Slashdot Mirror
Internet Security Warnings
Juha-Matti Laurio writes "Internet Storm Center's Diary reported today: Due to a number of very well working Windows exploits for this weeks patch set, and the zero-day Veritas exploit, we decided to turn the Infocon to yellow. The following Internet Threat Level meters are at level 2/4 because of Windows Plug and Play vulnerability's several exploit codes too: Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon."
So now we're just waiting for patches to be released?
But it's been a while since we've had a good/effective worm.
Jerry
http://www.cyvin.org/
Oh, I guess it doesn't, ror.
Seems to me these color coded systems do more to confuse than they do good. Should I relax if we're at green? Should I be paranoid if we're at Red? Should I even care since I run UN*X rather than Windows? Every day there are at least a few new sploits. Every few weeks there's a sploit that affects me as a sysadmin and requires my attention to preserve the security of my servers and internet-attached LAN. Given this I still don't understand the value in these color coded alert systems. Yellow? What does that mean? Wake up an extra hour early to read the logs? The terrorists can attack just as easily if we're at green than if we are at red. I'm uncertain of the value in the announcements at the airport every 15 minutes to remind me that we're at yellow or orange.
I set my Windows update to manually update (too paranoid?) but anymore it might just be better to set it to update automatically so I don't have to keep checking on security vulnerabilities. I don't run Windows enough for it to be a big problem, but still.
...interesting if true.
The app could download data automatically using IE and ActiveX, format the data using an Excel Macro, then email results to me using Outlook.
Because I care about security.
On related news, the US puts it's security level color at pink. Again, on related news, Bobby's mom chooses to wear an orange shirt. No need to actually read the security threat -- we have colors for that.
Correct me if I'm wrong but haven't there already been warnings about Plug and Play prior to this? I know at least one security website that had warnings about Plug and Play a long time ago, along with a handy utility to disable it. See below.
http://grc.com/UnPnP/UnPnP.htm
You'll notice this was circa December 2001, fully 4 years before these new exploits.
"Are you sure, sir? It means changing the bulb...
Windows is dying.
.exe. I know far too many people who are e-card addicts, and I am SURE they would have clicked.
Well, it's deathly ill, mostly. The average Windows end user is in a never ending battle against the baddies. They buy their systems at the Best Buy, bring them home, run for a couple of months, and then complain that they can't login.
Then they call me, or someone like me. With disdain, I inform them that I'm wicked busy but I'll do it "this time".
When I get my grubby hands on their machines, they're fubar. It's not for lack of trying either, because there are multiple Virus, Trojan, and Firewall apps, all fighting over the same machine, including the odd fake anti-trojanwares. You know the one's I'm talking about. We've all seen them. "Click here for a FREE security scan!" and then the machine gets YET another bit of evil.
I simply don't know what to do anymore. I clean them up, set up security, knowing - just KNOWING that it's all in vain. Just yesterday, I got an "e-postcard" in the mail, and it was just an overt attempt at infection. There wasn't anything that would trip an AV or firewall in the mail, just an obfuscated link that actually pointed at a crypically named
Toast. Totally goddamn toast. The fact that Windows programs have their execute bit as part of the filename is probably the worst thing ever to happen to an OS. One click, and yet another "svchost.exe" process. No lube, no kiss, no reach-around, just total PC anal rape.
And without a total redesign of Windows or dumping the platform for Apple or Linux, Joe and Josephine User are SOL. Vista is going to be more of the same, as it's going to be simply XP SP3 with more chrome.
Ah well.
If anyone knows anything about a0190313376667.gif.exe, mail me at my alias AT Entropy dawt TMOK dawt com. There's hardly anything on the 'net about it except some German blogs.
--
BMO
In other news, the US Government raises its alert level to the cover of Moving Pictures.
503 Sig Unavailable
The Signature could not be accessed. Please try again later or contact the administrator
Seeing as more and more work is being put towards computers (scripts) reading those captchas, I wonder why they don't start making them questions. Like those logic questions you see on IQ tests online or something. As artificial intellegence still sucks at these kinds of questions, there'd be no quick way for it to answer short of asking a human for the answer...
"Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
ConSchmon
In other words.. the alert level tends to stay stubbornly at green unless there is a real issue - the ISC is usually extremely conservative about threat assessments. If they've raised the alert level as a precaution then it's definitely time to take notice.
As for me.. I check the ISC at least once every day to see what emergent threat are out there. There are also a number of tools you can use such as a small Windows app that can help to inform you when the threat level changes.
It's worth having these tools - when Sasser came out I'm pretty sure they saved my backside.. because in that case the short amount of time between the vulnerability being announced and the worm coming out was so short that many organisations hadn't even started patching. Thanks to the ISC we managed to get almost everything secured in a day, so when the inevitable rogue laptop user physically brought a worm infected machine into the office, then we managed to contain the outbreak effectively.
