babble home
rabble.ca - news for the rest of us
today's active topics


Post New Topic  Post A Reply
FAQ | Forum Home
  next oldest topic   next newest topic
» babble   » current events   » national news   » !!!!VERY IMPORTANT - WINDOWS VIRUS - spreading NOW!

Email this thread to someone!    
Author Topic: !!!!VERY IMPORTANT - WINDOWS VIRUS - spreading NOW!
No Yards
rabble-rouser
Babbler # 4169

posted 16 August 2005 06:50 PM      Profile for No Yards   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
Anyone using any Windows platform at all (95, 96, ME, 200, and XP) there is a very fast spreading virus spreading on the Internet roght now tht will cause you PC to continually reboot itself. CNN is reporting this right now, and most of their computers are actually don right now because of it.

They are saying it is the fastest spreading virus ever seen.

For most Windows platforms open Windows explorer, click Tools-Update and update to all the latest security fixes.

[ 16 August 2005: Message edited by: No Yards ]


From: Defending traditional marriage since June 28, 2005 | Registered: Jun 2003  |  IP: Logged
Michelle
Moderator
Babbler # 560

posted 16 August 2005 10:20 PM      Profile for Michelle   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
Very interesting. My Symantec just caught an incoming e-mail virus apparently, and deleted it. I wonder if that was the one?

Thanks for the warning, No Yards.

Yes, I know I should be using Linux. I know.


From: I've got a fever, and the only prescription is more cowbell. | Registered: May 2001  |  IP: Logged
Papal Bull
rabble-rouser
Babbler # 7050

posted 16 August 2005 10:23 PM      Profile for Papal Bull   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 

How is it being spread? Email, or is it one of those new ones that is being encoded into images and whatnot?


From: Vatican's best darned ranch | Registered: Oct 2004  |  IP: Logged
Deep Dish
rabble-rouser
Babbler # 9609

posted 16 August 2005 10:25 PM      Profile for Deep Dish     Send New Private Message      Edit/Delete Post  Reply With Quote 
People, update your virus definitions and keep your Windows patched. Turn off your machine when you are away from it (don't do this at work though).

For extra protection install a firewall. Provided you aren't a public figure, don't store credit card numbers or any other valuable data you will be fine 99% of the time.

The other 1% of viruses there is nothing you can do about in the short term except wait for a fix. Otherwise, do not believe the hype - they want you to be scared.

I will not participate in a holy war here, but a Linux box isn't any more secure than a Windows box - unless you know what you are doing (and there are truly very few Unix experts) and Windows security is quite a bit easier.

[ 16 August 2005: Message edited by: Deep Dish ]


From: halfway between the gutter and the stars | Registered: Jun 2005  |  IP: Logged
Michelle
Moderator
Babbler # 560

posted 16 August 2005 10:28 PM      Profile for Michelle   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
The CNN report

quote:
So far, the impact has not been as great as the 2003 Blaster virus attack, said Jeff Havrila, a technical analyst with the U.S. Computer Emergency Readiness Team, a coalition of public and private groups that combats computer attacks.

He noted that improved firewalls and faster patches may have limited the worm's spread.

He also said it is unclear how long the worm may take to run its course, noting that many people are away on summer vacation and may be affected only when they return.


The Blaster virus is the only virus I've ever had that shut down my computer completely. (Although I got it back up and running again.) I hope this one passes me by. I'm using Zone Alarm and Symantec virus protection, so my fingers are crossed.


