Slashdot Mirror
Survival Time for Unpatched Systems Cut by Half
UnderAttack writes "The Internet Storm Center published a graph
showing historic trends for the "Survival Time" of unpatched, unprotected (windows) computers connected to the internet.
Turns out, this number dropped from about 40 minutes last year, to 20 minutes this year.
The survival time is calculated as the average time between reports for an average target IP address. If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe.
The data is collected from a large number of networks with different types of upstream protection. So if you are on an unprotected cable/DSL line, you may see probes much more frequently. Either way, 20 minutes is not long
enough to download patches.
The Honeynet Project did publish a paper
with some stats back in 2001."
Microsoft should make Patch CD ISOs available. You could swing by a friend's house and get one, drop into your local computer store and have them burn you one for a few bucks, or pick up a Microsoft produced copy at your local gas station, like AOL CDs.
That what was all this school was for... to teach us how to solve our own problems. -- janeowit
Install the Windows XP off a CD that includes SP2 slipstreamed in, and your survival time online 'unpatched' goes up dramatically. Something about a reasonably good firewall that is turned on by the default installation...
No, not joking. At work, somewhere, there is an infected computer and while rebuilding a computer I plugged it in to run the updates for 2K and antivirus. Less than a minute after pluging it in, I was crashing and burning.
Had to go to a patched computer, download the needed updates and burn them to CD and update the computer that way first before plugging it onto the network.
REALLY anoying.. and when I find the user with the infected computer.. well, lets say I'll have a new storage location for this dead notebnook hard drive...
...not suprised at all? This isn't intended to be a troll, but back when blaster was "new" and I was formatting, I was hit three times within two minutes of booting, which gave me a whopping 3 minutes to download (not an issue) and install (BIG issue) the corresponding patch.
In the end I had to swap some CD burners around, download+burn the patch, and then unplug the box from the internet while booting.
Of course we all know which operating system is getting p0wn3d so quickly. Linux (as long as you don't from install a CD more than two years old), BSD, and OS X have a much higher tt0.
--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft
The name "survival time" suggests that it's the average amount of time an unpatched system would last before being compromised. That assumes that every single worm targets every single unpatched system, and is always successful. That's not exactly realistic - many worms target specific programs which may well not be on the unpatched system, or target specific operating system versions.
It would be much more interesting to see average compromise times for a vanilla install of various different OS versions (with no ISP protection, of course). In the mean time, the name should be changed, in my view.
Someone set up us the bomb. How can you be redundant when there are like 4 posts... Anyways you make a really good point, the goverment especially loves to throw money at researching stupid crap.
Microsoft should have an auto-update during install feature. (If you have broadband). During the install process it could run the windows update, blah blah blah once your nic was initialized for the first time and IP granted etc.
I boycott signatures
If you have two computers and one takes 1 minute to infect while the other takes 39 minutes, then the average is 20.
i dont think that applies to Windows on dial up-- which is what iam on...i dont run any patch for winSE ,and iam stayin fine on the internet.
Cable/Dsl is always a liability.Win Xp adds spice to that.
Why does yahoo do this
Put an old red-hat system up and see how long it takes before you're r00t3d!
Or watch an OS-9 system crash!
Best Buy can have you arrested
What do they mean by survival time?
Time before worm infection?
Time before the computer is brought down?
I'm learning python
Because it says it in the story blurb!
Seems like cable and DSL modems need auto(ugh - scary)-updating firmware with firewall enabled by default. Stuff that will update without being plugged into a computer. I hate things that don't let you choose. This scenario sounds like you walk into a clinic for innoculations, but deadly disease agents are everywhere in the air. Try holding your breath while waiting...
Busy aligning my non-linear thoughts.
the important thing to note here is that that this ISN'T the time from an announced exploitable hole (and patch), it's the time an exploit actually takes once it starts propagating.
the time it takes for an exploit to be crafted has usually been sufficient to allow sysadmins to patch- 1 to 2 months usually.
doesn't mean it happens, obviously. and the time it takes for an exploit to be created is shrinking, too.
at this point, the clue should be received: firewalls. updates. secure systems.
(and microsoft, please fix your stuff pro-actively.)
stored on computers from birth to the grave
I had a a similar problem (albeit with a home box) under XP. The worst of it is that you can't just download the update installer and unplug the 'net connection because the installer itself does downloading. Since the other two boxes in my house run Gentoo and Redhat I couldn't download the patches from there (Does this look familiar?) and had to just race against time for 5 or 6 attempts before it worked.
They mean "average time between reports for an average target IP address".
Which means they assume all of those are from worms, and all worms are successful, etc.
It's still a bloody short time, though.
boot the system with the network cable unplugged, turned on the built-in firewall, or set up an IPSec policy to block the port, and THEN connect to the Internet to download the patch, Mr. Computar Smarty-Man?
It took me 4 seconds to get infected with the msblaster-virus. Connected my stuff, switched modem on and before I could mumble "crap, a 600 Mb update" : Your PC is shutting down... Not exactly crashing and burning but down it went.
Every time I read about computer security compromises resulting from failure to patch/setup firewalls/etc, I can't help but think there's a better way to educate the public than to wait for them to be victims. With all the MS tutorials and "helpers" (stupid paperclip...how I hate you!), it never ceases to surprise me that when you first start up a new MS-based computer, you don't get a security tutorial. Really, how hard would it be to take users through the basics of computer maintenance (and scare them into compliance) when they go to set up a broadband connection, etc?
Live free or die
1. As previously noted (I think on /.) the one thing you do not do with an unpatched WinXP system is to go onto the 'Net. Indeed, ISO's with patches or prepatched install CD's might be a solution but I think that the virus/worm/malware writers can also get these and patch their wares. Given MS's track record it'll be weeks at least before the problem is recognized or solved. It might be better to not take any WinXP system onto an open network.
2. I note that despite increased awareness and MS's increased focus on security the average survival time shows a downward trend, with slight peaks shortly after high profile worm events. How come? Is the average user slacking off? Or are the worms/viruses/trojans/whathaveyou getting smarter? Or are there ever more on the loose, resulting in an ever increasing number of probes? Looking at my firewall, the number of probes I receive remains more or less constant (although I had a few more than usual on port 8000 today) so maybe that is not a good explanation (for the Netherlands at least). Anyone?
----- One learns to itch where one can scratch.
This is why the average broadband connection should be behind at least a consumer router, even if it's the only machine connected. Routers are too cheap and easy to skip.
Microsoft Replies: In light of this new data, we would like to announce a new, more secure operating system. It is based on our Windows ME technology. By simply accelerating the timer for the essential bluescreen feature we feel confident that NO hacker will be able to make use of a corrupted machine.
Further, we are offended by all the FUD spread about our products by the open source community. Our security features include and expanded install size, which severly limits the space available on disk available to anyone who co-opts your computer for use as an illicit server.
