Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Stop Christmas-Gift PCs From Feeding Worms

timothy posted more than 10 years ago | from the cognitive-dissonance dept.

Security 416

An Anonymous Reader writes "If you recently set up a new PC with Windows XP, or if you had the pleasure to do a 'reinstall from scratch,' you probably found that many XP systems as they are shipped today are not patched against common issues like Blaster. Given that these worms are still going strong, it doesn't take long for a new system to be infected. In particular, if you have to connect it to the Internet to download all the patches. Well, help is in sight. The SANS Institute released a paper entitled Windows XP: Surviving the First Day." (Read on below.) Update: 12/24 17:59 GMT by T : Thanks for reader Bill Curnow for the updated link. Update: 12/24 19:15 GMT by T : Besides the workaround suggested below, Roblimo has a good suggestion on avoiding the first-day-of-Windows altogether.

"With many screen shots, it will walk you through the procedure to enable the XP firewall and downloading the patches without getting infected while doing so. This could be the (free) stocking stuffer that may save Christmas for your folks ;-). Given that its probably to late now to start downloading your favorite Linux distro."

But if you do have the time and bandwidth, and you're stuck on Windows, a nice live-CD distro like Knoppix or Mepis means you can download patches without racing the worms, and install your patches while offline. (And if you have time to download 50MB, you have time to grab Damn Small Linux.)

cancel ×

416 comments

Sorry! There are no comments related to the filter you selected.

How to sfix WIndows XP patches (-1, Troll)

akedia (665196) | more than 10 years ago | (#7803437)

OK so I got completeytl drunk at teh holaiday party here and totalyl hooked up with htis hot asiian girl who works here so whhat do i do? thats right i visti slashdot! OMG so i come to slahdost and i see this thign about wiundows xp and the patches so here's what i do oK part of ,my job is to help fixc these windows boxes (GOD I HGHATE THEM SO MUCH) so waht i did to sawve time is to download all the serviec parks and pathces and burnded them toi a CD now along with wll the drivers and fixblast and fixmiimal and shit reight so then afetr i hadda reinstall XP i just pop this disc in right then i install all the dirvers and patches so everythigns good ta go then i connect it back to hte nwetork and eveyrhthings cool! so you gottaa be a smart admin liek that see and BE PREPAREDED!! OK imma gotta drive hoem now oh shit AND MERRY CHRSIMAS! k sroroy for me spellgin and typign i'm way fucking drunk WOOT iimnma get this girls NUMERB

Re:How to sfix WIndows XP patches (0, Offtopic)

endus (698588) | more than 10 years ago | (#7803563)

That's not a troll, that's just goooood drunken posting!

Congrats on the fp (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7803583)

Merry drunken 45 [rulez.org]

Re:How to sfix WIndows XP patches (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7803597)

Asian girl? You lucky son of a bitch.

FIRST POST!! (-1, Redundant)

stefanmi (699755) | more than 10 years ago | (#7803439)

FIRST POST!!

Re:FIRST POST!! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7803448)

More liek SECOND POST, m i rite??? 8-)

Bad link. (4, Informative)

Animats (122034) | more than 10 years ago | (#7803440)

xp.homepc.org not found.

Check those links, people.

Re:Bad link. (4, Informative)

rf0 (159958) | more than 10 years ago | (#7803458)

http://www.homepc.org/ looks like a dynamic DNS service. I bet all the requests caused the user to get dumped.

Rus

Re:Bad link. (4, Funny)

Frymaster (171343) | more than 10 years ago | (#7803459)

xp.homepc.org not found.

it's been clobbered by blaster.

Re:Bad link. (0)

Anonymous Coward | more than 10 years ago | (#7803469)

Date: Wed, 24 Dec 2003 17:50:34 +0000

To: daddypants@slashdot.org
Subject: [DP] Stop Christmas-Gift PCs From Feeding Worms

http://xp.homepc.org/survive isn't resolving
A full 5/10 minutes before it went live

Re:Bad link. (0)

Anonymous Coward | more than 10 years ago | (#7803505)

And now it's feeding the worms. How sad.

Re:Bad link. (2, Informative)

jejones (115979) | more than 10 years ago | (#7803474)

Looks like the link should be http://www.sans.org/rr/papers/index.php?id=1298 as nearly as I can tell. Note that it will take you to a PDF file.

