Slashdot Mirror
How Long is Too Long to Update?
StWaldo asks: "I'm sure everyone knows the story about the life expectancy of an fresh, un-updated PC, once it's connected to the internet. What about a PC which just hasn't been updated in a while? I've been deployed in Iraq for the last 9 months, and haven't been able to hook up my laptop to the internet to get updates (I do HAVE access, just can't hook up a personal laptop, gov't only). Before I deployed, I would update my software (system, anti-virus, firewall, anti-spyware, etc) regularly, but as I get closer to coming back to the States and my broadband connection, I'm beginning to wonder what the life expectancy of my PC will be. What's the lifecycle of a security exploit, hack, virus, etc - between discovery/release, propagation, and extinction (or a state approaching extinction)?"
...with an unprotected connection? Who cares?
1. Put your computer behind literally any personal firewall/router (Linksys, DLink, etc.) that can be had - wireless and wired or both - for under $50.
2. If you have Windows XP Service Pack 2 (SP2), just make sure the firewall for your network connection is still enabled; it is by default on SP2, and Security Center will warn you if it isn't. Unless you explicitly disabled it, it will still be enabled.
If you don't yet have Service Pack 2, simply enable the Windows firewall (Internet Connection Firewall) for any network interface(s) you have. This can be done on the Advanced tab of each connection's Properties.
3. There is no step 3.
There's nothing you have to do other than ensure you have a software firewall enabled, and optionally have your machine behind a nice little personal firewall/router. Then it doesn't matter how long it's been or what exploits are out there[1].
That's it. Even the built-in Windows software firewall on a machine with no patches or service packs installed will protect a Windows XP system. Seem simple? It is. One wonders why it took Microsoft *so long* to make it the default.
[1] Sure, there may be exploits that affect browsers or other aspects of the system that could be exploited by *visiting malicious sites*, but the machine, just sitting there, won't be vulnerable. If all you're going to do is immediately update everything anyway, you have nothing to worry about.
Turn on your windows firewall. Then start windows *BEFORE* connecting to the internet. Once you're finished starting windows, connect and download your patches, etc.
;-)
Repeat as necessary.
P.S. don't forget to download Firefox for a safer browsing
Don't do it. For the love of bob, don't do it. Make sure your computer is behind a firewall and only then should you connect. The first thing you should do is get all the latest security updates for Windows. NOTHING ELSE. NO WEB BROWSING at this point.
Once that install/reboot cycle is complete, grab the latest updates for your antivirus and antispyware system. For extra security, make sure you perform a complete scan for viruses and spyware after all the updates are complete.
Once that install/reboot cycle is complete, update the rest of your applications.
Under no circumstances should you attempt this without being behind a secure firewall. Even if you are, you still have to be very very careful (hence, no web browsing until your computer is up to date on Windows and antivirus updates).
Oceania has always been at war with Eastasia.
I think the doom and gloom may be overstating the dangers here.
My wife hadn't touched her laptop computer in 6 months. She fired it up, it was updated in 5 minutes and she was fine.
Two things helped:
a hardware firewall
It already had XP SP2
If that's your situation, just fire it up and go.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
Obligatory reference to Average PC survival time
http://www.transparency.org
1) Get all the updates from a friend and burn them to a CD. Install updates before connecting to the internet.
2) Connect to the internet behind a hardware firewall/NAT device. Then update everything.
I would recommend doing both.
Your life expectancy, depending on what sites you go to, is about 4 minutes before you have 60 pieces of spyware, which then turn into 200 in about a half-hour. At least, that's my test on my Dual Xeon, with Windows XP SP2.
Where all think alike, no one thinks very much.
AutopatcherXP is released pretty much monthly an is a conglomeration of all security updates, patches, etc.. any time i've had to install/reinstall XP onto someone's machine, i've grabbed the latest autopatcher and slapped it on my thumbdrive, and took it with me. requires no getting online on the new system until you're all done. safer that way, and i've had no issues doing it that way.
For the love of bob
Microsoft Bob?
-everphilski-
Call it "anxiety" or "concern". It's not paranoia if they really are out to get you.
The higher the technology, the sharper that two-edged sword.
You are trying to update an existing system, not build a fresh one. Using a cheap hardware firewall (like a linksys router) will keep most evil at bay while you do the update. Better to download the big security rollups and service packs from a current machine, burn to cd or thumbdrive, and install those on your box before you connect to the net.
8 6 for a nice pointer to all the patches you should snag. Get the major ones and you should be OK to just do an update.
Check out http://www.msfn.org/board/index.php?showtopic=318
+++ UGUCAUCGUAUUUCU
Wouldn't you just do what everyone else does?
su
emerge sync
emerge -pv world
emerge world
??
I do not doubt you. I have only gotten a virus when I mistakenly clicked on a link sent by a co-worker. The minute I did it I realized it was a mistake, but we are all thoughtless sometime. What I want to know is this: Without a virus scanner, how do you know they are not infected?