Also, the times recorded by this survey are non-relevant and obviously flawed. They claim that their machines were only compromised after more than 15 minutes of CONTINUOUS uptime. This simply does not occur on our new ME+ varient. We cannot accept responsibility for those who remove our essential security features by removing 'buggy' components, or running a 'stable' GUI.
End Sarcasm;
The record shortest survival time, last time I checked, at the University of Alberta is four seconds. That's from the time they plugged in an unprotected Windows XP machine until the time it was compromised.
That's not enough time to engage your software firewall pre-SP2. I'm not sure of the condition post-SP2.
Oceania has always been at war with Eastasia.
So, does this mean that if you are running Windows Server 2003 (eg the eval version, as I am) on a cable/dsl line you should just assume that you have been rooted?
Fucking harsh.
side note; would using something like outpoast firewall make any difference?
This 'survival time' is an average which includes dialup users and those whose ISPs filter certain ports. Time for truly unprotected high-speed-connected PCs is probably MUCH shorter...
Ive personally seen XP machines get infected with Blaster, Sasser, etc, during the install of Windows. These days, if you install Windows with an active connection to the internet, or to a network of infected machines, your nuts.
I generally install Windows with the box disconnected from the network, install all the latest updates of a CD, then attempt to connect to the network. Most of the time, that works...
I do all my machine builds and initial updates with the box sitting behind a netgear router, fully NATted and with no port forwarding - i.e. the box is invisible to the net. I've merrily built and updated many machines in this way and have never been compromised (and my last step is to virus, spyware, and trojan scan with several of each type of tool).
If you just throw a cheap hardware router/NAT/firewall in front of your box when you build, this isn't really big deal I've found.
Please Rate my comment (and help support Fre
Perhaps a "TURN THE GODDAMN FIREWALL ON BEFORE YOU CONNECT TO THE NETWORK!" notice somewhere on the front page would get the point across? I've done exactly two Windows installs in my life and I know how how to safely set up a new XP system.
What I'm listening to now on Pandora...
I work for a Fortune 5 company and we've had to alter our standard load server procedure to go offline and apply some patches because we have estimated that one in six unpatched computers that we work with will get the Sasser worm (that annoying reboot prompted by LSASS).
If this happens in an enterprise environment, I pity all those clueless web users.
Lets think about why the survival time has been cut, just look at the MSBlaster crap and all the variations of it, if you had your computer plugged into an unprotected network whilst installing windows you would have it for sure by the time you had got to your initial welcome to windows screen. Of course thats why we put a seperate network up with NAT and a Firewall to allow us to do all our installations hooked up. But in a way the publicity that these viri and worms bring to personal PC security is a good thing. The more people who are actively aware of preventing such things can only be a good thing.
If at first you DON'T succeed, Skydiving is NOT for YOU!!
Honestly, isn't it obvious by now that if you put a old machine on the net it's going to get exploited? That's the case with Windows and Linux, put a Redhat 5 box up on a cable line and see how long before it's serving up the warez...
Yeah it seems really short, which is why I asked my original questions.
Thanks for the answer.
I'm learning python
Last time I reinstalled my XP partition, by the time I downloaded the XP updates and latest AVG sigs my machine was already rebooting with RPC errors. That was a fat pipe and I'd have to guess I had blaster within 5 minutes of touching the net. This was unfortunately at the wife's office at Uni... no firewall, no proxy.
Opinion: It's always a good idea to run a strong firewall in front of your home network.
Fact: If you're running Windows you MUST run a strong firewall in front of your home network.
LilMikey.com... I'll stop doing it when you sto
But honestly, how hard is it to set up a firewall to to your builds behind. You can build a smoothwall out of an old PC in a few minutes...
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
I'm guessing here, but time between when machine is first brought online and when it's first discovered/probed/found alive by a worm or hax0r scanners - in other words, time before worm infection or other kind of intrusion, because after it dawns to the world that there's an unpatched system right before their noses, there sure isn't much time left before that system is owned.
Or distribute the patch via a Torrent...
Too bad MS took legal action against this great idea.
How much of that can be attributed to faster technologies ? Greater CPU speed, Connection Speed etc?
Nick...
Electronic Music Made Using Linux http://soundcloud.com/polyp
it does ask to retrieve updates during XP install, you can skip it or let it do its thing, all automatic
as usual administrator ignorance seems to as much damage as the exploits do (like not switching on the firewall before retrieving updates then complaining when you get 0wned) , people seem to have a mental block when faced with
back|next|skip
on an installer, god help them if they meet a Linux install program
That's not true at all.
I have a bone-stock winXP system here, and have been running online for almost an hou*(&^@ SD#&7*$^)_*( #$%@#&*() #
NO CARRIER
Breathe in, breathe out. This can be overcome!
1. Unplug your network connection before you install the OS.
2. Install the OS
3. Before you connect to the network, shut down every service you can shut down and make sure they don't start automatically.
4. Connect the computer to the network.
5. Run windows update until you're fully patched
6. Set up the firewall
7. Start enabling any service you might want to run.
This approach will hopefully keep you safe from harm - and it will definitely reduce your exposure!
Stop the brainwash
Did you ever learn anything about computer security? On a machine that you do not want to be compromised, absolutely do not connect it to the network/internet. have all relevant patches available on removeable media - that has been verified authentic - and install sans network.
Then once you are certain that everything is hunky dory, plug it into the network or internet with a firewall (for both incoming and outgoing).
And this isn't an issue with Windows or Linux or FreeBSD for all the fanboys out there. This applies to all OS's. Windows is targeted more because there are more people using it. There are plenty of exploitable vulnerabilities in any OS. It's a matter of work / payoff ratio.
I'd be interested to know the average survival rates for a whole bunch of unpatched operating systems. I'd start with:
- Win95/98/Me
- WinNT4/2K/XP
- Win3.1 (with Trumpet Winsock)
- Mac OS (whatever the first version with a TCP/IP stack)
- Linux (various distros)
ALL unpatched.
Paradoxically, I reckon the newer Windows systems would go first (more services open to the world), along with older Linux distros (same problem).
