Slashdot Mirror
How Long is Too Long to Update?
StWaldo asks: "I'm sure everyone knows the story about the life expectancy of an fresh, un-updated PC, once it's connected to the internet. What about a PC which just hasn't been updated in a while? I've been deployed in Iraq for the last 9 months, and haven't been able to hook up my laptop to the internet to get updates (I do HAVE access, just can't hook up a personal laptop, gov't only). Before I deployed, I would update my software (system, anti-virus, firewall, anti-spyware, etc) regularly, but as I get closer to coming back to the States and my broadband connection, I'm beginning to wonder what the life expectancy of my PC will be. What's the lifecycle of a security exploit, hack, virus, etc - between discovery/release, propagation, and extinction (or a state approaching extinction)?"
If you have Windows, your PC will simply die in pure agony.
...with an unprotected connection? Who cares?
1. Put your computer behind literally any personal firewall/router (Linksys, DLink, etc.) that can be had - wireless and wired or both - for under $50.
2. If you have Windows XP Service Pack 2 (SP2), just make sure the firewall for your network connection is still enabled; it is by default on SP2, and Security Center will warn you if it isn't. Unless you explicitly disabled it, it will still be enabled.
If you don't yet have Service Pack 2, simply enable the Windows firewall (Internet Connection Firewall) for any network interface(s) you have. This can be done on the Advanced tab of each connection's Properties.
3. There is no step 3.
There's nothing you have to do other than ensure you have a software firewall enabled, and optionally have your machine behind a nice little personal firewall/router. Then it doesn't matter how long it's been or what exploits are out there[1].
That's it. Even the built-in Windows software firewall on a machine with no patches or service packs installed will protect a Windows XP system. Seem simple? It is. One wonders why it took Microsoft *so long* to make it the default.
[1] Sure, there may be exploits that affect browsers or other aspects of the system that could be exploited by *visiting malicious sites*, but the machine, just sitting there, won't be vulnerable. If all you're going to do is immediately update everything anyway, you have nothing to worry about.
Buy a Mac. :p
(while, yes, I appreciate Macintosh computers, it is true that security issues are of great concern for everyone. It is still important for Mac users to stay updated, just as it is important for everyone else.)
Deja Vu
n. 1. The sensation that you've read this very article before.
don't start any applications
make sure your firewall is running
do your updates
bingo
bam
Make sure you are behind a nat router or decent firewall and do not have any redirected ports (or DMZ) to the private ip address you machine should be using... and you will be pretty safe... not entirely, but your chances of getting infected are relatively low provided you do not stray too far from the path while updating.
Help Brendan pay off his student loans
Use a hardware firewall when reconnecting, if at all possible - like the ones in most routers.
This is not the greatest sig in the world, no. This is a tribute.
If you have a decent firewall (even the built in windows one could be considered OK) then I do not think you will have a problem with any problems, as the firewall should stop the worms infecting through any exploits and as you are posting to slashdot I assume you will not be opening any suspious attachements.
If you have one, put your laptop behind some kind of NAT. This will at least let you fetch your updates without having to expose yourself to the wild.
Turn on your windows firewall. Then start windows *BEFORE* connecting to the internet. Once you're finished starting windows, connect and download your patches, etc.
;-)
Repeat as necessary.
P.S. don't forget to download Firefox for a safer browsing
Seriously, it isn't that hard. A software firewall installed on the PC would do in a pinch, I guess, but I typically don't like running a machine without something protecting it ANYWAY. Heck, since it is a laptop, when you get back, just ask a friend if you can plug it in his/her router and update from there, if you don't have one yourself.
--- Ãther SPOON!
we need a guineau pig to find out for us... oh wait, er... tell us when YOU find out :P
LINUX ONLINE POKER: Linux Poker
Hook it up behind a NAT box and you'll be safe as long as it's not in the DMZ.
This is the approach I use when installing off my original release 2K3 server discs, since apparently the internal firewall is not enabled by default so it gets nuked before it's even done installing if it's unprotected.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
The key word there would seem to be "unprotected". A $49 firewall set to block all incoming traffic (which you can configure off-line) followed by direct surfing to appropriate update links before doing anything else (and installation of Firefox for most browsing if you don't already have it) should do the trick.
sPh
Don't do it. For the love of bob, don't do it. Make sure your computer is behind a firewall and only then should you connect. The first thing you should do is get all the latest security updates for Windows. NOTHING ELSE. NO WEB BROWSING at this point.
Once that install/reboot cycle is complete, grab the latest updates for your antivirus and antispyware system. For extra security, make sure you perform a complete scan for viruses and spyware after all the updates are complete.
Once that install/reboot cycle is complete, update the rest of your applications.
Under no circumstances should you attempt this without being behind a secure firewall. Even if you are, you still have to be very very careful (hence, no web browsing until your computer is up to date on Windows and antivirus updates).
Oceania has always been at war with Eastasia.
Spend $50 to buy a hardware firewall and the life expectancy of your laptop will skyrocket :-)
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
... than that of people being deployed to Iraq.
I think the doom and gloom may be overstating the dangers here.
My wife hadn't touched her laptop computer in 6 months. She fired it up, it was updated in 5 minutes and she was fine.
Two things helped:
a hardware firewall
It already had XP SP2
If that's your situation, just fire it up and go.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
...if your update comes out before the next version of the Slashcode.
seriously, instead of fretting over updates and upgrades, why not consider just a world of web only services for everything from email to word processing, excel-like spreadsheets, calendaring, media management and so on? there's a gigantic write up on a breed of ajax related tools (all free excluding one) broken into two parts at these two links: part 1 is http://digbig.com/4fptq and part 2 is http://digbig.com/4fptr NOTE: these should all be easily accessible, though i'm not sure of where you're at physically when looking for access and so you may experience restrictions (specific to a few middle eastern countries, just got pinged by a chum in UAE who can't get to tons of sites right now)
enjoy life, and Gmail.pro
Wow, has anyone even read what his question is? Doesn't seem like it.
Obligatory reference to Average PC survival time
http://www.transparency.org
> I'm beginning to wonder what the life expectancy of my PC will be.
Around 5 years, but hard drive will probably fail sooner.
As long as you have a decent firewall on your PC, you can update at your leisure. If your firewall is working, then the bad guys are kept out. Of course, you can always get past the firewall by opening up an OUTBOUND connection (web brwoser, e-mail, etc.). In that case, worry.