From: I've got a fever, and the only prescription is more cowbell. | Registered: May 2001  |  IP: Logged
Reality. Bites.
rabble-rouser
Babbler # 6718

posted 16 August 2005 10:33 PM      Profile for Reality. Bites.        Edit/Delete Post  Reply With Quote 
It hit my company big-time today at the server level. Everyone running Windows 2000 was hit. I'm on XP and wasn't hit, but internet access was glacial and email was unavailable.
From: Gone for good | Registered: Aug 2004  |  IP: Logged
Michelle
Moderator
Babbler # 560

posted 16 August 2005 10:34 PM      Profile for Michelle   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
Huh. Didn't hit my workplace at all, as far as I know. Unless there is going to be an unpleasant surprise waiting for us tomorrow.
From: I've got a fever, and the only prescription is more cowbell. | Registered: May 2001  |  IP: Logged
Fidel
rabble-rouser
Babbler # 5594

posted 16 August 2005 10:38 PM      Profile for Fidel     Send New Private Message      Edit/Delete Post  Reply With Quote 
Anyone know anything about Pre-Empt - Detto ?. I hear it sucks if you try and run it with Norton Anti-Virus, and works a little differently than NAV or McAfee. Maybe it works because it frigs up your machine enough to stop Windows from running altogether, yes ?.
From: Viva La Revolución | Registered: Apr 2004  |  IP: Logged
Cougyr
rabble-rouser
Babbler # 3336

posted 16 August 2005 10:44 PM      Profile for Cougyr     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:
Originally posted by Deep Dish:
I will not participate in a holy war here, but a Linux box isn't any more secure than a Windows box - unless you know what you are doing (and there are truly very few Unix experts) and Windows security is quite a bit easier.

That's FUD. Linux, like Unix, is much more secure than Windows. The file system is quite different. And, of course, most viruses, worms, etc. are designed to attack Windows and won't affect a Linux box in any way.

Microsoft has initiated a major FUD campaign to discredit Linux, but that doesn't change anything; Linux is almost totally secure. I've been using Linux for several years and have never been infected with anything, in spite of a steady flood of probes.


From: over the mountain | Registered: Nov 2002  |  IP: Logged
Yst
rabble-rouser
Babbler # 9749

posted 16 August 2005 10:44 PM      Profile for Yst     Send New Private Message      Edit/Delete Post  Reply With Quote 
It's a worm, not an email virus. Spreads via Port 445 and almost exclusively affects Windows 2000, which means it's far more likely to infect businesses who lack a firewall (such businesses deserve what they get) than it is to infect home users. If you're behind any sort of firewall, it's really no worry even if you are running 2000, and the only way for it to get to you is by someone else behind the firewall on your network connecting to a network where the worm is spreading and then subsequently reconnecting to your network and infecting you.

This is mostly just a big story because some major news organisations got infected and it got their panties in a big huge twist. As worms go, it doesn't appear to be all that huge.


From: State of Genderfuck | Registered: Jun 2005  |  IP: Logged
Deep Dish
rabble-rouser
Babbler # 9609

posted 16 August 2005 10:55 PM      Profile for Deep Dish     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:

Microsoft has initiated a major FUD campaign to discredit Linux, but that doesn't change anything; Linux is almost totally secure. I've been using Linux for several years and have never been infected with anything, in spite of a steady flood of probes

I would put Linux or Unix on a mail/web server/database server (in fact MS databases flat out suck) or some kinds of file server, but I would be very hesitant to use it on a network of workstations or provide it as a desktop o/s - which is something it was not really intended to be. I doubt many people reading this thread are running file servers, network databases, or web servers - so my advice still applies.

There is no accounting for taste and if compiling drivers etc, is your thing - yes Unix-based systems are more secure, but if clicking icons is more your speed a Windows machine is a better option. I've been challenged by hackers before and told them to do their worst.

Finally if anything serious happens with a Redmond system you can always get MS engineers to work on it - Unix engineers are exceedingly rare.

[ 16 August 2005: Message edited by: Deep Dish ]


From: halfway between the gutter and the stars | Registered: Jun 2005  |  IP: Logged
Lard Tunderin' Jeezus
rabble-rouser
Babbler # 1275

posted 16 August 2005 11:11 PM      Profile for Lard Tunderin' Jeezus   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:
There is no accounting for taste and if compiling drivers etc, is your thing - yes Unix-based systems are more secure, but if clicking icons is more your speed a Windows machine is a better option.
A Macintosh would be the best of both worlds.

