windows xp
Posted by: ken c on 19 September 2004
my daughter bought an hp zt3000 notebook sometime ago. nice pc, but a bit frustrating with the problems we have been having with XP Home.
the pc came with a security update which we were advised to install before logging on to the net, for obvious reasons. we were also advised to install windows updates, which we did -- this was the beginning of a long headache. you see, the windows updater kept telling us that there are some updates available, but it turns out there were the same updates being installed over and over again (could see this from control panel add/remove programs). we also tried to install Norton AV, but this introduced its own problems --- basically everytime i openned it to set it to do live updates automatically, the Norton window would simply close down.
OK, i thought, better wait for SP2 on CD and try again. when this came, couldnt install it --- whenever i tried, the installation would simply abort at various places without any explanation.
anyone had any of these or similar problems with XP home? how did you get around them?
many thanks...
enjoy
ken
the pc came with a security update which we were advised to install before logging on to the net, for obvious reasons. we were also advised to install windows updates, which we did -- this was the beginning of a long headache. you see, the windows updater kept telling us that there are some updates available, but it turns out there were the same updates being installed over and over again (could see this from control panel add/remove programs). we also tried to install Norton AV, but this introduced its own problems --- basically everytime i openned it to set it to do live updates automatically, the Norton window would simply close down.
OK, i thought, better wait for SP2 on CD and try again. when this came, couldnt install it --- whenever i tried, the installation would simply abort at various places without any explanation.
anyone had any of these or similar problems with XP home? how did you get around them?
many thanks...
enjoy
ken
Posted on: 19 September 2004 by Steve Hall
Ken,
Sounds like you have a virus. The average time to infection on a WinXP system is about 5-10 mins when connected to the Internet. Some of them will even kill your Norton AV for you.
I would re-install from the CD's and read this
from SANS on how to survive the first day of using WinXP on the Internet.
In addition, go to your news agents and buy a cover disk with WinXP SP2 on it. As soon as you reinstall from your CD's install SP2 on it before connecting to the Internet, and ensure the firewall is on. You have a good change of surviving from that point on.
Sounds like you have a virus. The average time to infection on a WinXP system is about 5-10 mins when connected to the Internet. Some of them will even kill your Norton AV for you.
I would re-install from the CD's and read this
from SANS on how to survive the first day of using WinXP on the Internet.
In addition, go to your news agents and buy a cover disk with WinXP SP2 on it. As soon as you reinstall from your CD's install SP2 on it before connecting to the Internet, and ensure the firewall is on. You have a good change of surviving from that point on.
Posted on: 19 September 2004 by ken c
steve, many thanks.
the security cd that came with the pc looks like it is SP1. do you know if i need to install this before SP2?
enjoy...
ken
the security cd that came with the pc looks like it is SP1. do you know if i need to install this before SP2?
enjoy...
ken
Posted on: 19 September 2004 by matthewr
"Sounds like you have a virus"
Does it? Which virus causes the symptoms Ken is experiencing?
"The average time to infection on a WinXP system is about 5-10 mins when connected to the Internet"
Bollocks.
"read this from SANS on how to survive the first day of using WinXP on the Internet"
That article is partly wrong (e.g it tells you to disable File and Printer Sharing for no good reason) and the rest of it makes the process needlessly complicated.
Ken -- Install XP from scratch. Apply SP2 from your CD and you will be more or less up to date and 99.9% secure. Connect to the internet and check Windows update.
"do you know if i need to install this before SP2?"
No SP2 contains everything.
Matthew
Does it? Which virus causes the symptoms Ken is experiencing?
"The average time to infection on a WinXP system is about 5-10 mins when connected to the Internet"
Bollocks.
"read this from SANS on how to survive the first day of using WinXP on the Internet"
That article is partly wrong (e.g it tells you to disable File and Printer Sharing for no good reason) and the rest of it makes the process needlessly complicated.
Ken -- Install XP from scratch. Apply SP2 from your CD and you will be more or less up to date and 99.9% secure. Connect to the internet and check Windows update.
"do you know if i need to install this before SP2?"
No SP2 contains everything.