FP (-1, Redundant)

rkz (667993) | more than 10 years ago | (#7803442)

FP

One word to you AOL jagoffs (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7803445)

*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_
g_______________________________________________g_ _
o_/_____\_____________\____________/____\_______o_ _
a|_______|_____________\__________|______|______a_ _
t|_______`._____________|_________|_______:_____t_ _
s`________|_____________|________\|_______|_____s_ _
e_\_______|_/_______/__\\\___--___\\_______:____e_ _
x__\______\/____--~~__________~--__|_\_____|____x_ _
*___\______\_-~____________________~-_\____|____*_ _
g____\______\_________.--------.______\|___|____g_ _
o______\_____\______//_________(_(__>__\___|____o_ _
a_______\___.__C____)_________(_(____>__|__/____a_ _
t_______/\_|___C_____)/______\_(_____>__|_/_____t_ _
s______/_/\|___C_____)_PWNED_|__(___>___/__\____s_ _
e_____|___(____C_____)\______/__//__/_/_____\___e_ _
x_____|____\__|_____\\_________//_(__/_______|__x_ _
*____|_\____\____)___`----___--'_____________|__*_ _
g____|__\______________\_______/____________/_|_g_ _
o___|______________/____|_____|__\____________|_o_ _
a___|_____________|____/_______\__\___________|_a_ _
t___|__________/_/____|_________|__\___________|t_ _
s___|_________/_/______\__/\___/____|__________|s_ _
e__|_________/_/________|____|_______|_________|e_ _
x__|__________|_________|____|_______|_________|x_ _
*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_


Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Don't be a Scrooge... (-1, Flamebait)

toupsie (88295) | more than 10 years ago | (#7803451)

How could anyone give a loved one a Windows XP installed PC? Give 'em a Mac so you don't have to waste your time patching it for worms, virii and trojans not to mention all the damn adware out there. It's also a gift for you! Once I gave my parents a Mac for Christmas a year ago, they don't call me asking why &%$$%#$^ computer doesn't WORK!!!

Re:Don't be a Scrooge... (0)

Anonymous Coward | more than 10 years ago | (#7803618)

Nah, they stopped calling because they've disowned you because of your homosexuality. Way to shame your family, faggot.

Easy (4, Informative)

skinfitz (564041) | more than 10 years ago | (#7803454)

Click Start > Network and Dial up connections

Right click on your internet connection, choose "Properties"

Click "Advanced"

Click the box to turn on the firewall

Voila. You are safe from Blaster.

As an added precaution, deselect "Client for Microsoft Networks" from all interfaces except any you really need it on.

Re:Easy Alternative (4, Funny)

qualico (731143) | more than 10 years ago | (#7803477)

Click Start > Network and Dial up connections Right click on your internet connection, choose "DISABLE" Voila! The proper config for any Windows Box!

Re:Easy Alternative (5, Interesting)

B3ryllium (571199) | more than 10 years ago | (#7803528)

No, the proper technique is called a "reach around". You reach around behind the box, unplug the network cable or phone line (I caught a worm over dialup once, that was the most hilarious thing ever), and consider yourself lucky.

Re:Easy (0)

Anonymous Coward | more than 10 years ago | (#7803516)

Unless you have some stupid dial-up connection software given you by your dial-up ISP that prevents "properties" of dial-up adapter to showup. Bastards!

That was in the article (1)

tepples (727027) | more than 10 years ago | (#7803652)

I'll forgive you for not having read the chkdsking article (it was a bad link at the time), but what you mentioned was one of the steps listed in the article, as was the "reach around" that B3ryllium mentioned.

The title should have been.. (5, Funny)

Poilobo (535231) | more than 10 years ago | (#7803461)

Our Server: Surviving the Slashdotting

something wrong? (5, Informative)

Stanza (35421) | more than 10 years ago | (#7803467)

Bad link? It doesn't seem to work.


Try this instead [sans.org] .


http://www.sans.org/rr/papers/index.php?id=1298

And they say Slashdot hates Windows (4, Informative)

Ridgelift (228977) | more than 10 years ago | (#7803468)

There's been a lot of "Slashdot posts ever anti-Windows article that exists", but this article debunks that.

I usually recommend a hardware firewall, in particular the little blue Linksys firewalls. Home users can hook up their ADSL connection, plug in the firewall, and then their PC. Then as long as they don't download email until their system is patched and anti-virus is updated, they're relatively safe from most malware.

This year I've also begun recommending anti-spyware as well. It's amazing how ubiquitous that stuff's become over the past year.

Another way to avoid those nasty windows worms (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7803475)

... Not install windows.

Site slow, here's some quick n' dirty instructions (5, Informative)

rebelcool (247749) | more than 10 years ago | (#7803476)

I figure if you're reading this on slashdot you don't need screenshots to find your way around a monitor...

Obviously, this should be done before you plug the machine into any kind of internet connection.

-Go to Start and then Control Panel.
-Once in Control Panel, choose Network Connections
-Right click on your connection of choice (if there's more than one, do it for all of them) and choose Properties.
-Go to the advanced tab and check the Firewall check box.

If you want to know more about how to configure it and modify the settings, click the link below that checkbox for directions.

wormies worry me (3, Funny)

Anonymous Coward | more than 10 years ago | (#7803481)

I had just plugged my joystick into the USB port when it started wildly moving in my hand! Worms infected it I swear!

Re:wormies worry me (3, Funny)

mustangsal66 (580843) | more than 10 years ago | (#7803633)

If your 'Joy' stick fits in a USB port, you have bigger problems then the blaster worm.

Re:wormies worry me (5, Funny)

NanoGator (522640) | more than 10 years ago | (#7803687)

"If your 'Joy' stick fits in a USB port, you have bigger problems then the blaster worm."