From: ... | Registered: Aug 2001  |  IP: Logged
Doug
rabble-rouser
Babbler # 44

posted 16 August 2005 11:18 PM      Profile for Doug   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
Every Windows 2000 machine in our company was downed for hours by this thing. It's nasty.
From: Toronto, Canada | Registered: Apr 2001  |  IP: Logged
Stargazer
rabble-rouser
Babbler # 6061

posted 16 August 2005 11:56 PM      Profile for Stargazer     Send New Private Message      Edit/Delete Post  Reply With Quote 
If anyone uses Symantec the current virus defintions of August 15, 2005 rev. 41 will not cover this worm. You should do an Intelligent Update from the Symantec Website here:

Symantec Intelligent Virus Updates

This worm has already taken down a few major companies. I wouldn't take it too lightly.


From: Inside every cynical person, there is a disappointed idealist. | Registered: Jun 2004  |  IP: Logged
Deep Dish
rabble-rouser
Babbler # 9609

posted 17 August 2005 02:07 AM      Profile for Deep Dish     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:

A Macintosh would be the best of both worlds.

Wintel Macs are going to be interesting....


From: halfway between the gutter and the stars | Registered: Jun 2005  |  IP: Logged
Raos
rabble-rouser
Babbler # 5702

posted 17 August 2005 02:14 AM      Profile for Raos     Send New Private Message      Edit/Delete Post  Reply With Quote 
I've never liked Macs. I'm currently running a linux OS on my laptop, and I've found it suitably 'point and click' for my liking.
From: Sweet home Alaberta | Registered: May 2004  |  IP: Logged
DrConway
rabble-rouser
Babbler # 490

posted 17 August 2005 04:50 AM      Profile for DrConway     Send New Private Message      Edit/Delete Post  Reply With Quote 
Windows XP has a native firewall, which comes enabled if you install Service Pack 1 or higher on it. It's not the best, obviously, but it does block a lot of stuff which lets you get Windows Updates without a whole lot of hassle dealing with worms simultaneously.
From: You shall not side with the great against the powerless. | Registered: May 2001  |  IP: Logged
No Yards
rabble-rouser
Babbler # 4169

posted 17 August 2005 10:12 AM      Profile for No Yards   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:
There is no accounting for taste and if compiling drivers etc, is your thing - yes Unix-based systems are more secure, but if clicking icons is more your speed a Windows machine is a better option. I've been challenged by hackers before and told them to do their worst.

Both OS's can be made very secure if you know what you're doing ... I would put an "out of the box" Linux or Unix derivatives system against a Winblows system any day of the week when it comes to security.

I compare a Winblows system, with updates set to nightly automatic installs, running a good virus and spywear scanner to be almost as secure as a default install of your average Linux distro.

And as far as a Linux desktop being less secure, I have seen no evidence of this, although I admit that it makes theoretical sense.


From: Defending traditional marriage since June 28, 2005 | Registered: Jun 2003  |  IP: Logged
WingNut
rabble-rouser
Babbler # 1292

posted 17 August 2005 10:42 AM      Profile for WingNut   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:
There is no accounting for taste and if compiling drivers etc, is your thing - yes Unix-based systems are more secure, but if clicking icons is more your speed a Windows machine is a better option. I've been challenged by hackers before and told them to do their worst.

Finally if anything serious happens with a Redmond system you can always get MS engineers to work on it - Unix engineers are exceedingly rare.



You should try one. Both Linux and BSD have icons you can click. MacOS 10 is based on Unix and is very pretty. But if not getting any work done while closig yet another balloon tip telling you what you already know is your thing ... well, to each his own.

As for windows engineers, no thanks. I can reinstall myself. At least *nix guys actually fix stuff.


