There is no reason to have spyware infected PCs in a corporate environment.
At home, everyone runs, by default, as administrator. But, at work, there is no reason to do this.
Try this:
1. Format a PC and reinstall with ALL the applications they absolutely need. Make sure you launch all the apps at least once so that they can finish writing everything that needs to be for setup to complete.
2. Create a group for all the users on that PC. If you are using AD or other Domain logins, you can skip this step on the PC. Just add the Group and Users on the Domain.
3. Open up Explorer. Set the permissions on the C:\ drive to 'read only' for the group you'll add the users to. Make sure that all the subdirectories inherit the permission change. Now, go to C:\Documents and Settings\. Set that directory to read/write.
4. Now, if not using a Domain, login as each user at least once. Most places will only have a few users per PC, so it shouldn't be too much trouble. Try launching the apps they use a few times. Some apps try to use c:\windows\temp or c:\temp or c:\program files\someapp\temp for temporary storage. If they need it, add read/write permissions to thoes directories.
5. Sit back and enjoy as spyware happily tries to write to wherever. If it tries anything outside the temp directories or the user's profile, it'll be denied. When users complain about not being able to install crapware, point them to a policy forbidding use of unauthorized software. Ask them to get permission from their supervisor before continuing. If it's something they *need*, you install it for them.
6. You may have to play with it a bit to ensure that users don't have permission to each other's directories.
7. One possible problem: if the spyware takes advantage of an exploit that bumps up the user's privelages, you can't defend agianst it.
8. Some additional steps: change the administrator user name. Change the guest user name. Make sure you set a password for both. Also, make sure guest is disabled.
You have, what, 50 users? Why deal with the licensing headaches from Win* server at all? Linux (running Samba) makes a great Domain Controller. Add another Linux/Samba for SAN/NAS. Throw in one more for a print server. I don't know too much about mail on Linux, but I hear postfix is nice.
In any event, your network is *way* too small to deal with Win* crap. Even if it's *donated* by MS, there's bound to be licensing issues at some point.
Deploy Linux in your server room and then migrate your users at a later date...if at all.
Just establish your buisness in a 3-rd world country and continue to do buisness in the US. Maybe have dealers come to the UK to pick up the merchendice for that year. Then the dealers carry it to the US and re-sell it.
Well, it works for DeBerrs...
Last I heard, there executives are forbiden from entering the USA because their buisness is in violation of a Federal Court order.
I think the point is that when you spend upwards of $15k for an airplane, and extra $4k for insurance is not too high a demand.
Most of these systems are installed on homebuilts and ultralights. While there is a system in place to inspect homebuilts at every step, I wonder how many of thoes are 'buddy-buddy wink nudge' inspections. Do you trust your welds with your life? Are you *absolutely* sure that the epoxy on the main spar was mixed at exactly the right proportions in exactly the right temprature and the exact humidity level called for?
Even if you are sure, throw another $2k to $4k at it just in case...
>>They're expected to sue themselves sometime early next year.;-)
I assume you are trying to be cute in saying that the *AA takes away the artist's rights. Well, when you make a deal with the devil, you are gonna get burned.
If you don't like the contract, guys, don't fucking sign it. Don't pull a "The Artist/Prince" on them AFTER you get your millions. That's right, Courtney Love, I'm fucking talking about you...
I've see quite a few programmable remotes on the market. But they always seem to cost tons of money.
Got a laptop with irda or, even better, a Palm?
Then you already have the most powerful remote in the world.
For the Palm, look at OmniRemote. Does lots of neat stuff including allowing you to program your own UI.
The best part is macroing. One button turns on and opens my DVD drive, turns on my TV, turns on my receiver and turns it to DVD input, sets the volume to low, and turns off my VCR. You can't beat it.
Honestly, if you are on/., you are probably a geek. You have to realise that a $2000 laptop or a $400 Palm can do everything a custom bling remote can do and probably more.
So do I. Maybe only 10 days in jail and a $1000 fine. Then people will either learn that they have to secure their computers or pay someone to do it for them.
If your car is unsafe, you are at fault for the damage it does. If your property is unsafe, you are at fault for the damage it does.
I have a question: Would you reaccomplish the testion using the latest version of AutopatcherXP?
1. Download and burn AutopatcherXP to a disc. 2. Disconnect the network cable. 3. Install WinXP. 4. Install AutopatcherXP. 5. Reconnect the network cable. 6. Run Windows Update.
I've seen my system get hit while trying to run Windows Update on a fresh install, but Autopatcher seems to get rid of most of my problems before connection to any type of network.