Never email donotemail@WeAreSpammers.com
Kinda reminds me of Robin Williams referring to the vage announcements of the US Homeland Security Department:
Tom Ridge ever so often goes: "Today's a blue day. No, orange--RED!!!".
How long until that "uber-virus/trojan/worm" comes out that deletes the hard disk contents of millions of PCs? On one hand, that would be a great day, because then people would truly pay attention to security and Microsoft would get the attention it deserves.
On the other hand, it would be bad for obvious reasons. But, IMO, it's only a matter of time. What color will the Infocon be then?
bash: rtfm: command not found
We need a universal peril indication color. All these organizations need to coordinate and come up with a single color for the day.
Fuscia means we should all stay in bed today.
there's more than one way to do me.
.. you may be a terrorist in today's war on cyber terra environment.
"Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon."
What. The. Fuck.
Crumb's Corollary: Never bring a knife to a bun fight.
are now unable to patch their system due to the way Microsoft set their windows updates.
So if the internet should come crashing down, as in the infocon red situation, what is the use of a little hyperlinked gif to their website, a gDesklet , or a systray icon?
several postings with the exploit were made public, two days after read this the automatic update of windows pop-ups, and a week after this, the issue hits the homepage of slashdot. the hackers have already won the arms race. i.e. gif.
Updating frequently broken software is nowhere near of true security.
I'm typing this on a powerbook
are just something for management to mentally masturbate over, they are meaningless. so what if we were are WankerCon green, if your getting DDOS'd to death why will you care? what has it done for you?
If you mod me down, I will become more powerful than you can imagine....
Isn't "color-coded threat levels" an excessively paranoid way to describe what we've always known as outdated, buggy software? This kind of representation paints a very fake picture -- as if those "threats" are a given and that all we can do is "try to protect ourselves", when in fact what we're dealing with is simply the result of flawed operating system design. These threats are only symptoms, not the root of the problem. I wonder who benefits from making people focus on the former instead of the latter.
The filesystem is the package manager
...Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon."
WTF is this supposed to mean? Is there anyone in the office who took a grammar course in the last two decades who could translate this?
No offense to the submitter of course, but the combination of all of those crazy named watchdog groups sounds like either something out of a comic book, Star Trek, or B movie.
Where's Will Wheaton when you need him?
on all of my Linux boxes..
Thanks Linus!!
...and colorblind admins go on without a care in the world....
-- Fugacity: Confusing chemists since 1908
Critical updates can still be obtained without passing WGA.
but youre already +5
that could well be the funniest thing I've read in 4 years on slashdot.
as we'd say on fark, you owe me one new keyboard. make it one of those new ones with the OLEDs please.
Maybe Microsoft should create their own virus, exploiting this most recent flaw, that would automatically patch any computer it infects!
On second thought.. Windows users would probably detect the 30MB worm before it could "infect" their computer, and reboot.
Surely they think of better names for something unoriginal and overused like ($Buzzword)con? How about...
NinjaHackRating
***Evil Laugh***
"Sure there's porn and piracy on the Web but there's probably a downside too."
i use debian how does this effect me?
Data: Captain.. Sensors are picking up localized pockets of Upnp activity in subspace transmissions.
Picard: Geordi, can we triangulate the originating source?
Geordi: Yes sir, it's coming from a planetary system 15 light years from our present location. Long range sensors indicate it is...
Picard: Yes, I know... Microsoft...
Picard: All hands, yellow alert. Data, set a course for the source of the transmissions. All hands, to battlestations. Worf, put us to red alert upon enterting the system. We don't want another Code Red Incident. And send out a subspace communication to the Federation, all ships, all systems.. We have engaged Microsoft..
Worf: Yes Captain.
Picard: Data, we did test our monthly Microsoft patches on the first Tuesday of the month, correct.
Data: Negative Captain. Unfortunately, there were exploits in the wild which take advantage of the weaknesses in the Upnp service installed on the ship's computer, and the Federation threat level was raised, so we did not test them.
Picard: Damn Microsoft. Alright, let's be careful. We don't know yet what we're dealing with. Maximum Warp! Engage!
Slashdot.. Land of nerds, trolls, and FlameBait..
... Windows is the most used OS.
Those who are bitching about Microsoft [again] don't realize that there are patches available, and no one wants to attack a few computers. Increased market share will be any OS's undoing, enjoy the small market while you can.
Modding me down and calling me a troll/flamebait will only prove Slashdot's unfair bias.
I think the threat level was raised to blue...
But what does this mean?
