Tried out the Spyware Terminator 2.2.1.433, not really impressed. It will download and install a windows version of the ClamAV scanner, but oddly enough it refuses to use it unless you also enable HIPS. The HIPS feature claims that it will scan your executables and create a database of what's permitted -- but no such database is in evidence anywhere; I think this may just be a "Potemkin" feature.
(The kicker, of course, is that it tries repeatedly to get you to install Crawler's "Web Security Guard" toolbar, which is literally spyware itself.)
Moon Secure AV works pretty well... it's open source (hosted by sourceforge). Looks interesting. Just tried to install Moon version 2.2.2.162 on Win2k and got a few missing.dll errors on install; I guess I'll try the stable version later.
I'm pretty sure they have licenses that prohibit commercial use and therefore don't belong in this list. (Granted, it is possible to have a complicated home network that would benefit from AV "administered at the network/Domain level", but I don't think that's what grandpa meant.)
AFAIK, the only free AV products whose license permits business use are:
Comodo - Still in beta, lots of false positives. Configuration is all in local text files, so some level of remote management is possible, but they certainly don't provide the tools for it.
PC Tools - Requires interaction from the user to do updates, so not a contender.
ClamAV is free of course, but does not provide a scan-on-access monitor. More suitable for mail servers than workstations.
Winpooch - uses the ClamAV engine for on-access scanning, project seems dead, never tried it.
Spyware Terminator - Also does AV using the ClamAV engine. I'd never heard of this one before today, and unfortunately their site design looks a little on the fly-by-night side. They offer a corporate edition with central administration for the wacky price of $2 per seat per year.
Please add to/subtract from/comment on these if you know something!
I just did this (router/firewall/wireless AP) with an old Toshiba with a busted screen, and it worked great. Here's a not-bad page that describes something similar using Ubuntu, but it takes a little additional digging to get the encryption working.
(Lack of USB2.0 for the shared external hard drive is a pain though; probably getting a new DD-WRT compatible box soon.)
I like the zones; I wish Firefox had them. I love NoScript very much, but I wish I didn't have to authorize, say, slashdot.org, to run java apps. I'd rather configure a middle tier that would allow javascript and nothing else.
Zero is the answer to the question "How long has the vulnerability that this exploit exploits been patched?" I suppose you could call it a -24 since it probably won't be patched until next month's black Tuesday.
standardizing on a few machines and tossing them out when another technology renewal is due is *good*. It makes management easier and allows IT to keep things running smoothly.
Sure, it's an easy fix in the short run. But 100 years down the line when the average surface temperature is 105 degrees Fahrenheit and gasoline costs $70 a gallon, you'll be defending your water tower and solar panel arrays from the hordes, running low on ammunition, stinking like a hog... Then you'll wish you'd done your part to reduce, reuse, and recycle.
(Hopefully your boss can see the logic in this...)
just as there are multiple forms of life on earth, so there could exist intelligent beings in outer space created by God This seems to leave open the possibility of undiscovered intelligent species here on earth, or even known species whose intelligence is undiscovered.
There are far worse crimes than hiring the low bidding, incompetent IT contractor. It's just a marvelous coincidence that because of this "incompetent" IT, evidence of those far-worse crimes was probably just memory-holed. And by "probably", I mean that I doubt they did a good job of it, so it's likely that there are still misfiled backups/traces on client machines/poorly-shredded printouts that could be recovered with enough effort.
If it can bypass the encrypted file systems Probably uses rainbow tables to crack the passwords like ophcrack -- user could then decrypt the EFS content without any backdoor, or just log in as the user and let Windows do the work.
Hell yes... got a 30 megabyte drive that way, which lasted about a month. (But I didn't even need it for that long; I just wanted it make a 30 megabyte text file containing nothing but spaces. This was ARCed twice and ended up at 50k or so, and reserved as a "poison pill" upload for to DOS an unfriendly BBS that had a script in place to convert all ARCs to ZIPs. I was a rascal. I have reformed.)
Very true, as long as you've updated the daylight saving time entries in the registry, have a third-party firewall, don't need Quicktime, and have kindly-written XP drivers for any newer hardware.
The single greatest thing about XP was that Microsoft shipped it with a 9 in this registry key:
You've fallen victim to Microsoft's water-muddying strategy -- They gave their new file spec the ridiculous name of "Office Open XML" (abbreviated OOXML) just so it would be conflated with the OpenOffice.org's software and file formats.
So this is not a case of a third-party compliance test like the Acid tests for web browsers; this is Microsoft failing to conform to their own standard.
If clicking a link poses even the slightest risk, you need to replace your software ASAP.
What would you suggest replacing it with? Arbitrary-execution bugs have cropped up in every major browser (yes, even lynx) from time to time, and often the bad guys know about them first. Ditto with common browser plugins. Hopefully your browser is not running with root privileges, but probably it has full access to your personal files -- and besides, privilege escalation bugs are also constantly being discovered.
Short of using a temporary installation image (or live CD) on a separate network, I can't think of what sort of setup I could, with clear conscience, recommend to someone who wanted the freedom to click on targeted malware links.
