×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Windows Security Nightmare

michael posted more than 9 years ago | from the it's-funny-because-it's-true dept.

Windows 969

latif writes "Microsoft has set aside a $5 million fund for paying off informants on malware authors. In my opinion a good chunk of this money deserves to be paid to individuals who help catch the Microsoft employees behind the design of Windows Registry and Windows Update. As I found out, the two mis-features work together to deprive Windows users of all protection from malware. The details of my experience are in the article Why Windows is a Security Nightmare." In a related story, Anonymous Wussie writes "This guy had family with a problem: A Windows XP computer hit by worms that couldn't stay on-line long enough to get patched. His solution? A CD. This article describes the custom made CD he sent to his family member with patches, tools, and instructions to make a fresh install of Windows XP Home Internet safe. I know I'll be doing this in the future."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

969 comments

Uh huh! (5, Funny)

imidazole2 (776413) | more than 9 years ago | (#9175400)

A typical Windows system follows a simple lifecycle: it starts out with a clean Windows installation, which gradually deteriorates as programs are installed, and uninstalled. Eventually, the Windows registry accumulates so much crud that the user is forced to do a clean install. When a user does a clean install that user's system loses all the previously applied security updates, and becomes a sitting duck for worms and other malware.

Thats why I'm such a FreeBSD/Mac advocate.

offended (5, Troll)

andy666 (666062) | more than 9 years ago | (#9175401)

From article:

"so simple, even my grandmother could implement it."

As a 48 yo grandmother, I am offended that technical incompetance is equated with being a grandparent. I don't think anyone would have said "so simple even my grandfather could implement."

I am incidentally, a C programmer of 20+ years.

Re:offended (-1, Flamebait)

Ass, Ltd. Ho! (714400) | more than 9 years ago | (#9175441)

As a 48 yo grandmother, I am offended that technical incompetance is equated with being a grandparent. I don't think anyone would have said "so simple even my grandfather could implement."

That's because men are better programmers than women.

I am incidentally, a C programmer of 20+ years.

yeah fucking right.

Re:offended (2, Insightful)

JustKidding (591117) | more than 9 years ago | (#9175476)

As a 48 yo grandmother, I am offended that technical incompetance is equated with being a grandparent.

He didn't actually say grandparents are incompetent, he just said grandmother is.
It's easy to be offended if you want to be.

A grandmother can do it (5, Funny)

AtariAmarok (451306) | more than 9 years ago | (#9175481)

""so simple, even my grandmother could implement it."

"(AP) Dateline August 12, 2008. National and international commerce was brought to a halt as the "SugarCookie" worm infected and seized up the installed base of Windows 2006 computers. An FBI task force was able to determine that the worm was written by someone's grandmother who thought she was entering a cookie recipe into her computer. She was quoted as saying 'I did not know that Windows was so insecure that you could bring down networks with accidentally-written worm programs'"

Re:offended (0, Offtopic)

simcop2387 (703011) | more than 9 years ago | (#9175513)

a 48 year old grandmother who goes by the name andy666? man that family has some of the oddest names

Re:offended (2, Funny)

Anonymous Coward | more than 9 years ago | (#9175588)

Uh-huh, right, that's her real name.

"Simcop2387 get off your computer and get down here for dinner!" something you hear often?

Re:offended (1)

HuckleCom (690630) | more than 9 years ago | (#9175549)

I'm actually intersted as to why the hell your thread was moderated as a troll. Bad mod! I just dont understand this stupid /. 'moderating' system... your opinion is subject to another's opinion? And wether or not some chum finds your post funny, interesting or troll like you get ganked?

Whether you are offended (4, Insightful)

2names (531755) | more than 9 years ago | (#9175576)

or not is immaterial. The simple fact is that as one ages, one loses touch with new technology and advancements for many reasons, most of which have nothing to do with a person's abilities or intelligence. Mostly, people just stop caring about the latest gizmo and care more about things that are really important like family.

But, if you don't believe me try this little test:

Take an iPOD, a Laptop with a wireless card in it, and a wireless access point to a retirement home. Place them on a table right next to an Internet connection of any kind. Now ask if any of the residents can get a song from the iTunes store onto the iPOD.

I'll put dollars to doughnuts you won't find a single resident who can do it. Not because they aren't capable of learning how, but because they really just don't care about that kind of thing anymore.

$.02

Fuck M$FT (-1, Flamebait)

Ass, Ltd. Ho! (714400) | more than 9 years ago | (#9175405)

Who gives a shit? Microsoft is a sinking ship. Get off while you still can! Use BeOS! or the Commodore 64 OS! You're all a bunch of fucking pussies anyway. Pussies. Go back to your little pussy village before I fucking kill you.

Re:Fuck M$FT (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#9175480)


Can you link to Netcraft confirmation that MS is dying?