For the paranoid running XP, here is what I would do;
1) Connect to the internet through a cheap and properly configured NAT box (if possible)
2) Update firewall
3) Update windows
3) Download any update for other programs that you use (Firefox, Thundebird, etc.)
BTW: I hope that you are not using Outlook and IE.
"-1 Troll" is the apparently the same as "-1 I disagree with you."
What OS do you have? Linux - 19.85141124 weeks (stop all extraneous services) Windows - Your screwed Mac OS X - I'd say 19.85141124/2
You've plenty of time, if you are behind a firewall, or even a basic home NATing router. If you don't have one, I'd consider getting one, or visiting a friend who has one to get patches.
1) Get all the updates from a friend and burn them to a CD. Install updates before connecting to the internet.
2) Connect to the internet behind a hardware firewall/NAT device. Then update everything.
I would recommend doing both.
Don't worry 'bout it...I'm already in your box...
Seriously though, one thing you didn't mention is what OS you are running. I'm going to assume it's Windows and as such what you might try, if you are indeed worried about plugging up, is to download XPSP2 and whatever other patches you can find from a known good machine and apply it to your machine while the box is offline. Or, if you can't d/l it, visit your base's IT shop and ask them for a copy.
The machine will have a lot shorter lifetime than an American soldier in Iraq...
We look forward to having you back, by the way! While there are those here on /. who opposed the war, politically, I think we all wished you (and all the other soldiers there) nothing but the best. Our thanks for a difficult job.
Key word is usually. You do the math.
2 years and no mod points. Join reddit. Because openness is good.
What kernel version are you running? Even on an old OS, if you do not expose any unnecessary functions to the Internet (such as BIND DNS), you should be relatively safe.
I have an old Redhat 8 system running on a AMD K63-500. It hasn't been rebooted in 4 years (yes, the kernel is horribly out of date... but there are few outside services, and no untrusted users). I'm afraid to upgrade such an old beast... I can't imagine Fedora Redhat and the QA folks spending much time on these ancient chipsets.
You aren't running Windows, are you?
Your life expectancy, depending on what sites you go to, is about 4 minutes before you have 60 pieces of spyware, which then turn into 200 in about a half-hour. At least, that's my test on my Dual Xeon, with Windows XP SP2.
Where all think alike, no one thinks very much.
Order the Windows Updates on CD now, so it'll be there when you return. Run the updates before connecting to the net. Then check for even newer updates from MS. Immediately update anti-virus and anti-malware products.
"I might have made a tactical error in not going to a physician for 20 years." -- Warren Zevon
Behind a firewall: Until you do something stupid.
On the net raw running windows: 30m.
On the net raw running linux: depends on the daemons.
Shadus
Well a good NAT Firewall will help, as many people have stated. However, with the level of paranoia that I'm at (and I'm a security architect for a large corp... so my paranoia is pretty high), I would load all major updates onto a thumb drive or CD or some other media and update before connecting to the web.
Get a life, not a lifestyle. - Hikem Bey
An vulnerability will live on forever provided it show's up when an intruder scans you system and is alerted to the weakend state of a certain program or process. I takes but a moment to consult google for the appropriate exploit and BINGO - said kiddy is in heaven.
For chrissake, put your box behind a NAT and get your updates. Or throw it out and get a Mac. Then get on with your life.
Jesus, I think I might submit an ask-slashdot of my own... "it's been five hours since I last went to the bathroom. I am trying to decide whether to take a piss or a shit. Could anybody post some pointers on how to weigh the pros and cons of each?"
-b
myselfmusic
If your computer sits behind a NAT based consumer router at home (all consumer routers are nat based) you only have to worry about getting a virus through e-mail, for the most part. You are safe enough to install windows updates right away.
If you connect your Cable/DSL modem directly into the computer then you are at risk without a firewall and the most recent service packs. All of the big exploits occure on machines without SP1 and there are a few for machines without SP2.
If you download Service Pack 2 standalone on a seperate machine before hooking up to your broadband. Then install that on your windows machine.
Once that's done enable a firewall. Turning on the Windows Firewall is good enough for right now if you don't have something else.
From this point, install the rest of the windows updates and update your antivirus definitions. You're basically safe with Service Pack2 and a firewall, but I wouldn't run a windows box without the most recent updates and AV.
Wow.
I know I'm being redundant here, but stating it again for purposes of reassurance seems worthwhile. As long as you are behind a good firewall, you should be fine. My family runs two Windows PCs behind solid firewall without any virus protection software at all. They don't swap files over IM, they don't click nonsense (they've learned the hard way), they don't use gnutella, etc. For a year now they've been without a single issue or zombie infection, even with using IE instead of Firefox.
AutopatcherXP is released pretty much monthly an is a conglomeration of all security updates, patches, etc.. any time i've had to install/reinstall XP onto someone's machine, i've grabbed the latest autopatcher and slapped it on my thumbdrive, and took it with me. requires no getting online on the new system until you're all done. safer that way, and i've had no issues doing it that way.
Just turn on the computer, hook up the internet, update virus first. Reboot and run Windows Update. Thats it. Its not like someone is waiting for you to get home and get ya as soon as you connect. You usually have to be doing something to have issues (i.e. bittorrnet, kazaa, limewire, etc.) What do you think people do when the reformat for a fresh install. If you are uber paranoid, download the latest virus definitions from your antivirus' webpage in executable form on another computer and transfer it to your own system and run it manually.
Click Click Bloody Click PANCAKES!
In other news, the letter F acheives vowel status, much to the dismay of Wheel Of Fortune contestants everywhere.
For the love of bob
Microsoft Bob?
-everphilski-
slashdot sucks.
here 'slashdot' means masses of liberal, pseudo intellectual morons.
oh, and did i mention the editors and moderators suck too?
maybe i should start reading digg instead.
bah.
Call it "anxiety" or "concern". It's not paranoia if they really are out to get you.
The higher the technology, the sharper that two-edged sword.
You are trying to update an existing system, not build a fresh one. Using a cheap hardware firewall (like a linksys router) will keep most evil at bay while you do the update. Better to download the big security rollups and service packs from a current machine, burn to cd or thumbdrive, and install those on your box before you connect to the net.