The nice thing about flaming somebody over the internet is that you don't have to have a big dick to tell somebody they have a small one.

Let's not forget... (4, Informative)

GarfBond (565331) | more than 10 years ago | (#7803482)

those great OSS packages that you can install on Windows, if your recipient insists on keeping that as the main OS :)

Chicken and the egg (4, Insightful)

Space cowboy (13680) | more than 10 years ago | (#7803483)

It's a classic catch-22 when you need to download the patches, but the act of downloading them makes you vulnerable ... I have just bought my parents a new PC (with XP, they're not up to Linux just yet ...) and I never thought twice about doing the windows-update thing... OTOH, they are behind a decent firewall (that does run Linux :-) so the risk is pretty minimal.

Perhaps all these DSL/WiFi combo boxes will be a blessing in disguise because they all come with a firewall (on by default, with Cisco's Linksys ones :-)

Simon

Re:Chicken and the egg (-1, Troll)

JeanBaptiste (537955) | more than 10 years ago | (#7803520)

"It's a classic catch-22 when you need to download the patches, but the act of downloading them makes you vulnerable ... I have just bought my parents a new PC (with XP, they're not up to Linux just yet ...) and I never thought twice about doing the windows-update thing... OTOH, they are behind a decent firewall (that does run Linux :-) so the risk is pretty minimal."

are you talking just to hear yourself talk?

Re:Chicken and the egg (0, Offtopic)

matth (22742) | more than 10 years ago | (#7803554)

The phrase "Catch-22" comes from the book of that name by Joseph Heller (1923-1999), published in 1961. Catch-22 is a wonderful book, full of dark humor and absurdity, satirizing war, military bureaucracy, and by extension modern life and the ways in which they destroy the human spirit.

The word "catch" of course is used in the sense of snare, snag or entanglement.

The story is set in Italy in World War II. The main character, Captain Yossarian, is a bombardier (as Heller had been) who wants to get out of flying potentially deadly combat missions. So does his tent-mate, Orr. The easiest way to get out of flying more missions is to plead insanity. Heller writes:

There was only one catch, and that was Catch-22, which specified that a concern for one's safety in the face of dangers that were real and immediate was the process of a rational mind. Orr was crazy and could be grounded. All he had to do was ask; and as soon as he did, he would no longer be crazy and he would have to fly more missions. Orr would be crazy to fly more missions and sane if he didn't, but if he was sane he had to fly them. If he flew them he was crazy and didn't have to, but if he didn't want to, he was sane and had to. Yossarian was moved very deeply by the absolute simplicity of this clause of Catch-22 and let out a respectful whistle.

"That's some catch, that Catch-22," he observed.

"It's the best there is," Doc Daneeka agreed.

In short, Catch-22 is "heads I win, tails you lose." If you can, you can't, and if you can't, you can. Fair is foul and foul is fair. Whenever you try to behave sensibly in a crazy world, there's a catch.

Heller writes:

Yossarian strode away, cursing Catch-22 vehemently even though he knew there was no such thing. Catch-22 did not exist, he was positive of that, but it made no difference. What did matter was that everyone thought it existed, and that was much worse, for there was no object or text to ridicule or refute, to accuse, criticize, attack, amend, hate, revile, spit at, rip to shreds, trample upon, or burn up.

In fact, Heller originally wanted to name his dilemma Catch-18, but a book by Leon Uris called Mila 18, historical fiction about the Warsaw ghetto uprising during WWII, had just been published, and the publishers were afraid there would be confusion. (Mila 18 was a street address.)

So, there really isn't a Catch-22, despite its pervasiveness--and that's an example of the catch, of course. Circular dilemmas of this sort appear over and over in the book. Sometimes the Catch is mentioned explicitly, more often not. Some other examples of Catch-22 in action, from the book:

* Major Major is a commander who doesn't command. He hates dealing with people, and is somewhat frightened of them. He therefore instructs his receptionist/orderly that, whenever he is in his office, any visitors should be told he is out. When he leaves his office (sneaking out the back window), the receptionist can send visitors in to see him. In short, the only time you can see Major Major in his office is when he's out. If he's in, you can't see him. It's an example of Catch-22, although the catch is not explicitly mentioned in this connection.
* Doctor Daneeka is a doctor who responds to patients' complaints by telling them his own troubles.
* The military police chase the girls away from Yossarian's favorite haunt. When asked what right they have to do this, they reply, "Catch-22." Catch-22 says they have a right to do anything that you can't stop them from doing. And if you ask to see Catch-22, the law says they don't have to show it to you. What law? Catch-22, of course.
* In the hospital, the Soldier in White (in a plaster cast from head to toe) has a bottle of plasma going in and a bottle of urine coming out. The nurses routinely switch the bottles around, in an endless cycle.
* The Chaplain, when cornered, lies. He knows that telling lies and defecting from duty are sins. He also knows that sin is evil and that no good can come from evil. "But he did feel good; he felt positively marvelous. Consequently, it followed logically that telling lies and defecting from duty could not be sins."

