[LINK] Question: How do you protect Windows?
link at todd.inoz.com
Mon Dec 13 10:57:04 EST 2004
> > agreed. Windows is a lost cause, it will never be fixed and can never be
> > secured(*). install knoppix or gnoppix (and cross-over office or wine
> for MYOB
> > etc) and leave all the stupid security holes behind.
>The problem is that that does not get past the ppl who:
Look I agree Howard. Overall Windows is no different to any other
operating system. Patches are released to fix security in BSD, Linux, and
every other derivative, that's natural for OS, programmers aren't perfect
and never will any operating system be.
Applications are always being patched too. I'm sick fo the "Windows DNS
server is vulnerable" so was BIND and Sendmail and Apache and every other
The difference is, in the GPL unix world, there are many more
geographically diverse people who have coding skills and can find the
problem and code a fix within days, rather than the bureaucratic problems
within a corporation such a Microsoft that gets hounded endlessly and has
to follow "legal protection and save my arse" procedures before it can
release a patch.
Anyone can set up a Unix box too that is totally vulnerable. How many unix
boxes out there have a root password of : password, fred, god, superuser,
A lot more than you can imagine. AT least you can't "log into" a windows
box with a telnet session on first default installation (generally.) Crack
and hack it maybe using other tools and protocols but you can't just
"telnet windows.box" and enter "root" and press enter.
>1. Have a vague experience with Windows and think they "know computers"
This is the first critical problem and Rachel expressed that about Exchange
in her example.
>2. Accept that regular reboots, viruses, spyware and adware are a fact of life
I don't. But so many "users" and "power users" (those who think they know
all about computers) do. "Oh it's just how it works."
My Unix boxes have been up for almost a year uninterrupted now (thanks to
new UPS's that run for 8 hours instead of 2) yet my windows machines have
had countless reboots. (Two workstations, a laptop and a server, except my
NT backoffice server which has also been up for a year but no one uses it,
it's just a Drive and Print share machine!)
I have to admit, probably 85% of reboots are due to new software. Overall
they are pretty stable because we have a policy of not clicking on
everything, not visiting web sites of ill repute, not downloading
everything that pops up, not installing every piece of software that comes
with an install, not installing every plugin into a browser and so on.
It was only the other week my wife was using my machine, which is not
locked down that I picked up a lot of nasty DLL's and only two were active,
which were terminated fast.
Every other machine here is locked down. You can't install anything
anywhere unless I log in and do it. None have administrative or superuser
privs on login. Only my machine, which means security is, in essence lax,
however password and authentication prevents unwanted use of my account.
>3. Are too stupid and egotistical to admit that they don't know better
Ego is a major problem. Most people over 18 don't want to learn. School
and Univeristy is to blame for that. Learning should be about discovery,
not regurgitation. So in the process of education, our society is taught
to "put up with: and to "regurgitate" what it's told, rather than search
for self discovery.
OK I know 40 odd computer languages and interpreters and when people say
"Learn PHP" I groan. It's simple enough, kinda Perl/English/C all in
one. But I don't need it and if I start using PHP, then my wife has to
learn it and everyone other person who barely knows how to code HTML.
So I wrote a parser that solves all their difficulties, the only thing they
need to know is how to use a graphical SQL interface to create their
queries! And you don't need to install mod_perl or mod_PHP or anything
else. It's plain CGI and HTML 1.0
I even coded up web access pages to my accounting database on Friday in 6
hours. It now shows invoices, payments, ledgers, accounts, secure for
individual users, multiple company, man it's a full blown accounting system
with security levels from "account holder" to "company admin" to "global"
including "debt collector" and "legal" access to accounts flags as such,
and only if they are flagged to that agency.
Took me as I said, 6 hours to create the web interface, it's saved me 12
hours of extracting invoices for a debt collector (17 accounts extracted
early last week) now they can access the other 90 accounts in collection
status online, at their pleasure and print any part they want. That's
saved me one hour per account (thereabouts) and opened up the other 90
accounts with 6 hours work. Can't beat that can you!
All in HTML 1.0 and a CGI. No mod_perl, no PHP. Even my wife and sit down
with notepad and code up good looking invoice pages now!
It even changes the logo (if there is one) on the top of each page,
depending on the company!
>4. Listen to sales droids
School, University - listen to the sales person (teacher/lecturer) and
follow in my footsteps.
bit like dancing lessons these days - "follow me" rather than "learn the
>5. Are in positions where they make decisions about expenditure.
OI! I'm one of those!
More information about the Link