8 6 for a nice pointer to all the patches you should snag. Get the major ones and you should be OK to just do an update.
Check out http://www.msfn.org/board/index.php?showtopic=318
+++ UGUCAUCGUAUUUCU
man... you are in Irak...just think about YOUR life expectancy
Get a friend to burn the important updates to CD and mail it to you. No biggie...
You know, we're never going to again have the heady days of huge Windows viruses that propogave over the network and infect every Windows system in sight. The days of massive viruses like those are over.
What killed them? Windows Firewall. I think MS learned their lesson on that one.
Wouldn't you just do what everyone else does?
su
emerge sync
emerge -pv world
emerge world
??
All your laptop are belong to us!
Heroscape, it's like legos combined with anachronistic wargames.
You have a laptop...If it has wireless just drive through any apartment complex and get a wireless connection.. it will probably be a Linksys router/firewall.. Download updates... Touchdown..
Ad eundum quo nemo ante iit!
If your PC was clean when you leaved the Net and you didn't installed any software etc. while disconnected from the Net, a firewall well configured, stopping everything except outgoing connections, will give you plenty of time to upgrade your software, without any danger. Just do the upgrades as your first move when you're back on the Net. Regards
as I get closer to coming back to the States and my broadband connection, I'm beginning to wonder what the life expectancy of my PC will be
Now that's a geek.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
I had to borrow a tile saw a couple of weeks ago. The guy, your "blue collar" type, asked if I knew how to use one. Me, the (ex)IT guy, couldn't say "Yes". I just said I've seen them used - which is true - until he got it out of me that I didn't. He said "It's OK to say you don't know.
Ya see, that's the thing in IT: if you admit not knowing you're called an idiot behind your back or sometimes, to your face and you begin to keep your mouth shut: to the detriment of anything and anyone you're working for.
So, think about that you arrogant prick or cunt.
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Original Install Date: 9/27/2004, 12:49:15 PM
System Up Time: 184 Days, 4 Hours, 3 Minutes, 16 Seconds
The only time i had to bring it down was to replace hardware (i am behind a corporate firewall, the XP firewall is active) and i don't care about patches. No, i am not trolling - windows machines enjoy decent uptimes too. Let me know if anyone wants too look at a screenshot.
And how can you post that news if you cannot connect???
How about this? Instead of going to Iraq, why not seek political asylum in Canada? Canadians will welcome any American who doesn't want to participate in his country's frequent wars.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
I use a program that locks the computer's data and system in place while it's turned on, so each reboot is like a new computer. I try to patch every couple of months anyway, but behind a router if you don't have infcted machines coming in, there's little reason to patch under most cases.
The downside to Steadfast is that you can't use Antivirus updates with it unless you figure out which files need direct access to the disk, and spyware updates are hard to apply too. These days it's more important on public machines to have spyware than antivirus protection.
Saskboy's blog is good. 9 out of 10 dentists agree.
This isn't QUITE true; there are one or two older personal NAT routers where the initial factory firmware has had exploits published (especially with certain dumb default settings), and there are a few software packages with versions that both poked holes in the XP firewall and were exploitable. As far as I know, nothing in the wild specifically targets both, so unless you have reason to be worried about highly personalized targetting of your computer, it should be just fine. (If you do have reason, buy a newer router first.)
//Information does not want to be free; it wants to breed.
I have a CD handy with XP service pack 2, as well as antivirus, antispyware, firewall, FireFox, etc. That way, I can get a computer up to speed before even reconnecting it to the internet. After the basics are covered, it's much safer to connect and do the fine-tuning. The same would apply to other versions of windows.
If you can't burn a CD from another computer, and you're pre-XP SP2, you might be better off operating behind a hardware firewall until the updates are completed.
Also remember that if you have a minor bug before completing updates, you can usually clean the system after you're up to speed (antivirus, antispyware, etc). The main issue with the auto-infect feature of new systems is that most users won't take the time to clean the system or even investigate if it's infected.
Quick checklist:
* Does it have SP2? - If no, get it and forget it.
* Is there constant hard disk activity? - If yes, reinstall.
* Do you visit online gambling/porn sites? - If yes, reinstall periodically (evidence? what evidence?)
* Does it take longer for you to be able to do something productive with the 'Start' button than it did to boot? - If yes, reinstall.
After reinstalling, install AVG antivirus, Google up some Windows hardening/protection techniques (msconfig, services to disable, etc) **INSTALL NO SHAREWARE OR THIRD PARTY "WINDOWS FIXING" UTILITIES**, enable Windows firewall, and set Windows Update to perform weekly updates with no intervention.
If things get weird after that, you have nobody but yourself to blame. After having resurrected Windows installations dating back to 95/3.11, I can say that the only sure-fire fix is a fdisk/reinstall.
It's Windows - it *will* break in an inaccesssible or unrecoverable fashion.
Make your time, and don't get taken in by supposedly friendly utilities, banners, offers, websites, emails, etc. This advice is applicable everywhere - life included.
Geez. If you can't figure that out or need a slashdotter to tell you, then you don't need to be using a computer.
My karma is not a Chameleon.
I've been deployed in Iraq for the last 9 months...
BTW: We hope you get to look forward to something as mundane as Windows viruses real soon now. In case anyone hasn't mentioned it yet, "Thank you for the job you're doing."
Unplug the RJ45 and alwayss wear a condom.
/. is good for you.
n/t
Yes, because web services are THE solution when you're stuck in Iraq with no internet connection...
Even better--download and burn a live CD of Knoppix or similar single disk Linux OS, boot to it, and use the hard disk for data storage only. You will never look back.
Linux has a great firewall built in, separate accounts to keep system files safe, and tons of free software on board. In this day and age, you can boot up a modern distro and have basically everything you need--browser, word processor, spreadsheet, email client, games, music, video.
And there are no viruses in the Linux world (that one hears about, at least).
Dump your dangerous OS and you will never look back.
it's = "it is"; its = possessive. E.g., it's flapping its wings.
In the current web 2.0 environment, updating is, in fact, irrelevant. We will all be tied into our apps 24/7 using AJAX and Ruby on Rails. Applications implemented using this paradigm will be updated continuously, like thin clients. Truly this is synergestic for updates.
How many people really think that a Windows PC, when attached to a cable/DSL internet connection, is susceptible to viruses, infiltration, malware, spyware - JUST BY BEING CONNECTED?