OH SO VERY YOUNG - JT (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#9175410)

OH SO VERY FROSTY - AC

Hints for Slashdorkers:

Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Use the Firewall (4, Informative)

Anonymous Coward | more than 9 years ago | (#9175412)

People always complain about their computers getting infected before they are able to download the patches - but this is easy to prevent if you just switch on the included firewall software.

Re:Use the Firewall (1)

vijaya_chandra (618284) | more than 9 years ago | (#9175502)

The default firewall configuration is a confusing thing to say the least
(damn it's not as simple/powerful as iptables)

I hope the XP SP2 would improve things

Re:Use the Firewall (5, Interesting)

jdreed1024 (443938) | more than 9 years ago | (#9175520)

People always complain about their computers getting infected before they are able to download the patches - but this is easy to prevent if you just switch on the included firewall software.

Too bad the firewall software loads *last* in the startup sequence, leaving a gaping hole of anywhere from 20 seconds to two minutes (on a slow machine) when your machine is on the net and unprotected. And during the height of worm activity, that's *more than enough* time to get infected.

Re:Use the Firewall (3, Insightful)

radish (98371) | more than 9 years ago | (#9175555)

How about you wait until the firewall is loaded before plugging in the network cable?

Re:Use the Firewall (1, Insightful)

Lehk228 (705449) | more than 9 years ago | (#9175570)

that is why you leave your network cord unplugged untill windows is loaded.

Re:Use the Firewall (1, Redundant)

bryanp (160522) | more than 9 years ago | (#9175572)

Too bad the firewall software loads *last* in the startup sequence, leaving a gaping hole of anywhere from 20 seconds to two minutes (on a slow machine) when your machine is on the net and unprotected. And during the height of worm activity, that's *more than enough* time to get infected.

So you build the machine offline. Leave ethernet disconnected right up until the moment you're ready to hit Windows Update. You're already booted up with the firewall enabled. Connect cable, wait a few seconds for XP to notice it, hit update. Voila.

Re:Use the Firewall (2, Interesting)

Neil Blender (555885) | more than 9 years ago | (#9175535)

My wife has a laptop that she hardly ever uses. 90% of it is used for Quicken. Once in a while, she will buy a cd or book online. She does not receive email in any form on this computer and never has. Our home network is behind a netscreen 5 with everything blocked. There are no other windows machines in our house. A few weeks back, I went to use her laptop and the thing was absolutely infested with spyware. So, here is an example of being behind a firewall, hardly ever using the computer and spybot is telling me there are something like 50 different spyware apps on it.

Re:Use the Firewall (5, Interesting)

Sean80 (567340) | more than 9 years ago | (#9175579)

I still don't get it sometimes when people say this. I would only feel comfortable making this sort of statement based on some evidence. Not a troll or anything, but has anybody ever seen any evidence which indicates what majority of the PC-using community understand what a "firewall" means, and, if they do, how to turn it on when they receive their brand-spanking new PC from Dell?

If that number turned out to be unusually low, perhaps the key is to really shove this sort of education down people's throats. How? I don't know. A series of ads on TV? Not likely. Get it into the headlines? Not likely. So I'm just not sure how this could be done.

One thing's for sure, my mom wouldn't know what a firewall is, nor how to turn it on, and I shudder at the thought of trying to explain it. Honestly.

Re:Use the Firewall (4, Insightful)

dylan_- (1661) | more than 9 years ago | (#9175608)

Since a few people have mentioned this: He was using Windows 2000. It doesn't have a firewall.

Knoppix to the rescue. (-1, Troll)

Anonymous Coward | more than 9 years ago | (#9175422)

I just send them a Knoppix CD.

Burn a cd? (5, Funny)

JustKidding (591117) | more than 9 years ago | (#9175428)

custom made CD he sent to his family member with patches, tools, and instructions to make a fresh install of Windows XP Home Internet safe. I know I'll be doing this in the future."

Better make that a rewritable...

Re:Burn a cd? (0, Flamebait)

SteelX (32194) | more than 9 years ago | (#9175499)

I'm surprised his Windows PC stayed online long enough for him to make a safe CD in the first place. :-)

Re:Burn a cd? (5, Interesting)

dicepackage (526497) | more than 9 years ago | (#9175568)

I have found that a cheap USB key drive is a great way to keep all of the necessary patches in one place that can be re-written fast.

that's easy... (5, Funny)

Anonymous Coward | more than 9 years ago | (#9175432)

the CD held knoppix

its not that bad (2, Insightful)

Anonymous Coward | more than 9 years ago | (#9175437)

First off lets say I'm a linux user, and havent used windows as a desktop or a server for about 4 years. I hate windows. My family however still runs windows 2000 on their main computer.

It has no virus scanner, and they have never contracted a virus. As long as you aren't a dumbass (open random exes and stuff off the web), don't use outlook/IE (they use firefox and thunderbird), and run Ad Aware once in a while you should be fine. Running windows update automatic updates has never been a problem.