[Somewhat OT] "Not up to linux yet" (2, Insightful)

oneiros27 (46144) | more than 10 years ago | (#7803558)

Odds are, your parents never will be. The only way you'll get the majority of the population to linux is to bring linux down to them.

c'mon, we live in a society where people can't figure out how to set the time on a VCR. You think they're going to take the time to 'learn' an OS? Most people are happy with a 4 year old system that lets them check their e-mail, save the pictures people send them, view web pages, and maybe word processing and a spreadsheet.

Now, to keep this from being completely off topic -- you're probably doing more harm than good by putting them behind a home brew firewall, unless you're going to be keeping it updated for them. I'd recommend for general consumer use sticking with ZoneAlarm, along with AdAware and some virus protection software, and maybe some anti-spam service.

Not up to Windows yet? (0)

Anonymous Coward | more than 10 years ago | (#7803692)

You should read [linuxfocus.org]
this article. If linux is set up right then it is much easier to use then Windows. No I am not suggesting that you install Linux on an older persons machine and let them loose but then I don't really suggest that you do that with Windows either. The trick to makeing a computer easy to use for older people (and younger less technical ones is to custumize their interface to suit how they use their computer. Most people really do not need an entire startbar full of possiblities to have to choose from!

A working link to PDF (1)

jmcglash (21757) | more than 10 years ago | (#7803486)

xpsurvivalguide.pdf [incidents.org]

It's not just XP (3, Informative)

AndroidCat (229562) | more than 10 years ago | (#7803487)

Any distro of anything should be installed with some caution about exploits that may have popped up since the distro was made.

Some might argue that WinXP comes with the Best Before date already expired, but there's a lot of CDs for many OSs out there with "open security". (The main problem with standard XP is the stupid requirement to phone home to register before downloading the patches to make it safe to be on the net in the first place.)

Re:It's not just XP (1)

Sexy Bern (596779) | more than 10 years ago | (#7803515)

You nonce.

You have 30 days to activate windows. Plenty of time to download patches.

Also, you don't automatically get any kind of implicit internet connection - you have to set it up. That gives you plenty of opportunity to click on "protect my computer by limiting... blah blah blah" before making your first connection.

Get a grip.

Re:It's not just XP (4, Informative)

SoCalChris (573049) | more than 10 years ago | (#7803534)

The main problem with standard XP is the stupid requirement to phone home to register before downloading the patches to make it safe to be on the net in the first place.

That's FUD. XP gives you 60 days to activate your copy of windows. During those 60 days, Windows is fully functional and allows you to connect without any activation related troubles.

Need for Microsoft patch CD (4, Interesting)

jaredmauch (633928) | more than 10 years ago | (#7803491)

Microsoft needs to ship everyone who does "Product Activation/Registration" with them a CD [google.com] that includes the patches necessary to secure ones systems. Yes, it will always be out of date, but at least you won't get infected with some 1-2 year old vulnerability.

People should return non-patched systems that are shipped from the manufacturer, and return systems where the install CDs don't put them to the same patch level they are shipped with.

while this isn't a cure-all solution to the patch mania that is necessary, but will go a long way to help bring up the baseline security of all these end-user hosts on the internet.

Re:Need for Microsoft patch CD (3, Insightful)

placeclicker (709182) | more than 10 years ago | (#7803508)

Or, they should let you boot your system without all those exploitable services that are turned on by default ( rpc, messanger, etc )

Linux CDs for checkout at the local public library (2, Interesting)

Simonetta (207550) | more than 10 years ago | (#7803552)

I believe that we should start trying to make Linux CDs available for checkout at the local public library.

No enough people have the broadband or fast enough download capabilities to handle file sets that above a few megabytes.

Having the inexpensive CD-R sets available for checkout at the local public library would go a long way to solving the distribution problem of the general public.

Plus the local Linux group could keep the circulating distributions current and the latest patches available.

I think that there was a discussion about this on Slashdot recently, but I don't recall.

Re:Need for Microsoft patch CD (1)

teslatug (543527) | more than 10 years ago | (#7803604)

Gotta be careful not to install everything though. My system kept getting locked up from the big rollup they had after SP1. So I am stuck installing the patches one by one till I figure out which one is causing me troubles.

First day? (3, Interesting)

Xzzy (111297) | more than 10 years ago | (#7803497)

Try first ten minutes.

Due to some oddities in the purchasing orders for new hardware this year, it ended up that some of us unix guys were tasked with hauling new windows boxes around the workplace for people. We weren't expected to set them up, just unpack, plug em in, and turn em on. Ignorant of how vulnerable windows boxen are, we did just that, doing the silly clicky crap that any OEM relase makes you do, and walked off.

Within ten minutes, the traffic sniffers the security team has up were getting alarms caused by the machines we had set up and their ports got blackholed in about 15 minutes. One of the machines was already being used as a spam relay, the rest all had whatever viruses are still floating around.