How many people do you think there are out there scanning IPs looking for unprotected Windows boxes to molest? And out of those, who actually attempts to sploit the sploit? How many of *those* are successful?
It takes clicking, installing, running. It's not like bareback fucking a hooker in Bangkok.
Sure, you may be open to some exploits, but honestly, why the panic?
Glad you made it home safely!
Stay Safe.
I work with an AV tech support team for an ISP, and our experience is generally that infections tend to be visible for about a month, and after that, we don't tend to see them again. That's not to say you'll be safe from them all, but I thought I'd at least swing an answer at that last question. We tend to stop getting calls about a month after the malware is first identified, so i would hazard a guess that a system unpatched for a flaw more than a month old would be reasonably safe. At least safe enough to chance updating online from behind a router, and installing firefox, opera, or another browser with fewer, or at least less severe and more speedily patched flaws. I'd assume you ought to be pretty ok. If you're particularly worried, you could use a hardware firewall, but I see no need for it. Don't look at porn with IE before you update, you'll be fine...
Comment removed based on user account deletion
...this isn't even relevant.
There is a place on the Windows Update Site where you can download the specific patches and then your could run them separately (Look for some link that they have for Admins). When entire sites or companies's computers have to be updated, they don't waste bandwidth be making every computer talk to windowsupdate.microsoft.com. They download it centrally and then install.
/ software/default.mspx). Some other tools:
i on/3000-8022_4-10045910.html?part=dl-ad-aware&subj =dl&tag=top5h tml
You could download the patches and then copy them to your machine using a Jump Drive or some External HDD.
Also remember to install the MS Anti Spyware Tool (http://www.microsoft.com/athome/security/spyware
Free (complementary) Anti Spyware downloads:
http://www.download.com/Ad-Aware-SE-Personal-Edit
http://www.safer-networking.org/en/mirrors/index.
Clean-up Tools:
HijackThis
LSPFIX
Vote for a decent president and dont go to iraq in the first place
Is this a non-issue for anyone else? I haven't updated anti-virus or spyware definitions for over a year, and I never have these problems, as long as I browse with something that isn't based on Internet Explorer.
They don't swap files over IM, they don't click nonsense (they've learned the hard way), they don't use gnutella, etc...
Wanna trade families? :)
Look at all the redundant "use a firewall" replies. It's painfully obvious that the tard should have done a google search or thought twice before wasting everyone's time. Can you even do math?
The parent isn't Flaimbait.... it's Funny!
The topic is one that should be on a help forum. Not on slashdot. If anything is flaimbait, it's the topic itsself.
I dont know how many days it will last, but I have seen a "working" albeit slow laptop with around 1500 pieces of spyware, as detected by spybot/adaware....thats some serious laptop courage.
There are a lot of people here saying "just use a firewall". That's not good enough. A firewall only protects against direct attacks from the outside. If there are any other PC's on that network behind the firewall which have been infected (maybe via email, web or Sony) those machines may be scanning the network looking for machines to attack. Firewalls are useless against this threat and you are still at risk.
NSA reccomends you download standalone updates on a seperate trusted machine, check the hash of what you downloaded to make sure it's the hash you expected, then burn it onto a cd. Update the computer using the CD before connecting the machine to any kind of network.
Doesn't the Win XP firewall by default allow several things such as UPNP, etc....
A lot of that crap has had some major security flaws...
Just "enabling the firewall" isn't enough... This guy needs to go and make sure nothing is let in...
He got shot at so you can sit on your ass?
7 6
Are you buying into the whole "Protecting your Freedom TM" thing?
If "Freedom" means "Cheap Oil", and you voluntarily buy into that arguement, you should enlist. See how hollow your praise is.
Or maybe you'd actually *enjoy* driving around a foreign country killing its citizens? (not *insurgents*, citizens. You know, people? humans?)
view and enjoy:
http://www.crooksandliars.com/2005/11/27.html#a60
...it's a Microsoft operating system. It doesn't matter.
Oh, hang on, I'm drunk and you didn't mention Microsoft.
In that case, plug it in, dude. It's an operating system. It doesn't matter.
HTH
To completely avoid the point of the war.
But hey, it's ok, we know you types are anti-American cowards, perfectly willing to sell your nation up the river for a temporary political gain.
I hope you enjoy the cancer, you piece of subhuman excrement.
windows is horribly insecure, but aslong as you have av, as and sp2 on you should be alright. my main recomendation would be to use linux, some people have unupdated, clean, and unhacked boxes that have been running for the past 5 years, its a very secure os. perhaps get firefox to replace ie aswell, 1.5 just came out and its much better than ie, quick updates and tabbed browsing; and unlike ie its not integrated directly into windows.
according to SANS.
since i got a hardware router some years ago, i never installed any windows updates again that i didn't really need to run a new application or hardware.
this router was and still is all that protects me from the internet.
risky? well my computer probably is an easy target but my network isn't. and since it's not a laptop i don't care.
in the last five years i had no single virus/worm/whatever on my pc...
Do NOT play any Sony CDs until you get an update!! :-P
Some laptops are easy to disassemble, some are hard. Call your laptop manufacturers tech support and ask them to walk you thru the procedure. I suggest you visit your local Fry's first and get a 7 piece set of jewelers/eyeglass/laptop repair screwdrivers with chip puller. (the chip puller is useful for removing those ingenious cable connecters which don't have pull straps -- specifically power connectors to the CPU fan.)
Every mans' island needs an ocean; choose your ocean carefully.
You right-wing anti-science GOP extremists are the anti-american cowards.
Normal people all oppose Bush's war.
Everyone here is freaking out. Reinstall is the same as not having updated in 9 months. Everyone who said make sure you do it behind a hardware firewall ain't kidding. Other than that, no need to re-install unless you think there's something on it (which isn't likely, seeing as you haven't connected it in 9 months!)
Steve
The real question is, how many war crimes have you comitted today? I hope you die at the side of the road with your legs blown off, shithead.
Turn on your windows firewall before connecting the network cable. For pre-SP1, right click your network connection, goto properties. Click advanced, and check the box. Alternatively, with SP2, there is a WINDOWS FIREWALL in the control panel. Once patched, using Firefox (or any non-ActiveX laden browser) will alliviate most major concerns about sites being able to rape your machine(or execute arbitrary code!)