STOP: 0x0000000A (00000595 00000002 00000000 8010da41)
IRQL_NOT_LESS_OR_EQUAL
Slashdot.. Land of nerds, trolls, and FlameBait..
Yellow?! What are we going to do now?!
*Jumps out the nearest window*
Game... blouses.
How exactly?
Such inferior design and execution.
You poor poor bastards that are forced to use and deploy Windows on your machines.. I feel so sorry for you.
Me on the other hand has some OBSD goodness backing up my Debian machines and with one command they are all updated and secure.
Seeing windows techs actually having to leave their office to take car of a computer problem makes me sad and bewildered. I mean, that's what the network is for? Right?
It Just Works(tm) for me... =/
Beware he who would deny you access to information, for in his heart he dreams himself your master. -Anonymous
Wow, that summary is chock full of wierd names, AlertCon ThreatCon etc.
youd think they could come up with some less... tacky names
I guess someone over at ISC had to blow the dust off the colo(u)r sensor (grins), but seriously, not much on the radar to panic anyone right now. Still, if you aren't awake you really ought to add ISC to your
morning newspaper (wakeup + gallon of coffee) along with some others, so for the sake of people who don't grok the need to be aware (but: go read doug adams and don't panic as well!):
Here goes: (sometimes costs me an hour in the morning, but it's worth the effort...).
http://www.dshield.org/ http://secunia.com/ http://vitalsecurity.org/ http://www.f-secure.com/weblog/ - gossip and just
plain fun (cough) dilbert (cough).
(many others, but i'm tooo lazy on a sunday morning to write em...).
Oh, and be sure to replace the windows task manager with the wonderful (process explorer)
over at the always splendid Mark Russinovich's sysinternals.com (it'll save you when your friends machine gets pwn3d). (hint: it shows tcp/ip connections so you can see if ET is phoning home).
Finally, no list would be complete without a pointer to "comp.risks" (google groups ok?). Laugh. It helps...
cheers all,
Andy.
It seems that the majority of people in the US and Canada believe that people who advocate terrorism should be jailed.
If they wanted to, that law and your post would be all that it would take.
It's getting scary out there.
"When the going gets weird, the weird turn pro" -- HST
Affected Products:
.NET companies,
Microsoft Windows NT 4.0 up to and including SP6a
Microsoft Windows 2000 up to and including SP4
Microsoft Windows XP up to and including SP2
Microsoft Windows Server 2003 up to and including SP1
It's nice to be a Microsoft "reject"...
at least when worms come out I don't give a damn.
Just don't use Internet Explorer and have a good Firewall...
The only problem with Windows 98 SE, is that most newer machine cannot install it properly, since drivers do not exists!!! arggggg.
Which means.... hmmm
maybe I should update my Dell Laptop. =(
Anyone knows where to find Windows 98 drivers for Dell laptops ?! [Hint: Dell Tech Support are clueless]
Also, it's funny that all those fine
which insist on using ASP.NET, C#, ISS crapt will get infected again, again and again...
why nobody learn... just use LAPP!!!
(Linux, Apache, PostgreSQL, Perl/PHP)
Internet Threat Level meters
So a few [new] holes in Windows means the Internet is under great threat. Without Windows the Internet would be a safer place. Ok, so what's the news ?
Internet Threat Level meters are at level 2/4 because of Windows Plug and Play vulnerability's
Since when has Windows become the Internet?
I'm sorry, but if I have to take stuff seriously, can someone put it in plan simple english without these threatening big brother buzzwords?
"Internet Storm Center"
"turn the Infocon to yellow"
"Internet Threat Level meters"
"Symantec ThreatCon"
"DeepSight Threat Management System"
"Internet Security Systems X-Force"
"AlertCon"
Sounds like a bad CIA / X-Men / Matrix rip off movie.
When you disclaim something, you remove your own responsibility for it. For example, if I saw something about the law and then say "Disclaimer: I am not a lawyer", I am using the word correctly: I'm disclaiming any responsibility towards people foolish enough to follow my advice, as well as warning them why they shouldn't take it too seriously. Your "disclaimer" is really a "claimer": you are saying that you speak from an insider position and know what you are talking about. So don't misuse the word "disclaimer" in such circumstances. Unless, that is, you mean to say that though you are one of the ISC guys, you are just giving your unofficial opinion, other ISC guys disagree, etc. But it doesn't read that way.
I just read the rest of this morning's news on /. half an hour ago, and just popped back to read this article. Seems a good order, reminds me of how TV news works. They show the day's 'real' news - war, disasters, etc and then at the end, just before the weather they have something silly to cheer you up, usually animal related - an otter that can surf, monkeys at zoos having triplets, etc
/. we have the day's real news of interest, software patents, privacy, Google joining Apple, and then at the end when we think all is bleak for free software, there's a short story on Windows to make you laugh. Look, it's insecure! All their sensitive data's being emailed around. Ha ha.