Matthew
Posted on: 19 September 2004 by ken c
matthew, we have just done a scan with EZArmour from CA. this has identified more than 23 viruses on my daughters pc, more of which were worms of various types and Trojans. whether this is what was causing the problem i am not to know (just as well EZ Armour installed OK).
i definitely want to re-install winXP after re-formatting the hard disk. but i want to make sure i won't go thru this frustrating process again. my daughter wants to go on the net asap.
matthew, do you have an alternative explanation for the behavior that i described and some advice as how to avoid the problem when i re-install?? also, repeat, do i need to install SP1 before SP2? or after the base re-install, can i go straight to SP2 (i have the CD from microsoft)...
many thanks for your response.
enjoy
ken
i definitely want to re-install winXP after re-formatting the hard disk. but i want to make sure i won't go thru this frustrating process again. my daughter wants to go on the net asap.
matthew, do you have an alternative explanation for the behavior that i described and some advice as how to avoid the problem when i re-install?? also, repeat, do i need to install SP1 before SP2? or after the base re-install, can i go straight to SP2 (i have the CD from microsoft)...
many thanks for your response.
enjoy
ken
Posted on: 19 September 2004 by matthewr
Ken,
Your PC is clearly not right and the best thing to do is to re-install from scratch.
So:
-- Unplug your PC from the network.
-- Boot from your XP install disk and do a full clean install by deleting the original partition.
-- Install SP2 from the CD. You are now 99.99% secure
-- Plug into the network and connect to the internet.
-- Run windows update
-- Install your chosen AV package
Matthew
Your PC is clearly not right and the best thing to do is to re-install from scratch.
So:
-- Unplug your PC from the network.
-- Boot from your XP install disk and do a full clean install by deleting the original partition.
-- Install SP2 from the CD. You are now 99.99% secure
-- Plug into the network and connect to the internet.
-- Run windows update
-- Install your chosen AV package
Matthew
Posted on: 19 September 2004 by ken c
matthew, steve, many thanks for your help.
anyone else care to share problems and solutions with winXP?
enjoy...
ken
anyone else care to share problems and solutions with winXP?
enjoy...
ken
Posted on: 19 September 2004 by Phil Barry
I think the advice so far is incomplete.
I, too, think the 5-10 minute estimate is way off. Honeypots are now found 5-10 SECONDS after they've been exposed on the 'net.
I agree that the symptoms are easily explained as a malware infection, and I agree that the best approach includes reformatting the HDD and installing from the restore disks , if you have them.
SP2, however, is not necessarily the right approach.
I always install AV and firewall software before connecting to the web. I use the free version of ZoneAlarm - it works well with SP2 on my systems - but I just use Office, IE, and Mozilla. My norma process is:
1) install Windows
2) install ZA
3) install NAV
4) reboot and update NAV
5) reboot and go to Windows Update for critical fixes.
6) install apps
7) update apps
I also want to know how the user is connected to the web - directly (with a public IP address from the ISP), or indirectly (via router). If you have a direct connection (i.e. DSL or cable modem into your daughter's PC), I'd recommend buying a cheap home router (Linksys, D-Link, Belkin, Netgear, etc., etc. in the US). This will give you Network Address Translation, which provides some protection - Blaster, for example couldn't infect NATted PCs.
I always want to know about the user's behavior before doing anything, since it's all wasted effort if the user wants web access so s/he can download pirated music and movies. If your daughter wants to download free music, have her fix her own PC, or pay someone to do it - the music isn't free.
She needs to train herself to reject virtually all programs offered via the web - too many come with spyware and malware.
Before installing SP2, you or she needs to check with microsoft to ensure that SP2 is compatible with the progarms used. See http://www.microsoft.com/windowsxp/sp2/sp2_whattoknow.mspx and check with the vendor of the products you use to see what, if anything, needs to be done for the product to run under SP2 - don't assume all MS products are compatible.
I would also download Ad-Aware (pcworld.com/downloads) and 'BHO Demon. BHODemon runs in the background; I run Ad-Aware weekly. I'd also check out www.spywareguide.com. for solid guidance and other tools that are useful too often.
And your daughter backs up her data, right?
I'm an unreconstructed US '60s liberal. I used to be against the death penalty, but I could be talked into excuting authors and distributors of viruses and spyware. They cause a lot of damage.
Regards.
Phil
I, too, think the 5-10 minute estimate is way off. Honeypots are now found 5-10 SECONDS after they've been exposed on the 'net.
I agree that the symptoms are easily explained as a malware infection, and I agree that the best approach includes reformatting the HDD and installing from the restore disks , if you have them.
SP2, however, is not necessarily the right approach.
I always install AV and firewall software before connecting to the web. I use the free version of ZoneAlarm - it works well with SP2 on my systems - but I just use Office, IE, and Mozilla. My norma process is:
1) install Windows
2) install ZA
3) install NAV
4) reboot and update NAV
5) reboot and go to Windows Update for critical fixes.
6) install apps
7) update apps
I also want to know how the user is connected to the web - directly (with a public IP address from the ISP), or indirectly (via router). If you have a direct connection (i.e. DSL or cable modem into your daughter's PC), I'd recommend buying a cheap home router (Linksys, D-Link, Belkin, Netgear, etc., etc. in the US). This will give you Network Address Translation, which provides some protection - Blaster, for example couldn't infect NATted PCs.