Also, are people behind a NAT safe? Does running a LinkSys WAP between the system and the network have any effect on the ability of the attacks to get through?
That's because your Linux and my OSX box make up a very small portion of the market. If Linux had 90% market share, then it would be unstable and spyware infected; same for OSX.
There is no money to be found in writing *nix exploits.
Is there any reason Mozilla Calendar will not work? The calendar files can be located pretty much anywhere. I have one on a small fileserver in my home that my wife and I share.
Although, in an enterprise, concurency issues might crop up.
Having never been served, I can only assume that when faced with a warrant, you have no choice but to submit.
Let's say that cops come to your house with a warrant for your computer. Are they going to wait at the door while your lawyer and their lawyer meet with the judge and discus the warrant? I think not.
More than likely, they'll take what they want while you are rubbing sleep from your eyes. Later, the evidince will be thrown out because of an invalid warrant.
Have the admin look into using 'chroot.' Basicly, he can build a virtual computer inside the actual computer...or something like that. Anyway, I know that my hosting company has 10 people per server and everyone has root in their own virtual computer.
Anyway, the point is if you screw something up, his server remains mostly unaffected.
First, the illegal part. When did it become illegal to run code of my choosing on my machine? It *may* violate the EULA, but thoes are crap anyway. In any event, I purchaced NWN, both expantions, and , most recently, the NWN Platinum Edition. I know BioWare hates piracy. But making me hunt down a CD will not stop the pirates. I paid my money. I own the media. If I choose to run a binary agianst that media, that's my choice.
It's like saying that using DVD-Rs in a DVD player is illegal.
Second, the trust placed in the cracks themselves. Most of these cracks are produced by a *reputable* group. Once you find and trust a group, it's easy to give them *limited* trust. You trust BillG or LinusT. Why? Because millions use it? Because you have no choice?
Fact is, I trust most of these groups. I've done limites testing inside VM Ware and with ZoneAlarm and such. I've never seen anything bad.
You should never play games on a critical system. There should never be a chance that a flipped bit or a stray cosmic ray while playing HL:2 could "nuke" your e-mail.
Install as admin. WinXP even has a nifty feature that will allow a limited user to SUDO the installers.
Keep the system and the games patched. Get your cracks from gamecopyworld or some other reputable source.
Make your folders private. WinXP will protest other users to the best of its ability. Encrypt them if you dare.
Keep your backups up to date.
Never run a game as a trusted user. Create a profile just for gaming. Use the "fast switch user" command (Window Key + L) to logout and login as the gaming user.
Disable the NIC if it is an offline game. Or use a firewall or policy manager to cut off network access. If it is an online game, do some research on what ports it *should* be using and allow only thoes.
Play knowing that you are protected to the best of your ability. Bioware, Bungee, Transgaming, R4W_W4R3Z, etc cannot *nuke* your e-mail.
Finally, check your logs to see what's going on.
Everyone should be doing this for *all* games. Not just cracked ones. It's common sense that you never trust your system to someone you don't know. Don't wait to be fucked over to protect yourself.
Sorry, RedHat. I like listening to MP3s and watching DVDs. I have no time for distros that do not include that functionality. Take your balls out of Corporate America's purse and we'll talk.
So, what you are saying is that permadeath and/or strong death penalties would force devs to actually dev a game? How often do you attack 'grays'? Why should a train of mobs care about 'gray' PCs? They shouldn't.
All the things you listed are probs hat devs should attend to. They piss people off in every game out there. Most devs ignore it and say it's my problem for 'idling' and not being aware of my surroundings.
A few GB? A.torrent is about 20KB~30KB. You could get suprnova's daily archive for about 10MB, tops. Then just grep the list to see what's there.
In all honesty, SuprNova's listings are really nice. I've probably tried more new bands through there than ever before. Just one example: A friend and I went to Florida for a conference. He asked If I wanted to go to a concert. Using SuprNova, I found the band's discography. I really liked the majority of what I heard. Because of that, The band made money off of my ticket purchace.
I still won't buy CDs, but it's nice to support bands when they come around and perform.
Slashdot Mirror
There is no reason to have spyware infected PCs in a corporate environment.
At home, everyone runs, by default, as administrator. But, at work, there is no reason to do this.
Try this:
1. Format a PC and reinstall with ALL the applications they absolutely need. Make sure you launch all the apps at least once so that they can finish writing everything that needs to be for setup to complete.
2. Create a group for all the users on that PC. If you are using AD or other Domain logins, you can skip this step on the PC. Just add the Group and Users on the Domain.