Here on
InfoCon, ThreatCon, AlertCon... maybe someone could create a meta-Con of sorts, one that averages all the other *Con values. It could be called ConCon.
More often than not these days, the real tough buggers have randomly generated process names. Here's how I clean a machine:
.
.
.dll that is registered and can't be removed. Never fear! Write down the .d
Tools required:
Process Explorer(procexp) from http://www.sysinternals.com/
autoruns.exe from the same, or hijackthis.exe from http://www.merijn.org/
Any good virus scanner(McAfee's Enterprise scanner is decent. Use a simple scanner if possible, not a scanner/firewall/spam filter/personal servant. It will be generally be faster and simpler.
Ad-Aware from http://www.lavasoft.de/
LSPFix from http://www.cexx.org/lspfix.htm/
Updated Stinger from McAfee http://vil.nai.com/vil/stinger/
Experience enough to know valid windows processes and files.
Have all of this on a USB drive or CD. Will probably fit on a 64mb drive, unless your virus package is bulky.
Boot to safe mode
Start Task Manager or Proc Explorer and kill anything that doesn't look good, or everything that you know isn't part of windows. You could go to Control Panels:Admin Tools:Services and stop all services first, this will narrow the field.
Run Stinger, just let it scan memory and running apps. Don't wait for it to do a full system scan.
Run Ad-Aware, do the same. Just trying to ditch bad things that are actually running.
If you've gotten this far in 15 minutes, the machine probably isn't in too bad of shape. Dump all temp files, c:\temp, c:\winnt(windows)\temp, c:\documents and settings\username\local settings\temp, c:\documents and settings\username\local settings\temporary internet items
Update virus definitions and do a full scan. Latest SuperDAT from McAfee or Definitions from Symantec or whoever you use, should also be put on the USB drive or CD.
So, virus scan didn't deal with it, or couldn't stop/remove it? This is where it gets tricky and completely manual. This is the point where most people give up, since you really need to know what should be where in Win2k/XP/2k3. I'm really not thinking of 95/98/Me, if those are hosed just wipe it clean and move to XP home for $99-199
Run HiJackthis and look for gremlins. This tool really requires an eye for what is supposed to be there, but pay special attention to startup objects and BHOs(Browser Helper Objects aka evil Internet Explorer plugins)
Add/Remove programs. Go through it with the client. Anything they don't recognize, or know they don't need, ditch. This can be risky, since people forget, but compared to a reinstall . .
Now for the real manual part . .
Run lspfix and check for foreign entries. There are normally 2-4 LSP's present. I usually only do this if there are persistent network failures.
Check Hosts file at c:\winnt(windows)\system32\drivers\etc\hosts There really should only be one entry in here, for 127.0.0.1 localhost. You may have already checked this with hijackthis
Browse to c:\winnt(windows). Sort by date. On a default install, the file modify dates are going to be a long time ago. If you see anything from within the last few months, get suspicious. Ignore log/text files, but don't ignore those without an extension. Do the same for c:\winnt(windows)\system32 This can be a bit trickier, there are way more files in system32 than winnt(windows), but the same rule generally applies. Anything from the last 3-6 months is suspicious.
Do the same for c:\program files Delete any empty folders that your previous uninstall didn't remove. You should have an idea what is supposed to be here, after doing Add/Remove programs, so hack and slash the folders that you don't think belong.
In one of these deleting sprees you are sure to find something bad that won't let itself be deleted, usually a
> Windows Plug and Play vulnerability's The author probably intentionally didn't say it applies Windows 2000 only. XP and others are secure. Win2k are now an *obsolete* system. It's like someone wrote about vulnerabilities in Windows 3.11. It's obsolete. Period.
"Two things inspire me to awe -- the starry heavens above and the moral universe within." - Albert Einstein
LOL... :-)
Ok, now I feel sorry for the 99+% non-French-speaking people out there, so I'll try and explain briefly why some of us can't help but laugh at all those TropCon names.
"con" used to be slang for vagina and has evolved to roughly mean "f*ing dumb".
How adequate sometimes...
Remember everybody... CONSTANT VIGILANCE!
;)
Please don't hurt me
Agreed. Pathetic paid for stories should be marked ad in bold letters. That would be preferable to the current situation of injected pseudo stories (ads) which just puts readers off. The games section is particularly bad. About two thirds of all stories posted are ads.