I always want to know about the user's behavior before doing anything, since it's all wasted effort if the user wants web access so s/he can download pirated music and movies. If your daughter wants to download free music, have her fix her own PC, or pay someone to do it - the music isn't free.
She needs to train herself to reject virtually all programs offered via the web - too many come with spyware and malware.
Before installing SP2, you or she needs to check with microsoft to ensure that SP2 is compatible with the progarms used. See http://www.microsoft.com/windowsxp/sp2/sp2_whattoknow.mspx and check with the vendor of the products you use to see what, if anything, needs to be done for the product to run under SP2 - don't assume all MS products are compatible.
I would also download Ad-Aware (pcworld.com/downloads) and 'BHO Demon. BHODemon runs in the background; I run Ad-Aware weekly. I'd also check out www.spywareguide.com. for solid guidance and other tools that are useful too often.
And your daughter backs up her data, right?
I'm an unreconstructed US '60s liberal. I used to be against the death penalty, but I could be talked into excuting authors and distributors of viruses and spyware. They cause a lot of damage.
Regards.
Phil
Posted on: 20 September 2004 by Stephen Bennett
quote:
Originally posted by Matthew Robinson:
"The average time to infection on a WinXP system is about 5-10 mins when connected to the Internet"
Bollocks.
Matthew
I just installed a new PC and had a virus almost the instant I connected it to the web in order to download the anti-virus software update patch!
In fact, it's getting so bad, that if turn off a fully Win XP/Virus checker updated PC at the weekend, it often picks up a virus monday morning before it gets a chance to update the virus checker DAT files.
I'm hoping SP 2 will help - though I've had problems with this on a few PCs too.
Regards & anti-bollocks
Stephen
Posted on: 20 September 2004 by Rasher
Anybody know if there will ever be a real solution to viruses? With the internet being still in its infancy, surely at sometime in the future this sort of thing will be a thing of the past. Yes?
I can see that if it gets any worse the whole thing will just fail.
I can see that if it gets any worse the whole thing will just fail.
Posted on: 20 September 2004 by Mike Hughes
May I just echo the advice from Phil. That's probably the most comprehensive and clear IT post I have read on here for a long, long time.
A couple of things to add.
1) I think it's deceptive to talk as though XP is the problem here. The problem is most likely to be user behaviour and Phil has highlighted that. Unfortunately, for all of Phil's advice, the problem is likely to reoccur unless someone sits down and explains the issues. It's not as simple as illegal downloads though. It could be any peer to peer file sharing; not closing pop-ups correctly and so on.
2) The best possible reason to disable 'File and Printer' sharing is
a) when you simply don't need it, and,
b) it does introduce vulnerabilities that need not be there. There are enough gaps in PC security without inviting people in!
Mike
A couple of things to add.
1) I think it's deceptive to talk as though XP is the problem here. The problem is most likely to be user behaviour and Phil has highlighted that. Unfortunately, for all of Phil's advice, the problem is likely to reoccur unless someone sits down and explains the issues. It's not as simple as illegal downloads though. It could be any peer to peer file sharing; not closing pop-ups correctly and so on.
2) The best possible reason to disable 'File and Printer' sharing is
a) when you simply don't need it, and,
b) it does introduce vulnerabilities that need not be there. There are enough gaps in PC security without inviting people in!
Mike
Posted on: 20 September 2004 by matthewr
"I just installed a new PC and had a virus almost the instant I connected it to the web"
Well maybe I've been exceptionally lucky, but I've done many clean installs from XP + SP1 and had more than enough time to do a full windows update to get get it up to date without getting infected.
"turn off a fully Win XP/Virus checker updated PC at the weekend, it often picks up a virus monday morning before it gets a chance to update the virus checker DAT files"
This just doesn't make any sense to me. For sure there are a lot of viruses and worms out there but 99.99999999% of them exploit known vulnerabilities that are all patched. If you have SP2 there are a very small number of exploits and I am fairly sure that getting the risk is miniscule (assuming you don't get the virus via an executable, an undetected trojan, a dodgy webstie, etc). Ergo, you have a patched PC you are, essentailly, safe barring doing something wrong yourself.
"Regards & anti-bollocks"
Maybe bollocks was a bit strong and I was in a bad mood, so for that I apologise. I just find the FUD from alarmist and misleading advice worse than any actual problems I've ever had from a virus and it annoys me as it perpetuates the problems and makes people worry too much.
