Scott Granneman, 2004-08-19
What normally happens within twenty minutes? That's how long your average unprotected PC running Windows XP, fresh out of the box, will last once it's connected to the Internet.
Colapse all |
Post comment
Wrong approach.
2004-08-20
Noam Eppel
Noam Eppel
"If a user isn't educated enough to know how to open up a port he needs to run a particular program that needs a hole punched in the firewall, then that user shouldn't have unfettered access to the Net anyway."
I think this is entirely the wrong approach to personal computer security. It is unpro...
[ more ] [ reply ]
I think this is entirely the wrong approach to personal computer security. It is unpro...
[ more ] [ reply ]
Wrong approach.
2004-08-20
Noam Eppel (2 replies)
Noam Eppel (2 replies)
"If a user isn't educated enough to know how to open up a port he needs to run a particular program that needs a hole punched in the firewall, then that user shouldn't have unfettered access to the Net anyway."
I think this is entirely the wrong approach to personal computer security. It is unpro...
[ more ] [ reply ]
I think this is entirely the wrong approach to personal computer security. It is unpro...
[ more ] [ reply ]
RE: Wrong approach.
2004-08-24
nosebreaker.com (1 replies)
nosebreaker.com (1 replies)
The onus should be on the software and security industry - those that are responsible for designing the products - to make software which is not only safe to use by default, but easy to secure.
The problem with your approach is that security vulernabilities are just that, vulnerabilities. Ther...
[ more ] [ reply ]
The problem with your approach is that security vulernabilities are just that, vulnerabilities. Ther...
[ more ] [ reply ]
RE: RE: Wrong approach.
2004-08-30
Jordan
Jordan
The problem with your approach is that security vulernabilities are just that, vulnerabilities.
The problem is that the software companies are too occupied with profits, cost reducing, effectiveness, etc. and pay too little attention on hiring good specialists and making their products stable. ...
[ more ] [ reply ]
The problem is that the software companies are too occupied with profits, cost reducing, effectiveness, etc. and pay too little attention on hiring good specialists and making their products stable. ...
[ more ] [ reply ]
Wrong approach.
2004-08-25
Anonymous
Anonymous
"I think this is entirely the wrong approach to personal computer security. It is unproductive to insist that those that just want to do their jobs, communicate with colleagues, or play games online have to become computer experts in order to do so."
I don't think the suggestion was that they sho...
[ more ] [ reply ]
I don't think the suggestion was that they sho...
[ more ] [ reply ]
Infected In Twenty Minutes
2004-08-20
Paul Thomas, AUP Investigator - UK
Paul Thomas, AUP Investigator - UK
An excellent article.
I have been an abuse investigator for a major UK ISP for four years, and I can testify to the "20 minute" syndrome.
I ordered a spanking new Dell machine in August 2003, and within 5 minutes of connecting up my broadband modem, I got infected with Welcha. You can imagine ...
[ more ] [ reply ]
I have been an abuse investigator for a major UK ISP for four years, and I can testify to the "20 minute" syndrome.
I ordered a spanking new Dell machine in August 2003, and within 5 minutes of connecting up my broadband modem, I got infected with Welcha. You can imagine ...
[ more ] [ reply ]
Infected In Twenty Minutes
2004-08-20
Anonymous (1 replies)
Anonymous (1 replies)
an analogy
2004-08-21
Daniel Convissor
Daniel Convissor
I wholeheartedly agree with your assessment. It's disgusting that MS sells OS's that don't have the latest patches installed already. Here's the anaolgy I'm using to explain the situation to people I encounter.
Imagine buying a car. Just before you leave, the dealer says "Oh, the brakes don't ...
[ more ] [ reply ]
Imagine buying a car. Just before you leave, the dealer says "Oh, the brakes don't ...
[ more ] [ reply ]
Infected In Twenty Minutes
2004-08-23
bub (4 replies)
bub (4 replies)
* Set Windows Update to automatically update the computer, without asking questions.