From: Out There | Registered: Aug 2001  |  IP: Logged
Rufus Polson
rabble-rouser
Babbler # 3308

posted 17 August 2005 02:23 PM      Profile for Rufus Polson     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:
Originally posted by Deep Dish:

I will not participate in a holy war here, but a Linux box isn't any more secure than a Windows box - unless you know what you are doing (and there are truly very few Unix experts) and Windows security is quite a bit easier.

Sounds like you're participating in one.
Three basic problems here--
First, more secure against what?
Against viruses per se, there really is no discussion. There has never been a Linux virus in the wild. Period. Never. None. That would make Linux definitively more secure against viruses.

Against active hacking, from a practical point of view?
Well, my understanding is that in practical terms, most people still run Windows as admin, which is equivalent to running Linux as root. Nobody runs Linux as root. And it's a lot harder to hack a box which is running only on user privileges. And, most distributions nowadays leave a lot more things turned off by default than Windows does. And of course, Linux users can't use Internet Explorer, so that's another source of insecurity closed off.

Still, it's true that to be secure, there's things that need doing. As to whether these are easier in Windows, that depends on the distribution. In most, it's not weird clunky command line stuff no more. I'm running Mandriva 10.2, and setting up the firewall is like a few clicks. Plus, there's security settings that you can do just by checking off the box saying what the machine's role is supposed to be--it closes off everything the machine doesn't need to perform that role. I'm not sure just how much easier it could be.


From: Caithnard College | Registered: Nov 2002  |  IP: Logged
WingNut
rabble-rouser
Babbler # 1292

posted 17 August 2005 02:29 PM      Profile for WingNut   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
What is important to be aware of with *nix, and very aware, is that most exploits leading to compromised systems results from insecure Internet application software. One of the most common Linux exploits is the file injection exploit which pretty much depends on a web based app or a poorly scripted web page.

[ 17 August 2005: Message edited by: WingNut ]


From: Out There | Registered: Aug 2001  |  IP: Logged
No Yards
rabble-rouser
Babbler # 4169

posted 17 August 2005 03:08 PM      Profile for No Yards   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:
Originally posted by WingNut:
What is important to be aware of with *nix, and very aware, is that most exploits leading to compromised systems results from insecure Internet application software. One of the most common Linux exploits is the file injection exploit which pretty much depends on a web based app or a poorly scripted web page.

[ 17 August 2005: Message edited by: WingNut ]


And those are basically "OS independent" kinds of exploits (ie. you can make them on Windows as easily as *ix system.) That's the nice thing about real systems (mainframe and old "Mini" systems, where there was the concept of protected memory ... any of these kinds of "buffer overflow" type of exploits would have caused the OS to "crash" the program rather than allow memory buffers to overflow.

edited to add: Actually I think in more low level compilers, this kind of feature can be turned on as well. For example C++ can be compiled to do strict checking on buffer overflows, and halt on a violation. Unfortunatly, to make modern web site building more readly accessible to the normal person, a lot of the safety features have been turned off in modern high level web building languages.

[ 17 August 2005: Message edited by: No Yards ]


From: Defending traditional marriage since June 28, 2005 | Registered: Jun 2003  |  IP: Logged
WingNut
rabble-rouser
Babbler # 1292

posted 17 August 2005 03:49 PM      Profile for WingNut   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:
And those are basically "OS independent" kinds of exploits (ie. you can make them on Windows as easily as *ix system.)

True.

quote:
a lot of the safety features have been turned off in modern high level web building languages.

True again. But a lot of successful exploits also depend on users not preparing for exploit attempts. For example, moving terminal access to non-default ports, and dropping all Internet requests with particular strings such can eliminate, overnight, 99% of all exploit attempts.

A book well worth the investment is Linux and Unix Security published by Hacknotes. I sleep better having read it. A lot of what it offers is simple common sense but are things sysadmins, often juggling a dozen projects, do not think about.