Mike said "2) The best possible reason to disable 'File and Printer' sharing is
"a) when you simply don't need it, and,"
Unless you want to share files and printers on your network. I use it all the time.
"b) it does introduce vulnerabilities that need not be there"
No it doesn't. File and Printer sharing vulnerabilities are typical of the sort of hysteria and misinformation that surrounds computer security. It can be a problem, but if and only if *all* the following are true:
1. File and Printer Sharing for Microsoft Networks is installed as a network component (Network in Control Panel).
2. File and Printer Sharing for Microsoft Networks is bound to TCP/IP on an adapter used for the Internet.
3. Options for files and printers are checked (enabled) under File and Print Sharing.
4. "Share(s)" have actually been configured for file(s) and printer(s).
5. Strong passwords have not been used on file and printer "share(s)."
6. Scope ID has not been set like a strong password.
This is far from the case by default.
Matthew
Well maybe I've been exceptionally lucky, but I've done many clean installs from XP + SP1 and had more than enough time to do a full windows update to get get it up to date without getting infected.
"turn off a fully Win XP/Virus checker updated PC at the weekend, it often picks up a virus monday morning before it gets a chance to update the virus checker DAT files"
This just doesn't make any sense to me. For sure there are a lot of viruses and worms out there but 99.99999999% of them exploit known vulnerabilities that are all patched. If you have SP2 there are a very small number of exploits and I am fairly sure that getting the risk is miniscule (assuming you don't get the virus via an executable, an undetected trojan, a dodgy webstie, etc). Ergo, you have a patched PC you are, essentailly, safe barring doing something wrong yourself.
"Regards & anti-bollocks"
Maybe bollocks was a bit strong and I was in a bad mood, so for that I apologise. I just find the FUD from alarmist and misleading advice worse than any actual problems I've ever had from a virus and it annoys me as it perpetuates the problems and makes people worry too much.
Mike said "2) The best possible reason to disable 'File and Printer' sharing is
"a) when you simply don't need it, and,"
Unless you want to share files and printers on your network. I use it all the time.
"b) it does introduce vulnerabilities that need not be there"
No it doesn't. File and Printer sharing vulnerabilities are typical of the sort of hysteria and misinformation that surrounds computer security. It can be a problem, but if and only if *all* the following are true:
1. File and Printer Sharing for Microsoft Networks is installed as a network component (Network in Control Panel).
2. File and Printer Sharing for Microsoft Networks is bound to TCP/IP on an adapter used for the Internet.
3. Options for files and printers are checked (enabled) under File and Print Sharing.
4. "Share(s)" have actually been configured for file(s) and printer(s).
5. Strong passwords have not been used on file and printer "share(s)."
6. Scope ID has not been set like a strong password.
This is far from the case by default.
Matthew
Posted on: 20 September 2004 by Geoff P
SP2 is supposed to have a major boost in interent security included in it. Folks have had variable experience with it as described here:
http://forums.naim-audio.com/eve/forums?q=Y&a=tpc&s=67019385&f=58019385&m=931103313&p=2
I must admit I have a home router in between my home PC's and my cable connection and have never been seriously invaded yet.
regards
GEOFF
The boring old fart
http://forums.naim-audio.com/eve/forums?q=Y&a=tpc&s=67019385&f=58019385&m=931103313&p=2
I must admit I have a home router in between my home PC's and my cable connection and have never been seriously invaded yet.
regards
GEOFF
The boring old fart
Posted on: 20 September 2004 by ken c
quote:
Originally posted by Phil Barry:
...SP2, however, is not necessarily the right approach.
why not? i have ZA Pro on my own win 2000 computer -- i just thought that SP brings the benefits of its own firewall - so dont have to bother with another? what are the drawbacks of SP2?
quote:
I always install AV and firewall software before connecting to the web. I use the free version of ZoneAlarm - it works well with SP2 on my systems - but I just use Office, IE, and Mozilla.
more or less same as my daughter in terms of apps, but why do you bother with ZA when you have SP2's firewall?
quote:
My norma process is:
1) install Windows
2) install ZA
3) install NAV
4) reboot and update NAV
5) reboot and go to Windows Update for critical fixes.
