Anyone running a Mac is used to major upgrades not working (or rather, not working well) with old software. That's not going to be a problem. Besides, if the release dates of Vista and Vista++ are as far apart as the release dates of XP and Vista, most of those 1st gen Intel Macs probably won't be in use anymore.
We have historical evidence that trojans target the most popular OS. You don't see trojans targeting DOS anymore--but they used to. You don't see trojans targeting Windows 95 anymore--but they used to. We also don't currently see many trojans specifically targeting Vista (to avoid the new security settings). Will we? Time will tell.
To suggest that trojan writers won't target Linux if it becomes popular is to ignore their purpose--to gain control over computers. The business is lucrative--they aren't doing it because they have a hate-on for Windows. Actually, creating these things requires a pretty significant investment in learning about Windows internals.
Nobody knows what will happen when we get the marketshare and anyone who claims to have an idea is talking out their backside. You're right. No one knows. Also, no one knows what will happen if I jump off of a 20 story building. People have survived falls from that height, but it's not that common. We have enough historical evidence to make a pretty good guess that the person will die.
Trojan writers already target Linux. They haven't managed to gain a foothold. You can speculate as to why. The fact is that they don't. Will they if linux gains marketshare? Possibly. But that is a guess, it isn't even an educated guess because it isn't based on previous observation. It's based upon past trends and observations of trojan behavior, and on the competency of mainstream users. It's obviously an educated guess.
I'm going to blow the mod points I've already used on this topic to bring up a point that I think you are overlooking.
Doc Ruby is also right in that there is no evidence to support the small target argument and all observations to date do not support it. Therefore, in the practical sense, the argument is not sound and basing your decisions on unsound arguments will give you an unsound result. I'd argue that there is evidence in the form of trojan horses. A lot of the crap that people give Windows has to do with the old admin-by-default setup. This is definitely a problem, but it's only part of the whole puzzle. The rest of the puzzle is composed of the fact that Windows has a greater percentage of the unclued computer using population (due in no small part to its marketshare) who are likely to run anything they get in e-mail or over the web. Is this necessarily a flaw in Windows? No. Does it make Windows less secure? Not exactly, but it certainly changes the perception of Windows. We still constantly deal with 'infected Windows machines'--we just ignore the source of the infection, which nowadays tends to be a trojan.
If Linux becomes mainstream, trojan writers will start targetting Linux.
"But on Linux, the user isn't the admin!" you might say. And you're right. Mostly. But that doesn't mean you're safe. First of all, the trojan can still wreak havoc. It can spam, sniff (some) keystrokes, and hide itself to a small degree. And a clueless user isn't going to be any better at finding out how to get rid of the trojan than a clueless Windows user. Second, the user is going to type in their password eventually, granting sudo access for a period of time, during which the trojan can begin doing nasty things to the system. Hell, the trojan might try to do the nasty things anyway--prompting a password dialog box which the user will probably instantly fill in. Remember, when we're talking about Linux going mainstream, we're talking about the very same users who use Windows and click on 'ok' just to get past the dialog box.
So while it may not be that Linux will be found to be less secure from a code standpoint, that's not what matters for the purposes of perception (which is mostly what people talk about when they discuss intra-OS security). "Linux doesn't have viruses!" won't be true anymore if Linux goes mainstream. The same applies to OS X.
You laugh, but when you get right down to it, FreeBSD is a lot cleaner and more stable than Linux. You don't get huge ABI changes except in major version upgrades, for one thing. The code also seems easier to read (at least to me), and the predominant firewall has a simpler syntax and a standard place place to put the rules.
I'm also a big fan of the system initialization script syntax, and of the base layout (directory structure), which is clean, simple, and standard.
The only reason I don't use FreeBSD on the desktop is support (same reason I didn't use Linux on the desktop 10 years ago). Most of the time, stuff works just fine, but every once in awhile you'll find some piece of FOSS that didn't take FreeBSD into account and doesn't compile. And it's not commonly supported by binary-only software which requires hooks into the kernel (VMWare, for instance).
You're not going to get arguments from me. Of course, when the "good guys" do it, they call it liberation. But these are the same people trying to label non-terroristic activities as terrorism, so I don't put a lot of stock in their words.