[ 17 August 2005: Message edited by: WingNut ]


From: Out There | Registered: Aug 2001  |  IP: Logged
WingNut
rabble-rouser
Babbler # 1292

posted 17 August 2005 03:52 PM      Profile for WingNut   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
Interestingly, babble will not allow me to post with the two strings I was using for examples.
From: Out There | Registered: Aug 2001  |  IP: Logged
scooter
rabble-rouser
Babbler # 5548

posted 17 August 2005 03:55 PM      Profile for scooter     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:
Originally posted by Papal Bull:

How is it being spread? Email, or is it one of those new ones that is being encoded into images and whatnot?



I heard it's spread by reading discussion forums.

From: High River | Registered: Apr 2004  |  IP: Logged
Papal Bull
rabble-rouser
Babbler # 7050

posted 17 August 2005 04:20 PM      Profile for Papal Bull   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
Apparently there are 11 variants of the worm...

Only 2 are actually dangerous, although M$ is saying that the entire thing is low risk. Which it isn't.


From: Vatican's best darned ranch | Registered: Oct 2004  |  IP: Logged
scooter
rabble-rouser
Babbler # 5548

posted 17 August 2005 05:03 PM      Profile for scooter     Send New Private Message      Edit/Delete Post  Reply With Quote 
Wasn't everyone warned about this virus/worm last week and would have had plenty of time to update their systems?
From: High River | Registered: Apr 2004  |  IP: Logged
Stargazer
rabble-rouser
Babbler # 6061

posted 17 August 2005 05:24 PM      Profile for Stargazer     Send New Private Message      Edit/Delete Post  Reply With Quote 
Actually I think it was the 15th of this month that it became well known. The problem is that the AV vendors were slow to release definitions that would cover this threat. Symantec didn't release the virus definitions until around 12 am, so there would be no way to update them as they didn't exist.

The other issue is the Window's vulnerability. People would have had to start patching their servers as soon as they were released. In most companies, especially large ones, you cannot take the servers down without prior warning, and most companies require process and change notices prior.


From: Inside every cynical person, there is a disappointed idealist. | Registered: Jun 2004  |  IP: Logged
Deep Dish
rabble-rouser
Babbler # 9609

posted 17 August 2005 11:49 PM      Profile for Deep Dish     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:

As for windows engineers, no thanks. I can reinstall myself. At least *nix guys actually fix stuff.

You can make just about anything work on one machine, but I want the engineers available for when I rollout a new patch/distro and the New York office disappears from the network...

I don't really know if this is happening in this thread but I find these discussions break out a lot in the IT industry when the networking types and the programming types think they can do each others jobs...

quote:
People would have had to start patching their servers as soon as they were released. In most companies, especially large ones, you cannot take the servers down without prior warning, and most companies require process and change notices prior.

You generally do a limited rollout to see if anything breaks, but then it can be installed company-wide - usually silently. The problem is rebooting the servers (it kicks off all the users and sometimes takes 15 minutes to half an hour)

[ 17 August 2005: Message edited by: Deep Dish ]


From: halfway between the gutter and the stars | Registered: Jun 2005  |  IP: Logged
Rufus Polson
rabble-rouser
Babbler # 3308

posted 18 August 2005 01:05 PM      Profile for Rufus Polson     Send New Private Message      Edit/Delete Post  Reply With Quote 
Say . . . on Linux, do you actually have to reboot a server when you patch it?
From: Caithnard College | Registered: Nov 2002  |  IP: Logged
WingNut
rabble-rouser
Babbler # 1292

posted 18 August 2005 01:51 PM      Profile for WingNut   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:
You can make just about anything work on one machine, but I want the engineers available for when I rollout a new patch/distro and the New York office disappears from the network...


That's really not related to your original comment and I am not sure what it has to do with anything.

From: Out There | Registered: Aug 2001  |  IP: Logged
Cougyr
rabble-rouser
Babbler # 3336

posted 18 August 2005 01:55 PM      Profile for Cougyr     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:
Originally posted by Rufus Polson:
Say . . . on Linux, do you actually have to reboot a server when you patch it?