6) install apps
7) update apps
as i said, hp provided the bootable winXP base CD, plus drivers, plus Critical Security updates, which install as SP1. when i reformat my daughters PC, i will first install the base XP and the drivers for sound etc. what i am not sure of if whether to then install the SP1 or simply go straight to SP2? most of the replies so far imply that i can jump SP1 and go straight to SP2, which i have on CD (i.e. i will NOT be downloading it). presumably, after SP2, i can then install Norton 2004 that also came with the PC?
quote:
I also want to know how the user is connected to the web - directly (with a public IP address from the ISP), or indirectly (via router). If you have a direct connection (i.e. DSL or cable modem into your daughter's PC), I'd recommend buying a cheap home router (Linksys, D-Link, Belkin, Netgear, etc., etc. in the US). This will give you Network Address Translation, which provides some protection - Blaster, for example couldn't infect NATted PCs.
router sounds like a good idea, many thanks. but raises the question why we have to go thru all this parlava for what should be an UPGRADE to the OS?
my daughter doesnt download music.
quote:
Before installing SP2, you or she needs to check with microsoft to ensure that SP2 is compatible with the progarms used. See http://www.microsoft.com/windowsxp/sp2/sp2_whattoknow.mspx and check with the vendor of the products you use to see what, if anything, needs to be done for the product to run under SP2 - don't assume all MS products are compatible.
good advice. just been to the hp site and there may well be some driver incomptabilities -- so will need to download updated drivers from hp.
quote:
I would also download Ad-Aware (pcworld.com/downloads) and 'BHO Demon. BHODemon runs in the background; I run Ad-Aware weekly. I'd also check out http://www.spywareguide.com. for solid guidance and other tools that are useful too often.
many thanks. right now she is running webroot spysweeper, but i'll have a look at the link you provided.
quote:
And your daughter backs up her data, right?
Yes.
quote:
I'm an unreconstructed US '60s liberal. I used to be against the death penalty, but I could be talked into excuting authors and distributors of viruses and spyware. They cause a lot of damage.
what do people who write viruses get from this activity?? i.e what is the motivation?
many thanks phil...
enjoy
ken
Posted on: 20 September 2004 by matthewr
Ken,
I shall repeat:
1) Install windows w/out plugging into the network
2) Instal SP2, which includes SP1
3) You are now 99.9% secure
4) Install AV and a firewall
5) Connect to network
6) Run windows update and update your AV software.
"i just thought that SP brings the benefits of its own firewall - so dont have to bother with another?"
The XP Firewall only does inbound filtering not outbound filtering. This means it is pretty good at stopping stuff getting in but not good at spotting when you have stuff trying to get out (including stuff that wants to "phone home" to download a trojan onto your PC).
So XP Firewall gives you most of the benefit but ZA is worth it, especially if you are already familiar with it. A router is best though. Altogether less hassle.
"what do people who write viruses get from this activity?? i.e what is the motivation?"
There are two types:
-- Confused teenagers seeking attention. They are usually from Grermany or Korea for some reason.
-- The Russian Mob. They use big networks of compromised PCs to launch Distributed Denial of Service attacks against financially important websites and then extort money from them. All the major Poker sites have been attacked in this way, for example.
Matthew
PS If at all possible don't use Norton/Symantec AV as franly it's awful (in that it seems to cause problems with other apps, stuff to stop work, etc) and most pepole give up on it eventually. The free alternatives like AVG are better and McAfee Virus Scan Professional is much, much simpler and altogether better IMHO.
I shall repeat:
1) Install windows w/out plugging into the network
2) Instal SP2, which includes SP1
3) You are now 99.9% secure
4) Install AV and a firewall
5) Connect to network
6) Run windows update and update your AV software.
"i just thought that SP brings the benefits of its own firewall - so dont have to bother with another?"
The XP Firewall only does inbound filtering not outbound filtering. This means it is pretty good at stopping stuff getting in but not good at spotting when you have stuff trying to get out (including stuff that wants to "phone home" to download a trojan onto your PC).
So XP Firewall gives you most of the benefit but ZA is worth it, especially if you are already familiar with it. A router is best though. Altogether less hassle.
"what do people who write viruses get from this activity?? i.e what is the motivation?"
There are two types:
-- Confused teenagers seeking attention. They are usually from Grermany or Korea for some reason.
-- The Russian Mob. They use big networks of compromised PCs to launch Distributed Denial of Service attacks against financially important websites and then extort money from them. All the major Poker sites have been attacked in this way, for example.
Matthew
PS If at all possible don't use Norton/Symantec AV as franly it's awful (in that it seems to cause problems with other apps, stuff to stop work, etc) and most pepole give up on it eventually. The free alternatives like AVG are better and McAfee Virus Scan Professional is much, much simpler and altogether better IMHO.
Posted on: 20 September 2004 by Joe Petrik
Sorry to take this discussion on a tangent, but can anyone tell me whether Macs are less likely to be hit by a virus because they are more secure than PCs, or is it simply that the vast majority of viruses are aimed at PCs so by running a Mac the numbers are in your favour?
I'm asking because I'm thinking of getting broadband access at home and am wondering if I should take precautions.