Don't let THEM immanentize the Eschaton!
Buy a broadband router.
Since it naturally acts as a NAT gateway it will prevent 98% of exploits that can be initiated remotely.
hook up the computer and go through the update process for windows, and your antivirus software. (I would do windows updates first as it is entirely possible the anti-virus updates may require some of the patches too. especially if they are a few months old.)
Then after you've installed all your updates and you can safely leave the computer up and browse the Internet head on over to Red Hat, or some other Linux.... kidding... somewhat.
Buy a mac. Easier, and they have very nice laptops.
I am actually updating an old computer that hasn't been online for about 10 months when it has been in storage as we speak. It is a old PII 400 laptop running Windows 2000 SP4. (had to try 10 different passwords before I can log on..) Since this is pretty much a work computer for web and general Office stuff it has not been to any "funny" sites or anything. I am behind a Netgear router/"firewall" First thing I did was Windows UPdate. Gave me about 21 updates (about 25 mbs worth) and after reboot. I reinstalled Firefox (it was running 1.0), and I am pretty much good to go. The computer is too slow to be bothered with anti-virus programs and really, if you don't do anything stupid online. ("Lindsay Lohan nip slip CLICK HERE!!!") you are fine.
I built my brother a computer about a year ago and he was deployed to Iraq 4 months ago. When one of my systems died 2 nights ago, I set up his as a replacement. The first thing I did was get the Windows updates for the last 4 months (he religiously updated his system). Before the updates finished downloading, an internet worm had already infected the system. If it's a Windows computer, you might want to download the updates separately and put them on a CD.
~Ben
If you haven't been on the internet in a long time it is something you should be aware of. I thought I was a sophisticated XP user. I have ZoneAlarm, never click on anything in emails, and only install software from reputable companies. But I recently found a keylogger on my system. I forget what it was called, but it captures AOL logins. Fortunately, long ago I stopped using Windows for any online-banking, ecommerce, or anything else that has a password. For those I use FreeBSD with a good ipfilter ruleset.
I
I call it the continued mess that is Slashdot. We've got faggots like you running around when you should be working at the local McDonalds. You're obviously not smart. I am smart and, sadly, I am in the minority on Slashdot. I hope you get diarrhea tonight.
Oh my gosh, you should through it away right now and go buy a Mac or Linux box. Don't even try to fix it because once you fix it, it will break in an hour.
The above is not worth reading.
but he commented, "but as I get closer to coming back to the States and my broadband connection, I'm beginning to wonder what the life expectancy of my PC will be." - hence my comment. ALL of the ideas above and below are useless for somebody confined to govPC protocols and access restrictions...
enjoy life, and Gmail.pro
How can a PC get infected? Is this PC running Micro$oft? Is this PC running OpenBSD? Is it running x86 Solaris? Is it running Linux? Is it running FreeBSD? Is it running NetBSD? Is it running BeOS? Is it running the HURD? Just what "PC" are they talking about.
You have no job in Iraq. You are a fascist and we couldn't care less about your pc...
the firewall shouldn't need updating unless a bug is found and even when they do they are pretty rarely exploited anyway.
the AV is just a second line of defense if your firewall crashes or you do something stupid or you download code from dubious sources its a non-issue if you are just connecting.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Doesn't the Win XP firewall by default allow several things such as UPNP, etc....
No. The WinXP SP1 firewall by default blocks UPNP, windows file and printer sharing, and most windows components you woulnd't want recieving connections from the internet. None of the major self-propigating exploits would have been possible if the WinXP firewall was on by default, even in SP1 form.
The SP2 firewall block all incomming services by default, prompting the user to allow them or not. The SP2 firewall does not block outgoing connections as most standalone firewalls do, but we aren't concerned about outgoing connections. We're concerned something might connect to use to infect us, hack us, etc before we can get the windows updates.
Iraq should last another couple of years, I'd guess.
If aspiration is a virtue, achievement cannot be a vice.
Why waste all that brainpower typing in the same command twice. Or pressing the up arrow key? emerge -uvDa world Plus it saves you all that time that it would take to recalculate dependencies!
Or you can get your laptop baselined, then you can hook it to the nipr. . .
You can download SP2 from Microsoft and burn it to a disc for easy install without connecting to the net. http://www.microsoft.com/downloads/details.aspx?Fa milyID=049c9dbe-3b8e-4f30-8245-9e368d3cdb5a&displa ylang=en/
god bless you.
Just get back here alive, then update.
yes there is always some fresh Improvised Explosive Data lurking on random pages and attachments every week but as careful as you seem to be about stuff like that, you'd notice if you got infected....you DO have your firewall set to squawk if unexpected outbound traffic crops up, right?
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
Make sure you are behind a firewall. This should be enough until you can get all the updates. BTW,acoording to a couple of network security studies, a fresh copy of windows xp without any updates will be infested with virus/malwares/etc in about 5 minutes in unprotected network.
You're in Iraq and you're worried about your laptop getting infected when you come back? Maybe you should worry about if you will live to be infected first. I'm sorry, but if I were in Iraq getting infected over broadband when I get home would not even be on my top 100 priority list. What the fuck, man?
You apparently know at least more then the average computer user, so you shouldn't worry about it. I never really worry about it. I've plugged unpatched XP boxes to the Internet and done updates and such, downloaded SP2, etc. I've never really had any trouble. That's not to say you won't get something, but all the "Windows machines hacked in 6 minutes" seems overrated to me. I just don't see it happening under normal "non-major outbreak" days.
Obviously, I wouldn't LEAVE it unpatched and unprotected, but for just awhile so you can download updates, software, etc. Never had any trouble. I don't let the paranoia get to me.
- It's not the Macs I hate. It's Digg users. -
You can create programs that don't appear in the system list, without a root kit.
Not that I doubt your virus free.
I only run a virus check weekly, and I have yet to turn up anything.
I wish I could remove this anti-virus software from my system at work, it is a huge pain in the butt. Stupid bloatware.
The Kruger Dunning explains most post on
Format harddrive. Install Xandros.
Matt Vea wrote an interesting article about the security vulnerabilities you have with an OS out of the box. He covers just about all the OS's out there and incrementally patches them. Although the article is over a year old I think you will be suprised with how many holes there are on a system that hasn't been patched in awhile. http://www.omninerd.com/2004/08/30/articles/11
There is a never "too long" of an time to update your system software.