Unfortunately Taco doesn't want to know about it but in the end all you are left with is one big advert and no stories anymore. Eventually when traffic dips Taco might wake up to the hollow sham he is creating which he thinks is perfectly acceptable. Yeah it's tough most people filter out banners but that's just how it is.
Put the real stories up Taco and people might click your ads or even buy a subscription but this path of half baked ads masquerading as stories needs to end. And before anyone says 'well that's how it works in TV and magazines therefore it must be ok'. It's only 'ok' because there hasn't been an alternative until recently. And TV viewing figures are literally dying. There is a big appetite for content and for the truth these days, so get with the game Taco.
Doesn't every ISP already have the typical windows ports blocked already?
I mean, in every one of my routers I block 135-139,445 TCP/UDP. (Yes, I know, there's one or two that aren't windows specific, but its easier on the FW rules considering its exceedingly rare for any legitimate traffic to go over the 'net on 'em)
Maybe the yellow alert is warrented, but imo its jumping the gun. And to those network admins who haven't gotten the hint yet and blocked those ports, DO IT NOW! Thanks. Oh, and while we're at it, make some decent anti-spoofing filters too, huh? Only things that should be leaving your network are *your* ips, and conversely the only things entering should *not* be yours. Lets all work together to make a better 'net huh?
Fucking hell! Is your second name Sisyphus? Plus you're doing half-assed stuff like sorting by file date and automatically overlooking old files?
Save yourself some of your lifespan dude and do what's the only right thing to do to a compromised machine: reinstall from fresh media.
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
Great tips, thanks!
:-/
I will have my CD ready for my next family reunion.
Sometimes I almost wished Microsoft's own Internet imitation hadn't died. Then, we would have the true Internet, with the academic publications, some grassroots stuff, and the users of alternative operating systems. And the Microsoft network with all the Windows users, entertainment, flashing adverts, worms, pr0n, and everything.
Of course, people would probably build bridges between the two networks, and the bridges could probably be exploited by worms...but the vulnerabilities would probably be on the Microsoft side for the most part, meaning that worms could travel from the Internet to the Microsoft network, but hardly the other way around.
Ah, how pleasant dreams can be...
Please correct me if I got my facts wrong.
omg ginny weasley is such a H O T cunt!!
I guess I'm a little too jaded about these things, but I find it interesting that this latest round of *major exploits* hits us just as WGA is coming to bear.
I'm sure it *is* a coincidence, but I'm left wondering how many boxes will be left unpatched out of fear of WGA - or due to WGA restrictions?
The thing that really galls me on MS with these issues is the fact that it's THEIR problem, and they issue a security update to patch a product a user BOUGHT under good faith. Then you have to sign your life away/agree to various thing MS can do to your machine to apply it - as if it's YOUR fault and not MS's onus.
It means there is one less windoze machine infecting our internet. I consider this a good thing.
The only thing better would be to change the security switch on that machine from [I]nsecure to [O]versecure, which will change your machines threat level from blue (panic) to black(get a life). Typically the security switch is found on the back of the computer. Flip it. Go outside, enjoy the day.
the AC
Going to follow my own advice now
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
I would love to partition the drives so that the OS resides on a separate partition from the user data, and yet another partition for the extra installed programs. That would be sane.
Serious question...
I fully agree with you on breaking out data to it's own parition. I do that...well, did that myself back when I ran Windows. However, what benefit is it to dedicat a partition for installed programs when "installing" a Windows program generally entails files being copies to system areas and/or registry keys being created by the installer? Even if the programs partition survived, you'd still have to re-run all the installers so that the necessary registry keys are created, etc...
Internet Storm Center, InfoCon, ThreatCon, Exploit, Internet Threat Level, DeepSight Threat Management System, Internet Security Systems X-Force
I think thats a huge amount of buzzwords to add to a 7 line summary. Any novices reading that will have nightmares! I just chuckle at the techie mumbo-jumbo...
Resident of Skara Brae since 1985
Not to sell a used car at a funeral, but... when these worms hit is the best time to push linux, especially to companies who see significant downtime and lost sales. Something along the lines of, "You know, if you were running (Insert *nix and/or BSD distro here), you'd still be in business. Right now, your business is doing as much sales as a liquor store being robbed, because being 'robbed' is exactly what's happening. If Windows is the liquor store, (distro) is the well guarded bank. 'Robberies' can still happen, but they are extremely more rare and the 'crooks' will be caught sooner."
I8-D
Things were so much simpler when PCs came with full OS licenses and a full set of disks. Now, the only choice is to either manually disinfect for HOURS without disturbing too much of the installation, or format and use the "recovery" cd, and the user is fucked for whatever was on the machine if it was never backed up.