Your school had an actual fallout shelter? My guess is that the administration told you that so that you wouldn't freak out. It's the "duck and cover" approach that someone else mentioned. It doesn't really do any good, but it gives the kids a feeling that they're safe and somehow in control when something like this comes along.
I don't know if it's really a good thing, but what I do know is that a drill like this isn't the same. This drill was over-the-top. They faked a gunman (imagine if they'd faked explosions in your school prior to getting you into the basement) for crying out loud. I'm very much in favor of giving kids the tools and knowledge they need to survive, but I don't think this did it.
Hi.
But now we have an ACTUAL case of terrorism. Let's not play our government's game of claiming things are terrorism when really, they're not. Terrorism refers to attempts to use violence and threats to coerce and incite change in those who have power. Terrorism does NOT refer to scaring people (I am not a terrorist if I jump out of the bushes and shout "boo!") Terrorism also isn't simply scaring people on a larger scale (I am not a terrorist if I jump out of the bushes and shout "BOOOOOOOOOOOOOOOOOOO!"). Some people in power would have you believe that any form of inducing fear is terrorism, however these are the people who are trying to get a stranglehold on your civil rights by making you afraid of your own shadow. Please don't follow in their footsteps by labelling this insane lack of judgement and high liklihood of emotional scarring 'terrorism'.
Zak McKracken was absolutely fantastic. I particularly love self-referential humor, so I really loved finding the gasoline on Mars. Fun game, even if I had to call the hotline to figure out one piece of it (grr).
Except that the court will just find that this isn't circumvention of an effective copy control system. It's a bullshit lawsuit, but not because it's a bullshit law.
No doubt! I completely agree that it shouldn't be this hard, and that you shouldn't risk screwing up your computer just to keep the ports closed. I'm not sure what Microsoft was (collectively) thinking in doing things this way. Probably that the firewall is good enough, and less likely to break applications which might depend upon these services.
The page I linked to in my other reply has some information on lsass, too. I didn't play around with that, as 1025 wasn't showing up in my port scan.
Glad you liked those pages--they were very useful some time ago, and I was glad to find the updated version (dated 25/03/2005, as opposed to sometime in 2002).
I installed Windows XP 64-bit edition through VMWare and saw similar results. I did manage to disable port 445 by disabling several services (setting them to Disable) and rebooting. I think all you need is Server and Workstation disabled (or at least not running) plus all dependencies, but I also had Remote Registry disabled. I'm pretty sure this is an RPC service, though, so it should be irrelevant.
It has information on disabling rpc from listening on the public interface, though my cursory glance at the page didn't uncover a way to disable it completely. Run "netsh -c rpc" from the command prompt, then type "add 127.0.0.0" (not 127.0.0.1). When I did this and rebooted, port 135 was no longer showing up on my port scan.
That's not to say that you should have to muck around with arcane commands just to keep your computer from accepting connections from everyone and his brother, but this shows that it certainly does seem possible.
Niche-oriented? Wireless (the state of wireless drivers on Linux was the last big XXXX show-stopper that I remember) is hardly a niche. Even now, WPA doesn't work that well. I hear that the latest release of Ubuntu has made it better, but not perfect. Great, one distro in a hundred.
The problem with "Well, it works for me, so as long as I can run it, I don't care." is that eventually, the current maintainers will stop maintaining it. Will anyone pick up the slack? If there's a large enough user-base, you can bet that they will.
Then there's the issue of software. Competition is generally viewed as a good thing, because it tends to lead to overall better products. There's a lot more competition in the Windows world than in the Linux world. Why? Because of the market share. Increasing Linux's market share would increase the number of people who see value in including Linux support with their software. That's a good thing. It means that there will be an improved user experience, higher user base, and higher likelihood that Linux will continue to be available for you to use as your primary OS. It means that hardware manufacturers are more likely to support Linux, meaning your new laptop will work great out of the box. Linux "conquering" the desktop is a good thing for Linux users. Each person may have slightly different needs, but that doesn't mean that Linux's ability to fulfill those needs won't improve if it becomes more mainstream.