Re:its not that bad (4, Insightful)

Kenja (541830) | more than 9 years ago | (#9175503)

"It has no virus scanner, and they have never contracted a virus."

How do you know? If its not running a virus scanner how would you tell if it had a virus or not?

Re:its not that bad (3, Insightful)

blastedtokyo (540215) | more than 9 years ago | (#9175529)

If it has no virus scanner, how do you know that it's never been infected?

Re:its not that bad (0)

Anonymous Coward | more than 9 years ago | (#9175578)

Generally, viruses make computer performance go down the toilet. That's how you know.

And if you do have a virus and it's not affecting system or network performance and you don't use the system for any sensitive information, do you really care?

Re:its not that bad (1)

dicepackage (526497) | more than 9 years ago | (#9175596)

While this is true in the old days of viruses the new ones comming out run without you even doing anything. Take Blaster and Sasser for instance, they both are automatically installed onto your computer if it is left unpatched and you don't have to do anything to get infected.

my windows security nightmare.. (5, Funny)

Anonymous Coward | more than 9 years ago | (#9175438)

my windows security nightmare involves bill gates breaking all my boxen with a life size stainless steel Clippy.

Re:my windows security nightmare.. (0)

Anonymous Coward | more than 9 years ago | (#9175554)

Wouldn't that just be a paperclip with some of those plastic eyes glued on?

Not so fast, sir (1, Insightful)

sphealey (2855) | more than 9 years ago | (#9175445)

A D-Link port-80-only firewall can be had at any number of electronics stores (heck, probably at Walgreen's too) for $79. It isn't a total solution, but it will protect a personal machine long enough to get the Windows Updates installed.

If the author is unaware of this, or not capable of installing such a device on his Internet connection, just how seriously can we take the rest of his essay?

sPh

Re:Not so fast, sir (4, Insightful)

ivan256 (17499) | more than 9 years ago | (#9175484)

So your solution is to spend $80 on hardware to workaround a defect in $100+ software? Does he have to carry this device around with his laptop everywhere? This is a joke, right?

Re:Not so fast, sir (3, Insightful)

sphealey (2855) | more than 9 years ago | (#9175567)

So your solution is to spend $80 on hardware to workaround a defect in $100+ software?
The value of a system isn't in the cash-and-carry price of the components; it is in the data and applications running on it, the time and effort to get it configured properly, and the opportunity cost of not having it in operation. $79 isn't much against those costs.
Does he have to carry this device around with his laptop everywhere?
Plenty of corporate travellers do just that, yes. But in the scenario presented he only needs it for freshly installed systems not yet fully configured. Assuming he trusts his WinXP configs to be secure.

This is a joke, right?
Um, no.

sPh

Re:Not so fast, sir (0)

pavon (30274) | more than 9 years ago | (#9175545)

If the author is unaware of this, or not capable of installing such a device on his Internet connection, just how seriously can we take the rest of his essay?

Hmm, $0.05 CDROM which also saves download time when helping people on modem vs $80.00 firewall that is useless for day-to-day operation (no IM or email). Yep he sure is a fool.

Re:Not so fast, sir (1, Insightful)

geoffeg (15786) | more than 9 years ago | (#9175557)

Ah yes. When I buy my car I'll need to get the tow truck with it too because everyone knows that the car won't make it home! That's a perfectly acceptable solution! People have suggested that the car companies just make the cars more reliable but everyone knows that's crazy!

I think the author's point is that Average Joe just expects windows to work. Most people don't know about firewalls, NAT, routing and such. They're used to plugging something in and having it work right out of the box. If something breaks they throw it away and get a new one. This gets expensive fast with computers!

Re:Not so fast, sir (1)

sphealey (2855) | more than 9 years ago | (#9175620)

Ah yes. When I buy my car I'll need to get the tow truck with it too because everyone knows that the car won't make it home! That's a perfectly acceptable solution! People have suggested that the car companies just make the cars more reliable but everyone knows that's crazy!
Look, I am not trying to defend Microsoft here. But I do have small tool kit, a first aid kit, a pressure guage, and a fire extinguisher in my car. Purchased at my own expense; not provided by the auto manufacturer. I think those are reasonable and prudent expenditures. That is what I am advocating.

sPh

Re:Not so fast, sir (0)

Anonymous Coward | more than 9 years ago | (#9175571)

Yeah there's a Walgreen's on every corner in Pakistan.

But I agree that the author is ignorant of many simple things he could be doing to make his life easier.

Re:Not so fast, sir (0)

Anonymous Coward | more than 9 years ago | (#9175593)

ummm... the guy was using dialup...

Re:Not so fast, sir (4, Insightful)

jdreed1024 (443938) | more than 9 years ago | (#9175616)

A D-Link port-80-only firewall can be had at any number of electronics stores (heck, probably at Walgreen's too) for $79. It isn't a total solution, but it will protect a personal machine long enough to get the Windows Updates installed.