I recently reinstalled winXP on my 'puter (shame on me) to be able to use the NetMD software. Well, I knew what was going to happen as soon as I plugged the ethernet in. So, as usual, I installed winblows, then McAfee Antivirus 7 + firewall, then plugged the cord to get the updates. 20 seconds later, mcafee stopped functionning. I received tons of windows messages about earning college degrees online, a couple porn ones and whatnot. Ok, so far, nothing (too) surprising. So, I take my courage with both hands, open up IE to go to windows update. BIG mistake. Instead of windows update, I ended up on some obscure casino website with so many popups I thought my system was going to jam. A few hundred clicks later, I finally see the new windows update page. Then, I start downloading the updates, like everybody else does. Of course, in the meanwhile I left a total security black hole open for every hacker in Beijing to try and read the lack of data on my drive. I can understand how some people overcome the integrated winXP firewall. But HOW in the world did they hack McAfee's to stop working? I had to download updates manually, and McAfee, just like windows update, REQUIRES IE, for some obscure non-standard non documented function. So... is M$ the only one at fault here? probably not, though I'm willing to bet it's because of winXP security failures that McAfee was disabled. Sometimes I think of WinXP of a sponge. So many many many holes... And they have to be filled one by one. No wonder winblows will never be secure. But, the reason lots of people use it, as my gf says: sponges are nicer, you don't wanna use a rock unless it's to crack heads. So, moral of the story? It's the opensource world's role to crack the big fat happy M$ head.
---- I am certain of only one thing : I know nothing else.
Figure out what the latest service pack for the OS is, and apply that. That should let you get on long enough to use windows update to scan and get a list of the other KB-patches you need. Disconnect, patch, rescan. Repeat. If you want to learn how to use QChain, it can be faster, but that doesn't work on Win 98/ME.
For the truly paranoid, keep a list of what order you need to apply the patches in. Then wipe and reinstall the OS from scratch, and apply the needed patches in order without connecting to the net first.
However, it's a lot easier to use the Update CDs. It would be nice if there was a reliable torrent of the ISO somewhere....
//Information does not want to be free; it wants to breed.
That's all there is to it, I've installed my fair share of XP machines and never ever had any problems with getting patched before getting pwned.
I am NaN
A few weeks ago, I installed Win2k. I then proceeded to Windows Update and started the patching process.
I went for the big updates first (like Service Packs and IE upgrades) - but most of those require that they be installed alone with no other updates until the machine is rebooted. So you have this long drawn out process of download a single patch, reboot, download another single patch, reboot, download another patch, reboot, repeat ad-nauseaum and finally download all the straglers. I not sure how many reboot cycles I had to go through, but the whole install and patch process (including partitioning and formating) took over an hour. And that was attended.
My point here is that during the patch process with the constant reboots, it would be easy for somebody to walk away from a machine while it is downloading or rebooting and thereby leave it open to attack while it is idling. Of course, you ought to download all the patches on a secure machine and then patch-up you new box while inside your own secure net before exposing the box, but most people (like me) are going to connect direct to the internet to get "windows update". Luckily, I am behind a firewall, but you can easily imagine how ugly it could get if somebody were doing this outside a firewall. The single downloads and constant reboots are not going to help.
We're talking about people who want to install from the absolute latest Windows CD, and they have to take severe steps to avoid getting 0wned.
Either that or Microsoft installs should not enable any ports for incoming connections after an install until the latest patches are installed.
With the amount of worms and viruses out there, even a clean format/install won't last more than a minute. I put a system up without a firewall and it got pounded by the Sasser Worm immediately. Even with Windows Update auto resume download it took me twelve tries, each time before forced to reboot by the worm, to get just that one small patch installed. After that patch, I patched like crazy, because there's so much more out there.
...you enable your firewall before connecting to the network.
To do it the other way around is akin to trying to put a condom on once you've already started penetrative intercourse (if you pardon my metaphor).
I am NaN
The graph mentions Windows XP.
So put up a modern Fedora or OS X system in the net and see how long before you're r00t3d or compromised, to be fair.
Not certain, but I expect that the survival time is higher than 20 or 40 minutes.
GPL Deconstructed
;_; http://www.microsoft.com/athome/security/protect/c d/order.mspx
The Windows Security Update CD is no longer available
We're sorry, but the Windows Security Update CD is no longer available for ordering. Please visit our Protect Your PC page for more information about improving your computer's security.
Gives me a bunch of online updates -.-
Guys, you are so lame. All you have to do is to deactivate File and Printer sharing and some other crap, such es described here http://www.cablecom.ch/en/internet/hispeed/hispeed _products_support/support_themen/internet_support_ themen_sicherheit/internet_support_themen_sicherhe it_protect_pc-einstellungen.htm
You can do this with a disconnected network cable. After you do this, the worms propagating through this service (such as Blaster or Sasser, and also future worms exploiting future bugs), won't be able to infect you by network even if you don't have the updates installed.
This only shows how:
- even experienced Windows users are lame when it comes to security
- Microsoft has done very little to protect them (the most exploited service turned on by default without obvious hints to the users that this is dangerous)
- antivirus and firewall companies are lame as well. Installing a firewall while keeping the service running is extra lame, akin to hiring a doorkeeper while there is still a Homer Simpson inside your house shouting lout "I am vulnerable! I am vulnerable!" out of the window.
- Windows isn't suitable for normal home users, because it is non-trivial for them to keep themselves protected.
Usually when I install a fresh copy of Windows I disconnect the ethernet cable before I've at least installed a firewall (if the computer isn't already behind a router/firewall) and done any updates.
The other day I was at my sister's house and installed her a fresh copy of w2k. For some reason I completely forgot to disconnect the network connection and not two minutes after Windows initially started, the machine had become infected with Nimda.
First of all, if you buy a new machine with the OS pre-installed, it will probably be patched almost up to date out of the box.
Second of all, if you're installing your own OS, you're taking on the responsibility to do things in a minimally competent way. That might mean a NAT router, a slipstream installed CD, or just a CD with the service pack burned on it, so you can install it before you plug into the net.
Third of all, you should be using a hardware firewall anyway.
So how exactly does someone like me who is getting ADSL (1mb) in a month and nice new shiney PC to play doom 3 on at the same time handle this?
I can't DL 250 mb patchs on dial up and stay sane and I can't get online without them..
I plan for a router, firewall and all the likes built in and sitting at the connection point but if I have these security holes should I just give up and stick to this fully patch win 98 machine running like a tin can instead?
I like muppets.
Firewall
Firewall
Firewall
XP has a built in firewall, did you know this? When it it turned on, even an unpatched system is protected from attempts at remote intrusion. You are still vulnerable to IE exploits, but if you're using IE on an unpatched system you need to be smacked. Actually if you're using IE at all you deserve to be smacked, just not as hard.
So, the next time you do a clean install of XP and need to download patches, turn on the firewall BEFORE you connect it to the network. Then immediately begin installing patches from windows update. Each time you need to reboot during this process, yank the network cable until the system has finished booting. The reason is that an unpatched and partially-patched Windows system is vulnerable during boot-up. It seems that the windows firewall is one of the last things to be turned on during boot up instead of the first, which creates a window of opportunity for attacks to succeed.
Once the system has installed all of the patches that are available, LEAVE THE FIREWALL ON unless you have a very good reason not to and know what the fsck you are doing.
If you'll follow this simple proceedure, patching your windows system is safe and easy.