Was quite an eye opener, I'd thought those viruses were over and done with and weren't a cause for concern anymore. Made me wonder how much bandwidth is being wasted that we don't even acknowledge. Spam is easy because it generates email.. but there's this underlying background noise sucking up bandwidth that you don't even see.

Course us "unix guys" had a good laugh over it, patting ourselves on the back in true bigot fashion over how secure unices are. But later that afternoon the nfs server that serves our home directories puked it's guts up so it put us in our place pretty quick.

You "unix" guys really oughtta setup a firewall (0)

Anonymous Coward | more than 10 years ago | (#7803542)

why exactly was your workplace vulnerable to this?

Re:You "unix" guys really oughtta setup a firewall (1, Insightful)

Anonymous Coward | more than 10 years ago | (#7803581)

Because someone brought in a laptop that was infeceted? Firewalls don't help a lot when the attacks are internal.

Re:You "unix" guys really oughtta setup a firewall (0)

Anonymous Coward | more than 10 years ago | (#7803705)

"Unix" guys don't need to set up a firewall, because they're used to machines that don't have all their services turned on by default (or if they are on, they can be turned off).

Re:First day? (2, Informative)

pavon (30274) | more than 10 years ago | (#7803647)

No kidding, I just setup some computers for my brothers who just started college. I got a windows messenger (not the IM one) popup before I even had a chance to click on the windows update icon. That was 30 seconds after I logged in, at most 3 minutes since I turned the thing on.

Once I got the patches, virus protector, and ad-aware installed, everything was fine, but still, there was a reason I wanted to do a clean install.

Re:First day? (1, Insightful)

Anonymous Coward | more than 10 years ago | (#7803664)

Boy, something about this just doesn't ring true!

Within ten minutes, the traffic sniffers the security team has up were getting alarms caused by the machines we had set up and their ports got blackholed in about 15 minutes. One of the machines was already being used as a spam relay, the rest all had whatever viruses are still floating around.

So your security team was savvy enough to have sniffers for strange traffic but didn't have a firewall secure enough to prevent the machines from getting compromised in the first 10 minutes?

Do you have any more details on what they were compromised with? and how?

Re:First day? (1)

minusthink (218231) | more than 10 years ago | (#7803684)

"So your security team was savvy enough to have sniffers for strange traffic but didn't have a firewall secure enough to prevent the machines from getting compromised in the first 10 minutes?"

Where I work, I'm not behind a firewall at all. Everyone is responsible for their own machine (ie. running their own firewall). It's not feasible to do it any other way.

Re:First day? (2, Interesting)

Monkelectric (546685) | more than 10 years ago | (#7803670)

I work for a company which sells PCs retail, we've had a couple computers which had worms *OUT OF THE BOX* (brand new machines, never openend. We're still trying to figure that out.

Re:First day? (1)

jaredmauch (633928) | more than 10 years ago | (#7803680)

Actually, This is in no way shocking to me. At the last NANOG [nanog.org] meeting I attended (Chicago), I heard about machines being infected in about 3 minutes from power-on to infection. They were infected while downloading the patches from the Windows Update [microsoft.com] site.

This has increased my public requests for microsoft to send postcards or CDs to people who have registered their product. Since this is mandatory (is my understanding, I don't actually have XP installed because I refuse to buy a new copy of windows each time I upgrade my system), it should be fairly easy. It will matter little to their bottom line to pay for postage and printing of a postcard (or CD if they want to take a more expensive route).

I've found that people do not believe that their slow DSL or dial-up connections are worth hacking/infecting. The thing is it doesn't take many of them before you create enough traffic to DoS a well connected site/system off the network.

I feel for the home user... (5, Insightful)

aml666 (708712) | more than 10 years ago | (#7803502)

My systems are behind a Hardware Proxy and a software firewall. I feel safe and have not been compromised... yet.

Those poor home users who are not technically savvy are pretty screwed. They won't be able to figure out *nix and don't want to pay the bucks for Apple.

Microsoft should offer (no not MSN) a method for new Windows machines to dial direct for patches before connecting to the Internet.

This method should be over ridable for the safer crowd.

Re:I feel for the home user... (1)

Neophytus (642863) | more than 10 years ago | (#7803533)

Direct dial for about 100mb of patch? Welcome to 2003!

Re:I feel for the home user... (1)

aml666 (708712) | more than 10 years ago | (#7803540)

Most of them are using AOL, Earthlink or MSN anyway... I do believe that this is DIRECT DIAL as well.

Re:I feel for the home user... (1)

operagost (62405) | more than 10 years ago | (#7803699)

Earthlink is pretty much a regular ISP, just a big one.

Re:I feel for the home user... (0)

Aliencow (653119) | more than 10 years ago | (#7803632)

Maybe a boot mode where everything but Windows update is dropped... so you could use it with any ISP or even broadband..

easy (2, Funny)

gyratedotorg (545872) | more than 10 years ago | (#7803504)

click start -> shutdown

Re:easiest (-1, Redundant)

qualico (731143) | more than 10 years ago | (#7803509)

Just press the power button.