First of all is get an good hardware firewall and most DSL and cable routers have them built-in so prevent the junk from most of world hitting your system. First update your operating system and then your anti-virus program and definitions.
You can stay online for a long time provided that you follow certain basic guidelines
(1) Have a NAT in front of the computer. That is the most important
(2) Do not install unknown programs. For very obvious reasons.
(3) Do not use IE. IE was the biggest headache previously. I always get spyware whenever I run it.
(4) Do not use Outlook. I prefer webbased email anyway since I have like only 7 computers between work and home.
Following all these, my windows xp sp2 machine had not been patch since... sp2? Of course I upgrade my firefox version time and again, but then it not due to those supposed vulnerabilities which I rate as low importance. I even go without enable my AVG virus scanner for long period of time. I only run it once in a while to make sure that my system are indeed virus free.
Download the hotfixes from another computer and burn them to a CD or copy them to a USB drive. See this thread on the Microsoft Software Forum Network for a list of the hotfixes currently out in the wild:
8 6
/q /n and /z switches (except the mailicious software removal tool, which isn't really a "hotfix" per se). So put all the hotfixes in one folder, open a command prompt and then navigate to that folder and then get your i/o redirection groove on:
/b *.exe | ssed -e "s,$, /q /n /z," > InstallHotfixSilent.cmd
http://www.msfn.org/board/index.php?showtopic=318
The page also lists the switches to specify to do a silent install, so once you've downloaded them all you can create a batch file to install them all, put the hotfixes and the batch file in a folder on a CD, insert CD, execute, get a snack, come back, your machine is now secure. huzzah!
Tip: If you have super sed ( http://sed.sf.net/grabbag/ssed/sed-3.59.zip ) Then you can make this batch file pretty easily. All of the hotfixes released after service pack 2 support the
dir
Reinvent the wheel only at either a lower cost, greater effectiveness, or your own personal enrichment and satisfaction.
It sounds like this would be a good time to upgrade to Linux or FreeBSD. That will take care of your security worries. And since you're deployed for operation Iraqi Freedom, it seems especially appropriate to liberate your OS. :)
I have 3 windows machines that havnt been updated in YEARS. And they wont be. They simply dont go on the internet, that simple. Install linux as a seperate partition and use that for online surfing, problem (and future problems) solved. BTW the side effect of this is that you find yourself rarely using windows, and when you do you realize just how god awful it really is.
> In short, they're regular guys with a shitty job that they're not allowed to quit.
Regular guys?
You mean the ones torturing Iraqis in Abu Grhaib?
Or the ones torturing people in the secret prisons in Eastern Europe?
Or the ones bombing the homes of Iraqi civilians?
Or all the others who destroyed an *entire fucking country* that had done nothing to them? The ones who killed a hundred thousand Iraqis?
Those "regular guys?"
Some "regular guys". The rest of the world looks at them with absolute contempt, and we do not give a flying fuck what happens to their computers.
You are the kind of person that defended napalming schoolchildren in Vietnam because they were just "poor fuckers doing their job".
Bullshit. Flat out, undiluted bullshit. There are some things that cannot be justified by "it's just my job".
1) Use a different computer
2) go to http://www.zonelabs.com/
3) resist the many links to ZoneAlarm Pro that you will be offered
4) Get standard ZoneAlarm which is free
5) Burn installer to CD or use USB stick to transfer to laptop
6) Install on laptop
7) Connect to web, and be paranoid about what you allow to connect, Deny most everything, but do not choose "always do this".
8) If something vital fails to work, it needed the Internet. Since you did not check "always do this", you can do the same thing again and be asked again about connecting. Let it through this time.
9) Download your updates with relative security.
Works for me anyway, the one time I skipped ZoneAlarm before connecting, I got a OS dialog informing me my "registry was corrupt" and they could fix it if only I visited their site. This was XP SP1 and about 12 minutes online while I was downloading patches from M$...
PS - Thanks for your service. You fought for me, the least I can do is help you fight spyware and other digital nastiness...
Rule of the open mind
People who are resistant to change cannot resist change for the worst.
You bought your laptop. You updated and installed antivirus software and antivirus update immediately?
And that was good enough?
If immediate updating and accepting exposure simply during the duration of updating then was good enough for you, what's changed? I trust you're going to update your anti virus definitions and windows updates before doing anything else? How is this really all that different to that period?
If anything, you've at least got anti virus software running now, albeit 9 months behind the times, that you likely didn't have when you bought the laptop.
Yes, there's a risk. I'm not going to pretend there isn't. The point is, it's no different a risk to the one you've taken in the past.
If you want, sure, go buy a hardware firewall (honestly, they're so cheap it's hard to justify not doing so). Install Linux instead of Windows. Make sure it's a nice secure flavor. Close off all the ports you don't specifically need. Maybe even build a first Linux box to act as a second firewall between your hardware firewall and your main Linux box. Patch daily, etc.
Alternatively that's all a pain in the ass and simply doing an initial update puts you at no more risk than you've already accepted in the past. The $50 firewall options make sense in terms of cost vs. reward but, beyond that, the main point remains:
An initial update is no worse than (and possibly quite a bit more secure than) the one I'm assuming you did when you first bought the laptop. If it was good enough then, what's changed?
Of course, high IQ, obsessive compulsive, geek types who get warm fuzzy feelings about complex solutions probably won't agree as it's a far less exciting or obsessive method. But it doesn't change that it was good enough for you in the past, does it?
C:\Progra~1\Narrator: In A.D. 2005, teh computar was slowening.
....
Captain: What happen ?
Mechanic: Somebody set up us the rootkit.
Operator: We get signal.
Captain: What !
Operator: Blue screen turn on.
Captain: It's you !!
$sys$CATS: How are you gentlemen !!
$sys$CATS: All your privacy are belong to us.
$sys$CATS: You are on the way to destruction.
Captain: What you say !!
$sys$CATS: You have no chance to survive make your time.
$sys$CATS: Ha Ha Ha Ha
Operator: Captain !!
Captain: Take off every 'CableModem'!!
Captain: You know what you doing.
Captain: Move 'CableModem'.
Captain: For great justice.