I only have to reboot when I replace the kernel, but i'm on a desktop. I assume a server is the same. We tend to overlook that "Linux" is the kernel; everything else is programs that run on the Linux kernel. Have I got that right?


From: over the mountain | Registered: Nov 2002  |  IP: Logged
WingNut
rabble-rouser
Babbler # 1292

posted 18 August 2005 02:19 PM      Profile for WingNut   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
From what I understand, Linus Torvalds developed the Linux kernel to work with GNU tools. So I would think Linux is the kernel and the tools.

However, applications and services are different from the kernel and yes, I would agree, you should only need to reboot if you have patched the kernel.


From: Out There | Registered: Aug 2001  |  IP: Logged
Cougyr
rabble-rouser
Babbler # 3336

posted 18 August 2005 03:51 PM      Profile for Cougyr     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:
Originally posted by WingNut:
However, applications and services are different from the kernel and yes, I would agree, you should only need to reboot if you have patched the kernel.

Yes. I install and remove programs and configure the system without rebooting. I even upgrade programs with them running. The *nix is so far superior to Windows that I don't know why Windows exists in its present form.


From: over the mountain | Registered: Nov 2002  |  IP: Logged
Deep Dish
rabble-rouser
Babbler # 9609

posted 18 August 2005 04:59 PM      Profile for Deep Dish     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:

That's really not related to your original comment and I am not sure what it has to do with anything.

Comparing stability and security on one machine - the people saying "yeah it works great for me" is a different ballgame than network security. A lot of these debates stem from people not understanding the difference and when you are talking security there is a big distinction.

SP2 for example works on a home machine just fine, but most large organizations aren't installing it. IBM for example.

The point I was trying to make, is don't expect what you do on one machine in which you are the administrator to apply to a thousand machines interconnected on a network - these problems are part of what forms a "good" o/s.

I have a laundry list of complaints about MS, especially the patch a week thing.. and I don't think they do enough testing but these issues are much more complex than the open source community likes to admit.

[ 18 August 2005: Message edited by: Deep Dish ]


From: halfway between the gutter and the stars | Registered: Jun 2005  |  IP: Logged
Cougyr
rabble-rouser
Babbler # 3336

posted 18 August 2005 05:42 PM      Profile for Cougyr     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:
Originally posted by Deep Dish:
The point I was trying to make, is don't expect what you do on one machine in which you are the administrator to apply to a thousand machines interconnected on a network

You have a valid point. At least some of M$ problems are due to their designing for mega systems. Most of M$ business comes from ultra large customers - Pentagon, Boing, Spar Aerospace, NASA, etc. - and their design reflects that. The home user is small potatoes. I remember a "bug" in early Win95 that caused crashes on single user machines which was due to a feature designed for networked consoles.

Still, I think that M$ could have a much better os underneath Windows.


From: over the mountain | Registered: Nov 2002  |  IP: Logged
Rufus Polson
rabble-rouser
Babbler # 3308

posted 18 August 2005 08:26 PM      Profile for Rufus Polson     Send New Private Message      Edit/Delete Post  Reply With Quote 

From: Caithnard College | Registered: Nov 2002  |  IP: Logged
Deep Dish
rabble-rouser
Babbler # 9609

posted 19 August 2005 02:32 AM      Profile for Deep Dish     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:

The home user is small potatoes.

This is a long tradition in personal computing - In the early days IBM thought there was no market for home PC's.

Consider the fact that until very recently MS took almost no countermeasures to shut down home users who were using pirated versions of Windows.

I have no doubt they pressure retailers and manufacturers to bring up the compliance level, but the individual home user has mostly been hands off.

No speech from Bill saying "Please install Linux you are stealing Windows", because pirated Windows gets the MS name out there and provides all kinds of training and product exposure, which helps drive the corporate business...