I'm sick and tired of reading slashdot headlines that claim there are all kinds of problems patching a windows system. Windows may suck, but that is no excuse for lying about it. Propaganda and FUD are best left to the professionals in Redmond.
Lee
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
The bottom of the page says that I must be running windows. None of that browser shit =)
If one looks at the graph and interprets min max times as error margins, then there is no difference from a year ago. We are supposed to be more rigorous than the average poll watching Joe. Show the distribution and give us a hypothesis test, with p of at least .1. How many computers were involved in testing? How about commenting on the sampling bias?
From the SANS inst - a PDF file giving step by step, detailed instructions (suitable for newbies!) on how to setup a brand new, un-patched XP box, connect to the I-net, get it all patched and updated *WITHOU* getting it all FUBAR'd in the process.
Good read and should be a mandatory inclusion with every Smith's Club, Wally-World, Shack de Radio, Dell, HP/Compaq, ET-ware, Gamer's Hack Shack or any other end user PC appliance sold.
http://www.sans.org/rr/papers/index.php?id=1298
SANS server is amazingly slow today - here's an alternate:
http://www.cablemodemhelp.com/xpsurvivalguide.pdf
Senior NCO in the fight against entropy. I've seen things, man. Things no one should have to see.....
I didn't relieze it took 20 minutes to /. a site, I thought it took less.
This signature was left intentionally blank.
At the kind of prices EDS charge the place I did my work experience, you'd expect exceptional performance out of them O_O
If your root password is "1234" or passwd you deserve to be rooted.
Fight Spammers!
... that the high-speed Cable internet installation CD instructs the user to turn off all anti-virus and fire-wall software during installation. Talk about a security flaw! It's like telling somebody to remove all contraceptives before ... you know ... for the first time.
Mathematics is not a crime.
My first recommendation is that you get a router with a hardware firewall--for the price, there's really no reason not to. And any ISP who discourages the use of routers is just plain irresponsible.
If you don't have a router, have the free version of ZoneAlarm handy, and a list of the services you can shut down on Windows (everything you don't need that uses ports or acts as a server.) Shut down these services and install ZoneAlarm before you plug the machine back into the internet. When you do connect to the web, no one will even know you're there.
Between my router, ZoneAlarm, Ad-Aware, and some good anti-virus software, I haven't been touched by anthing out there for 10 years, even when installing and patching.
Install behind one. With everything dropped. It's that easy.
vk.
Microsoft should provide a 'first install' mode that connects to the update service in a very restricted mode, and allows no other kind of internet access until the update is complete.
At the University of Virginia last year on move-in day, some unpatched computers were infected with the Blaster worm in under a minute.
Seriously, what's with all these stupid anti-ms articles here? I know it's /. and has as much objectivity as herman goering at a bar mitzvah, but please. This lack of objectivity makes everyone here look as mature as an 8-year-old kid. Nerds get a bad enough rap as it is.
So do these new numbers show that Windows actually has a better tc0 than original estimates?
You can install windows fine, and even run it perfectly without any patches and have it connected to the net. Just have it behind a firewall. Why isn't anyone mentioning this? Because they're having too much fun bashing microsoft without cause.
I don't think you understand what /. is *really* about.
Either way, 20 minutes is not long enough to download patches.
/. crowd? You are supposed to be IT adepts. Act like it and stop fucking whining.
One would think people are stupid here. Firstly, it's an AVERAGE of 20 minutes you idiot - this does not mean you have a 20 minute counter that starts from when you connect to the net. It means that ON AVERAGE machines connected by a novice will be compromised within 20 minutes.
For about the tenth time, here is how to do it.
NB. At no point connect the system to a network until the following has been carried out.
Install WindowsXP.
Set up Internet connection, but do NOT connect yet.
Right click on My Network Places > Properties
Right click on your Internet interface, >Properties.
UNTICK anything with "Microsoft" in the name. i.e. File and Print Sharing for Microsoft Networks, Client for Microsoft Networks. Leave TCP/IP ticked.
Click "Advanced".
Click "Protect My Computer"
Click OK.
right click on "My Computer" > Properties.
Click "Automatic Updates"
Turn on Automatic Updates using whatever option you prefer.
That's it - connect to the net and it will patch itself.
Why is this so fucking difficult for the
In my case, when I reinstalled XP about a month ago, my computer was compromised 5 minutes after XP was running. That was not enough time to get SP1 downloaded (over a cable modem). Some mystery process was running that kept popping up dialogs.
Of course, every time they come out with new updates, just post the updated ISO! Because the second the one they ship out gets to you it's already well out of date.
Time to start really pushing Microsoft for this! ...but of course a week later you'll start seeing the hacked version floating around that wipe your OS or add every known virus available. ;) Always get it right from MS if it ever comes to be.
" Ive personally seen XP machines get infected with Blaster, Sasser, etc, during the install of Windows."
Your use of the plural tends to indicate that at no time did you volunteer the information that airgapping the NIC would be a 'good thing(tm)'. You going to shout up next time?
Oddly Draconis
Too cynical to live, too stubborn to die.
Or (how many times must we repeat this?) apply StopListening (free, less than 100K) to close your ports before connecting to the network ... Can't get any easier!
To verify: Start -> Control Panel -> Internet and Network
Connections -> Network Connection -> select your network
connection
verify using the same dialog as 'Client for Microsoft
Networks'
same dialog as 'Client for Microsoft Networks'. Select
'Advanced' tab.
Connect Network
Start -> Control Panel -> Windows Update -> Scan for
Updates
PS: If I remember correctly turning on the firewall (Pre SP2) will prevent you from communicating with other computers on your LAN. But you definitely want to turn it on until you get patched or download/buy another firewall.
As a test last week, we put a machine with a firewall on a dial-up account. Roughly 30 seconds after it connected was the first hit from Sasser.
"Sometimes a woman is a kind of religion, she can save your soul & set you free from all your sins" - Bad Examples
OS X desktop has no services enabled out of the box. The only thing a person would be vulnerable to then is trojans, and even then it would require the user to set up his email/pop first.
GPL Deconstructed
More chicken little stuff in my book. The assumptions in making such a prediction are broad and outright incorrect. The prediction assumes that every port scan would have to result in catastrophic failure of the targeted system. That's simply bunk.
As I read this article on my Mac, I also have a Windows notebook next to me which I am preparing for someone. I have a three page checklist of things which the IT department requires me to do before putting a Windows machine on the network. It involves installing patches, installing antivirus and firewall software and changing various settings.
BTW, I can plug a Mac into the network out of the box. They're safe.
.::: So basically we now have a sort of 'Internet weather', which tells wether your computer can go play outside or not?
Nice, I can see the evening news getting an extra report then.