Wow. Think of what you're saying. You're telling users that they need to shell out almost a hundred bucks for a device that will allow them to safely download updates. Has Microsoft security gotten so bad that we're just going to accept that you need to buy a firewall just keep your OS up to date? Does anyone else see a problem with this?

Heh not me. (3, Interesting)

grub (11606) | more than 9 years ago | (#9175446)


This article describes the custom made CD he sent to his family member with patches, tools, and instructions to make a fresh install of Windows XP

I took the extreme opposite approach: I don't help family or friends with their Windows problems if they've asked me for advice and gone against it. (as written about in my journal [slashdot.org] last March.)

Re:Heh not me. (2, Insightful)

xplosiv (129880) | more than 9 years ago | (#9175552)

Unfortunately, most people can't get away with that attitude, that's almost as bad as burning bridges. Someday your friend/family member will be asked if they know anyone who is willing to accept a high paying Windows admin job, and your friend/family member will say "No, the only person I know doesn't do windows". Instead, refer them to websites where they can download anti-spyware software, anti-virus software and such, you have nothing to lose, and while you give them this information, you can tell them there is not much else you can do, but at least you tried.

Re:Heh not me. (0)

Anonymous Coward | more than 9 years ago | (#9175613)


"high paying Windows admin job"? Ya don't see many of those now-a-days, hence the glut of unemployed MCSEs...
Anyhow, I wouldn't want that job. I have a great job which I love. No way in hell I'd want to get up every morning hating my work.

Re:Can I be your friend? (0)

Anonymous Coward | more than 9 years ago | (#9175594)

You're such a generous-hearted sweetheart.
Hugs and Kisses, your friends and family
XXX OOO

How to stay alive (1, Interesting)

Anonymous Coward | more than 9 years ago | (#9175449)

all it takes it to issue "shutdown -a" and the 60 second shutdown screen disappears. you can then finish downloading patches

Top of the charts (0, Flamebait)

auric_dude (610172) | more than 9 years ago | (#9175450)

I'm willing to bet that this rescue type disk will be the best seller and top of the RIAA CD Sales charts within a few weeks.

Custom CD (1, Informative)

YrWrstNtmr (564987) | more than 9 years ago | (#9175451)

Wow...what a concept! I never would have thought of that.

You can get the same [microsoft.com] from MS, free.

Why would you put *any* unpatched box online, whatever the OS?

Re:Custom CD (3, Funny)

rsidd (6328) | more than 9 years ago | (#9175475)

Wow...what a concept! I never would have thought of that.

You can get the same from MS, free.

RTFA. (Wow, what a concept!) He covers that.

Re:Custom CD (1, Insightful)

Frequanaut (135988) | more than 9 years ago | (#9175507)

"Why would you put *any* unpatched box online, whatever the OS"

Well, there's a reasonable answer to that question in the article itself. Trying to patch it requires that the user go online. Maybe he didn't want to wait the 2-4 weeks that microsoft states as the delivery time for the CD.

A better question may be why didn't he turn on the firewall?

Re:Custom CD (3, Insightful)

Ann Elk (668880) | more than 9 years ago | (#9175546)

Microsoft's Windows Security Update CD is great in theory, but almost worthless in practice. The lead time for delivery is so long, by the time you get the CD, another batch of viruses/worms are out exploiting newly discovered vulnerabilities.

Re:Custom CD (1)

Nasarius (593729) | more than 9 years ago | (#9175569)

Better yet, you can just enable the XP firewall before connecting to the Internet. Use Windows Update until you've got everything. Or wait for SP2...

New "casino" concept is needed (5, Interesting)

Anonymous Coward | more than 9 years ago | (#9175455)

Microsoft should send XP SP2 CD-ROM to everyone that has registered Windows XP. After user installs and visits some web site, they enter into Microsoft award contest. 100 random users that install XP SP2 receive 50.000$ award each. I guess everyone would upgrade if they could receive an award.

Small price for Microsoft, great effect on security.

As the article suggests (1)

Capt'n Hector (650760) | more than 9 years ago | (#9175456)

I know it was said in jest, to turn in the authors of windows registry and update as those at fault for the security problems, however I'm inclined to agree. Although some would say this is kin in the analog world to blaming a robbed homeowner who didn't lock every second story window and didn't buy baseball-bat-proof glass, I believe it's more along the lines of blaming a vehicle manufacturer for faulty locking mechanisms on its car's doors. All the while Microsoft is trying to catch the thieves running around with stolen cars, when it was their mistake in designing the faulty cars in the first place. Yeah, the analogy sucks, but it's the best I can come up with.

Big problem (4, Insightful)

jdreed1024 (443938) | more than 9 years ago | (#9175458)

A Windows XP computer hit by worms that couldn't stay on-line long enough to get patched.

