From: Michael A. Terrell on

Vladimir Vassilevsky wrote:
>
> Michael A. Terrell wrote:
> > MooseFET wrote:
> >
> >>I may hold the record for the fastest infection of an XP machine. It
> >>was a new Dell. I connected it to the network and it was a goner
> >>before I finished getting it registered. For a short while I had two
> >>PCs in my office somewhere I have the picture of the Dell in a
> >>garbage can in front of the IT guys office door. That is how I
> >>returned it to him.
> >
> >
> >
> > If you were on a corporate network and that happened, they need to
> > fire the entire IT department.
>
> You should apply common sense to the horror stories that linux fans are
> telling about Windows XP.


Common sense and Linux are an oxymoron.


--
Lead free solder is Belgium's version of 'Hold my beer and watch this!'
From: David Brown on
On 13/04/2010 04:58, MooseFET wrote:
> On Apr 11, 11:35 am, David Brown
> <david.br...(a)hesbynett.removethisbit.no> wrote:
>> MooseFET wrote:
>>> On Apr 10, 1:31 pm, David Brown
>>> <david.br...(a)hesbynett.removethisbit.no> wrote:
> [....]
>>
>> True enough - and you should therefore never let outside windows
>> machines onto your network. The only time our company ever
>> suffered from a worm was when someone had taken a laptop from home
>> and attached it to our network (breaking my rules to do so). The
>> irony is that they wanted to use our fast internet connection to
>> download an update to protect against said worm.
>
> The last time I tried, Microsoft would not let you download the
> update with a virus free machine and then copy the file onto the down
> rev version of Windoz. You have no choice put to connect the
> down-rev machine to the outside world and let all the squirmy things
> get in while it tries to get updated to keep them out.
>

It's easy to protect a windows PC from worms - you make sure there is a
proper firewall (i.e., a physical box, or a reasonably configured
Linux/BSD/etc. firewall - not a windows software "firewall") between the
PC and any potentially infected machines. So you certainly don't have
to let the worms in while getting updates. Of course, not everyone
/has/ a decent firewall, despite their very low cost (a hardware
firewall is often cheaper than a year's subscription to a useless
third-party software firewall) - that's why they've got worms in the
first place.

> I may hold the record for the fastest infection of an XP machine.
> It was a new Dell. I connected it to the network and it was a goner
> before I finished getting it registered. For a short while I had two
> PCs in my office somewhere I have the picture of the Dell in a
> garbage can in front of the IT guys office door. That is how I
> returned it to him.
>

I remember reading some numbers a while back - I think it was when SP2
for XP came out. At the time, a fresh XP (no service pack, firewall
disabled as per default) installation directly connected to the internet
had a half-life of about 15 minutes before being infected by some sort
of worm. With SP2 and the windows firewall enabled, that went up to
around 48 hours (though that figure is less accurate, since it would
take too long to get enough samples). I've certainly seem people
getting infected as they try to update.


> I run Windows 98 in a virtual machine that has no network access.
> It is a real pigs breakfast but for the few Windoz things I must do,
> it is a good option. Unfortunately you can't run XP that way because
> it locks up if it can't phone home or something.
>

I'd recommend W2K pro as a better choice. It runs very well within a
VirtualBox machine, and works with far more windows software than Win98.
It is also possible to install and run XP without any sort of internet
connection, but then you need to activate it over the phone to MS (or
use one of the many wpa-killers you can find in the murkier areas of the
net). But W2K is lighter on resources, and normally does just as good a
job.

> My wife keeps here Windows machine fully updated with all the latest
> virus blockers etc. Just to be safe, I reboot it in Linux from time
> to time and copy all the important information onto an external
> drive. It is a good thing I've done that.
>
>
> [....]
>>>> Third, make sure you have strong passwords, disable root logins
>>>> (thus an attacker needs to guess user names as well as
>>>> passwords), and move remote access (such as ssh) to a
>>>> non-standard port.
>>
>>> Make your email names different from the login names so that
>>> someone who has received an email won't know the login name for
>>> that person.
>>
>> That can be a good idea when you need higher security. But the
>> majority of attackers don't know anything about you except your ip
>> address - they will try common names such as "root" and
>> "Administrator". It's a different matter with directed attacks, in
>> which case the attacker will likely research some email addresses
>> as likely login names.
>
> I was thinking about an attack from someone who had a spam email
> address list. The user name and company name can be parsed out.
>

Again, you are safe unless someone is directly targeting you. The
automated scanners and worms scan through IP addresses - they don't make
any connection between that address and a company name. Think about it
- there is no practical way to automate the process. At best, you could
make it work for companies big enough to own IP addresses rather than
leasing them from their ISP, and in those cases you'd have too many
matching email addresses to make any use of the information. It's far
faster and easier just to move on to the next target and try common
passwords and default firewall/router logins.
From: David Brown on
On 13/04/2010 05:30, Vladimir Vassilevsky wrote:
>
>
> Michael A. Terrell wrote:
>> MooseFET wrote:
>>
>>> I may hold the record for the fastest infection of an XP machine. It
>>> was a new Dell. I connected it to the network and it was a goner
>>> before I finished getting it registered. For a short while I had two
>>> PCs in my office somewhere I have the picture of the Dell in a
>>> garbage can in front of the IT guys office door. That is how I
>>> returned it to him.
>>
>>
>>
>> If you were on a corporate network and that happened, they need to
>> fire the entire IT department.
>

Corporate networks are not immune to infections - there are endless
examples of big corporations and other large organisations getting
network-wide infections. But you are certainly right that if such a
network gets infected, somebody has failed to do their job.

> You should apply common sense to the horror stories that linux fans are
> telling about Windows XP.
>

It is roughly accurate to say that an unprotected XP machine connected
to the Internet will get infected by worms and/or hacked in some way.
This will happen very quickly if you don't even have the XP software
firewall enabled, and will typically take a long time if it is updated
regularly and has a software firewall enabled.

It is also roughly accurate to say that pretty much any Linux
distribution with its default installation can be connected directly to
the internet and it's very unlikely to be infected by anything during
its useful lifetime.

Of course, in either case you may install vulnerable applications or
services that significantly increase your risks.

But it is also a simple matter to protect your windows machine. Put a
$50 hardware firewall between it and the internet (or other risky
machines), and you can be confident nothing bad will come in.

There are plenty of horror stories about windows insecurity, told by
news agencies and not just linux fans:

<http://www.silicon.com/technology/security/2008/11/18/hospitals-systems-hit-by-computer-virus-39345606/>

But claims that windows can't be kept safe are often greatly
exaggerated. It is perfectly possible to keep windows machines
infection free - but you have to apply some basic rules to do so.
First  |  Prev  | 
Pages: 1 2
Prev: E1 stream and spartan 3E
Next: Watermarking