A while ago I unburied an old dual Pentium Pro monster; and, for the hell of it I tried to install Windows 2000 Server on it. Got the RAID array rebuilt, the OS installed, and the system hanging out connectected to the 'net between the external bridge and the firewall's WAN port. Done because this beast was not allowed in the house and the easiest way to get ethernet to the garage was unprotected. I proceeded to lose interest in it for a few weeks; and, though I could RDP into it from the outside at will, there was nothing unpleasant on it at all. This is with the OS only, no ISA server, no AV software, nothing but a basic Admin account password. Of course, the system was not being browsed on, used as a mail client, anything; but, I do question the premise that just an IP connection is a sure road to malware hell.
WARNING: Smoking this sig may cause lowered IQ, insanity or short term memory loss. It is also really bad for your monit
As has been said: use a hardware firewall a software firewall and patch your system to the latest programs/OS updates.
;)
Welcome back!
And BTW to add to that, I would recommend loading linux/getting a mac/or loading FreeBSD... it makes all the problems of just going online automagically go away.
If the system has been hardened and unnecessary services and features diabled, it can go months, even years without a patch or update. If the system is configured according to "consumer defaults" a few days may be too long.
As others have indicated, update ASAP when you return. If you need certain specific service packs or anti virus updates, you can also download them onto another machine (perhaps a friend's) which has been updated all along, and run them from CD before connecting to the net.
A properly hardened system is immune to the vast majority of exploits; a system which hasn't been hardened isn't necessarily safe even if updated daily.
All laptops that are used in Iraq don't need any protection. There will always be a wall of fire around you. That is what they called Firewall.
Monkeys everywhere. Vi Monkeys, Shellscript monkeys, Java Monkeys, PERL monkeys
If you are, I was in much th same situation as you were. 12 months over there and getting updates was hard. If you get over there around balad AFB, PM me and I can get you some inside info on where to get updates, if the layout hasn't changed that much since April.
With that said, like everyone else said, get behind a firewall. Let autoupdates run, update AV and spyware defs, and then just to be safe, get off the network and scan away.
If it weren't for that genuine advantage stuff you could probably go to the corporate deployment section of windows updates and get the patches saved to a jump drive. Of course if you're hopping around those segovia sat connections your time will probably run out before you could get one update saved.
One last option, go to the education center and hang out there alot. Eventually the teacher will give you the go-ahead to do some upadtes, if they are pretty cool. Of course if you are really near getting home, don't worry about it, stay safe, and get back over here in one piece!
take care!
-- this space for rent --
The guy is a soldier and he comes back from service. That is what they call the chore of working for US military. They pack them to Iraq or Iran or wherever the Defence industry tells the president to go to. Service Pack ! How many services one can get? According to the caretaker industry, you get only one. One service per person. Laptop should get a servic pack ! Cool !
Monkeys everywhere. Vi Monkeys, Shellscript monkeys, Java Monkeys, PERL monkeys
Oops, this isn't a poll
Anyway, some field user comes in , hooks up his laptop to the LAN and *Poof* Snort find's him in about 10 seconds.
Windows 2000 sp2 - no anti virus - guy's got blaster and then some: a wretched hive of scum and villainy his laptop was.
Four weeks, three days, six hours, twenty-two minutes and fifty-four seconds.
You've been in IRAQ and you're worried about a VIRUS on your box? You have balls of steel my friend...
1. Get behind a firewall/router
2. Configure your IE to use a public Squid proxy to download MS updates (I have my own Squid setup at home - and also a portable vmware Squid server - which also blocks ads and other nasty content.)
--Note: You will want to set this up in advance, since registration can take up to (4) hours; but in my case it was pretty quick.
http://www.ircache.net/FAQ/
( See section 2.2, and especially 2.5 )
http://www.ircache.net/ == Full frames version
--You have to send them your email, then it auto-registers you; it will be necessary to enter a username and password to authenticate yourself to the cache initially before you can browse. BTW, it doesn't handle secure connections; this is mentioned in the FAQ section 3.4. But it should be a good additional buffer against outside attacks.
.
== WolfriderV6 == I'm willing to admit that *I just might* be wrong... Are you??
I have a similar setup, except that I did install all of the IE updates (but I also closed the loopholes like port 195 (or whatever it was (the DCOM external port)), etc., and I don't use IE itself to surf the web (Moz + Junkbuster)).
Also, I have all scripting disabled, including JavaScript/ECMAScript, which appears to be responsible for 99.99999999% of Mozilla bugs.
My machine has never been infected (well, I accidentally installed some spyware in 2001 or 2002, but I was able to remove it without any problems), and I have never had to reinstall MS-Windows 95.
It's entirely possible for you to have an infection-free machine running 20th-century software, as long as you don't do anything stupid, and as long as you have all of the risky bits (e.g., scripting) turned off.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
"I'm beginning to wonder what the life expectancy of my PC will be. "
WTF man? Lets say you get a bunch of viruses. So what? Reformat and start clean. Nothing can "kill" a PC.
What a stupid question.
Pretty much forever? This idiot does realise that "PC" is a term linked to the Intel/AMD/x86/etc hardware platform and not windows, right?
Even mac is going to be on "PC" next year. How about you start buying up some clues and whoring them away so you'll be ready?
The Farewell Tour II
My windows install has never been updated. I'm behind a hardware firewall and a software firewall (kerio it's beautifull) my antivirus is updated regularly and everynow and then i run spybot, Do i have any problems NO you don't need to update windows to be safe just use your computer sensably no shareware, no porn sites and no IE. I learnt this because i can't update from m$ (cracked doze) but now it's worked i'm not going to look back and if worse comes to worse ill just re-install. Just back your work up onto Cd, Dvd, Tape or Usb stick and work in peace.
They fitted George Orwell's coffin with rollers so he could turn over more easily years ago.
or perhaps knoppix on CD or DVD, and you'll have nothing to worry about.
Comment removed based on user account deletion
Dude, you're living in Iraq. If I were you, I'd be slightly more concerned about getting blown up or my head getting sawn off rather than my laptop getting infected with a virus.
The Internet Storm Center has a frequently updated page on it here. Currently they have survival time for an unpatched machine is at:
Category % Adjusted Survival Time
Windows 24.50 133 min
Unix 1.00 3159 min
App 4.50 720 min
P2P 2.50 1295 min
Backdoor 0.00 6307 min
This varies a lot and at some points it has been as low as 15-20 minutes for an unpatched windows machine. Red Hat did a similar study and said they managed to run a lockeddown machine since 2003 without compromise, which is a little dubios. CERT has a list of papers related to survivability here.