Joe
I'm asking because I'm thinking of getting broadband access at home and am wondering if I should take precautions.
Joe
Posted on: 20 September 2004 by garyi
Joe, the mac has built in UNIX firewall.
There is a virus checker for mac, unfortunatly its Norton and very dodgy on the mac.
I have been running broadband for over a year with no problems.
I can;t say for sure regarding the mac, but for sure UNIX is more difficult to hit, and windows seems to be full of holes so that MS can keep an eye on you.
There are around 6 known viruses for mac as it goes, I would have thought with the anamosity that seems to exist between some PC/Mac users, you would think there would be more viruses for mac. You could imagine one killer virus taking all macs out, that wouldn't be funny
There is a virus checker for mac, unfortunatly its Norton and very dodgy on the mac.
I have been running broadband for over a year with no problems.
I can;t say for sure regarding the mac, but for sure UNIX is more difficult to hit, and windows seems to be full of holes so that MS can keep an eye on you.
There are around 6 known viruses for mac as it goes, I would have thought with the anamosity that seems to exist between some PC/Mac users, you would think there would be more viruses for mac. You could imagine one killer virus taking all macs out, that wouldn't be funny
Posted on: 20 September 2004 by matthewr
Joe, Gary,
Prior to OSX, Mac OS was essentially like early Windows 95 and so very buggy, unreliable and catastrophically non-secure. OSX means it leverages its UNIX base to catch up to Win 2000/XP in some ways and exceed it in others. The code that Apple has added on top (which is quite a lot) is probably as buggy and non-secure as typical proprietry code like Windows. So, if the roles were reveresed and OSX was in the place of XP, things would probably not be much different.
However, having said that, the *least* interesting thing about Macs is the fact that they don't get as many viruses as Windows.
Firstly, whatever OS you use it still requires you to take essentially the same steps to secure it as you do whwen using Windows. You have to keep on top of security threats, use appropriate network and AV security, keep up-to-date with O/S and application updates, etc.
Secondly, OSX has some fantastic features and advantages. To focus on it's apparent lack of Windows style security problems is to not only miss the point of why it's good, but furthers the impression that Mac users define themselves by their relationship to Windows in a sort of chip on the shoulder / inferiority complex sort of way. Rather like a certain type of Scotch with respect to the English, if you will.
Matthew
Prior to OSX, Mac OS was essentially like early Windows 95 and so very buggy, unreliable and catastrophically non-secure. OSX means it leverages its UNIX base to catch up to Win 2000/XP in some ways and exceed it in others. The code that Apple has added on top (which is quite a lot) is probably as buggy and non-secure as typical proprietry code like Windows. So, if the roles were reveresed and OSX was in the place of XP, things would probably not be much different.
However, having said that, the *least* interesting thing about Macs is the fact that they don't get as many viruses as Windows.
Firstly, whatever OS you use it still requires you to take essentially the same steps to secure it as you do whwen using Windows. You have to keep on top of security threats, use appropriate network and AV security, keep up-to-date with O/S and application updates, etc.
Secondly, OSX has some fantastic features and advantages. To focus on it's apparent lack of Windows style security problems is to not only miss the point of why it's good, but furthers the impression that Mac users define themselves by their relationship to Windows in a sort of chip on the shoulder / inferiority complex sort of way. Rather like a certain type of Scotch with respect to the English, if you will.
Matthew
Posted on: 20 September 2004 by Hawk
Garyi, McAfee do a virus checker for Mac called VireX if your completely tits'd of with Norton..
Joe ive also have had a broadband connection with my mac for sometime and have no problems so far... touch wood! I make sure i keep the software up to date though.. there only seems to be a security patch every couple of months or so though..
cheers
Neil
Joe ive also have had a broadband connection with my mac for sometime and have no problems so far... touch wood! I make sure i keep the software up to date though.. there only seems to be a security patch every couple of months or so though..
cheers
Neil
Posted on: 20 September 2004 by Toksik
Ken, amazing hearing 'bout all these Virii?......i have an external modem/router which has it's own configurable firewall settings etc and run Sygate personal pro s/ware firewall and touch wood... nowt's getting near me computer!. 
dennis
dennis
Posted on: 20 September 2004 by jpk73
What I do: I use Win98SE because most of the malware/spyware/viruses is designed for XP. Win98+AV+WinUpdates is OK for me although I know that XP is much better in many regards... On the other hand: there is nothing what XP does what 98 doesn't what I need and what I don't get from "external" software...! BTW I recieve countless viruses but my system never gets infected - until now. Good luck with XP, I hate it! Of course I also hate Win98, but XP even more... MacOS7.6 is nice indeed! But pretty much useless these days... And I much prefer Suse Linux (or Gentoo or Debian) over MacOSX.