So right off the bat, an Internet-only candidate can expect to reach only 70% of the American population. That's pretty bad when the average number of votes independent receives isn't high enough to get a single state's electoral votes. Now it's probably true that one reason for this is that they don't get enough coverage, and that if they used the Internet, they'd get a lot more publicity, however you still have to break down the party mentality. A decade ago, Ross Perot managed to run a very successful campaign using the standard media, but barely managed to make a dent in the actual electoral votes, other than to help Clinton to get elected. Imagine if he was running today, but focused only on the Internet for his campaigning, and thus only had access to 70% of the population. It would never work.
Even if Internet campaigning took off, you'd see something akin to what Linux is dealing with these days--fragmentation. Right now, the country is divided fairly close to 50% Rep vs. Dem. Although neither party perfectly aligns with most of these people, they align well enough. If you added in a few more candidates, what you'd end up with is less than 50% of the population being well represented by the executive branch of government, though whatever percentage it is would align more perfectly with their president. I think it's bad enough that 50% aren't represented--imagine if that grew to 75% or 90%.
Of course, one part of the problem is that people are sheep who can't think for themselves. Their parents supported X party, and their grandparents, and so they grew up supporting that party. Then that party starts telling them how to think, and they accept it, because they associate themselves with that party. This is yet another barrier that independents have to overcome.
It's all screwed up, and I'm not sure that it's not systemic.
The below references Windows XP SP2. It may work for earlier or later versions, but that's all I have to test with.
Disabling port 445 is easy--just disable the Server service. Disabling port 139 (another common one on Windows) is almost as easy--you have to disable NetBIOS over TCP/IP in the WINS tab of the TCP/IP advanced properties.
135 is a serious pain in the ass to disable, but it's still possible. You have to muck around with the registry. First, create the hierarchy here:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Rpc\Linkage\
Value: Bind
Type: REG_MULTISZ
The value of Bind is a list of network interfaces to which RPC should bind. Leaving it blank means that it won't bind to any. You can install the loopback interface and bind to it, if you require RPC for anything. However RPC still binds to all interfaces by default, unless you add another registry key:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RpcSs\
Value: ListenOnInternet
Type: REG_SZ
The value should be N. A value of Y (the default, assumed value) means that it should bind to all interfaces.
I ran through these steps and used nmap to test:
Firewall off: PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds
Server/Computer Browser Service Off: PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn
TCP/IP Advanced properties, WINS tab, "Disable NetBIOS over TCP/IP": PORT STATE SERVICE 135/tcp open msrpc
And after making the registry changes and rebooting, all ports were closed.
Maybe that will help a little. I don't know how significant disabling RPC will be on a Windows box. I could still use the box for everything I do with it, however that's fairly minimal.
not an EVERYBODY PANIC situation. I didn't think that the article was telling everyone to panic:) It's just making the point that some of the security issues we take for granted might not be reasonable with the move to IPV6. They specifically mention the Airport Express fiasco, where IPV6 was not filtered by default, but also consider that without needing NAT, we can use dumb switches to connect multiple devices to the network connection. This exposes them all--and it's partially the point of IPV6. But it could mean that they are more vulnerable, too.
So it's not a panic situation--it's a situation where manufacturers of these devices need to take responsibility for security.
Wrong. Microsoft based operating systems are vulnerable. Those operating systems are the only operating systems in existance that have ports that can not be shut down or limited to loopback addresses only. I'm not sure how true that is. I'm fairly certain that it's possible to run without any services exposed, and without the Windows Firewall--not that the Windows Firewall is an issue, since the entire OS is so tightly integrated, limiting to loopback is virtually handled explicitly by setting up the firewall. It's a different paradigm from Linux.
And even then, it's still quite possible for the TCP/IP stack or network driver to have bugs which could allow system-level access. A firewall (real, dedicated, external firewall, not iptables or Windows Firewall or PF running on the machine itself) will help protect the machines. It's another layer of protection--and that's what security is all about.
Regardless, I am not certain how they equate controlling traffic with using NAT. They are each distinct concepts. A firewall does not necessarily imply NAT and NAT does not necessarily imply a firewall. In the layman's world, they're basically the same thing. It's a hardware device like a Linksys or D-Link. You and I know that they are distinct, but that's not the point.