3. Open up Explorer. Set the permissions on the C:\ drive to 'read only' for the group you'll add the users to. Make sure that all the subdirectories inherit the permission change. Now, go to C:\Documents and Settings\. Set that directory to read/write.
4. Now, if not using a Domain, login as each user at least once. Most places will only have a few users per PC, so it shouldn't be too much trouble. Try launching the apps they use a few times. Some apps try to use c:\windows\temp or c:\temp or c:\program files\someapp\temp for temporary storage. If they need it, add read/write permissions to thoes directories.
5. Sit back and enjoy as spyware happily tries to write to wherever. If it tries anything outside the temp directories or the user's profile, it'll be denied. When users complain about not being able to install crapware, point them to a policy forbidding use of unauthorized software. Ask them to get permission from their supervisor before continuing. If it's something they *need*, you install it for them.
6. You may have to play with it a bit to ensure that users don't have permission to each other's directories.
7. One possible problem: if the spyware takes advantage of an exploit that bumps up the user's privelages, you can't defend agianst it.
8. Some additional steps: change the administrator user name. Change the guest user name. Make sure you set a password for both. Also, make sure guest is disabled.
Here is a doc with some more steps you can take:
http://nsa2.www.conxion.com/win2k/index.html
Or search google for 'win2k nsa hardening'.
You have, what, 50 users? Why deal with the licensing headaches from Win* server at all? Linux (running Samba) makes a great Domain Controller. Add another Linux/Samba for SAN/NAS. Throw in one more for a print server. I don't know too much about mail on Linux, but I hear postfix is nice.
In any event, your network is *way* too small to deal with Win* crap. Even if it's *donated* by MS, there's bound to be licensing issues at some point.
Deploy Linux in your server room and then migrate your users at a later date...if at all.
Just establish your buisness in a 3-rd world country and continue to do buisness in the US. Maybe have dealers come to the UK to pick up the merchendice for that year. Then the dealers carry it to the US and re-sell it.
Well, it works for DeBerrs...
Last I heard, there executives are forbiden from entering the USA because their buisness is in violation of a Federal Court order.
I think the point is that when you spend upwards of $15k for an airplane, and extra $4k for insurance is not too high a demand.
Most of these systems are installed on homebuilts and ultralights. While there is a system in place to inspect homebuilts at every step, I wonder how many of thoes are 'buddy-buddy wink nudge' inspections. Do you trust your welds with your life? Are you *absolutely* sure that the epoxy on the main spar was mixed at exactly the right proportions in exactly the right temprature and the exact humidity level called for?
Even if you are sure, throw another $2k to $4k at it just in case...
>>They're expected to sue themselves sometime early next year. ;-)
I assume you are trying to be cute in saying that the *AA takes away the artist's rights. Well, when you make a deal with the devil, you are gonna get burned.
If you don't like the contract, guys, don't fucking sign it. Don't pull a "The Artist/Prince" on them AFTER you get your millions. That's right, Courtney Love, I'm fucking talking about you...
Funny, I show up 20 minutes late and still have time for popcorn and cokes before the flick starts.
I've see quite a few programmable remotes on the market. But they always seem to cost tons of money.
/., you are probably a geek. You have to realise that a $2000 laptop or a $400 Palm can do everything a custom bling remote can do and probably more.
Got a laptop with irda or, even better, a Palm?
Then you already have the most powerful remote in the world.
For the Palm, look at OmniRemote. Does lots of neat stuff including allowing you to program your own UI.
The best part is macroing. One button turns on and opens my DVD drive, turns on my TV, turns on my receiver and turns it to DVD input, sets the volume to low, and turns off my VCR. You can't beat it.
Honestly, if you are on
No problems doing this from within your user account?
Either that or randomly insert padding in the executable.
Personally, I think random hash checks every 5 minutes would go a long way towards catching hackers.
Don't forget the obligatory Slashvertisement.
So do I. Maybe only 10 days in jail and a $1000 fine. Then people will either learn that they have to secure their computers or pay someone to do it for them.
If your car is unsafe, you are at fault for the damage it does. If your property is unsafe, you are at fault for the damage it does.
I have a question: Would you reaccomplish the testion using the latest version of AutopatcherXP?
1. Download and burn AutopatcherXP to a disc.
2. Disconnect the network cable.
3. Install WinXP.
4. Install AutopatcherXP.
5. Reconnect the network cable.
6. Run Windows Update.
I've seen my system get hit while trying to run Windows Update on a fresh install, but Autopatcher seems to get rid of most of my problems before connection to any type of network.
Also, are people behind a NAT safe? Does running a LinkSys WAP between the system and the network have any effect on the ability of the attacks to get through?