- Jun
- Jun
Posted on: 21 September 2004 by Mike Hughes
quote:
posted Mon 20 September 04 13:52
"I just installed a new PC and had a virus almost the instant I connected it to the web"
Well maybe I've been exceptionally lucky, but I've done many clean installs from XP + SP1 and had more than enough time to do a full windows update to get get it up to date without getting infected.
"turn off a fully Win XP/Virus checker updated PC at the weekend, it often picks up a virus monday morning before it gets a chance to update the virus checker DAT files"
This just doesn't make any sense to me. For sure there are a lot of viruses and worms out there but 99.99999999% of them exploit known vulnerabilities that are all patched. If you have SP2 there are a very small number of exploits and I am fairly sure that getting the risk is miniscule (assuming you don't get the virus via an executable, an undetected trojan, a dodgy webstie, etc). Ergo, you have a patched PC you are, essentailly, safe barring doing something wrong yourself.
"Regards & anti-bollocks"
Maybe bollocks was a bit strong and I was in a bad mood, so for that I apologise. I just find the FUD from alarmist and misleading advice worse than any actual problems I've ever had from a virus and it annoys me as it perpetuates the problems and makes people worry too much.
Mike said "2) The best possible reason to disable 'File and Printer' sharing is
"a) when you simply don't need it, and,"
Unless you want to share files and printers on your network. I use it all the time.
"b) it does introduce vulnerabilities that need not be there"
No it doesn't. File and Printer sharing vulnerabilities are typical of the sort of hysteria and misinformation that surrounds computer security. It can be a problem, but if and only if *all* the following are true:
1. File and Printer Sharing for Microsoft Networks is installed as a network component (Network in Control Panel).
2. File and Printer Sharing for Microsoft Networks is bound to TCP/IP on an adapter used for the Internet.
3. Options for files and printers are checked (enabled) under File and Print Sharing.
4. "Share(s)" have actually been configured for file(s) and printer(s).
5. Strong passwords have not been used on file and printer "share(s)."
6. Scope ID has not been set like a strong password.
Mathew,
Give me a break. File and Printer Sharing introduces very clear vulnerabilities from the moment you tick those boxes. It could not be further from hysteria. Even MS are sensible enough to advise that you don't use it if you don't need it. Hysteria, I don't think so.
Your points 4 to 6 are something akin to nonsense. First of all, most Windows OSs share certain files by default. As these include system files how much vulnerability do you want?
Secondly, most users do not set strong passwords/Scope ID at all and it is cloud cuckooland to suggest that they do. That is precisely why you should not selected F&PS if you do not need it.
Mike
Posted on: 21 September 2004 by matthewr
"File and Printer Sharing introduces very clear vulnerabilities"
Like what? Exactly.
"First of all, most Windows OSs share certain files by default. As these include system files how much vulnerability do you want?"
The default administrative shares require a local administrator logon which should, in any remotely secure Windows installation, be secured by a strong password. If you don't have a secure administrator password you have all sorts of potential security problems not just those relating to File and Printer sharing.
"Secondly, most users do not set strong passwords/Scope ID at all and it is cloud cuckooland to suggest that they do. That is precisely why you should not selected F&PS if you do not need it."
This is just *so* dumb and exactly the sort of thing that I am talking about. Essentially you are saying that the solution to a very serious security problem (the lack of strong passwords) is to not to use a perfectly good and very useful feature and to leave the actual security problem unchecked.
Your advice also leaves the user in a very dangerous state of ignorance should they, at some later date, have to switch sharing back on for any number of legitimate reasons. By contrast, if you tell them to use secure passwords, they can use sharing in safety.
"It could not be further from hysteria"
There is an awful lot of information about NETBIOS and File and Printer Sharing on the net and most of it is factually inaccurate hysteria.
Matthew
Like what? Exactly.
"First of all, most Windows OSs share certain files by default. As these include system files how much vulnerability do you want?"
The default administrative shares require a local administrator logon which should, in any remotely secure Windows installation, be secured by a strong password. If you don't have a secure administrator password you have all sorts of potential security problems not just those relating to File and Printer sharing.
"Secondly, most users do not set strong passwords/Scope ID at all and it is cloud cuckooland to suggest that they do. That is precisely why you should not selected F&PS if you do not need it."
This is just *so* dumb and exactly the sort of thing that I am talking about. Essentially you are saying that the solution to a very serious security problem (the lack of strong passwords) is to not to use a perfectly good and very useful feature and to leave the actual security problem unchecked.