I really can't speak for Windows, but under Linux, it's never been that clear. I don't recall seeing the "Download Java" button you mentioned. Even going to the site and searching for it, it took me several seconds to locate. It's not obvious, despite probably being the number one reason that people visit the site. The more obvious location to download would be the "Downloads" section, which is prominent (on the menu bar for the page), and there you'll find all the abbreviations that the grandparent mentioned. It didn't detect my OS, but I got a list of choices that worked for me.
Of course, knowing what to look for, I'll now be able to download it for new systems much more easily. In the past, I've waded through unhelpful pages to find an extractor that works and gives me what I want. Thanks for the pointer, but I don't think that it was obvious to me or to the grandparent.
The problem was that NAT makes connections somewhat hard to deal with. IPV6 was designed to solve that problem. The problen now is that we realize that computers are vulnerable and need protection. IPV6 was not designed to solve that problem, and furthermore, it's not a problem which is likely to be overcome using technology or a new protocol.
I don't want it both ways. Two wrongs do not make a right. I generally identify more with "liberal values" than "conservative values". There are a few places where I don't, but that's what makes life interesting. So you're talking to someone who tends to be on the beaten-end of the conservative stick.
Need I remind you of Carl Rove's tactics in the last election of sending fliers saying that Kerry wanted to "ban the bible"? That stunt represented (for better or worse) the conservative movement. No, I think it represented a bad presidential candidate.
You can't tell me with a straight face that those in power in the conservative movement are not the craziest. That doesn't mean that all conservatives are nutjobs. It means that conservatives have gotten better at manipulating people than liberals have.
Hey, I'm with you there. I happen to consider executions to be murder. Biblically, they aren't (but by the same reasoning, abortions aren't, either).
That said, I'm not particularly fond of the way you phrased that sentence. While it's probable that only pro-lifers have ever bombed abortion clinics, it's really only a tiny percentage of pro-lifers who have done this. Saying "I always wondered why pro-lifers never blow up execution tracts." implies that pro-lifers as a group tend to be violent.
I have always thought that it was funny that, in general, liberals don't mind killing you when you're very young (abortion) or very old (euthanasia), and conservatives don't mind killing you when you're an adult, but only if you've done something wrong (nevermind turning the other cheek--which is only an issue because lots of conservatives are Christians.)
Because they're not the kind of people who will tell you how to run your life? Because the media doesn't find moderates very interesting? (I know lots of religious people who think that the extremists are nutjobs, but no one ever asks their opinion or puts them on TV.) Because they're timid, insecure, or afraid of the spotlight?
In the two-party system we have, you basically vote for extremes. You vote for the lesser of two evils. If a conservative candidate aligns with your views more than the liberal candidate does, but that conservative candidate runs orthogonal to one of your views, what do you do? You're stuck. Hopefully, you throw your vote at an independant in order to try to get the US out of this situation, but lots of people simply don't vote or vote for the candidate which matches up most closely, and they suck up the fact that there are serious flaws in his platform.
It's generally their religious beliefs that leads them to the conclusion that abortion is murder. That's kinda interesting. I don't know of any passages in the Bible that clearly state that abortion is murder. There are some passages that can be interpreted that way if you really stretch it. My guess is that it's not religious beliefs telling them that abortion is murder, but religious leaders that they trust (and perhaps that trust is not always well placed).
Abortion isn't the only thing that various religions equate to murder. There isn't any 'equating' about it. Is it human? Did you destroy it? If you hadn't destroyed it, would you have been able to live a healthy life? If the answer to all of these questions is "yes", then it was murder. But at the heart of the abortion issue is whether or not the answer to the question, "Is it human?" is "yes."
Should all of those actions/thoughts be illegal too? You seem pretty focused on the religious aspect. I didn't say that any religious issue should be the determining factor in abortion's legality, simply whether or not the fetus is human. I'm curious, though, as to what other actions/thoughts are considered 'murder', particularly from a legal standpoint rather than a religious standpoint (i.e. the place where Jesus says that fantasizing about committing a sin is as committing a sin doesn't count, because the law doesn't actually recognize Christian sin).
Anyone running a Mac is used to major upgrades not working (or rather, not working well) with old software. That's not going to be a problem. Besides, if the release dates of Vista and Vista++ are as far apart as the release dates of XP and Vista, most of those 1st gen Intel Macs probably won't be in use anymore.