"In North America we have some nasty worms raging across the Net spreading all the way to Europe, better close up those ports. Asian PC's may want to wear an extra layer of firewall as we got some heavy probes coming in. South-Afrika meanwhile has some lovely patchy weather."
yes, that's right, i run Panther (v. 10.3.5) and this story is the stuff that hilarity is made of.
Thanks, MS, for being such a constant source of amusement!
Is a country-by-country study of this kind. I say that, because I read lots of comments here and on similar sites about all the probes and other unwanted network activity that people see, and yet my machine is usually on every waking moment, and is connected to the net via ADSL, yet I see almost no activity. Once every few days my software firewall (Sygate Personal Firewall) will tell me that a small handful of ports have been scanned. For example, I've actually had the machine on and connected for almost 3 days now, and my firewall is showing no unusual activity.
Now, either I'm just not logging enough (entirely possible), or I'm sat on a very, very quiet part of the net. I have to wonder how much one's country of residence influences this sort of thing, given that I'm in the UK and I'm guessing most people here are in the US.
It's official. Most of you are morons.
I was building a box for a friend and though I'm behind a firewall, etc., it turned out that the dhcp server gave the new box the dmz address. Oops...forgot about that one. But, in the few minutes it was up and running (first thing was to start to download service packs, etc.) suddenly I had blaster on there. Since it was a new machine, I decided to just wipe it and reinstall, this time remembering to turn the damn DMZ off.
I would easily say that the time between the machine starting up for the first time post-installation, and getting infected, was less than 2 minutes.
If you care to enable "Internet Connection Firewall" on WindowsXP or WindowsXPsp1 OR "Windows Firewall" on WindowsXPsp2 - then you are safe. The only bad thing here is that this thingy was disabled in early releases of WindowsXP.
Slashdot - free anti-Microsoft propaganda 24/7
what you want is more features built into the OS, running per default, and a smaller footprint?
What I want is fewer features built into the OS. Let me install features such as "File and print sharing" later if and only if I want them.
How much of the total traffic on the internet is from viruses/worms looking for targets? It's not that I really worry about getting infected, but I want to get all the bandwidth I can from my cable modem and I don't need rogue computer programs making the net crappier for everyone else!
SIGFAULT
Is more than enough to download and install a free firewall program such as Sygate Personal Firewall (my windows pcs have that). That should buy the user enough time to get the patches.
I'm behind a hardware firewall, and I've never had any problem whatsoever with IE. Never got a virus, trojan, spyware, malicious link, or any kind of ActiveX exploit. Then again, I don't go clicking Yes to everything willy nilly. Also, the Google Toolbar is a MUST for easy searching and pop-up blocking (if you don't have XP SP2). As far as broken standards, I have NEVER seen a misrendered webpage except for the occasional transparent PNG. If you are not an idiot, and use protection, I don't think you would have a problem with IE. Unfortunately, the vast majority of Windows users are (when it comes to computers) idiots.
However, WinXP turns on the firewall at the END of the boot sequence. A few minutes.
So a good chance of getting hosed.
Has SP2 changed that order, or is it still last?
No other version of Windows has a firewall.
Windows DOES suck.
The average PC user (in fact one that is sharper than average) might think "Okay, I'm finished installing Windows. I'd better hood up to the 'net and run Windows Update to get all my patches". It doesn't dawn on them unless a helpful salesperson (a rare commodity) or a tech-savvy friend reminds them to put some sort of firewall mechansim in place before even toucfhing the CAT5 cable on an Windows box.
Try installing any Linux lackage that is 2 years old and see how long it takes for it to get rooted before you bother to enable a firewall!
Actually, I did that with an older Mandrake distro--probably almost 3 years old now. During install it had the option to set the security level and I picked "paranoid" setting. I even selected encryption packages that had to be installed over the 'net because of US legal crap, so it was on the net (directly connected to my DSL, with no firewall at all). It was only in that state for a week or so, but it was NEVER rooted or compromised in any way between that time and when I bothered to set it up with packet filtering, NAT, etc etc (to serve as the router for my home LAN).
Mandrake (although far form perfect) has demonstrated in the past few years that a good degree of security can be applied right out of the box without requiring a CS degree to figure out. Even on that old distro everything was locked down, the network-oriented services were off by default and TCP wrappers were in place with all hosts except localhost denied. Later they put in Shorewall and included Bastille hardening package in the distro.
What has happened since the 2-year-old release of XP? It was released with serious security flaws that once discovered rendered an unpatched system completely useless in literally less than a minute (I don't care what the article says, Ive NEVER seen an unpatched XP system last nearly 20 minutes--perhaps that includes dialup machines). Furthermore, the default installation runs all kinds of services (why the hell would Windows Messenger be turned on by default, or even be available at all on the Home edition?) and what security tools they eventually provided were OFF by default. It took until THIS YEAR for MS to fix this back-asswards situation, and Mandrake (among other distros) were taking action THREE YEARS AGO when it was jsut starting to become a serious problem with Red Hat default installs getting compromised.
To this day my Windows box still runs 2000--it's as messed up security-wise as XP, but it's still stable and fixable and less resource-hungry than XP. I'm never upgrading Windows on my machines ever again because I won't waste my money on an OS that does nothing but add flashy cartoony crap to my screen and is no more secure than 2k. By the time 2000 is unsupported I'm hoping to have migrated to Linux completely anyways.
It'll take a lot of convincing for MS to change my mind with Longhorn. I suspect it'll be fine on its own but will have no end of compatibility-related issues with present Win32 apps--and it wouldn't surprise me if some of them will be security issues either.
Hey this is cool, thnx for the link!
Maybe someone needs to create WinPatchoppix, a Knoppix variant that you boot up and it runs Windows Update under WINE to install the latest patches.
My beliefs do not require that you agree with them.
Include a game or a new UI theme with every major security update. Periodically include standalone "bonus items" that only unlock when you use new functionality in the patch immediatelly.
"Like my Vanilla Secret 1 theme? Well, you should have installled service pack 2 on the day it was released and reviewed your firewall and antivirus settings within one hour. And now you can only watch and salivate, you poor soul!"