That's not true at all. Get a copy of the vanilla XP SP2 OEM disc and use the OEM key on the case. If you're willing to pop the hard disk in another system and put the drive's contents into "Old Data" and then use the XP unattended install floppy disk answer file, it becomes a breeze. I charge out at $200 to do it, as there is a growing number of people who are willing to be ignorant of their systems and don't mind getting it reloaded every so often. I believe the same people who are scared of OpenOffice.org also would get scared if they saw C: D: and E: as hard disks, and they'd use that as their backup.
..STOP Using Windows...
Ya Ya..
she's a slut ...
We just found a new worm using the 5-day old PnP exploit. Film at 11, more at http://www.f-secure.com/weblog/.
In fact, more than 275,000 developers have downloaded Windows CE Shared Source in an attempt to locate all the bugs in the software. This is another attempt by us to increase the security in our software thereby convincing our customers to stay with Microsoft.
"Nobody ever went broke underestimating the intelligence of the American public." - HL Mencken
oh wait thats windows XP!
ba-dum-tish!
Or Microsoft Windows Threat Level?
Apparently there is a MS05-039 worm in the wild and running now.
*nix users - prepare for the net to slow down.
Get your own free personal location tracker
What color will the Infocon be then?
Green, because millions of worms and trojans would be stopped dead. The internet might speed up considerably, unless lots of major infrastructure is running Windows....
I think your postly neatly points out why *nix is a better choice for novices. I, for one, can't remember the last time I had to do that much to fix somebody's non-Windows system.
Please correct me if I got my facts wrong.
I have a better way>
/dev/hda /dev/hda1 && mount /dev/hda1 /mnt /dev/hda2 && swapon /dev/hda2 /cdrom && mount /dev/cdrom /cdrom /mnt /cdrom/slackware/*/*.tgz
/dev/cdrom /cdrom /cdrom/slackware
% fdisk
% mke2fs
% mkswap
% mkdir
% installpkg -root
% liloconfig
% reboot
And it'll work forever.
Twice a year, you download the new version and do something like>
% mount
% cd
% upgradepkg --install-new */*.tgz
Now, tell me again how is windows easier than GNU?
WTF am I doing replying to an AC at 5 A.M on a Friday night?
Did anyone besides me originally read that as the global DeepShit Threat Management System?
I think I like it better that way.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
You, my friend (aha! irony), are just one more lazy/stupid user who will eventually get hosed by an auto-update.
"I've never rejected anything in the updates so I probably won't ever reject the update so let me automate the inevitable system slagging MS Update is going to give me."
ANOTHER FUCKING STUPID WINDOWS USER
...is available here
save your lifespan and reinstall.. reinstalls aren't always an option! and nor should they be for a simple bit of adware.
ok... backup (2 hours), reinstall (1 hour), install updates (1 hour), Install drivers + applications (1.5 hours), setup internet / email / printers / other (30 minutes). put their backup data back on (30 minutes). Explain how you couldn't save their pirate copy of office and listen to them whinge that they can't open word or excel (30 mins).
that's 7 hours. not to mention customer is unhappy because everything has changed. they have lost applications. and it's cost them a fortune.
a 2 hour fix it session is a better option for the average user.
A large client was affected last night because of it. And they patched almost all servers this week, but how can you keep patching up with thousands of workstations, including home users accessing through vpn?
Tightening more is not an easy option as people want to do all what Microsoft promises them. When security teams (or just plain support) insist on patching they are labeled as annoying dorks, and when a worm/virus hits because of lame users not patching... just plain dorks!
Sometimes I wish I liked painting instead of computers.
Yeah lets all jump the upgrade spiral.
10 Waste some days upgrading the servers to a new leet OS, dont forget to license the server, you prolly need new cal's for all connecting clients too (sucker).
20 Install patches
30 Realize the patches trojaned some new stupid bloated services
40 More RAM for everyone
50 if RAM > enough goto 10
60 Server cant handle more ram
70 new servers for everyone
80 if redmond releases new os goto 10
90 goto 20
This does not work well in a production system so we change the program to
10 buy new servers with preinstalled os, and cal's
20 waste some days switching to new servers
30 install patches
40 if redmond releases new os goto 10
50 goto 30
All MS does is keep it consultats happy working setting up exchange/AD/whatever on the new servers(becuase we all know they dont upgrade well to next generation OS anyway). The 5 y.o NT 4.0 fileserver still works great. Replace a disk in the raid or a fan to get it up again, the TCO is as low as any linux system in the same situation.
Ah, yes, if only the elites ran the world...
Slashdot - where whining about luck is the new way to make the world you want.
You cannot clean a compromised system with tools running within that system, even in Safe Mode. That's like asking your mayor if s/he's been bribed or not and expecting an honest answer just because the question has been posed during a public council meeting. Wipe, and install from scratch. I would count those ~2 hours as lost in the sense that the system may not have been fixed; you'd probably have been better off watching a funny movie with kith and kin.