I'm 28 with the same issues, and I feel the same way, so it really pains me to do this--but it had to be said.
Your nick is sadly ironic.
How do you know that you didn't get infected?
To suggest that trojan writers won't target Linux if it becomes popular is to ignore their purpose--to gain control over computers. The business is lucrative--they aren't doing it because they have a hate-on for Windows. Actually, creating these things requires a pretty significant investment in learning about Windows internals. Nobody knows what will happen when we get the marketshare and anyone who claims to have an idea is talking out their backside. You're right. No one knows. Also, no one knows what will happen if I jump off of a 20 story building. People have survived falls from that height, but it's not that common. We have enough historical evidence to make a pretty good guess that the person will die. Trojan writers already target Linux. They haven't managed to gain a foothold. You can speculate as to why. The fact is that they don't. Will they if linux gains marketshare? Possibly. But that is a guess, it isn't even an educated guess because it isn't based on previous observation. It's based upon past trends and observations of trojan behavior, and on the competency of mainstream users. It's obviously an educated guess.
If Linux becomes mainstream, trojan writers will start targetting Linux.
"But on Linux, the user isn't the admin!" you might say. And you're right. Mostly. But that doesn't mean you're safe. First of all, the trojan can still wreak havoc. It can spam, sniff (some) keystrokes, and hide itself to a small degree. And a clueless user isn't going to be any better at finding out how to get rid of the trojan than a clueless Windows user. Second, the user is going to type in their password eventually, granting sudo access for a period of time, during which the trojan can begin doing nasty things to the system. Hell, the trojan might try to do the nasty things anyway--prompting a password dialog box which the user will probably instantly fill in. Remember, when we're talking about Linux going mainstream, we're talking about the very same users who use Windows and click on 'ok' just to get past the dialog box.
So while it may not be that Linux will be found to be less secure from a code standpoint, that's not what matters for the purposes of perception (which is mostly what people talk about when they discuss intra-OS security). "Linux doesn't have viruses!" won't be true anymore if Linux goes mainstream. The same applies to OS X.
You laugh, but when you get right down to it, FreeBSD is a lot cleaner and more stable than Linux. You don't get huge ABI changes except in major version upgrades, for one thing. The code also seems easier to read (at least to me), and the predominant firewall has a simpler syntax and a standard place place to put the rules.
I'm also a big fan of the system initialization script syntax, and of the base layout (directory structure), which is clean, simple, and standard.
The only reason I don't use FreeBSD on the desktop is support (same reason I didn't use Linux on the desktop 10 years ago). Most of the time, stuff works just fine, but every once in awhile you'll find some piece of FOSS that didn't take FreeBSD into account and doesn't compile. And it's not commonly supported by binary-only software which requires hooks into the kernel (VMWare, for instance).
You're not going to get arguments from me. Of course, when the "good guys" do it, they call it liberation. But these are the same people trying to label non-terroristic activities as terrorism, so I don't put a lot of stock in their words.
Your school had an actual fallout shelter? My guess is that the administration told you that so that you wouldn't freak out. It's the "duck and cover" approach that someone else mentioned. It doesn't really do any good, but it gives the kids a feeling that they're safe and somehow in control when something like this comes along.
I don't know if it's really a good thing, but what I do know is that a drill like this isn't the same. This drill was over-the-top. They faked a gunman (imagine if they'd faked explosions in your school prior to getting you into the basement) for crying out loud. I'm very much in favor of giving kids the tools and knowledge they need to survive, but I don't think this did it.
Zak McKracken was absolutely fantastic. I particularly love self-referential humor, so I really loved finding the gasoline on Mars. Fun game, even if I had to call the hotline to figure out one piece of it (grr).
Except that the court will just find that this isn't circumvention of an effective copy control system. It's a bullshit lawsuit, but not because it's a bullshit law.
No doubt! I completely agree that it shouldn't be this hard, and that you shouldn't risk screwing up your computer just to keep the ports closed. I'm not sure what Microsoft was (collectively) thinking in doing things this way. Probably that the firewall is good enough, and less likely to break applications which might depend upon these services.
