware cleaners, along with this list of Anti-Spyware Orphans & Outcasts[LSP or Layered Service Provider is a piece of software that can be inserted into the Windows TCP/IP handler like a link in a chain. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, rendering the user unable to access the Internet. Spyware is good at this, and some cleaners leave a broken LSP behind.
With the correct tool, the fix takes seconds. Without the tool, you need to uninstall and re-install the winsocket, or else the same with the entire network support. Otherwise you fall into the trap this poor bloke got into.]
My current recommended free antivirus is Avast! Home Edition, which is very low maintenance for the home user, and requires registration for the free license. It also protect a number of common Instant Messenger clients, as well as several common P2P clients. It is better than AVG in my opinion, and detects many trojans as well as spyware.
You can get a system that is so hosed that it will not boot, not even into safe mode, even under XP. The solution there to remove the hard drive, drop it into an external drive enclosure, and hook it up to another system where you can use scanning software to do a basic clean so you can boot in the original configuration. Once it boots you can install cleaners from safe mode, and then run cleaners from inside every user account.
"It is a greater offense to steal men's labor, than their clothes"
Besides, the typical "mod parent up" post, can I recommend creating a BartPE boot CD with those tools you mention on it. Then you can skip the step of mounting the hosed drive in another machine.
I used a generic BartPE disk this last weekend to copy a friend's data off a system that was so badly hosed it wouldn't let me log in.
Nice stuff.
My girlfriend's aunt's computer was acting up, and they asked if I could fix it. They complained about pop-ups mainly. When I sat down at the computer, it was just excruciatingly slow. After I finally got the hardware properties to display, I saw that they were running a 2.6 GHz P4 with 512 MB of RAM and a Radeon 9800 Pro. But spyware alone had brought that computer to its knees. It was a mess.
I installed Ad-Aware and Spybot and let both of them run, and just got rid of everything. I removed a ton of crap with Add/Remove Programs, as well (lots of online casino shit and other useless garbage). I then removed those irritating TVMedia pop-ups by booting into Safe Mode and removing the necessary programs and running Hijack This.
I explained to them that, by running Spybot and Ad-Aware regularly, as well as keeping Windows up to date with Windows Update, they could keep their computer mostly clean. But one point I made very clear to them was never to use Internet Explorer unless absolutely necessary. I downloaded Firefox for them and set it as the default browser. I explained that Internet Explorer was probably the cause of 90% of their problems, because it's possible for websites to install things silently by using it or any number of other undesirable things. So I made it very clear that they should stick with Firefox. I also uninstalled Kazaa and installed Kazaa Lite for the kids.
Now their computer is running as it should. No more pop-ups or any shit like that. It took about 3 hours, but I did a damn fine job with that box, and they were grateful. All throughout that ordeal, I was thinking, "God I'm so glad I'm a Mac user."
Q: What's the difference between a used-car salesman and a computer salesman?
A: The used-car salesman knows when he's lying.
John