That's because your Linux and my OSX box make up a very small portion of the market. If Linux had 90% market share, then it would be unstable and spyware infected; same for OSX.
There is no money to be found in writing *nix exploits.
Not to mention that the USAF tries to train most of its own IT staff. Mixing the environment just pushed the cost of training through the roof.
Is there any reason Mozilla Calendar will not work? The calendar files can be located pretty much anywhere. I have one on a small fileserver in my home that my wife and I share.
Although, in an enterprise, concurency issues might crop up.
Still, it's worth a shot.
Having never been served, I can only assume that when faced with a warrant, you have no choice but to submit.
Let's say that cops come to your house with a warrant for your computer. Are they going to wait at the door while your lawyer and their lawyer meet with the judge and discus the warrant? I think not.
More than likely, they'll take what they want while you are rubbing sleep from your eyes. Later, the evidince will be thrown out because of an invalid warrant.
Have the admin look into using 'chroot.' Basicly, he can build a virtual computer inside the actual computer...or something like that. Anyway, I know that my hosting company has 10 people per server and everyone has root in their own virtual computer.
Anyway, the point is if you screw something up, his server remains mostly unaffected.
Boiled cornmeal.
I'd like to take exception to two of your points:
First, the illegal part. When did it become illegal to run code of my choosing on my machine? It *may* violate the EULA, but thoes are crap anyway. In any event, I purchaced NWN, both expantions, and , most recently, the NWN Platinum Edition. I know BioWare hates piracy. But making me hunt down a CD will not stop the pirates. I paid my money. I own the media. If I choose to run a binary agianst that media, that's my choice.
It's like saying that using DVD-Rs in a DVD player is illegal.
Second, the trust placed in the cracks themselves. Most of these cracks are produced by a *reputable* group. Once you find and trust a group, it's easy to give them *limited* trust. You trust BillG or LinusT. Why? Because millions use it? Because you have no choice?
Fact is, I trust most of these groups. I've done limites testing inside VM Ware and with ZoneAlarm and such. I've never seen anything bad.
You should never play games on a critical system. There should never be a chance that a flipped bit or a stray cosmic ray while playing HL:2 could "nuke" your e-mail.
Install as admin. WinXP even has a nifty feature that will allow a limited user to SUDO the installers.
Keep the system and the games patched. Get your cracks from gamecopyworld or some other reputable source.
Make your folders private. WinXP will protest other users to the best of its ability. Encrypt them if you dare.
Keep your backups up to date.
Never run a game as a trusted user. Create a profile just for gaming. Use the "fast switch user" command (Window Key + L) to logout and login as the gaming user.
Disable the NIC if it is an offline game. Or use a firewall or policy manager to cut off network access. If it is an online game, do some research on what ports it *should* be using and allow only thoes.
Play knowing that you are protected to the best of your ability. Bioware, Bungee, Transgaming, R4W_W4R3Z, etc cannot *nuke* your e-mail.
Finally, check your logs to see what's going on.
Everyone should be doing this for *all* games. Not just cracked ones. It's common sense that you never trust your system to someone you don't know. Don't wait to be fucked over to protect yourself.
If you see a human standing over another human's corpse without feeling something, you have my permission to put them in a mental institution.
So, MDs and PhDs gather evidince and some guy with a high-school education is suposed to interpret it? OK. Whatever.
We both know that there is the way things are taught, and the way things are done. The two are often dissimilar.
Sorry, RedHat. I like listening to MP3s and watching DVDs. I have no time for distros that do not include that functionality. Take your balls out of Corporate America's purse and we'll talk.
So, what you are saying is that permadeath and/or strong death penalties would force devs to actually dev a game? How often do you attack 'grays'? Why should a train of mobs care about 'gray' PCs? They shouldn't.
All the things you listed are probs hat devs should attend to. They piss people off in every game out there. Most devs ignore it and say it's my problem for 'idling' and not being aware of my surroundings.
A few GB? A .torrent is about 20KB~30KB. You could get suprnova's daily archive for about 10MB, tops. Then just grep the list to see what's there.
In all honesty, SuprNova's listings are really nice. I've probably tried more new bands through there than ever before. Just one example: A friend and I went to Florida for a conference. He asked If I wanted to go to a concert. Using SuprNova, I found the band's discography. I really liked the majority of what I heard. Because of that, The band made money off of my ticket purchace.
I still won't buy CDs, but it's nice to support bands when they come around and perform.
That's OK, I'll just search for .torrents on Kazaa...
Seriously, why couldn't they just put up a torrent of torrents?