We'll still get the "why is my computer so slow" calls because its downloading patches in the background - if its a dialup connection or a data capped connection it might be wise to let the user decide when they ...
[ more ] [ reply ]
We'll still get the "why is my computer so slow" calls because its downloading patches in the background - if its a dialup connection or a data capped connection it might be wise to let the user decide when they ...
[ more ] [ reply ]
I agree with Bub
2004-08-23
Anonymous (2 replies)
Anonymous (2 replies)
...and you forgot the most important thing, which is use RUNAS (similar to SU) and do everything possible from a limited user account. Even a good number of IE exploits can't do anything significant if they're unable to change your system configuration, install DLL's, alter executables and such.
...
[ more ] [ reply ]
...
[ more ] [ reply ]
Let's get the analogies straight .....
2004-08-25
Anonymous
Anonymous
First, to avoid confusion, let's start by getting the analogies straight. Your computer == your vehicle; the Internet == the trailer you tow behind your vehicle. Let's face it, computers existed LONG before the Internet, and just the same as you can operate your car without a trailer, you can ope...
[ more ] [ reply ]
[ more ] [ reply ]
Infected In Twenty Minutes
2004-08-23
Anonymous
Anonymous
quote
"If a user isn't educated enough to know how to open up a port he needs to run a particular program that needs a hole punched in the firewall, then that user shouldn't have unfettered access to the Net anyway"
Are you an expert on how your car runs? Do you have mechanics telling you tha...
[ more ] [ reply ]
"If a user isn't educated enough to know how to open up a port he needs to run a particular program that needs a hole punched in the firewall, then that user shouldn't have unfettered access to the Net anyway"
Are you an expert on how your car runs? Do you have mechanics telling you tha...
[ more ] [ reply ]
Infected In Twenty Minutes
2004-08-24
dales (1 replies)
dales (1 replies)
I concur with 'bub' with regards to replacing IE and OE.... not a good idea. Users want compatibility, ease of use and simple support options. IE and OE are the most compatible products of their type with the vast majority of the internet, and are reasonably secure products if rule #1 (automatic u...
[ more ] [ reply ]
[ more ] [ reply ]
Infected In Twenty Minutes
2004-08-31
Cesco
Cesco
"I concur with 'bub' with regards to replacing IE and OE.... not a good idea."
I think t *is* a good idea... Firefox has many more features, and the most overlooked one is the possibility to use extensions. And there are extensions for about everything...
"Users want compatibility, ease of use...
[ more ] [ reply ]
I think t *is* a good idea... Firefox has many more features, and the most overlooked one is the possibility to use extensions. And there are extensions for about everything...
"Users want compatibility, ease of use...
[ more ] [ reply ]
Infected In Twenty Minutes
2004-08-25
Anonymous
Anonymous
"If a user isn't educated enough to know how to open up a port he needs to run a particular program that needs a hole punched in the firewall, then that user shouldn't have unfettered access to the Net anyway"
"Are you an expert on how your car runs? Do you have mechanics telling you that becaus...
[ more ] [ reply ]
"Are you an expert on how your car runs? Do you have mechanics telling you that becaus...
[ more ] [ reply ]
Infected In Twenty Minutes
2004-08-23
Anonymous
Anonymous
Ummm...a short comment on your approach...
If the "friends and family" to which you refer aren't already doing the things you suggest, there is a reasonable possibility that they already have the very problems you wish to prevent. Same holds for those who are running XP.
Perhaps a better appro...
[ more ] [ reply ]
If the "friends and family" to which you refer aren't already doing the things you suggest, there is a reasonable possibility that they already have the very problems you wish to prevent. Same holds for those who are running XP.
Perhaps a better appro...
[ more ] [ reply ]
NT4.0 Unpatched... Overnight... No infections.
2004-08-23
Anonymous (1 replies)
Anonymous (1 replies)
As a little experiment of my own a few weeks ago, I put a default install of NT 4.0 on a machine, with just SP2, and left it directly connected to the internet overnight. I even made the Admin password "password". You know what? Not a single infection or access. No changes at all.
