Slashdot Mirror
How Long is Too Long to Update?
StWaldo asks: "I'm sure everyone knows the story about the life expectancy of an fresh, un-updated PC, once it's connected to the internet. What about a PC which just hasn't been updated in a while? I've been deployed in Iraq for the last 9 months, and haven't been able to hook up my laptop to the internet to get updates (I do HAVE access, just can't hook up a personal laptop, gov't only). Before I deployed, I would update my software (system, anti-virus, firewall, anti-spyware, etc) regularly, but as I get closer to coming back to the States and my broadband connection, I'm beginning to wonder what the life expectancy of my PC will be. What's the lifecycle of a security exploit, hack, virus, etc - between discovery/release, propagation, and extinction (or a state approaching extinction)?"
...with an unprotected connection? Who cares?
1. Put your computer behind literally any personal firewall/router (Linksys, DLink, etc.) that can be had - wireless and wired or both - for under $50.
2. If you have Windows XP Service Pack 2 (SP2), just make sure the firewall for your network connection is still enabled; it is by default on SP2, and Security Center will warn you if it isn't. Unless you explicitly disabled it, it will still be enabled.
If you don't yet have Service Pack 2, simply enable the Windows firewall (Internet Connection Firewall) for any network interface(s) you have. This can be done on the Advanced tab of each connection's Properties.
3. There is no step 3.
There's nothing you have to do other than ensure you have a software firewall enabled, and optionally have your machine behind a nice little personal firewall/router. Then it doesn't matter how long it's been or what exploits are out there[1].
That's it. Even the built-in Windows software firewall on a machine with no patches or service packs installed will protect a Windows XP system. Seem simple? It is. One wonders why it took Microsoft *so long* to make it the default.
[1] Sure, there may be exploits that affect browsers or other aspects of the system that could be exploited by *visiting malicious sites*, but the machine, just sitting there, won't be vulnerable. If all you're going to do is immediately update everything anyway, you have nothing to worry about.
don't start any applications
make sure your firewall is running
do your updates
bingo
Make sure you are behind a nat router or decent firewall and do not have any redirected ports (or DMZ) to the private ip address you machine should be using... and you will be pretty safe... not entirely, but your chances of getting infected are relatively low provided you do not stray too far from the path while updating.
Help Brendan pay off his student loans
Turn on your windows firewall. Then start windows *BEFORE* connecting to the internet. Once you're finished starting windows, connect and download your patches, etc.
;-)
Repeat as necessary.
P.S. don't forget to download Firefox for a safer browsing
Don't do it. For the love of bob, don't do it. Make sure your computer is behind a firewall and only then should you connect. The first thing you should do is get all the latest security updates for Windows. NOTHING ELSE. NO WEB BROWSING at this point.
Once that install/reboot cycle is complete, grab the latest updates for your antivirus and antispyware system. For extra security, make sure you perform a complete scan for viruses and spyware after all the updates are complete.
Once that install/reboot cycle is complete, update the rest of your applications.
Under no circumstances should you attempt this without being behind a secure firewall. Even if you are, you still have to be very very careful (hence, no web browsing until your computer is up to date on Windows and antivirus updates).
Oceania has always been at war with Eastasia.
Spend $50 to buy a hardware firewall and the life expectancy of your laptop will skyrocket :-)
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
I think the doom and gloom may be overstating the dangers here.
My wife hadn't touched her laptop computer in 6 months. She fired it up, it was updated in 5 minutes and she was fine.
Two things helped:
a hardware firewall
It already had XP SP2
If that's your situation, just fire it up and go.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
...if your update comes out before the next version of the Slashcode.
Obligatory reference to Average PC survival time
http://www.transparency.org
1) Get all the updates from a friend and burn them to a CD. Install updates before connecting to the internet.
2) Connect to the internet behind a hardware firewall/NAT device. Then update everything.
I would recommend doing both.
The machine will have a lot shorter lifetime than an American soldier in Iraq...
We look forward to having you back, by the way! While there are those here on /. who opposed the war, politically, I think we all wished you (and all the other soldiers there) nothing but the best. Our thanks for a difficult job.
What kernel version are you running? Even on an old OS, if you do not expose any unnecessary functions to the Internet (such as BIND DNS), you should be relatively safe.
I have an old Redhat 8 system running on a AMD K63-500. It hasn't been rebooted in 4 years (yes, the kernel is horribly out of date... but there are few outside services, and no untrusted users). I'm afraid to upgrade such an old beast... I can't imagine Fedora Redhat and the QA folks spending much time on these ancient chipsets.
You aren't running Windows, are you?
Your life expectancy, depending on what sites you go to, is about 4 minutes before you have 60 pieces of spyware, which then turn into 200 in about a half-hour. At least, that's my test on my Dual Xeon, with Windows XP SP2.