Insert Generic Sig Here:
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Original Install Date: 9/27/2004, 12:49:15 PM
System Up Time: 184 Days, 4 Hours, 3 Minutes, 16 Seconds
The only time i had to bring it down was to replace hardware (i am behind a corporate firewall, the XP firewall is active) and i don't care about patches. No, i am not trolling - windows machines enjoy decent uptimes too. Let me know if anyone wants too look at a screenshot.
I have a CD handy with XP service pack 2, as well as antivirus, antispyware, firewall, FireFox, etc. That way, I can get a computer up to speed before even reconnecting it to the internet. After the basics are covered, it's much safer to connect and do the fine-tuning. The same would apply to other versions of windows.
If you can't burn a CD from another computer, and you're pre-XP SP2, you might be better off operating behind a hardware firewall until the updates are completed.
Also remember that if you have a minor bug before completing updates, you can usually clean the system after you're up to speed (antivirus, antispyware, etc). The main issue with the auto-infect feature of new systems is that most users won't take the time to clean the system or even investigate if it's infected.
Quick checklist:
* Does it have SP2? - If no, get it and forget it.
* Is there constant hard disk activity? - If yes, reinstall.
* Do you visit online gambling/porn sites? - If yes, reinstall periodically (evidence? what evidence?)
* Does it take longer for you to be able to do something productive with the 'Start' button than it did to boot? - If yes, reinstall.
After reinstalling, install AVG antivirus, Google up some Windows hardening/protection techniques (msconfig, services to disable, etc) **INSTALL NO SHAREWARE OR THIRD PARTY "WINDOWS FIXING" UTILITIES**, enable Windows firewall, and set Windows Update to perform weekly updates with no intervention.
If things get weird after that, you have nobody but yourself to blame. After having resurrected Windows installations dating back to 95/3.11, I can say that the only sure-fire fix is a fdisk/reinstall.
It's Windows - it *will* break in an inaccesssible or unrecoverable fashion.
Make your time, and don't get taken in by supposedly friendly utilities, banners, offers, websites, emails, etc. This advice is applicable everywhere - life included.
Very poor advice. It should be 1) disconnect from the network 2) turn on the computer 3) enable the firewall 4) hook up to the internet 5) download all updates.
Its not like someone is waiting for you to get home and get ya as soon as you connect.
Uh, yes they are. What do you think all those people scanning ports are doing? All the viris that spread automatically are looking for unprotected systems all the time which is exactly what this fellow would have using your directions.
My wireless router logged connection attempts at a rate of around one every 10 seconds when I was on a DSL line. I'm on cable now, and get fewer attempts - just every couple of minutes.
Not all of those attempts are trying to break in to Windows vulnerabilities, a lot were looking for other kinds of holes, or were looking for already-infected machines. But the attempt I see logged from one minute ago was attempting to get into the Windows RPC service, which an unpatched machine might have left open.
So I don't really think it's paranoia, and I do like being the only machine behind my router.
according to SANS.
I'm about as left-wing, liberal and Democrat as it is possible to be. Read my posting history, it shows.
I just have to say this: You're a dick. Straight up. You think this soldier ordered the war? You think he made the policy decisions that led to Iraq's destruction? No. He's just some guy making about $10 an hour, trying not to get killed, all for the dubious reward of trying to save ungrateful shitheads like yourself. So go fuck yourself with the largest pointy object that you can find.
Bash Bush and the decision makers all you like...I'll be right in there with you. Bash a soldier and I'll tell you what a worthless piece of crap you are. Bash one in range of my hearing and you won't do it again.
You'll notice I sign my name. "Anonymous Coward" fits you like a glove.
Boycott everything - they're all trying to fuck you one way or another
I on the other hand have trouble wishing that soldier the 'best'. I DO hope he gets back to his family in one piece though.
See, I'm not American, so theres none of the 'my country right or wrong' thing. Its more like 'right, not wrong' for me.
I admire the courage of the American soldiers going into a difficult place and for the job they do. I also happen to admire the courage of the Iraqi soldiers (the ones under Saddam) going to war against a far stronger enemy in the same thinking of 'my country right or wrong'. Now I cannot wish both of them the best, since wishing one the best is like wishing the other the worst.
I'm not Middle Eastern either BTW, not that it should matter.
So I dont wish you the best, and I dont support the war at all. Even more, I think your leadership is morally in a worse position than the Saddam leadership was during their last years.
However, I know youre there for 'good', have good intentions, and will not profit anywhere near from all this as others will. Youre there offering your life for 'freedom'. I'm not. For that alone you have my respect. And for being a human alone, you have my wish that you'll get home safe and alive.
There have been wars in history where I've wished one side the absolute best, and have demonized the other side so much I didnt care if they lost a generation of men. Perhaps the world is becoming a better place since noone can support one side in a war so absolutely to reduce the other side to cannon fodder.
I wish you good health and spirit, wish your family happiness, and wisdom in your voting.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
My brother was a marine, he disagreed with the war, so what did he do? He left.
Modesty is one of life's greatest attributes