[ 19 August 2005: Message edited by: Deep Dish ]


From: halfway between the gutter and the stars | Registered: Jun 2005  |  IP: Logged
DrConway
rabble-rouser
Babbler # 490

posted 19 August 2005 03:19 AM      Profile for DrConway     Send New Private Message      Edit/Delete Post  Reply With Quote 
Part of the problem, IMHO, is that to really "lock-down" a Windows NT-based system (2000, XP) requires some registry editing and also un-hiding some of the add/remove Windows Components items.

1. %SystemRoot%\inf\sysoc.inf , replace "hide" with a null string, or replace ",hide," with ",,", which expands the Add/Remove Windows Components list to include everything and works for Windows 2000 or XP.

2. Read this.

3. Rename the Guest and Administrator accounts.

4. Leave your network cable disconnected till after you install Service Pack 2. If you must get on the WWW to grab SP2 by god please turn on your freakin' Windows firewall. (You should really order the free CD from Microsoft though) I knew a guy who used an unpatched Internet Explorer to hit a 'warez cracks' website and promptly got infested with ten million tons worth of spyware. Y'all have been warned as to what's out there, folks.

5. Hey, cool. I found the guide I wrote ages ago.

6. What services you should turn off: please read.

The first comes in handy when you install Service Pack 2, because then you can take out the "Network Gateway Discovery" client, or something close to that, which you don't need at all in a home system.

I have yet to have any difficulties with removing the admin shares.

[ 19 August 2005: Message edited by: DrConway ]


From: You shall not side with the great against the powerless. | Registered: May 2001  |  IP: Logged
Fidel
rabble-rouser
Babbler # 5594

posted 19 August 2005 07:32 AM      Profile for Fidel     Send New Private Message      Edit/Delete Post  Reply With Quote 
For the Windows XP installation step number one, you might include disconnecting from any printers, scanners, speakers and peripheral devices in general to avoid any possible chatter. Mouse, keyboard and video are all that should be plugged in.

Thanks for the page, Doc. I've bookmarked it for my own use.


From: Viva La Revolución | Registered: Apr 2004  |  IP: Logged
WingNut
rabble-rouser
Babbler # 1292

posted 19 August 2005 09:06 AM      Profile for WingNut   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
quote:
Comparing stability and security on one machine - the people saying "yeah it works great for me" is a different ballgame than network security. A lot of these debates stem from people not understanding the difference and when you are talking security there is a big distinction.

Of course you are right which is why I use Linux to provide the network security for my Windows users.

From: Out There | Registered: Aug 2001  |  IP: Logged
dano
rabble-rouser
Babbler # 4274

posted 19 August 2005 01:08 PM      Profile for dano     Send New Private Message      Edit/Delete Post  Reply With Quote 
At my workplace everything runs on Win 2000 but they were quick enough to avert any problem with this bug... We were without Internet or external email access for 2 days however, which was a pain a bit for what I needed to be doing

But all is patched up now and back and running


From: Gatineau, Qc | Registered: Jul 2003  |  IP: Logged
WingNut
rabble-rouser
Babbler # 1292

posted 19 August 2005 03:34 PM      Profile for WingNut   Author's Homepage     Send New Private Message      Edit/Delete Post  Reply With Quote 
Two days without web browsing where I work would ho almost unnoticed. Two minutes without email, however, and it would be a freakin' crisis of epic proportions.
From: Out There | Registered: Aug 2001  |  IP: Logged
Rufus Polson
rabble-rouser
Babbler # 3308

posted 19 August 2005 03:36 PM      Profile for Rufus Polson     Send New Private Message      Edit/Delete Post  Reply With Quote 
Deep Dish appears to have missed your heavy sarcasm, Cougyr.
From: Caithnard College | Registered: Nov 2002  |  IP: Logged

All times are Pacific Time  

Post New Topic  Post A Reply Close Topic    Move Topic    Delete Topic next oldest topic   next newest topic
Hop To:

Contact Us | rabble.ca | Policy Statement

Copyright 2001-2008 rabble.ca