Where all think alike, no one thinks very much.
Behind a firewall: Until you do something stupid.
On the net raw running windows: 30m.
On the net raw running linux: depends on the daemons.
Shadus
AutopatcherXP is released pretty much monthly an is a conglomeration of all security updates, patches, etc.. any time i've had to install/reinstall XP onto someone's machine, i've grabbed the latest autopatcher and slapped it on my thumbdrive, and took it with me. requires no getting online on the new system until you're all done. safer that way, and i've had no issues doing it that way.
For the love of bob
Microsoft Bob?
-everphilski-
Call it "anxiety" or "concern". It's not paranoia if they really are out to get you.
The higher the technology, the sharper that two-edged sword.
You are trying to update an existing system, not build a fresh one. Using a cheap hardware firewall (like a linksys router) will keep most evil at bay while you do the update. Better to download the big security rollups and service packs from a current machine, burn to cd or thumbdrive, and install those on your box before you connect to the net.
8 6 for a nice pointer to all the patches you should snag. Get the major ones and you should be OK to just do an update.
Check out http://www.msfn.org/board/index.php?showtopic=318
+++ UGUCAUCGUAUUUCU
Wouldn't you just do what everyone else does?
su
emerge sync
emerge -pv world
emerge world
??
I do not doubt you. I have only gotten a virus when I mistakenly clicked on a link sent by a co-worker. The minute I did it I realized it was a mistake, but we are all thoughtless sometime. What I want to know is this: Without a virus scanner, how do you know they are not infected?
Insert Generic Sig Here:
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Original Install Date: 9/27/2004, 12:49:15 PM
System Up Time: 184 Days, 4 Hours, 3 Minutes, 16 Seconds
The only time i had to bring it down was to replace hardware (i am behind a corporate firewall, the XP firewall is active) and i don't care about patches. No, i am not trolling - windows machines enjoy decent uptimes too. Let me know if anyone wants too look at a screenshot.
This isn't QUITE true; there are one or two older personal NAT routers where the initial factory firmware has had exploits published (especially with certain dumb default settings), and there are a few software packages with versions that both poked holes in the XP firewall and were exploitable. As far as I know, nothing in the wild specifically targets both, so unless you have reason to be worried about highly personalized targetting of your computer, it should be just fine. (If you do have reason, buy a newer router first.)
//Information does not want to be free; it wants to breed.
I have a CD handy with XP service pack 2, as well as antivirus, antispyware, firewall, FireFox, etc. That way, I can get a computer up to speed before even reconnecting it to the internet. After the basics are covered, it's much safer to connect and do the fine-tuning. The same would apply to other versions of windows.
If you can't burn a CD from another computer, and you're pre-XP SP2, you might be better off operating behind a hardware firewall until the updates are completed.
Also remember that if you have a minor bug before completing updates, you can usually clean the system after you're up to speed (antivirus, antispyware, etc). The main issue with the auto-infect feature of new systems is that most users won't take the time to clean the system or even investigate if it's infected.
Quick checklist:
* Does it have SP2? - If no, get it and forget it.
* Is there constant hard disk activity? - If yes, reinstall.
* Do you visit online gambling/porn sites? - If yes, reinstall periodically (evidence? what evidence?)
* Does it take longer for you to be able to do something productive with the 'Start' button than it did to boot? - If yes, reinstall.
After reinstalling, install AVG antivirus, Google up some Windows hardening/protection techniques (msconfig, services to disable, etc) **INSTALL NO SHAREWARE OR THIRD PARTY "WINDOWS FIXING" UTILITIES**, enable Windows firewall, and set Windows Update to perform weekly updates with no intervention.
If things get weird after that, you have nobody but yourself to blame. After having resurrected Windows installations dating back to 95/3.11, I can say that the only sure-fire fix is a fdisk/reinstall.
It's Windows - it *will* break in an inaccesssible or unrecoverable fashion.
Make your time, and don't get taken in by supposedly friendly utilities, banners, offers, websites, emails, etc. This advice is applicable everywhere - life included.
Very poor advice. It should be 1) disconnect from the network 2) turn on the computer 3) enable the firewall 4) hook up to the internet 5) download all updates.
Its not like someone is waiting for you to get home and get ya as soon as you connect.
Uh, yes they are. What do you think all those people scanning ports are doing? All the viris that spread automatically are looking for unprotected systems all the time which is exactly what this fellow would have using your directions.
I'm guessing you have not put an unpatched windows box on the net lately. Last person I talked to who got infected with an unpatched PC only did the windows update and was using a modem (not sure why he thought the download would finish this decade, but that's another issue).