Sadly enough (2, Interesting)

jsav40 (614902) | more than 10 years ago | (#7803519)

We received a couple of new machines from Dell last week. They were missing just a few patches... actually a few *months* worth of patches. Inexcusable on the vendor's part- how hard is it for them to keep their base install/image up to date??? I had a CD ready to go with the relevant patches etc. & got all of the critical stuff installed before ever connecting to the internet. No wonder that so many home machines are unpatched, people incorrectly (but justifiably) assume that the new PC they just purchased will be reasonablt current as far as security patches goes. That and getting the plethora of XP patches, service packs etc. over a dial-up is very nearly impossible...

Re:Sadly enough (2, Informative)

KingDaveRa (620784) | more than 10 years ago | (#7803608)

Its hard and it isn't hard to keep an image up to date. If you're an OEM building systems, you basically build a base install and you then go into a special 'system builder' mode. This enables you to configure the system, load software and set everything up, all without accepting a license agreement or entering user details. If you did that, the copy of windows would be licensed to you, and you only. When its all sorted, you put the PC into its Out Of Box Experience mode. The OOBE is the first thing a new PC will do, which includes the EULA and entering serial numbers and the like. If your image has been entered into the sysprep stage, then its pretty damn hard to coax it back out again. They probably could take an image of it pre-OOBE, but the trouble is, none of these OEMs like to just whack patches on as soon as they come out. If they put on a patch which conflicts with something and they've not tested it, they could be in for a lot of trouble. Its a liability thing on their part mainly. Maybe a better option would be enabling the firewall and the like. I know the OEM we buy PCs from at work are funny about patches and things. We had to ask if upgrading the BIOS on some Intel boards to the latest would bugger up warranties and the like. Thankfully they agreed. It is a catch-22, but it saves headaches for OEMs in some respects, but creates them in others.

The Easy Way (2, Insightful)

Jaysyn (203771) | more than 10 years ago | (#7803535)

Or you can just do what I did & get your Mom an iMac....

Jaysyn

Re:The Easy Way (2, Funny)

Anonymous Coward | more than 10 years ago | (#7803612)

Dude, you got my mom an iMac? Thanks!

Re:The Easy Way (0)

Anonymous Coward | more than 10 years ago | (#7803681)

She earnt it the hard way

Re:The Easy Way (1, Flamebait)

NanoGator (522640) | more than 10 years ago | (#7803701)

"Or you can just do what I did & get your Mom an iMac...."

Think of the productivity boost they'll have with no games to play!

why go through all that trouble? (1, Redundant)

the_2nd_coming (444906) | more than 10 years ago | (#7803536)

Just get a mac and be done with it.

Re:why go through all that trouble? (1)

tb3 (313150) | more than 10 years ago | (#7803619)

True, and note that Macs come factory fresh with the latest patches installed. I checked a friend's new machine, and found that it was patched to 10.2.8 (the latest version at the time).

Re:why go through all that trouble? (0)

Anonymous Coward | more than 10 years ago | (#7803677)

Insightful?

Some people need to read the news:

http://www.eweek.com/article2/0,4149,1420752,00. as p

It's not my fault (1)

MidWorldOddity (697372) | more than 10 years ago | (#7803547)

I was recently called upon to fix the neighbor's pc (No, I will not fix your computer). His brother "who does computers for a living" had recently installed XP, no service packs, not hotfixes, and Norton AntiVirus with defs from December of 2000. They wanted to know why their pc wasn't working. And we wonder why all of our tech support is getting outsourced to India...

just say no (1)

b17bmbr (608864) | more than 10 years ago | (#7803548)

i get lots of help calls from friends, ralatives, etc. i honestly answer that i can't help them with XP problems. i haven't used windows since 98. i do it nicely, and don't try to be mean, but i expalin that i use linux, and os x, and that i don't know to solve their problem. when they ask about viruses, i explain that i don't have that problem. just say no , and do it politely. if you help them, you are really just perpetuating the problem. and if they persist, at least bring them a cd with OO.org, ,mozilla, and a few other open source goodies. besides, with all the probelms you'll try to solve, you remember once again why it is that you don't use windows!!

Slipstream (1, Informative)

Anonymous Coward | more than 10 years ago | (#7803555)

You can slipstream [theeldergeek.com] all the patches for XP and install from that.

On Xmas Eve (1)

qualico (731143) | more than 10 years ago | (#7803557)

I would hope even the geeks are giving it a rest on xmas eve. Is anyone really going to start patching computers today? Ahh, hell I'm busted. I'm posting on slashdot arn't I? Anyway, I'll try that DamSmallLinux, thanks for the gift!

dell included. :) (1)

wo1verin3 (473094) | more than 10 years ago | (#7803559)

My gf's sister got a Dell PC, which normally I'm against but got it for a hell of a deal ($480 CDN) for a decent p4 2.6ghz machine including 17" monitor, and as I'm setting it up, keeping it offline till I can apply the trusy blaster patch, it was already there! :)

Install from stratch... (3, Interesting)

VariableSanity (578725) | more than 10 years ago | (#7803564)

I recentally had to install xp from scratch (because my roomate downloaded some virus). After I get xp running again, and get all my programs installed again. I went and bought Nortin Anti-Virus. After the first scan a few hours after I re-insalled everything I already had the blaster worm and some other type of worm! I guess that is what I get for not installing the patches the moment I install xp...