Try googling rootkit. *nix has been around ~35 years, and not with a perfect security record. *nix admins hae been dealing with breaches for a long time. While the *nix mindset has come up with clever tricks to detect rootkits I have yet to hear anyone sucessfully defend cleaning any system from within itself. The problem with this approach has nothing to do with *nix and applies across multiple platforms. Because the system is compromised, you can't trust ANYTHING the system tells you about itself, or any tools that use the system to gather information about the system.
I'm hard pressed to imagine an operating system where this would not be the case, but perhaps others would enlighten me.
If opportunity came disguised as temptation, one knock would be enough.
3^2 * 67^1 * 977^1
If you still can't quit Windows, at least get yourself a normal browser and a decent media player!
Security left in the hands of anyone is security that should be questioned. If the Internet-using population as a whole isn't educated in at least basic security practices -- even if it's only a one-minute checklist of things they should do and how often, and a thirty-second warning about how bad things can get if they don't pay attention -- then nothing any vendor does will matter. It doesn't make a difference if you're Microsoft, or Apple, or $LINUX_DISTRO_VENDOR.
To their credit, all recent versions of Microsoft operating systems have had an automatic updates facility built in. If users either configure this to download and install automatically, or do it manually but regularly if they're more cautious, then most users are protected reasonably quickly against most things. That's a big step forward from where we were a few years ago. With WinXP SP2, Microsoft have started making security big and obvious to the kind of user that previously didn't do this stuff, which helps a bit more.
I'm all for criticising security and encouraging anyone producing systems software to give it the emphasis it deserves, but let's be fair. Microsoft are the leader of the pack in terms of promoting downloadable, automatic updates, and whatever Slashbots might like to think, measured objectively Microsoft also patch the vast majority of reported exploits very fast. Within hours of a major worm breaking out, there's usually a patch available on Windows Update, and it's prominently advertised all over the Microsoft home page.
Remember, the exploits we're talking about here are for vulnerabilities Microsoft just released patches for. But that doesn't help if users don't understand that they need to install these patches or bad stuff will happen. The vast majority of Windows security breaches occur on unpatched systems, when a suitable patch was available at the time of the breach.
Almost any generic criticism that is made of MS security is also applicable to major OSS platforms/applications and to commercial competitors like Apple, so banging that drum every time the subject comes up doesn't really help anyone. If you want to make a noise, please go and find a friend or family member who doesn't use a personal firewall and anti-virus software. Then take a moment to educate them about why they should, and show them what they need to do. If we all did this instead of bitching about how Microsoft "don't write secure code" -- who does, exactly? -- that would help everyone a lot more.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
The thing is, the whole claim that OSS has inherently better security has been exposed as hype for a long time now.
Some OSS projects have excellent security, because the project leaders place sufficient emphasis on it, and the coders code with that emphasis in mind.
Other OSS projects do not have good security, sometimes not even as good as Microsoft and co.
Consider this: I have downloaded patches for more security flaws in Firefox than for IE in recent weeks. Moreover, the IE patches were offered to me via automatic updates within minutes of being available on Windows Update, while the Firefox patches did not show up as automatic updates for several days after they were available from the project web site in some cases. They even had a whole version missed out of the automatic updates, because somehow a release was made that contained serious bugs of its own, and had to be withdrawn.
This is not intended to be a slam against Firefox; it's great software and the project seems to be run well, the vast majority of the time. Rather, this is intended to demonstrate that nothing's perfect. Trying to convert people from Windows to OSS alternatives, based on security fears, at a time when a worm is circulating, Microsoft has made a patch available, but people haven't bothered installing that patch yet, really is being a used car salesman in the most derogatory sense of the term.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
We've rejected two in the past year, both of which fixed a weakness in a protocol by effectively disabling all use of it -- and with it, most of the interconnection between Windows and UNIX boxes in our office that relied on SAMBA. :-(
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Here are my conclusions about the current Windows threat level:
Today, 173 users of Slashdot will post comments about how Windows security sucks, they've had enough, and they'll be switching their entire corporate network to Linux on Monday. None of them will.
Threat assessment: hollow.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
I fully agree. My home network is made up of 3 OS X machines and one windows box for when necessary. With OS X, I could actually agree that the best fix for a compromised machine(were it to happen) would be a reinstall, since there's nothing user specific in the System directory anyway.
After you do all that - Windows is dysfunctional - IE wont load, you get random crashes etc. I am talking out of experience - people gather so much malware over just months of Win XP use, you will hate to clean it up for a non-functional system. Often, re-install (BIG PITA) is the only way out, or spend some more bucks for something like Ghost and image a sane install for restore at a later point..