The page I linked to in my other reply has some information on lsass, too. I didn't play around with that, as 1025 wasn't showing up in my port scan.
Glad you liked those pages--they were very useful some time ago, and I was glad to find the updated version (dated 25/03/2005, as opposed to sometime in 2002).
Hi,
s rv.html.fr
I installed Windows XP 64-bit edition through VMWare and saw similar results. I did manage to disable port 445 by disabling several services (setting them to Disable) and rebooting. I think all you need is Server and Workstation disabled (or at least not running) plus all dependencies, but I also had Remote Registry disabled. I'm pretty sure this is an RPC service, though, so it should be irrelevant.
I had the same results as you did regarding disabling port 135. I did a little more digging and found this page on the same site I referenced before: http://www.hsc.fr/ressources/breves/min_w2k3_net_
It has information on disabling rpc from listening on the public interface, though my cursory glance at the page didn't uncover a way to disable it completely. Run "netsh -c rpc" from the command prompt, then type "add 127.0.0.0" (not 127.0.0.1). When I did this and rebooted, port 135 was no longer showing up on my port scan.
That's not to say that you should have to muck around with arcane commands just to keep your computer from accepting connections from everyone and his brother, but this shows that it certainly does seem possible.
Niche-oriented? Wireless (the state of wireless drivers on Linux was the last big XXXX show-stopper that I remember) is hardly a niche. Even now, WPA doesn't work that well. I hear that the latest release of Ubuntu has made it better, but not perfect. Great, one distro in a hundred.
The problem with "Well, it works for me, so as long as I can run it, I don't care." is that eventually, the current maintainers will stop maintaining it. Will anyone pick up the slack? If there's a large enough user-base, you can bet that they will.
Then there's the issue of software. Competition is generally viewed as a good thing, because it tends to lead to overall better products. There's a lot more competition in the Windows world than in the Linux world. Why? Because of the market share. Increasing Linux's market share would increase the number of people who see value in including Linux support with their software. That's a good thing. It means that there will be an improved user experience, higher user base, and higher likelihood that Linux will continue to be available for you to use as your primary OS. It means that hardware manufacturers are more likely to support Linux, meaning your new laptop will work great out of the box. Linux "conquering" the desktop is a good thing for Linux users. Each person may have slightly different needs, but that doesn't mean that Linux's ability to fulfill those needs won't improve if it becomes more mainstream.
So right off the bat, an Internet-only candidate can expect to reach only 70% of the American population. That's pretty bad when the average number of votes independent receives isn't high enough to get a single state's electoral votes. Now it's probably true that one reason for this is that they don't get enough coverage, and that if they used the Internet, they'd get a lot more publicity, however you still have to break down the party mentality. A decade ago, Ross Perot managed to run a very successful campaign using the standard media, but barely managed to make a dent in the actual electoral votes, other than to help Clinton to get elected. Imagine if he was running today, but focused only on the Internet for his campaigning, and thus only had access to 70% of the population. It would never work.
Even if Internet campaigning took off, you'd see something akin to what Linux is dealing with these days--fragmentation. Right now, the country is divided fairly close to 50% Rep vs. Dem. Although neither party perfectly aligns with most of these people, they align well enough. If you added in a few more candidates, what you'd end up with is less than 50% of the population being well represented by the executive branch of government, though whatever percentage it is would align more perfectly with their president. I think it's bad enough that 50% aren't represented--imagine if that grew to 75% or 90%.
Of course, one part of the problem is that people are sheep who can't think for themselves. Their parents supported X party, and their grandparents, and so they grew up supporting that party. Then that party starts telling them how to think, and they accept it, because they associate themselves with that party. This is yet another barrier that independents have to overcome.
It's all screwed up, and I'm not sure that it's not systemic.
The below references Windows XP SP2. It may work for earlier or later versions, but that's all I have to test with.
c es\Rpc\Linkage\
c es\RpcSs\
i n.en.html
Disabling port 445 is easy--just disable the Server service.
Disabling port 139 (another common one on Windows) is almost as easy--you have to disable NetBIOS over TCP/IP in the WINS tab of the TCP/IP advanced properties.
135 is a serious pain in the ass to disable, but it's still possible. You have to muck around with the registry.
