[LINK] Question: How do you protect Windows?

[Adam Todd]

> > agreed. Windows is a lost cause, it will never be fixed and can never be
> > secured(*). install knoppix or gnoppix (and cross-over office or wine 
> for MYOB
> > etc) and leave all the stupid security holes behind.
> >
>
>The problem is that that does not get past the ppl who:

Look I agree Howard.   Overall Windows is no different to any other 
operating system.  Patches are released to fix security in BSD, Linux, and 
every other derivative, that's natural for OS, programmers aren't perfect 
and never will any operating system be.

Applications are always being patched too.  I'm sick fo the "Windows DNS 
server is vulnerable" so was BIND and Sendmail and Apache and every other 
application.

The difference is, in the GPL unix world, there are many more 
geographically diverse people who have coding skills and can find the 
problem and code a fix within days, rather than the bureaucratic problems 
within a corporation such a Microsoft that gets hounded endlessly and has 
to follow "legal protection and save my arse" procedures before it can 
release a patch.

Anyone can set up a Unix box too that is totally vulnerable.  How many unix 
boxes out there have a root password of : password, fred, god, superuser, 
root etc

A lot more than you can imagine.  AT least you can't "log into" a windows 
box with a telnet session on first default installation (generally.)  Crack 
and hack it maybe using other tools and protocols but you can't just 
"telnet windows.box" and enter "root" and press enter.


>1. Have a vague experience with Windows and think they "know computers"

This is the first critical problem and Rachel expressed that about Exchange 
in  her example.


>2. Accept that regular reboots, viruses, spyware and adware are a fact of life

I don't.  But so many "users" and "power users" (those who think they know 
all about computers) do.  "Oh it's just how it works."

My Unix boxes have been up for almost a year uninterrupted now (thanks to 
new UPS's that run for 8 hours instead of 2) yet my windows machines have 
had countless reboots.  (Two workstations, a laptop and a server, except my 
NT backoffice server which has also been up for a year but no one uses it, 
it's just a Drive and Print share machine!)

I have to admit, probably 85% of reboots are due to new software.  Overall 
they are pretty stable because we have a policy of not clicking on 
everything, not visiting web sites of ill repute, not downloading 
everything that pops up, not installing every piece of software that comes 
with an install, not installing every plugin into a browser and so on.

It was only the other week my wife was using my machine, which is not 
locked down that I picked up a lot of nasty DLL's and only two were active, 
which were terminated fast.

Every other machine here is locked down.  You can't install anything 
anywhere unless I log in and do it.  None have administrative or superuser 
privs on login.  Only my machine, which means security is, in essence lax, 
however password and authentication prevents unwanted use of my account.

>3. Are too stupid and egotistical to admit that they don't know better

Ego is a major problem.  Most people over 18 don't want to learn.  School 
and Univeristy is to blame for that.  Learning should be about discovery, 
not regurgitation.  So in the process of education, our society is taught 
to "put up with: and to "regurgitate" what it's told, rather than search 
for self discovery.

OK I know 40 odd computer languages and interpreters and when people say 
"Learn PHP" I groan.    It's simple enough, kinda Perl/English/C all in 
one.  But I don't need it and if I start using PHP, then my wife has to 
learn it and everyone other person who barely knows how to code HTML.

So I wrote a parser that solves all their difficulties, the only thing they 
need to know is how to use a graphical SQL interface to create their 
queries!  And you don't need to install mod_perl or mod_PHP or anything 
else.  It's plain CGI and HTML 1.0

I even coded up web access pages to my accounting database on Friday in 6 
hours.  It now shows invoices, payments, ledgers, accounts, secure for 
individual users, multiple company, man it's a full blown accounting system 
with security levels from "account holder" to "company admin" to "global" 
including "debt collector" and "legal" access to accounts flags as such, 
and only if they are flagged to that agency.

Took me as I said, 6 hours to create the web interface, it's saved me 12 
hours of extracting invoices for a debt collector (17 accounts extracted 
early last week) now they can access the other 90 accounts in collection 
status online, at their pleasure and print any part they want.  That's 
saved me one hour per account (thereabouts) and opened up the other 90 
accounts with 6 hours work.  Can't beat that can you!

All in HTML 1.0 and a CGI.  No mod_perl, no PHP.  Even my wife and sit down 
with notepad and code up good looking invoice pages now!

It even changes the logo (if there is one) on the top of each page, 
depending on the company!

>4. Listen to sales droids

School, University - listen to the sales person (teacher/lecturer) and 
follow in my footsteps.

bit like dancing lessons these days - "follow me" rather than "learn the 
methods."

>5. Are in positions where they make decisions about expenditure.

OI!  I'm one of those!