Browse to c:\winnt(windows). Sort by date. On a default install, the file modify dates are going to be a long time ago. If you see anything from within the last few months, get suspicious.
Good summary. I'd add that some mallware fakes the date and sets it's files to hidden so looking for hidden files can be a good clue when you run into something really persistant.
Save yourself some of your lifespan dude and do what's the only right thing to do to a compromised machine: reinstall from fresh media.
The problem with that is that many users don't have backups and may not even have all of their CDs etc. Plus even if they have everything you still have to spend an hour or two with Windows Update so you probably arn't really saving any time.
I search google for dlls/exes in WINNT/WINDOWS that have been recently created/modified. You'll find many sites of people posting their hijackthis log, (or sites trying to sell spyware software using thses dlls as keywords) but it's not too hard to find information about the file.
That's sure a big block of horrendous writing there.
Editors?
resigned
...but they don't want you to reinstall... they want you to fix the PC without reinstalling...
A reinstall is a pain in the ass for them... applications don't work (thx. for the registry, Bill) and shortcuts, recent, favorites and history are gone... and so may all their email be...
We are not up against manual rooting. We are up against automated mass-installs. They aren't very smart and we CAN kill them from within.
Well, one neat thing about OSS is that you can write things like the above, and then pretend it's someone else's fault if your project's security is crap. It's the ultimate blame transferral technique.
Sure. It's well known that when Microsoft or Apple sit on a serious flaw for more then a few days, there are no professional organisations who specialise in attacking their software and finding the bugs. Moreover, while those organisations don't exist, if they did they certainly wouldn't release the information publicly if they thought the commercial groups were taking too long over fixing it.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Don't like safe mode, then try BartPE. It's basically a live windows CD, quite customisable. http://www.nu2.nu/pebuilder/
For instance, I make $50/hour off installing Ad-aware, some decent virus scanner and up-to-dating all of their software.
People using Linux never ask for help in the real world. They ask on irc, usenet, whatever - at least they know what they're doing and they certainly don't want to pay for fixing their Free Software.
Quote: "Within hours of a major worm breaking out, there's usually a patch available on Windows Update, and it's prominently advertised all over the Microsoft home page."
That is pure fudshit (ie fud-like bullshit).
Quote: "Microsoft are the leader of the pack in terms of promoting downloadable, automatic updates,"
I think Debian might like to argue with that statement. You might argue that it's not automated, and I'll argue that I can add it as a cron job. Done. 5 seconds work.
Quote: "But that doesn't help if users don't understand that they need to install these patches or bad stuff will happen."
Have you actually lived in the real world? Most Windows users don't give a shit about viruses, or worms, or spyware. They have absolutely *no* idea what they're doing. By the time they realise that they have a virus, it's too late. I've seen people turn off anti virus software because "it slowed my PC down too much". Idiots use Microsoft Windows. Smarter people use BSD or Linux.
Quote: "Almost any generic criticism that is made of MS security is also applicable to major OSS platforms/applications"
Wrong. OSS patches much quicker than Microsoft ever has, or ever will. Don't believe the bullshit hype that some "security consultant companies" have said, especially considering that Microsoft bribed, oops, I mean paid them lots of money to come up with pro Microsoft choices.
Quote: "If you want to make a noise, please go and find a friend or family member who doesn't use a personal firewall and anti-virus software. "
Funny thing is, most Apple, BSD & Linux users that I know don't use anti virus software, or firewalls, and never have, and don't intend to. They don't have a sprout of viruses coming out of their asses. So, that leads me to believe that it's due to problems with the platform itself, and inherent security principles, than anything else.
Quote: "If we all did this instead of bitching about how Microsoft "don't write secure code" -- who does, exactly? -- that would help everyone a lot more."
No one writes *totally* secure code, but there are those that do write significantly better code from a security point of view (openBSD as an example).
Your comments are pro Microsoft fud.
Dave
Slashdot can go and get fucked.
Oui, c'est con ça. Surtout si l'on se rappel l'existence du mot "conne". Il va falloir soigner cette explication.
How many beans make five, anyhow ?
>Boot to safe mode
Not good enough. Remenber the old rule for virus cleanup - first boot from known clean media. There exists thing that run in memory that will not reviel themselves to any tool - they are very well hidden. A total format and install is the only sure way to clean a very FUBARed system. Not even then if the BIOS has been hacked. I have also physically moved a FUBAR drive to an known clean system as the slave or ide1 master. Let nothing execute from this drive. Now do a cleanup job on it. File dates from the past are not a reliable check. They can be reset to anything a hacker wants.
zenray