My personal favourite paper on the subject is published by Avantgarde security (co-authored by Kevin Mitnick) which tested six different systems:
* Windows Small Business Server 2003
* Windows XP Service Pack 1
* Windows XP Service Pack 1 with ZoneAlarm
* Windows XP Service Pack 2
* Macintosh OS X 10.3.5
* Linspire (Linux)
Here is a snip on which fared poorley:
Then the winnders were:
I really thought this was all paranoia, But people are saying they are logging attempts every minute. well, my machine has not been updated in a long time, and it runs perfectly, and I have a router that is logging everything and I am not getting any attacks, at all. No i don't have any firewall at all. and I really don't like them at all, all that port blocking, such a headache sometimes. I just let all my ports open, yep every one. and for some reason my computer is running better then ever. Can anyone explain this. I must be some kind of fluc, lucky or something right??? Anyway, they way I see it there are a few preventitive things you can do and you really don't need to worry about constantly updating everything.
I used to do a virus scan every morning. I stopped after I decided it was a waste of cycles. I have had one virus since my first computer connected to the internet with a 14.4 modem(and that was my mom's doing). Although I have cleaned a large number of virii from friends computers.
I run spybot and ad-aware every once in a while(like once a month, if that) they usually find one or two very small problems. nothing big, my computer has never been bogged down with spyware, or malware, or anything like that.
Also, I have had some problems with new systems going through all the updates, and then haveing to reinstall the OS because there was a problem with the rediculous amount of updates.
The moral of the story is that updates and firewalls are more hype then substance. At least for the home user.
ps- this does not apply to a business setting.
pps- I know that tomorow My computer will start crashing from a dozen new virii and tons of spyware
ppps- isn't irony great
Er, those who abuse the soldiers for going to Iraq do know that they joined the Armed Forces and not the Invade Iraq Fun Tour?
And that having joined the army before such an action was undertaken their motivations for signing up could conceivably be to defend your country / freedoms etc.
It's not up to the Armed Forces to decide when to go or when not to go, and whilst their certainly has been atrocities (there always are in war on all sides) it is highly unreasonable to tar them all with the same brush.
At the individual level there are severe consequences should a soldier decide to disobey the orders given to him by his commanding officer...
Don't blame the soldiers. Blame those in charge who sent him there; because by desiring the soldier to take action you are encouraging the armed forces to make decisions on policy. Try and vote a military leader out of power...
Comment removed based on user account deletion
1. If you're already running WindowsXP with service pack 2, and you haven't turned off the firewall (it's on by default), then as long as the very first thing you do with your computer when you connect it to the internet is to download your windows updates, you're fine. (You can check which version of windows you have by going to the Start menu, then clicking "Run...", then typing in winver. A dialog should pop up, and the line that starts with "Version 5.1..." should say "Service Pack 2" at the end. If it doesn't, then you don't have service pack 2.) 2. If you have windows xp, but don't have service pack 2, you can download service pack 2 on another computer, burn it to a cd, copy it to your laptop and install it. Then see step #1. :-) (Since it's a pain to track down, I tracked it down - you can download the service pack 2 update as a single file here - http://www.microsoft.com/downloads/details.aspx?Fa milyID=049c9dbe-3b8e-4f30-8245-9e368d3cdb5a&displa ylang=en )
3. If you have a non-XP version of windows, you should be behind some sort of firewall. If you have broadband access at home, and connect through a router, that should be fine. Otherwise, perhaps you could start your computer in "Safe mode with networking" (I believe you hit F8 while your computer is booting up, then it will prompt you to choose how you want to start your computer). This might avoid starting up most of those vulnerable services that get attached, so you might be safe. I haven't tried this though, so I have no idea if this would actually work.
Good luck!
1. If you're already running WindowsXP with service pack 2, and you haven't turned off the firewall (it's on by default), then as long as the very first thing you do with your computer when you connect it to the internet is to download your windows updates, you're fine. (You can check which version of windows you have by going to the Start menu, then clicking "Run...", then typing in winver. A dialog should pop up, and the line that starts with "Version 5.1..." should say "Service Pack 2" at the end. If it doesn't, then you don't have service pack 2.)
2. If you have windows xp, but don't have service pack 2, you can download service pack 2 on another computer, burn it to a cd, copy it to your laptop and install it. Then see step #1. :-) (Since it's a pain to track down, I tracked it down - you can download the service pack 2 update as a single file here - http://www.microsoft.com/downloads/details.aspx?Fa milyID=049c9dbe-3b8e-4f30-8245-9e368d3cdb5a&displa ylang=en )
3. If you have a non-XP version of windows, you should be behind some sort of firewall. If you have broadband access at home, and connect through a router, that should be fine. Otherwise, perhaps you could start your computer in "Safe mode with networking" (I believe you hit F8 while your computer is booting up, then it will prompt you to choose how you want to start your computer). This might avoid starting up most of those vulnerable services that get attached, so you might be safe. I haven't tried this though, so I have no idea if this would actually work.
Good luck!
"7? Yes." should of course read "2? Yes."
Comment removed based on user account deletion
My mom had to order the CD-ROM of Microsoft Windows XP Service Pack 2 because she is on dialup. But since you apparently have some time, even if you have broadband order the CD if you don't have SP2 yet, it is quicker and easier.
Use a soho firewall/router and put your computer behind it.
Even after you've applied all the patchs you think you need, don't use IE for casual browsing that's the way to get full of spyware.
Use Opera (recommended by me) or Firefox (a little slower but more popular) to do your browsing and use IE only if a bank site requires it.
That way you'll be free of virus, troyans and that kind of stuff.
We are Turing O-Machines. The Oracle is out there.
I appreciate all the advice on securing my laptop post deployment (and the wishes of wellness, also). I guess what I was really curious about though was the last bit of my post, regarding the lifecycle of some of these malignant phenomena. Is there a measurable lifespan for a virus, or browser exploit? Or do they never really go away, just lurk in the dark corners of the web like some hidden pocket of smallpox cozened away in the rainforest?
Comment removed based on user account deletion