This is a serious problem, actually. During the height of the worms last summer, we saw hundreds of machines that got infected while in the middle of downloading updates. It even got to the point that the WinXP "firewall" wasn't good enough, since it loaded *last* in the startup sequence, and there was a good 20 seconds to 2 minutes (depending on the speed of the machine) when the machine was on the net and unprotected, even if you had enabled the firewall settings.

It's the bigger problem of running services by default. The average user doesn't need half of the services that run. Linux figured that out years ago - most services are off these days, and those that are on are fairly secure (ie: sshd). Even if some of these services are required for system operation (like some folks have claimed), there's no reason for them to be listening on addresses other than 127.0.0.1.

Re:Big problem (1, Insightful)

radish (98371) | more than 9 years ago | (#9175524)

It even got to the point that the WinXP "firewall" wasn't good enough, since it loaded *last* in the startup sequence, and there was a good 20 seconds to 2 minutes (depending on the speed of the machine) when the machine was on the net and unprotected, even if you had enabled the firewall settings.


Am I the only one thinking:

1) Switch on computer
2) Login
3) Wait until everything is loaded and the disk stops chunking
4) Plug in network

Is that really hard?

Re:Big problem (4, Insightful)

jdreed1024 (443938) | more than 9 years ago | (#9175551)

Am I the only one thinking:

1) Switch on computer
2) Login
3) Wait until everything is loaded and the disk stops chunking
4) Plug in network

Is that really hard?

Try telling that to an end user. They don't want to be bothered with that. And also, people forget to do things sometimes. And the one time you forget, you'll get infected.

Yes, yes, we all know the most secure computer is the one that doesn't have a network connection. But really, providing firewall software, and loading it last in the startup sequence, instead of immediately following network device startup is sloppy and wrong.

Re:Big problem (0)

Anonymous Coward | more than 9 years ago | (#9175612)

For large installations in heterogeneous networks it is very difficult. Think about actually being employed, then about actually being employed in a large corporation.

Re:Big problem (2, Insightful)

Kenja (541830) | more than 9 years ago | (#9175542)

"This is a serious problem, actually. During the height of the worms last summer, we saw hundreds of machines that got infected while in the middle of downloading updates. It even got to the point that the WinXP "firewall" wasn't good enough, since it loaded *last* in the startup sequence, and there was a good 20 seconds to 2 minutes (depending on the speed of the machine) when the machine was on the net and unprotected, even if you had enabled the firewall settings."

There is a system called "unplugging the network cable" that can block 100% of the network traffic within the first two min' of booting!

Re:Big problem (1)

takitus (733922) | more than 9 years ago | (#9175601)

if they would have installed the patch when it came out, which was a month before the worm, they wouldnt have had the problem. its either that or have microsoft set it up to install the patches automatically and everyone is against that. i think ill put more oil in the car after the engine burns up. maybe thatll fix it

Microsoft will mail you a CD (2, Informative)

anotherone (132088) | more than 9 years ago | (#9175459)

Microsoft will mail you a CD, for free, of the most recent updates and service packs.

http://www.microsoft.com/security/protect/cd/order .asp [microsoft.com]

Re:Microsoft will mail you a CD (1)

ClippyHater (638515) | more than 9 years ago | (#9175534)

That's a step to take; however, until their CD also changes the settings for services to automatically start at boot, you'll still have problems in the future.

Sure, I know that the only truly safe computer is one that isn't turned on, but starting with all unnecessary services disabled by default will sure go a long way towards securing a windows box.

Re:Microsoft will mail you a CD (2, Informative)

StacyWebb (780561) | more than 9 years ago | (#9175604)

"Your CD should arrive in 2 - 4 weeks. In the meantime, sign up for Microsoft's free Security Newsletter for Home Users. Every other month you'll get valuable information to help you protect your home computer" --Win Update 2004 English NA Feb Direct 2CD Windows Security Kit --- This CD is only for Updates current to February (not including the SASSER updates)

You Mean digital? (4, Informative)

Mordaximus (566304) | more than 9 years ago | (#9175461)

the Microsoft employees behind the design of Windows Registry

Ah yes, brought to you by the letter V, as in VMS. IIRC it was a few digital VMS engineers that left and help build many of the more functional components of WinNT. And apart from the ACL, i believe the registry (at least for pathworks) was another digital innovation...

Never forget there is very little you can credit Microsoft with...

all he had to do (4, Informative)

xplosiv (129880) | more than 9 years ago | (#9175463)

was have them type 'shutdown -a' at the command prompt and the rebooting would have stopped. I have helped people remove this worm many times using Remote Assistance, over dialup without any issues. The firewall software is going to cause more problems in the long run as it will block some of their games, or even him remotely accessing the machines in emergencies.

