Slashdot Mirror
How Long is Too Long to Update?
StWaldo asks: "I'm sure everyone knows the story about the life expectancy of an fresh, un-updated PC, once it's connected to the internet. What about a PC which just hasn't been updated in a while? I've been deployed in Iraq for the last 9 months, and haven't been able to hook up my laptop to the internet to get updates (I do HAVE access, just can't hook up a personal laptop, gov't only). Before I deployed, I would update my software (system, anti-virus, firewall, anti-spyware, etc) regularly, but as I get closer to coming back to the States and my broadband connection, I'm beginning to wonder what the life expectancy of my PC will be. What's the lifecycle of a security exploit, hack, virus, etc - between discovery/release, propagation, and extinction (or a state approaching extinction)?"
...with an unprotected connection? Who cares?
1. Put your computer behind literally any personal firewall/router (Linksys, DLink, etc.) that can be had - wireless and wired or both - for under $50.
2. If you have Windows XP Service Pack 2 (SP2), just make sure the firewall for your network connection is still enabled; it is by default on SP2, and Security Center will warn you if it isn't. Unless you explicitly disabled it, it will still be enabled.
If you don't yet have Service Pack 2, simply enable the Windows firewall (Internet Connection Firewall) for any network interface(s) you have. This can be done on the Advanced tab of each connection's Properties.
3. There is no step 3.
There's nothing you have to do other than ensure you have a software firewall enabled, and optionally have your machine behind a nice little personal firewall/router. Then it doesn't matter how long it's been or what exploits are out there[1].
That's it. Even the built-in Windows software firewall on a machine with no patches or service packs installed will protect a Windows XP system. Seem simple? It is. One wonders why it took Microsoft *so long* to make it the default.
[1] Sure, there may be exploits that affect browsers or other aspects of the system that could be exploited by *visiting malicious sites*, but the machine, just sitting there, won't be vulnerable. If all you're going to do is immediately update everything anyway, you have nothing to worry about.
Turn on your windows firewall. Then start windows *BEFORE* connecting to the internet. Once you're finished starting windows, connect and download your patches, etc.
;-)
Repeat as necessary.
P.S. don't forget to download Firefox for a safer browsing
Don't do it. For the love of bob, don't do it. Make sure your computer is behind a firewall and only then should you connect. The first thing you should do is get all the latest security updates for Windows. NOTHING ELSE. NO WEB BROWSING at this point.
Once that install/reboot cycle is complete, grab the latest updates for your antivirus and antispyware system. For extra security, make sure you perform a complete scan for viruses and spyware after all the updates are complete.
Once that install/reboot cycle is complete, update the rest of your applications.
Under no circumstances should you attempt this without being behind a secure firewall. Even if you are, you still have to be very very careful (hence, no web browsing until your computer is up to date on Windows and antivirus updates).
Oceania has always been at war with Eastasia.
I think the doom and gloom may be overstating the dangers here.
My wife hadn't touched her laptop computer in 6 months. She fired it up, it was updated in 5 minutes and she was fine.
Two things helped:
a hardware firewall
It already had XP SP2
If that's your situation, just fire it up and go.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
AutopatcherXP is released pretty much monthly an is a conglomeration of all security updates, patches, etc.. any time i've had to install/reinstall XP onto someone's machine, i've grabbed the latest autopatcher and slapped it on my thumbdrive, and took it with me. requires no getting online on the new system until you're all done. safer that way, and i've had no issues doing it that way.
For the love of bob
Microsoft Bob?
-everphilski-
Call it "anxiety" or "concern". It's not paranoia if they really are out to get you.
The higher the technology, the sharper that two-edged sword.
You are trying to update an existing system, not build a fresh one. Using a cheap hardware firewall (like a linksys router) will keep most evil at bay while you do the update. Better to download the big security rollups and service packs from a current machine, burn to cd or thumbdrive, and install those on your box before you connect to the net.
8 6 for a nice pointer to all the patches you should snag. Get the major ones and you should be OK to just do an update.
Check out http://www.msfn.org/board/index.php?showtopic=318
+++ UGUCAUCGUAUUUCU
Wouldn't you just do what everyone else does?
su
emerge sync
emerge -pv world
emerge world
??
I do not doubt you. I have only gotten a virus when I mistakenly clicked on a link sent by a co-worker. The minute I did it I realized it was a mistake, but we are all thoughtless sometime. What I want to know is this: Without a virus scanner, how do you know they are not infected?
Insert Generic Sig Here:
Very poor advice. It should be 1) disconnect from the network 2) turn on the computer 3) enable the firewall 4) hook up to the internet 5) download all updates.
Its not like someone is waiting for you to get home and get ya as soon as you connect.
Uh, yes they are. What do you think all those people scanning ports are doing? All the viris that spread automatically are looking for unprotected systems all the time which is exactly what this fellow would have using your directions.
My wireless router logged connection attempts at a rate of around one every 10 seconds when I was on a DSL line. I'm on cable now, and get fewer attempts - just every couple of minutes.
Not all of those attempts are trying to break in to Windows vulnerabilities, a lot were looking for other kinds of holes, or were looking for already-infected machines. But the attempt I see logged from one minute ago was attempting to get into the Windows RPC service, which an unpatched machine might have left open.
So I don't really think it's paranoia, and I do like being the only machine behind my router.
I'm about as left-wing, liberal and Democrat as it is possible to be. Read my posting history, it shows.
I just have to say this: You're a dick. Straight up. You think this soldier ordered the war? You think he made the policy decisions that led to Iraq's destruction? No. He's just some guy making about $10 an hour, trying not to get killed, all for the dubious reward of trying to save ungrateful shitheads like yourself. So go fuck yourself with the largest pointy object that you can find.
Bash Bush and the decision makers all you like...I'll be right in there with you. Bash a soldier and I'll tell you what a worthless piece of crap you are. Bash one in range of my hearing and you won't do it again.
You'll notice I sign my name. "Anonymous Coward" fits you like a glove.
Boycott everything - they're all trying to fuck you one way or another