PDF file too large to download (1)

Wills (242929) | more than 10 years ago | (#7803573)

When your only link to the internet runs at 19kBps or less due to telephone line noise, you're paying for the internet telephone call by the second, and you are given a PDF file which turns out to be 1.4Megabytes in size, the first thing I do is hit the cancel button and forget it. Can you summarise the conclusions or does anyone have a small ASCII version of the file please?

Re:PDF file too large to download (1)

mr.capaneus (582891) | more than 10 years ago | (#7803602)

When your only link to the internet runs at 19kBps or less due to telephone line noise, you're paying for the internet telephone call by the second

1994 called. It wants its internet connection back.

Re:PDF file too large to download (1)

Wills (242929) | more than 10 years ago | (#7803630)

"1994 called. It wants its internet connection back."

Haven't you got anything useful to say? I don't have any choice but to use this nominally 56kBps but actually 19kBps internet connection. Don't forget 95% of the world's population is still stuck with a 0kBps internet connection.

The basis for a TV reality show (4, Funny)

jhines (82154) | more than 10 years ago | (#7803580)

Steve B and Bill G install a new Windows PC, without any help, or special privileges, or special help lines.

Now, that is what I call a reality show.

Microsoft agree that XP isn't safe... (1)

Kyle McFarlane (455735) | more than 10 years ago | (#7803586)

Microsoft agree:
http://www.nzherald.co.nz/storydisplay.cfm ?storyID =3541058&thesection=technology&thesubsection=gener al

I am just doing this myself (1)

teslatug (543527) | more than 10 years ago | (#7803587)

Using Knoppix and Mozilla, I am getting all the patches from here: TechNet [microsoft.com] .

Buy them a cheap linksys router (0)

Anonymous Coward | more than 10 years ago | (#7803593)

Problem solved

My father's installed Linux on his laptop... (0, Troll)

Saint Aardvark (159009) | more than 10 years ago | (#7803595)

you insensitive clod! :-)

The long-life of the Blaster worm is the ISPs faul (1)

realmolo (574068) | more than 10 years ago | (#7803603)

I mean, really. All an ISP (or corporate network admin) needs to do to stop Blaster is block incoming/outgoing NetBIOS ports on their main connection to the internet. It's not hard. And no one should be using them anyway. I'm surprised that all the routers and firewalls sold aren't blocking these ports by default. They really should. It would save THE WORLD so much hassle.

Re:The long-life of the Blaster worm is the ISPs f (4, Insightful)

pigscanfly.ca (664381) | more than 10 years ago | (#7803689)

Your ISP shouldnt have to filter out random ports because someone somewhere wrote some crap software which is now easily explotaible over those ports .
The fault is all the users who didnt patch there systems .
I dont know about you but when my ISP starts port filtering I get pissed off , that my decision to make not theres (stupid monkies blocked of port 20 through 25 . I had to run ssh on a different port!)

Re:The long-life of the Blaster worm is the ISPs f (0)

Anonymous Coward | more than 10 years ago | (#7803704)

It's not an ISP's job to block ports. If they're doing traffic analysis and detect the worm, sure, shut it off. But killing access to port numbers they deem harmful isn't the solution.

Wasted effort (1)

MAPA3M (718897) | more than 10 years ago | (#7803611)

I have a friend who primarily uses his PC to surf for porn and download music, and does all that on a unfirewalled cable modem connection. So naturally, every now and then someone fucks his box up. At which point in time I get my ass over to his house, format the drive, and reinstall everything from scratch.

Then one day he asks me why this never(or rather very rarely) happens to me. At which point I came to a realization that I theoreticaly could lock his box down as much as I locked my windows box down(behind firewall, most services disabled, don't use IE, etc.) but then I'd end up spending a whole lot more time in his house unlocking ad installing things that he's probably going to need at one point or another(Flash, configuring ports for e-donkey, etc.)

Which brings me to a conclusion: If you're giving this PC as a gift to someone who's not as technicaly advanced as you are, don't even bother securing it unless they intend to keep some important info on it. You will be called upon anyway, most likely to reinstall it because someone sent them a screen saver that formated the C drive.

First Wilhelm! (0)

Anonymous Coward | more than 10 years ago | (#7803621)

Ae-iiiiii!

Here on the Hell Desk... (5, Interesting)

uncleroot (735321) | more than 10 years ago | (#7803623)

I do DSL tech support for a large telco with a three letter name starting with "S" and ending with "C" and I have to bite my lip every time these poor, dumb people call in connecting their brand new Dells and Compaqs to the DSL with no firewall and not a clue as to what Windows Update is and why they need it. The reason I bite my lip is that Windows Update and firewalls are outside my scope of support and I was already told by my team lead not to waste time helping people with that stuff. Even worse, offical training tells us to leave the Windows firewall off when configuring a PPPoE connection - I am not making that up!