Ignoring the root cause and fighting the symptom (4, Insightful)

kbahey (102895) | more than 9 years ago | (#9175464)

I cannot help but see the analogy here.

Microsoft takes the approach of fighting the symptom (malware, ...etc.), and not the root cause (flawed security design, ...etc.).

This is the same way many governments approach things like terrorism. They address it like a security problem only, that Intelligence Agencies and the Military/police handle. Why these ideologies developed, and what are the social, economic, and political reasons that lead to it is never even attempted.

And it is not only America, this has happened before in Ireland, Spain, Egypt and elsewhere.

Unless the root cause is studied, a correct diagnosis is made, and then remedial actions are taken, no amount of policing will fix the problem for good.

Re:Ignoring the root cause and fighting the sympto (1, Insightful)

Anonymous Coward | more than 9 years ago | (#9175609)

Figuring out ideologies is a waste of time. During World War II, we didn't pick apart Nazism and Fascism, we left that for the endless documentaries on the History Channel. This is a war of cultures and should be handled like wars should be handled - brutally, or more precisely, Curtis LeMay style. The German and Japanese got really sick of war IIRC and have put it on the bottom of their priority list ever since. Sanatizing war and making guesses as to their Weltanshauung is best left for increasing tensions and threats of global annihilation back to cold war levels.

Custom patch CD (3, Insightful)

prisen (578061) | more than 9 years ago | (#9175471)

This isn't anything new -- I've sent plenty of patch CD's with customized .bat/.cmd files along with stupid-easy instructions thanks to an autorun.inf that takes care of everything from hotfixes to updating DirectX and IE, even restarting the box when it's done..all without bothering the user with confusing dialog boxes. It helps quite a bit when your family has dial-up and can't even get to Windows Update before Sasser or equivalent hoses their machine.

But, then again, I've sent many times more Linux distro CD's to my friends.

This article is a disgrace to slashdot (-1, Flamebait)

melted (227442) | more than 9 years ago | (#9175474)

The article is so mind bogglingly stupid and childish - I puked all over my keyboard. The guy who accepted it to the front page deserves to be fired immediately. "I installed VMWare and everything stopped working." Guess what, moron, when you install a piece of software that installs DRIVERS on an unsupported machine shit like this CAN indeed happen. "I'm too stupid to enable firewall" - it's one FUCKING CHECKBOX for Christ's sake. Why is it so hard to do a single fucking mouse click on a single fucking checkbox?

They've probably been doing it all along (1)

Noose For A Neck (610324) | more than 9 years ago | (#9175477)

Paying hush money to security researchers to keep their discoveries secret is hardly a new idea, and I'd be pretty surprised if M$ weren't already paying people off to keep security holes in IE and other examples of their crappy software secret.

$5 million seems like a pittance, though, when you consider the market capitalization of a company like Micro$oft. If I were a security researcher who'd just discovered the next devastating remote hole in M$ software, I'd hold them hostage for millions, considering that I need the money and they do nothing but spread FUD about Linux and fund SCO. I'd punish them hard, then donate the proceeds to the FSF to keep Linux Free. I guess M$ will have to expand their payoff budget pretty soon, considering how terrible their security is.

CD article (2, Informative)

Seft (659449) | more than 9 years ago | (#9175486)

This really isn't a great way to do it. How about - install windows, turn on windows firewall, then install adaware, and keep patching regularly - I do this for lots of people and I never have a problem. The rich man's solution to this is to buy a router with a firewall - they really aren't that expensive, and let you use more than one computer on the line. As for Mozilla/Firefox being less suceptible to malware etc on a statistical basis, this is a no-brainer. People who would use an alternative browser also tend to be the type of people who patch their software.

Registry and update? Nah. (3, Insightful)

Weaselmancer (533834) | more than 9 years ago | (#9175490)

If you're going to go after Windows employees, don't bother with the registry and update guys. Nail the guys who made ActiveX and Outlook.

There ya go, I'm an informant now. When can I expect my check? =)

Weaselmancer

Make Windows Open Source! (1, Funny)

Anonymous Coward | more than 9 years ago | (#9175491)

I think it would benefit Microsoft and their developer community if they just would make Windows 2000 and XP Open Source. The dedicated, experienced, and loyal Open Source developer community would be able to enhance these operating systems to new levels.

We would have embedded Ogg Vorbis support in Notepad, a visual tool for ipchains using Paint, and most importantly, a Mozilla plug-in for IE so that a user could run a browser within a browser which would be inherently more secure.

Which is nice.

The saddest thing about this... (1)

d4rkmoon (749223) | more than 9 years ago | (#9175498)

Patching Windows... the worst part is that you have to use a custom CD (patched Windows) to fix the problem. Simple solution. Get a computer that isn't infected. Download the patches/fixes. Pull the network cord from the infected machine. Install the patches locally via media. Then clean the worm after the hole is patched. Beats having to reinstall a custom-patched Windows fresh install. OR.... install linux, and save the trouble.