My wireless router logged connection attempts at a rate of around one every 10 seconds when I was on a DSL line. I'm on cable now, and get fewer attempts - just every couple of minutes.
Not all of those attempts are trying to break in to Windows vulnerabilities, a lot were looking for other kinds of holes, or were looking for already-infected machines. But the attempt I see logged from one minute ago was attempting to get into the Windows RPC service, which an unpatched machine might have left open.
So I don't really think it's paranoia, and I do like being the only machine behind my router.
according to SANS.
Don't let THEM immanentize the Eschaton!
Buy a broadband router.
Since it naturally acts as a NAT gateway it will prevent 98% of exploits that can be initiated remotely.
hook up the computer and go through the update process for windows, and your antivirus software. (I would do windows updates first as it is entirely possible the anti-virus updates may require some of the patches too. especially if they are a few months old.)
Then after you've installed all your updates and you can safely leave the computer up and browse the Internet head on over to Red Hat, or some other Linux.... kidding... somewhat.
Buy a mac. Easier, and they have very nice laptops.
Why waste all that brainpower typing in the same command twice. Or pressing the up arrow key? emerge -uvDa world Plus it saves you all that time that it would take to recalculate dependencies!
And wishing that *China* were in charge, as it were, of world affairs isn't reflective of anything but the wholesale ignorance of the person or entity that wishes it.
There's a term used to describe people who believe "if anyone disagrees with me, even the majority of people in the world, then they're automatically wrong." It's 'hubris'. Did you even stop and consider that perhaps they might have valid views backing that up, or did you just instinctively assume "they must all be ignorant"?
decade
An arbitrary time point just to demonstrate the degree of change. The most extreme example's required time period depends on the specific issue - for example, top tax brackets would be compared to the period from World War II to the late 1960s, when they were almost 90% (they fell to under 30% by the end of Reagan's term, rose somewhat under clinton, then fell back down under Bush).
no different than any shifts that have occurred
Exactly. The US *Has* shifted radically over its history, in case you forgot. Remember slavery? Remember when our government's income was due to tarriffs and land sales? Remember when witchcraft was illegal in much of the US? Need I keep going?
not sure what you're getting at
Do you not know what bracketted taxation is? Then what are you doing in this debate? Lets back up to income taxes 101.
For most of the US's history, there were no income taxes. However, a growing movement in the late 1800s as backlash against "robber barons" (the same movement that eventually led to antitrust laws), and the decrease in traditional income sources for the US government, led to the first income taxes. Income taxes initially only affected the rich; eventually more and more of the population was included, but the rich kept getting higher percentile rates.
The purpose of income taxes, and specificially *bracketted* income taxes (where people fall into a given tax bracket based on their total income) is as an equalizer without destroying the motive to work - and by all standards, it's been an astounding success. Income taxes for the top bracket peaked during World War II, but only fell slightly after that, to just under 90%. They remained this way until the late 1960s - our nation's greatest boom time. The poor barely payed any income tax. During the 1970s, the top bracket fell, but remained above 70%. Under reagan, it plummetted to under 30%, only to raise under Clinton and fall under Bush II.
The flatter the tax, the less of an equalizer it is. The more bracketted, the more of an equalizer it is. This is known as a "flat tax structure" and a "progressive tax structure" respectively. Bracketted taxes can be better thought of in terms of a tax on luxury. Picture the following scenario: there is no income tax. Instead, all taxes are on purchase. The highest tax rates are on items of luxury, while the lowest rates are on items of necessity. The poor, simply not being able to afford much if any luxury, end up averaging a very low tax rate. The wealthy, simply not able to spend even a sizable fraction of their money on necessity, end up paying a very high tax rate. Now picture this shifted back to the income side: you have the bracketted tax structure.
You really ought to already know all of this if you're going to talk about economics...
How has global warming stance changed?
Clinton: Signed the Kyoto protocol; spoke regularly about the need to stop global warming
Bush: Unsigned the Kyoto protocol. First denied any global warming, then admitted it but downplayed human effect on it.
Summary: Complete Opposites.
Just because a jurist believes...
Hold! We're talking about the poltical stances and political momentum at the highest levels of the country. Clinton fought *for* abortion rights, and worked to stack the supreme court with pro-choice judges. Bush has fought *against* abortion rights, and worked to stack the court with pro-life judge
They are turkeys, and in election after election after election they vote for Thanksgiving.
Wow... you wrote all those words without even attempting to support the idea that "the Iraq war protects the freedoms of Americans." You rambled about US citizens have a lot of freedom. You asserted that military action, in general, was needed to make it this way. You used words like "overall." But the only military action anyone mentioned was the one in Iraq, about which you said absolutely nothing. Thanks for playing the internet: insert coins to continue.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.