It's sad and irresponsible to let these people wander onto the Internet with their unprotected Windows computers like dogs wandering onto the freeway.

Update sizes need to be reduced. (1)

gilesjuk (604902) | more than 10 years ago | (#7803627)

If Microsoft could reduce the size of patches then they could create a tool that creates a list of downloads required. This list could be placed on a USB memory card, then another tool could be used on a PC with all the patches installed (and a net connection). This tool would download all the patches onto the memory card. The patches could then be installed on the new PC, which could then be connected to the net safely.

I just got bit... (1)

cplater (155482) | more than 10 years ago | (#7803635)

I installed XP SP1 today, and the first thing I did after rebooting was to intsall the security patches, then Norton AV. As soon as Norton AV was installed I started getting warnings about welchia. I ran the Welchia removal tool, and then installed ZoneAlarm. Since I won't have much time to work on the machine before getting out of here for the day (and year for that matter,) I've just turned the machine off, just to be safe.

Mirror, just in case (2, Informative)

dobedobedew (663137) | more than 10 years ago | (#7803645)

It took me five tries to get the PDF, so here is a mirror if anyone needs it.

xpsurvivalguide.pdf [compuliant.com]

The first day? (1)

k12linux (627320) | more than 10 years ago | (#7803656)

Windows XP: Surviving the First Day

That's all well and good.. but how do you survive (suffer?) Windows XP after the first day? ;)

My father had to fight to install XP (2, Interesting)

AsmordeanX (615669) | more than 10 years ago | (#7803657)

A friend of my Dad gave him XP Pro as a gift a month ago. He installed it then connected to the net. It took 4 minutes until he was hit by blaster.

He finally had to resort to getting the guy that gave him XP to make a CD up of the patches so he could actually use XP on the net.

Personally I just have to say thanks to my linux firewall.

Umm... simple solution that EVERYONE should use... (1)

Transcendent (204992) | more than 10 years ago | (#7803658)

Given that these worms are still going strong, it doesn't take long for a new system to be infected. In particular, if you have to connect it to the Internet to download all the patches.

Just uhh... use a router/firewall. Problem solved

Freee Hardware Firewalls (1)

nurb432 (527695) | more than 10 years ago | (#7803667)

They give away printers these days, why not just give each customer a free single port firewall...

And a cdR with the latest Service Pack/Security Patches.. ( and make it auto-run for the newbees )

What would that cost a vendor.. 10 bucks tops?

Oh Boy (0)

Anonymous Coward | more than 10 years ago | (#7803674)

thats what we need for Christmas, a few thousand unpatched wormy XP boxes all surfing pr0n online...

Use a fucking router? (2, Funny)

tomstdenis (446163) | more than 10 years ago | (#7803682)

Most worms are either email, script faults or RPC/fileshare.

So don't read email, visit non-update sites or open your ports below say 1000 to the outside world.

Wow I'm a fucking genius. Since most homes have multiple computers anyways you will want a cheapo 100$ router anyways.

Praise me!

Ha! (1)

Denyer (717613) | more than 10 years ago | (#7803686)

"Windows XP: Surviving the First Day" :)

Happy holidays, everyone.

patching xp (2, Insightful)

agwis (690872) | more than 10 years ago | (#7803697)

I finally had to give in and purchase a new computer with xp. 2 things that frustrated me right off the bat was the fact that this new computer was way behind on patches, secondly...just how big the patches were I had to download. Even though I'm on highspeed dsl it still took a good 15-20 minutes to download and install all critical updates.

I can just imagine how inexperienced people getting new computers for Christmas will feel, especially on dial up connections. When your excited about a new machine, who wants to spend the first couple of hours just trying to secure the machine before you can even browse to your first website?!

Vendors should be forced to ensure that any computers they sell are already up to date. While we're at it, Microsoft should be forced to ensure that there products aren't so insecure before sales either :)

How many Wizards does it take to setup an XP box. (0)

Anonymous Coward | more than 10 years ago | (#7803706)

I purchased a Toshiba laptop for my parents this year (hey, they were good to me for nearly 30 years...), and set it up well before xmas... I was impressed/distressed to discover that Linux is now easier to install than preloaded XP is to configure.

Once I had re-entered the IP and DNS entries 3 times after XP throws them out (3 dueling configuration "wizards"), I went searching for the windows update button. RedHat puts it in your toolbar by default, XP has it buried, and not in the toolbar by default. The machine is now patched and ready to go on xmas day; Openoffice and Opera ready for action.

From mine and my friends experiences I would rate the major OS's in the following order for ease of install/use:

Mac OSX - wow. pretty.
Linux (redhat) - wow RAID 1 out of the box.
Windows - wow, I've been hacked already.

It's been a couple years since I set up a windows box, and I sure wasn't missing anything. If it wasn't a laptop I'd have set them up with a friendly linux distro (redhat or maybe lycoris).

-A
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>