It's certainly better than previous versions of Windows, possibly excepting 2000, but I think you're going a bit far there. XP with a couple of routine apps installed may be stable forever. From direct personal experience, XP pretty much needs a clean reinstall after 2 years' worth of:
- Microsoft's own updates, patches, patches-on-patches, cumulative patches and so on
- updates to personal firewall and other anti-nasties software
- updates of video drivers and DirectX fighting over games
- changes of ISP, complete with uninstalling all their automatically-installed crap and a switch from modem to broadband
- IE/OE/Mozilla/Fire*/Thunderbird versions fighting over Internet stuff
- updates of OpenOffice/Acrobat Reader/etc. fighting over text documents
- trials and finished-produce graphics packages (many of the trials since uninstalled since nobody seems to make a decent one any more) fighting over images
- Microsoft's own explorer constantly messing around with "My Documents"
and so on.It is an unfortunate fact of life that Windows relies on obscure configuration via the registry, shared DLLs, and vendors providing software of reasonable quality with a 100% bulletproof uninstallation procedure, particularly where things like device drivers and security tools are concerned. As long as you have those limitations, any system where
- software is ever installed and then uninstalled
- installed software is patched or upgraded to a new version
- a combination of software from different vendors that probably hasn't been tested together is installed
is going to need a periodic clean-out. This problem is not unique to Windows; you get similar problems on a Mac, on Linux, or on any other platform meeting the above description for that matter. It is worse on Windows, simply because even a technically competent user will have trouble cleaning out the registry and sorting out any shared files properly after updates/uninstalls, particularly if they weren't completely successful.If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Put an old red-hat system up and see how long it takes before you're r00t3d!
Ok, let me just toss this RH 8 CD in, it's a coupla years old so we can call it a contemporary to XP.
Ok, it's installed. Let the "r00t1ng" begin!
Waiting, waiting.. still waiting..
Oh yeah. You can't very easily "r00t" a box that OFFERS NO NETWORK SERVICES BY DEFAULT.
Do you people even USE these operating systems before trying to make a point?
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
I keep a Dell with Win2k installed turned OFF on my desktop. (I actually use the slackware box under my desktop.)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
I highly recommend building out a machine behind a NAT box, the price for a typical NAT box is no longer a factor and if you're not using one during a Windows OS install, you're an idiot. I highly recommend Autopatcher from http://www.autopatcher.com/
It's free.
They'll soon have versions for W2K and W2K3.
Put this on CD and you're good to go for a large majority of your OS patches. There is also a nice collection of tools and toys included in autopatcher to play with too. Check it out, it's worth your time.
Use autopatcher to install what you are missing and then visit WU to get up to date patches.
It's quicker and safer than the Windows Update download/reboot/download/reboot game when you're most vulnerable.
They even include some nice CD/DVD cover graphics too.
There simply is no excuse for being unpatched when there are solutions like this available, if you are still unpatched, you deserve what you get. No sympathy from me.
Does anyone have any advice on finding a good hardware firewall to go with a broadband connection, please? I recently got hooked up to ADSL, via a 4-port router ADSL modem, and since then my formerly invisible system (thanks to ZoneAlarm) has numerous ports closed but visible, and for some reason I completely fail to understand, FTP onto the router open, even to the outside world.
I'm somewhat disconcerted by this, because having had a system that wasn't fully patched but was clean before (56k modems and Windows Update just don't mix, no matter how much Microsoft might pretend otherwise, so I only had the really critical ones), the first thing I did was grab all the other updates, and even then I got prompted a few minutes later to download a fix for MyDoom.Something, which implied I was probably infected.
I want my invisible system back again! Any advice/recommendations much appreciated. I'm in the UK, in case anyone has a specific piece of kit and/or vendor in mind.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Is it just me, or does 133t speak look a lot like line noise?
#^%..(.CARRIER LOST
the trick is easy tho :
1) unplug network
No more problems.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
I have a hardware broadband router/firewall with default settings. I run FreeBSD on the desktop with all services except sshd turned off. What else do I need? Or am I just being paranoid in thinking I need more?
Most of the security HOWTOs I've found for Linux and BSD have been heavily oriented geared towards servers. Are there any out there for client desktop systems? Am I being foolish by not running emacs in a jail?
Don't blame me, I didn't vote for either of them!
All these horror stories I'm reading about peoples installations being destroyed within 5 seconds of turning on their modems are nothing like my experience of Windows.
Here's how my last windows installation went.
1)Install win98
2)Install Zone Alarm
3)Plug in modem
And that really is it. The box is still running fine 4 months later. I'm typing on it right now.
Why would anybody connect to the net before they have a firewall running?
I expect this will get modded down, since it's not another horror story, but I just don't have the problems you guys are talking about
"I realise this is not a very popular opinion but it's the truth, and there for needs to be said" -Bill Hicks
I don't understand, what about my nuts? I generally don't use them while installing windows. Do you?
"" How about taking the safety labels off everything, and let the stupidity-problem solve itself? """
I am quite frankly, sick of what I've been hearing:
It seems as if we've forgotten who the typical Windows user is. No, they won't do any of the things mentioned above, because, well, frankly, that would require thought and actually retaining a little knowledge of how computers work. The typical Windows user doesn't know and doesn't want to know how computers work; they just want to do their websurfing, email, and games.
Really, when it comes down to it, why not just recommend Linux? With all the hoops you'd jump through to secure a Windows box, you might as well just have the user install Linux. Imagine you instructing someone how to install Linux and Windows (separately):
I think you get the point...
Yes, Windows used to be easier to use than Linux. But with the growing security problems, it has become easier for the end user to simply install Linux than to understand, install, and configure the plethora of specialty applications and hardware required to protect Windows from its own poor design.
The society for a thought-free internet welcomes you.
ZoneAlarm sucks.
Get Sygate Personal Firewall.
http://smb.sygate.com/products/spf_standard.htm
It's just as free. It's more powerful. And it has a much, much better GUI.
Comment of the year
Until anything that can be tenuously blamed on microsoft happens.
You mean like "Windows is starting up"?
This lack of objectivity makes everyone here look as mature as an 8-year-old kid.
Well, you might be an 8-year-old kid, but that was a long, long time ago for me. And I'm not the only old fart around this place. Some of us even come here specifically for the Microsoft bashing. When the objective is to find new and interesting ways in which to bash Microsoft, I'd say that Slashdot is certainly not lacking in objectivity.
Nerds get a bad enough rap as it is.
To whatever extent that is true, I'd say that nerds tend to bring it on themselves. Probably phrased better by some ancient Greek philosopher, but if you can stand to live with yourself, nothing else matters much.
"MS should produce a crapload of service pack CDs and give them to OEMs and every new computer should come with a current one. (They did this with NT4 SP3 and haven't done it since to my knowledge"
I have a version that I bought with win2k SP1, they still do it, but not very often.
Dont mean this to be a flame, sorry if it looks like one.
Stop signs are only Suggestions
Indeed, the only time I've ever been infected with something is when I was trying to figure out parralel port networking and set C:/ to filesharing (not realising that I was online). Even then, it was easy enough to clean out the intruder with spyware software and manual deletion.
Are Scottish IP's immune to attack? Are my Built In Vunerability Features TM corrupted? Is my system secretly crawling with stuff that is completely undetectable? Have I got a mutant OS that I should reverse engineer and sell for millions?
A guy at work got his new laptop at Media markt the other day and had the worm almost straight away. I'm surprised that these PC shops can get away with sell unpatched PCs. I would have returned the PC as faulty merchandise.