Welcome to the grim paranoid realities of net security -- every link, every email, every IM, every packet heading into your network does indeed pose the slightest risk, because it will eventually be processed by one or more pieces of buggy software. There's a lot you can do to manage these risks, but pretending that they only exist in "bad" software is just putting your head in the sand.
Supposed to turn off autorun for all possible drive types, and seems to do the trick. No need to navigate group policy trees in gpedit.msc, which is missing on XP home anyway. Can anyone comment on this more outlandish solution? Is is at all necessary (esp on a fresh install)? Is it kosher?
Slashdot Mirror
Tried out the Spyware Terminator 2.2.1.433, not really impressed. It will download and install a windows version of the ClamAV scanner, but oddly enough it refuses to use it unless you also enable HIPS. The HIPS feature claims that it will scan your executables and create a database of what's permitted -- but no such database is in evidence anywhere; I think this may just be a "Potemkin" feature.
(The kicker, of course, is that it tries repeatedly to get you to install Crawler's "Web Security Guard" toolbar, which is literally spyware itself.)
I'm pretty sure they have licenses that prohibit commercial use and therefore don't belong in this list. (Granted, it is possible to have a complicated home network that would benefit from AV "administered at the network/Domain level", but I don't think that's what grandpa meant.)
- Comodo - Still in beta, lots of false positives. Configuration is all in local text files, so some level of remote management is possible, but they certainly don't provide the tools for it.
- PC Tools - Requires interaction from the user to do updates, so not a contender.
- ClamAV is free of course, but does not provide a scan-on-access monitor. More suitable for mail servers than workstations.
- Winpooch - uses the ClamAV engine for on-access scanning, project seems dead, never tried it.
- Spyware Terminator - Also does AV using the ClamAV engine. I'd never heard of this one before today, and unfortunately their site design looks a little on the fly-by-night side. They offer a corporate edition with central administration for the wacky price of $2 per seat per year.
Please add to/subtract from/comment on these if you know something!
...a thinly veiled blowjob... I applaud this elegant and useful phrase.Because it's easy to misread the headline as an awkward anti-pirate joke?
Q: What do call a Patch of Burning Sea Pirates?
A: A Step in the Right Direction!
Well, a lot of us learn to start counting from zero. I guess this is one for the usenet etymologists
I just did this (router/firewall/wireless AP) with an old Toshiba with a busted screen, and it worked great. Here's a not-bad page that describes something similar using Ubuntu, but it takes a little additional digging to get the encryption working.
(Lack of USB2.0 for the shared external hard drive is a pain though; probably getting a new DD-WRT compatible box soon.)
I like the zones; I wish Firefox had them. I love NoScript very much, but I wish I didn't have to authorize, say, slashdot.org, to run java apps. I'd rather configure a middle tier that would allow javascript and nothing else.
Zero is the answer to the question "How long has the vulnerability that this exploit exploits been patched?" I suppose you could call it a -24 since it probably won't be patched until next month's black Tuesday.
Sure, it's an easy fix in the short run. But 100 years down the line when the average surface temperature is 105 degrees Fahrenheit and gasoline costs $70 a gallon, you'll be defending your water tower and solar panel arrays from the hordes, running low on ammunition, stinking like a hog... Then you'll wish you'd done your part to reduce, reuse, and recycle.
(Hopefully your boss can see the logic in this...)
(So long, and thanks for all the fish!)
Let's take Microsoft's word that it did: Try find "California" < %windir%\system32\ftp.exe
Nothing shady about it either; that's the beauty of BSD code.
Hell yes... got a 30 megabyte drive that way, which lasted about a month. (But I didn't even need it for that long; I just wanted it make a 30 megabyte text file containing nothing but spaces. This was ARCed twice and ended up at 50k or so, and reserved as a "poison pill" upload for to DOS an unfriendly BBS that had a script in place to convert all ARCs to ZIPs. I was a rascal. I have reformed.)
You've fallen victim to Microsoft's water-muddying strategy -- They gave their new file spec the ridiculous name of "Office Open XML" (abbreviated OOXML) just so it would be conflated with the OpenOffice.org's software and file formats.
So this is not a case of a third-party compliance test like the Acid tests for web browsers; this is Microsoft failing to conform to their own standard.
What would you suggest replacing it with? Arbitrary-execution bugs have cropped up in every major browser (yes, even lynx) from time to time, and often the bad guys know about them first. Ditto with common browser plugins. Hopefully your browser is not running with root privileges, but probably it has full access to your personal files -- and besides, privilege escalation bugs are also constantly being discovered.
Short of using a temporary installation image (or live CD) on a separate network, I can't think of what sort of setup I could, with clear conscience, recommend to someone who wanted the freedom to click on targeted malware links.
Welcome to the grim paranoid realities of net security -- every link, every email, every IM, every packet heading into your network does indeed pose the slightest risk, because it will eventually be processed by one or more pieces of buggy software. There's a lot you can do to manage these risks, but pretending that they only exist in "bad" software is just putting your head in the sand.
BTW, the "outlandish solution" I linked to is the same one suggested by Nimey a couple posts above.
Be sure to use this link to have the "Resolution Controller" switched to L to "reduce download time" and give the server a little breathing room.