Re:The saddest thing about this... (1)

takitus (733922) | more than 9 years ago | (#9175563)

well if the people had installed the patches when they came out (blaster patch was about a month before the worm hit) then they wouldnt have to worry. after all that people still dont install patches. its their fault...

Security Nightmare (1, Flamebait)

m.h.2 (617891) | more than 9 years ago | (#9175501)

I'm sorry, but the security nightmare isn't Windows. It's the non-thinking morons who use Windows.

I've got a disk... (-1, Offtopic)

kitzilla (266382) | more than 9 years ago | (#9175505)

...that fixes ALL of Windows XP's vulterabilities, present and future. It's made by SUSE.

Questions (0)

Anonymous Coward | more than 9 years ago | (#9175556)

Will I be able to run my extensive library of software after I install it? And will my new network card work as well?

Thanks in advance.

updating mac os x is harder over dial-up (1, Insightful)

Anonymous Coward | more than 9 years ago | (#9175506)

considering there are 80MB and 100MB downloads...and apples download servers suck compared to microsofts.

Learn from the biological world (0)

Anonymous Coward | more than 9 years ago | (#9175508)

It has become clear that "being infected" is not a boolean, it's more like a severity percentage which, like in the biological world, is never exactly zero. We need the biological solution: you can't hope to patch all the holes, so instead you write additional software to try to keep the severity of infection small.

Update CDs for family (5, Interesting)

thewldisntenuff (778302) | more than 9 years ago | (#9175515)

I think the biggest problem in making an update cd or instructions on how to update their computer is not getting the right programs together - it's getting them to properly use and learn how to be on top of security issues.

Case in point-
I return home for the semester break, and my sister's pc is riddled with spyware, malware, you name it. The thing is no longer functional, so I had to format the hard drive, yadda yaddda yadda...I gave her a full lesson, and made sure she knew exactly what to do. Yet a month later, the computer was back in the crapper again...She stated that she lost all of the programs she liked when I fixed her computer-

That's the problem...Unless I boot linux and pull the internet from the back of the machine, her pc will never be secure...No matter how many times you teach/tell someone about computers and online security, for most noobs or non-users, it just doesn't seem to click...

As far as issues with Windows Update...Best bet is to download from someone else's high-speed pc. I had a similar incident with SoBIG and a reinstallation of XP.

MOD ALERT: BLATANT KARMA REQUEST (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#9175611)

What the parent does here is typical: he plays onto the common sentiment of the majority of users that can be bothered to moderate. By stating some common items that have been regurgigated over and over, he hopes to get those "valueable" mod points.

So mod wisely. Thank you for your time.

i use windows (4, Interesting)

takitus (733922) | more than 9 years ago | (#9175516)

and have a hardware firewall, run ie and outlook express and have never had a problem. it can almost always be chalked up to not knowing how to operate things properly. i have made similar cds that are all automated. i used to sell them around the time the blaster worm came out on the side of the streets outside best buy etc for $20 a piece. made a few grand off that. best buy was chargin $80 for the same thing that my cd did =). either way... windows is only as safe as you make it. the only thing required to keep viruses from getting in a windows box is running the patches, and even that isnt that necessary if you have a firewall. all of the rest of the viruses are contracted through user error. poo!

Its not a bug, its a feature! (1)

xtermin8 (719661) | more than 9 years ago | (#9175517)

Whose side do you think Microsoft is on? The consumer's? Internet Explorer safegaurds web surfers the way the nicotene in cigarettes enhances flavor.

A Different Perspective . . . (5, Funny)

pariahdecss (534450) | more than 9 years ago | (#9175543)

How about creating a CD to make the internet safe from Windows XP
Maybe something that strips out the entire TCP/IP stack - a castration of sorts for the good of all mankind

My name is Bill and I pronounce Windows -- WeenDOHS

Linux/Windows not secure - News at 11. (1)

MikeHunt69 (695265) | more than 9 years ago | (#9175562)

Windows, Linux, MacOS. 100% guaranteed that all have exploits.

We just haven't found them all yet.

Seriously, is this news?

Install patches right from the installer (2, Interesting)

ohad_l (683421) | more than 9 years ago | (#9175566)

That's what Mandrake Linux, for example, does (I'm sure many other *nix distributions do as well). Once installation is finished, a small component goes online and downloads all important patches which were made available since the CD it's sitting on was burnt. This makes sense to me from a security standpoint - it should be far easier to secure a single program with independent network code, than a fully up-and-running system.

Flamebait (2, Insightful)

Anonymous Coward | more than 9 years ago | (#9175581)

This article is the biggest piece of flamebait. Ever. It even tops some of the slashdot comments.

If the article had made an indepth study of the patching issues and what can be done about then, that'd have been great and we'd have learnt something new. Instead, he just goes on about how he was so stupid so as to not use his computer properly.