Even if new computers were "almost up to date out of the box," the typical user gets creamed soon anyway. It may not happen right away, but someone always comes up with a bigger better nasty that exploits M$'s poorly designed software. All of these "patches" firewalls and other bandaids just don't work. By the time the user's computer is bogged down enough for them to notice, their computer has been used to send out all sorts of garbage and their original software is hoplessly out of date. Email bombs and malicious websites cut right through that cheap little hardware firewall just like they do virus filters and all the other expensive failed solutions that have been advocated. The average store puts the same out of date stuff right back on and sends them out to be owned all over again. They can not keep and distribute M$ patches, even if they did want to spend the hour or two required to install them all. The user does not want to pay for those extra two hours either as it might be cheaper to buy a newer version of Winblows at that point, if only the new version supported their hardware. It's totally miserable.
You can compare that experience to any modern Linux distribution and wonder why people use Windoze at all.
Friends don't help friends install M$ junk.
I'm posting this so that you (the moderator) have some context to consider twitter and not mod him up whenever he posts his filler preformatted rants about installing Knoppix or whatever that unfortunately get him karma every single time and allow him to continue posting his trademark toxic crap (read on) day in and day out. You may consider this a troll - I consider it community service. And I ain't kidding.
If you're a /. subscriber, I invite you to look through some of his posting history. I guarantee that you'll be hard pressed to find someone that is more "out there" than twitter. You'll also probably notice he's got quite an AC following. Don't just read his posts, make sure you go through the replies.
To get an idea of what I'm talking about, check this post out. I mean, this is an article about email disclaimers, right? The parent of the post is complaining about the ads in the linked page and so on, and twitter actually goes off on a rant to blame it on Microsoft and recommend Lynx. WTF?
Here's another. In this post twitter not only calls the OP a troll but attempts to "tell it like it is" while making some vague argument about "GNU". Yes, if you're confused, you're not alone. The reply (modded +4) proceeds to simply destroy his bogus argument. You will notice he did not reply. This is what some people call "drive-by advocacy". A sort of I'll just leave you with my thoughts here and move on to the next flamebait kind of deal. In fact, he almost never replies because he knows that his fanatical arguments simply do not hold up to any sort of discussion. It's not that he's chosen the wrong cause - he's just going at it in a completely wrong way.
More? Just read though this post and the subsequent replies. I guess this stands on its own. Or these two. Or this one.
Still not convinced? This is what twitter considers "humour" while going about his daily "M$" routine.
More? Bad spelling in astounding conspiracy theories, more offtopic FUD and uninformed "I'm right, look at me" rants, promptly proven wrong. Worse even, twitter wants to be RMS, apparently (that first one is a winner). I mean,
We spend about an order of magnitude more work effort cleaning up the nuclear industrial accident after it's occurred instead of designing the goddamned thing to work right from the get-go.
Any other product or service that worked so poorly it had to be managed like desktop software would be REFUND worthy or covered under lemon laws. I can't even imagine owning a toaster (real toaster not a net appliance) when I knew it MIGHT not work or it MIGHT burst into flames or it MIGHT cause the coffepot next to it to explode.
There's not much difference in the harm he can do with his one system and the harm anyone else is doing with their XP Home. The cracker brings their own tools to both.
Also, as the recent download ject scandal shows, there's not much more the "grown up", well funded, M$ admin pros can do to protect themselves against malice. You should be happy if someone is running 2003 at home rather than at a fortune 500 bank. Microsoft was not ready for the internet back in 1995 and they still are not.
Why do you care?
Friends don't help friends install M$ junk.
14 minutes between post and troll retort, it's a new record. How many VB bots does that take?
some broadband ISPs only provide USB devices.
Call tech support and say your keyboard and your mouse occupy the only available USB slots. Act ignorant with respect to the existence of USB hubs, especially given that high-speed modems that connect through USB don't like to be plugged into hubs.
i think i'll go and update my compu8937589y43{ijjiouli_%jkln;'OPjlkjnken kwjqiohi~~~~ojhkl #"hioehq
www.autopatcher.com
'nuff said
If you noticed, I didn't start with the Windows user completely re-installing the OS. Here's a typical after-install security sequence for Windows:
And two months later, you'll repeat the process yet again. It seems you forgot to apply the latest patches while on vacation, and some internet worm has taken over your machine....
Is this really any worse than installing Linux, once?
The society for a thought-free internet welcomes you.
The survival time is calculated by the average time between muggings in each of several major cities. Some of our submitters live in posh urban neighborhoods which block attacks by commonly-attired thieves. On the other hand, others frequent open-air drug markets; if you are walking through such a neighboorhood, your survival time will be much shorter.
Twitter, you're a petulant cock-gobbling sycophant to Linux Torvaldyos! Quit taking DP from ESR and RMS's feculent cocks and why don't you try to stop sucking quite so much? Get out of your parents' basement and see the real world - maybe then you'll see how pathetic you sound, with your neverending stream of bullshit about how Microsoft is stalking you. Wasn't it you who said that Microsoft believes your insane ranting is actually a threat to them, so they PAY PEOPLE to reply to you on Slashdot? No sir, I don't get any money. I do it for the love. Someone has to go up against your paranoid whining. So get back in your cage and shut the fuck up already.
Twitter, you're a petulant cock-gobbling sycophant to Linux Torvaldyos! Quit taking DP from ESR and RMS's feculent cocks and why don't you try to stop sucking quite so much? Get out of your parents basement and see the real world - maybe then you'll see how pathetic you sound, with your neverending stream of bullshit about how Microsoft is stalking you. Wasn't it you who said that Microsoft believes your insane ranting is actually a threat to them, so they PAY PEOPLE to reply to you on Slashdot? No sir, I don't get any money. I do it for the love. Someone has to go up against your paranoid whining. So get back in your cage and shut the fuck up already.
Twitter, you're a petulant cock-gobbling sycophant to Linux Torvaldyos! Quit taking DP from ESR and RMS feculent cocks and why don't you try to stop sucking quite so much? Get out of your parents' basement and see the real world - maybe then you'll see how pathetic you sound, with your neverending stream of bullshit about how Microsoft is stalking you. Wasn't it you who said that Microsoft believes your insane ranting is actually a threat to them, so they PAY PEOPLE to reply to you on Slashdot? No sir, I don't get any money. I do it for the love. Someone has to go up against your paranoid whining. So get back in your cage and shut the fuck up already.
What might be at least as good would be a boot CD that would let someone bot into a restricted environment with network access, and then download and apply the latest updates.
This would potentially let people update their PC's completely without needing to risk having their computer taken over immediately or during the update process. There's still a chance that the update software on the CD might be compromised, but if it's minimalist enough then there's nowhere near as much chance as with a fully blown windows system.