First, create the hierarchy here:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
Value: Bind
Type: REG_MULTISZ
The value of Bind is a list of network interfaces to which RPC should bind. Leaving it blank means that it won't bind to any. You can install the loopback interface and bind to it, if you require RPC for anything. However RPC still binds to all interfaces by default, unless you add another registry key:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
Value: ListenOnInternet
Type: REG_SZ
The value should be N. A value of Y (the default, assumed value) means that it should bind to all interfaces.
I ran through these steps and used nmap to test:
Firewall off:
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
Server/Computer Browser Service Off:
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
TCP/IP Advanced properties, WINS tab, "Disable NetBIOS over TCP/IP":
PORT STATE SERVICE
135/tcp open msrpc
And after making the registry changes and rebooting, all ports were closed.
Maybe that will help a little. I don't know how significant disabling RPC will be on a Windows box. I could still use the box for everything I do with it, however that's fairly minimal.
More information on all of this (basically, where I originally got most of this information), including references for the keys above, are at http://www.hsc.fr/ressources/breves/min_srv_res_w
So it's not a panic situation--it's a situation where manufacturers of these devices need to take responsibility for security.
And even then, it's still quite possible for the TCP/IP stack or network driver to have bugs which could allow system-level access. A firewall (real, dedicated, external firewall, not iptables or Windows Firewall or PF running on the machine itself) will help protect the machines. It's another layer of protection--and that's what security is all about. Regardless, I am not certain how they equate controlling traffic with using NAT. They are each distinct concepts. A firewall does not necessarily imply NAT and NAT does not necessarily imply a firewall. In the layman's world, they're basically the same thing. It's a hardware device like a Linksys or D-Link. You and I know that they are distinct, but that's not the point.
He's probably on the same interweb that I'm on.
I really can't speak for Windows, but under Linux, it's never been that clear. I don't recall seeing the "Download Java" button you mentioned. Even going to the site and searching for it, it took me several seconds to locate. It's not obvious, despite probably being the number one reason that people visit the site. The more obvious location to download would be the "Downloads" section, which is prominent (on the menu bar for the page), and there you'll find all the abbreviations that the grandparent mentioned. It didn't detect my OS, but I got a list of choices that worked for me.
Of course, knowing what to look for, I'll now be able to download it for new systems much more easily. In the past, I've waded through unhelpful pages to find an extractor that works and gives me what I want. Thanks for the pointer, but I don't think that it was obvious to me or to the grandparent.
The problem was that NAT makes connections somewhat hard to deal with. IPV6 was designed to solve that problem. The problen now is that we realize that computers are vulnerable and need protection. IPV6 was not designed to solve that problem, and furthermore, it's not a problem which is likely to be overcome using technology or a new protocol.
Hey, I'm with you there. I happen to consider executions to be murder. Biblically, they aren't (but by the same reasoning, abortions aren't, either).
That said, I'm not particularly fond of the way you phrased that sentence. While it's probable that only pro-lifers have ever bombed abortion clinics, it's really only a tiny percentage of pro-lifers who have done this. Saying "I always wondered why pro-lifers never blow up execution tracts." implies that pro-lifers as a group tend to be violent.
I have always thought that it was funny that, in general, liberals don't mind killing you when you're very young (abortion) or very old (euthanasia), and conservatives don't mind killing you when you're an adult, but only if you've done something wrong (nevermind turning the other cheek--which is only an issue because lots of conservatives are Christians.)
Because they're not the kind of people who will tell you how to run your life? Because the media doesn't find moderates very interesting? (I know lots of religious people who think that the extremists are nutjobs, but no one ever asks their opinion or puts them on TV.) Because they're timid, insecure, or afraid of the spotlight?
In the two-party system we have, you basically vote for extremes. You vote for the lesser of two evils. If a conservative candidate aligns with your views more than the liberal candidate does, but that conservative candidate runs orthogonal to one of your views, what do you do? You're stuck. Hopefully, you throw your vote at an independant in order to try to get the US out of this situation, but lots of people simply don't vote or vote for the candidate which matches up most closely, and they suck up the fact that there are serious flaws in his platform.
I know it was a joke, but no, you shouldn't. The sperm is human by far fewer definitions than the fertilized egg (number of chromosomes, for example)