Windows registry is something that people love to rant about, but good grief, its a few megabytes (or hundreds) out of your multi-gigabyte system. Live with it. Don't worry about cleaning up your registry because you're never supposed to know it exists.

What's more - I can almost GUARANTEE that this guy was running everything as Admin. That is akin to running everything as root on linux. Wonderful. Now try writing an article about how you run everything as root on linux and you have security issues.

this is just a good example of... (4, Informative)

mgoodman (250332) | more than 9 years ago | (#9175597)

...why stupid people shouldnt use computers.

Just because its made by microsoft, that doesn't mean an idiot should administer it. It certainly doesn't mean its going to be secure and stable out of the box.

The huge divide between Unix/Linux and Windows is that Unix/Linux forces you to know what you're doing when you install something on your computer. Windows assumes the opposite.

However, if you do know what you're doing with Windows, problems of this nature are not really problematic. Fixing Windows without reinstalling is easy for competent administrators. Jeez, I can get around in Windows without a mouse and without explorer.exe.

Here's a hint guys: if something breaks on Windows -- don't install a program to fix your computer. It will break it further. Don't install registry cleaners -- they suck. Slick your system, ghost your system, take registry snapshots now and then. Don't install third party software on production machines without testing on crap boxes first. Do know your system in and out.

What a bozo! (3, Insightful)

gregarican (694358) | more than 9 years ago | (#9175600)

I can empathize with the author's issues and gripes, but a bit of enduser education could have prevented a decent amount of them. Here's a good document [sans.org] on how to survive your first day with Windows XP.

The author's slanted raving is over the top. I could just as easily read about some Linux newbie's nightmare experience trying to get all of his hardware to work or how they had to rebuild the kernel after applying some new module to their system.

My main gripe with how things are is that all new PC's should be delivered fully patched as of their configuration date. And since Microsoft has switched to their license subscription model they should ship out CD's to all licensed customers with all rollup security packs available. Just like a TechNet subscription operates for previewing beta products. I don't mean a user calls into Microsoft to request a CD. It's their place to send them out. Just like an auto company would mail out recall notices.

Thoughts on this unmitigated rant (0)

Anonymous Coward | more than 9 years ago | (#9175605)

"Then I made the mistake of installing VMWare 30 day demo on my system. As soon as I booted Linux under it as a guest OS, the the sound card went bonkers, and started producing high pitched screeching sounds. I tried reboots which...."

What does this have to do with security?

"Finally, I had the bright idea of downloading a registry cleaner to fix things. The product I downloaded turned out to be some pathetic crippleware, and I uninstalled it. "

Did the author get this software from a link that said "Your computers registry may be broadcasting an IP Address! Click here!" ?

I've installed "clean" installs hundreds of times and managed to run windows update long before the worms had any chance to try to intrude. I've even done this on campus networks and cable modem networks which are notorious for harboring worms. I can't believe the complete INEPTITUDE of the author to do this.

"Worms and viruses are so stunningly effective on Windows only because Windows provides some atrocious functionality which makes it easy for worms to strike."

That's why you lock down windows so your users can't run custom software at STARTUP. There are several places (registry, win.ini, startup group) that can easily be restricted. By default they're not restricted because Aunt Tillie doesn't know how or want to log on to the administrator account to install software.

Perhaps, since he's posting on a tech-savvy site, he should be a little more tech-savvy?

Couple points here... (2, Insightful)

pointbeing (701902) | more than 9 years ago | (#9175607)

After reading the article it's kinda clear to me the author isn't a Windows user ;-)

If the registry or the filesystem gets bloated because of malfunctioning application uninstallers, how is that MS' fault? Blame the nitwits who wrote the malfunctioning application.

Every OS has security patches available - if lack of patch has been exploited that exploit would apply to *any* OS - not just to Windows. If someone decided to write malware for Linux an unpatched machine would be just as vulnerable. Windows is a big target.

Custom CD: "Sysprep", Slipstreamed service packs (3, Informative)

Zerbey (15536) | more than 9 years ago | (#9175618)

I skimmed through the article, which didn't have many technical details. Here's what we do at work:

You can integrate the service pack into the setup (which will be especially useful when SP2 arrives) so that it's installed at the same time. This works with Windows 2000 and up.

You can then use Sysprep (brief introduction [microsoft.com] ) to automatically deploy the latest patches the first time the machine boots.

Here's a nice article [thetechguide.com] on how to burn the result to a bootable CD.

It's a bit of work, and requires constant maintenance but it saves a lot of headaches in the long run.

An easier method, if you have a lot of machines with identical specs. Build a template machine with the OS installed, adding all the service packs, patches, etc. Use software like Ghost [symantec.com] to make an image for deploying to multiple machines.

Who says the stuff you learn on an MCSE isn't useful? :-)
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...