This type of thing should be distributed with Windows automatically, in the box.
SP2 is supposed to fix this. Also pre-SP2, XP would turn OFF the firewall prior to the network during shutdown.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Here is what I would do:
a) Download patch(es) to one of my Linux boxen.
b) Pull plug of external network.
c) Clean-up Windoze machine as needed.
d) FTP files over to Windoze box.
e) Load patches as needed.
f) Open up external network again.
Of course, if you only have one box, then that won't work. In that case, have a Knoppix CD laying around for just such a situation:
a) Put Knoppix CD in to CD drive on your box.
b) Reboot box.
c) When Knoppix comes up, configure it to talk on the network.
d) Download patch(es) to some storage medium (burn CD, use a USB ROM storage device etc...be creative).
e) Pull plug on external network.
f) Shutdown Knoppix and reboot Windoze.
g) Clean-up Windoze machine as needed.
g) Copy files from storage medium to your Windoze partition.
h) Load patches as needed.
i) Open up external network again.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
3) install firewall or activate build-in FW
So why isn't the damned thing ON BY DEFAULT?
(Not that it will help. Turn it on by default and the next generation of worms will all use exploits that work despite it.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I'm going to give you my address. Could you send me a whole God Damn Load of completely worthless shit that I would never consider buying in my lifetime? And then could you plug my last name into a search engine, and send shit to all my siblings as well? My sister TOTALLY loves your stuff. It's dreamy.
Oh, and could you sell my information to a whole bunch of other companies in Nigeria and Afganistan so they could send me updates by email and snail-mail Anthrax? Give them my credit card too, so they don't have to pay the shipping and handling.
Thank you soooooo much!!!!
Love,
The Gimp
My office machine is Linux, and XP under VMWare on that is probably a couple of fixes out of date but it's not as big a worry as it might otherwise be because I decided to only give XP a NATted connection. Must update that, next time I start it. I need to run up 98 and ME under VMWare for some testing, but I'm not too worried as they'll only get NATted connections too.
The moral of the story, kiddies, is that if you don't want random strangers grabbing your wobbly bits with pliers then you should keep them where they can't be seen.
Thank you.
I'm posting this so that you (the moderator) have some context to consider twitter and not mod him up whenever he posts his filler preformatted rants about installing Knoppix or Mepis or whatever that unfortunately get him karma every single time and allow him to continue posting his trademark toxic crap (read on) day in and day out. You may consider this a troll - I consider it community service. And I ain't kidding.
If you're a /. subscriber, I invite you to look through some of his posting history. I guarantee that you'll be hard pressed to find someone that is more "out there" than twitter. You'll also probably notice he's got quite an AC following. Don't just read his posts, make sure you go through the replies.
To get an idea of what I'm talking about, check this post out. This is an article about email disclaimers. The parent of the post is complaining about the ads in the linked page and so on, and twitter actually goes off on a rant to blame it on Microsoft and recommend Lynx, because "is teh free".
Here's another. In this post twitter not only calls the OP a troll but attempts to "tell it like it is" while making some vague argument about "GNU". Yes, if you're confused, you're not alone. The reply (modded +4) proceeds to simply destroy his bogus argument. You will notice he did not reply. This is what some people call "drive-by advocacy". A sort of I'll just leave you with my thoughts here and move on to the next flamebait kind of deal. In fact, he almost never replies because he knows that his fanatical arguments simply do not hold up to any sort of discussion. It's not that he's chosen the wrong cause - he's just going at it in a completely wrong way.
Here's that drive-by advocacy and FUD in motion: twitter goes on about some topic and then drops the usual "oh and M$ is teh evil" because "WMP phones home" or some such. Called on his FUD, he then claims that WMP stores every song and movie you've ever played in a file, somewhere. Pressed further, he just sort of slithers out of sight, his FUD-spreading complete. This is not about some Microsoft technology that nobody likes anyway; it's about lying for the sake of lying. Way too many of his posts are exactly like this one.
More? Just read though this post and the subsequent replies. I guess this stands on its own. Or these two. Or this one. Or this one.
Still not convinced? This is what twitter considers "humour" while going about his daily "M$" routine.
M
Get a 512mb pen drive, put all your important OS updates on it. There you go, one stop shop for win2k/xp. Plug and play at it's finest. /uses pen drives like they are going out of style.
well what happened on my end was I just finished installing win2k on a production system. Plugged it in the lan...less than 5 seconds later I coulnt even use windows explorer to check out my hard drive contents. Turns out he not only had blaster but some other malwares as well. Jerk costed me nearly 4 hours to remove all the crap that got on there, then the time to manually DL each file and move it to the other machine by non-network means to install it.
My dream that day was a lit roman candle, his eye.
Twitter, you're a petulant cock-gobbling sycophant to Linux Torvaldyos! Quit taking DP from ESR's and RMS's feculent cocks and why don't you try to stop sucking quite so much? Get out of your parents' basement and see the real world - maybe then you'll see how pathetic you sound, with your neverending stream of bullshit about how Microsoft is stalking you. Wasn't it you who said that Microsoft believes your insane ranting is actually a threat to them, so they PAY PEOPLE to reply to you on Slashdot? No sir, I don't get any money. I do it for the love. Someone has to go up against your paranoid whining. So get back in your cage and shut the fuck up already.
Apple has one. It's called "OS X".
- The average Windows user can't/won't install Windows 98 over his existing XP installation.
- It won't be around for very much longer.
Other than that, I think it's probably the best of the Windows "home" editions. Granted, you'll always have the shoddy drivers issue, but as long as you don't use MS Office or IE, you can actually make a Win 98 box pretty secure.I'm still running RH 7.3, and I will for the forseeable future. Nice thing about open source is that I don't have to worry about copies becoming scarce when the vendor discontinues it.
The society for a thought-free internet welcomes you.
I am the original author of that fine twitter rant - I'm crying tears of joy that some other AC saw fit to use it. Go forth and spread the word, fellow twitter-haters!
Ah yes, but money does not turn a neighborhood into a slum like M$ makes a nasty computing environment. In real life, the more money a neighborhood has the nicer it looks. The more M$ you put on a network, the more run down it looks, the slower your network goes and the more likely you are to get jumped regardless of OS. Hardware firewalls are better at containing the ghetto than they are protecting it. Windows makes any network insecure and mostly pollutes the world when it's cracked.
Friends don't help friends install M$ junk.
"XP has a built in firewall, did you know this? When it it turned on, even an unpatched system is protected from attempts at remote intrusion. You are still vulnerable to IE exploits, but if you're using IE on an unpatched system you need to be smacked. Actually if you're using IE at all you deserve to be smacked, just not as hard."
How, then, should I download Windows Updates on an unpatched machine quickly, when my only browser that is not rejected to WU is IE?