What's the catc...
[ more ] [ reply ]
What's the catc...
[ more ] [ reply ]
NT4.0 Unpatched... Overnight... No infections.
2004-08-31
I'm Rick James b****
I'm Rick James b****
A cheap Linksys/Netgear NAT router would be a suggestion (to "hide behind") for cablemodem users. That would prevent a lot of scanning activity from hitting the PC - well worth the minimal $$ (plus they can get wireless access for yon laptop). But for poor dialup folks... the firewall is the only op...
[ more ] [ reply ]
[ more ] [ reply ]
Infected In Twenty Minutes: Windows only
2004-08-24
S.Kuhn (1 replies)
S.Kuhn (1 replies)
...and how happy is a customer that gets linux installed and never has to deal with anything even remotely close to that which the Windows customers have to deal with? Overall, security and safety is a nice means by which people start switching over to linux from Windows....(TCO and all - Hope you'r...
[ more ] [ reply ]
[ more ] [ reply ]
Infected In Twenty Minutes: Windows only
2004-08-25
Anonymous
Anonymous
I think your right that they would happy with thier linux install. But I must say that as user of several OSs I think this is more of a traffic issue. How can a machine thats been infected with a worm remain on the internet? Why won't the ISP detect and shutdown the customers of these machines? I re...
[ more ] [ reply ]
[ more ] [ reply ]
>1 minute with Win2K. Bought a Mac.
2004-08-24
Brad Freeman
Brad Freeman
Twenty minutes? I loaded Win2K out of the box with broadband connection over here in Sweden and it was slammed within 1 minute!
Solution...I bought a Mac. Even with the firewall off and receiving loads of infected Spam emails from an old email account doesn't seem to affect it! BTW, I have not re...
[ more ] [ reply ]
Solution...I bought a Mac. Even with the firewall off and receiving loads of infected Spam emails from an old email account doesn't seem to affect it! BTW, I have not re...
[ more ] [ reply ]
Infected In Twenty Minutes
2004-08-25
Anon
Anon
Re the firewall, if on XP, what is wrong with using the XP firewall? I find it great; far better then most firewalls that popup all the time requesting permission for various applications to access the net.
It is a bit strange to use, but once you figure it out it does the job perfectly....
[ more ] [ reply ]
It is a bit strange to use, but once you figure it out it does the job perfectly....
[ more ] [ reply ]
Infected In Twenty Minutes
2004-08-26
Anonymous (1 replies)
Anonymous (1 replies)
Let's start talking about who really should be responsible here, and no, I'm not pointing my finger at Microsoft. Let's talk about the ISPs, particularly the broadband ISPs like the telcos and the cable companies.
How much would it have cost a company the size of Comcast or Verizon to buy a Link...
[ more ] [ reply ]
How much would it have cost a company the size of Comcast or Verizon to buy a Link...
[ more ] [ reply ]
Hardware firewalls for broadband customers
2004-08-28
Rob (1 replies)
Rob (1 replies)
> How much would it have cost a company the size of Comcast or
> Verizon to buy a Linksys or Netgear router for their millions
> of Internet subscribers?
Why not include basic "block incoming request" functionality in cable and dsl modems? There'd be no need for a separate router, and almost ...
[ more ] [ reply ]
> Verizon to buy a Linksys or Netgear router for their millions
> of Internet subscribers?
Why not include basic "block incoming request" functionality in cable and dsl modems? There'd be no need for a separate router, and almost ...
[ more ] [ reply ]
Infected In Twenty Minutes
2004-08-28
digital_detractor
digital_detractor
Cheers to you for writing an article that us IT people can laugh at. The funny thing is you were right I am going to print this article aout and hand it to clients I guarantee they won't read it. With every1 yelling at microsoft for being full of holes etc etc etc normal users don't take time to pro...
[ more ] [ reply ]
[ more ] [ reply ]
...
[ more ] [ reply ]