Your advice also leaves the user in a very dangerous state of ignorance should they, at some later date, have to switch sharing back on for any number of legitimate reasons. By contrast, if you tell them to use secure passwords, they can use sharing in safety.
"It could not be further from hysteria"
There is an awful lot of information about NETBIOS and File and Printer Sharing on the net and most of it is factually inaccurate hysteria.
Matthew
Posted on: 21 September 2004 by Mike Hughes
Mathew,
As someone said on this thread - "bo*****s"!!!
Your post remains cloud cuckoo land. You write all about "should". I am writing about what happens in the real world not what ought to happen. We can all have great theoretical approaches to IT but, out in the real world, they simply don't work.
I know administrators in LAs that still use "abc123" and so on.
Looking back through your posts on this forum it becomes obvious that you have a dislike of online articles and challenge their cred. whenever raised. If you have such insight on why enabling F&PS carries no risks please feel free to enlighten us all. There's plenty of info. out there on why it does and I don't intend to repeat it. You just tell us why they're wrong.
As this thread is about a user not using sharing then why would I be engaged in a discussion about why they should be using it. The point really seems to be beyond you.
If you don't need it then turn it off. The issue of passwords etc. then simply doesn't arise. You have turned what I said on it's head.
Having seen seven international networks brought to their knees through hacking and other problems that occurred specifically because, after months of post-analyisis, it was established that F&PS was enabled in scenarios where it did not need to be and should not have been then I think I can speak on the subject. I do apologise for being "holier than thou" but I suspect I am just better informed
F&PS creates problems. Yes, strong passwords and other security can limit potential damage but the simplest solution is just "turn it off". Turning off F&PS is not a solution to weak passwords. It is a solution to a potential security hole and I have said nothing more than that.
Mike
As someone said on this thread - "bo*****s"!!!
Your post remains cloud cuckoo land. You write all about "should". I am writing about what happens in the real world not what ought to happen. We can all have great theoretical approaches to IT but, out in the real world, they simply don't work.
I know administrators in LAs that still use "abc123" and so on.
quote:
Like what? Exactly.
Looking back through your posts on this forum it becomes obvious that you have a dislike of online articles and challenge their cred. whenever raised. If you have such insight on why enabling F&PS carries no risks please feel free to enlighten us all. There's plenty of info. out there on why it does and I don't intend to repeat it. You just tell us why they're wrong.
quote:
"Secondly, most users do not set strong passwords/Scope ID at all and it is cloud cuckooland to suggest that they do. That is precisely why you should not selected F&PS if you do not need it."
This is just *so* dumb and exactly the sort of thing that I am talking about. Essentially you are saying that the solution to a very serious security problem (the lack of strong passwords) is to not to use a perfectly good and very useful feature and to leave the actual security problem unchecked.
As this thread is about a user not using sharing then why would I be engaged in a discussion about why they should be using it. The point really seems to be beyond you.
If you don't need it then turn it off. The issue of passwords etc. then simply doesn't arise. You have turned what I said on it's head.
Having seen seven international networks brought to their knees through hacking and other problems that occurred specifically because, after months of post-analyisis, it was established that F&PS was enabled in scenarios where it did not need to be and should not have been then I think I can speak on the subject. I do apologise for being "holier than thou" but I suspect I am just better informed
F&PS creates problems. Yes, strong passwords and other security can limit potential damage but the simplest solution is just "turn it off". Turning off F&PS is not a solution to weak passwords. It is a solution to a potential security hole and I have said nothing more than that.
Mike
Posted on: 21 September 2004 by matthewr
Mike,
"if you don't need it then turn it off. The issue of passwords etc. then simply doesn't arise"
That is just plain wrong. Weak passwords = vulnerable systems PERIOD.
"I know administrators in LAs that still use "abc123" and so on"
So they *definitely* have very vulnerable systems and this does not change if they switch F&PS off.
If instead they had passwords of, say, g9JKn-890DG, then their system is secure even if they have F&PS switched on.
You see?
Matthew
"if you don't need it then turn it off. The issue of passwords etc. then simply doesn't arise"
That is just plain wrong. Weak passwords = vulnerable systems PERIOD.
"I know administrators in LAs that still use "abc123" and so on"
So they *definitely* have very vulnerable systems and this does not change if they switch F&PS off.
If instead they had passwords of, say, g9JKn-890DG, then their system is secure even if they have F&PS switched on.
You see?
Matthew
Posted on: 21 September 2004 by Martin D
Talking of passwords, does anyone have any good tips on ways they remember them or dream them up? Although not an IT person directly, I come across about 15 (so far) instances of needing passwords and remembering them, I’m afraid I resort to writing them down mostly, discreetly disguised.
Martin
Martin