| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: mvp at joeware.net (joe) Subject: MS Anti Virus? Can users hook themselves up to the internet? Last time I got a cable modem hooked up I had to have some "technician" come into my home and spend a couple of hours trying to figure out how to hook the thing up even though I bought my own Cable MODEM and ran my own RG6 and had everything ready, just needed an IP address. In fact I built a special PC with bare bones configuration so the "technician" could monkey with that and not try to figure out my LAN. It was a nightmare, I would keep dropping hints and he wouldn't listen and then a while later would be like,oh yeah, I have to do this, which would be exactly what I hinted. The guy had no clue what he was really doing as he was a wiring guy that had picked up an extra task. Had no clue what a patch was let alone wondering if the PC was patched even though the little balloon was sitting there saying there were updates to install. I think if I said firewall he would have a nightmares of running cable between a garage and a house and properly repairing the hole he made in the garage firewall (fire break) so that it was back up to building code... So what I am saying is, I think the ISPs need to share some of the responsibility of hooking people up safely, don't just plug them in. If they already have to come into the home or at the very least you talk to them on the phone, push firewalls and internet safety. The first time they come up when they sign up, maybe scan them and see what is open and drop a friendly hint, why I see that all of your ports are wide open and your PC named EasyRider69 is fully visible to me... You might want to secure that. Alternatively, have the ISP block all but say ports 25,80, and 110 by default for every user and the user has to connect to a website of the ISP and uncheck other ports they want opened up. That way it would take a semi-educated user to actually use the service irregardless of the OS. If that is too tough, set up a multiple VLAN configuration where by default the user gets placed in babystep VLAN which only has a couple of basic ports and they have to be requested to be put in the big person VLAN to get open access. Again however, MS is stepping up on this. Go look at XP SP2. It is a big step in the direction to help users protect themselves. Of course of course, they have always done bad things so they can't possibly do anything better now. How thoughtless of me. Of course someone like yourself is so good at coding you know that every piece of code you have ever written has been perfect right off and no possible issues... Oh wait, you implying that means you probably have never coded anything more complex than a basic tool if that. I agree that MS helped create the mass of inept users... However, I don't see any OSes going out there creating knowledgeable users. In fact had MS not done what it had done, I don't think we would be anywhere near where we are right now for penetration of PCs in the home and lower costs associated with that. I am just guessing but irregardless of what OS you are on now, you most likely were running an MS OS at some point. Not many people start on Mainframes and UNIX machines and went straight to non-MS offerings. Why? Not much else existed in the home for some time. Probably the few (relatively speaking) that can say they haven't ever run an MS OS are those that started using computers in University and never left so always lived in the UNIX world or Apple folks. If you had a PC at home and it wasn't an Apple, the chances are good it had MS on it. This is slowly changing now with the various *nix knockoffs such as BSD and Linux, but was the case for a long time. I look forward to BSD/Linux gathering steam and becoming better and better and more and more accepted. For several reasons actually. First off, MS always thrives when given good competition, it pushes itself to do better and better which is good for computing in general because they have serious cash to put into the endevour, not many computing places now have multi-billion dollar R&D budgets to make home computing better. Second off, the Linux world will have to clean up, right now it is a bit chaotic with all of the various vendors duking it out over who is better and you having to be really sure of what you have before you install things. It reminds me of earlier MS days with Win9x and NT and having to figure out what you had so you knew what you could install. It is a pain in the butt when consulting for large companies when they are trying to figure it out because not only is it a case of figure out if you want Linux or Windows, it is which flavor of Linux do you want. Just dilutes the whole thing. Yes yes choice is good blah blah blah. Sometimes though in the committee driven worlds of corporate America, a multitude of choices can be a bad thing. > You'll have to pardon me if I don't shit myself > repeatedly in fits of white-knuckle anticipation > of the next version. You sound like a jilted lover here. Not someone looking for the computing world to get better. -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of rob@...cast.net Sent: Thursday, June 17, 2004 5:42 PM To: full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] MS Anti Virus? On Thu, Jun 17, 2004 at 11:51:46AM -0400, joe wrote: > However the worms would be blocked if people had patched their machine > or otherwise properly administrated the machines they were responsible > for. All of the worms that I think you are probably referring to all > had patches well in advance of the worm that impacted it, blaster, slammer, sasser, etc. > > Home users never should have been impacted as they should be running > firewall software on the internet connections. The fact that they > don't isn't MS's fault, however MS is stepping up with XP SP2 to help > out. On top of that they should be patching when necessary. [snip] > Thinking that there will never be code patches required isn't realistic. [snip] Can you explain how it's realistic to expect the millions of home Windows users out there now to know how to properly administrate their systems? If anything that's been discussed here so far is unrealistic, that must top the list. They're only starting to get the message that patching is necessary. Very arguably, Microsoft helped create this culture of technically inept users who view the computer like any other household appliance. And now what? It plans to force-feed basic computer security training and earthshaking updates down the throats of the same users to whom it's been spoon-feeding computing-through-ignorance babyfood for years and years? You say "the worms would be blocked if users would..." I say the worms wouldn't exist in the first place if Microsoft had written their software securely. It's easy for both of us to say, but which is easier to actually *do*? Microsoft has little control over what end users do, but it has complete control over the design, quality, and configuration of the software it ships. With the resources and market share they have, they ought to be leading the industry. Instead, they are the armpit of the industry. Folks who have been paying attention o'er the years know the same lies, half-truths, and PR maneuvering they hear today that they heard back then. "It'll be fixed in the next version", eh? You'll have to pardon me if I don't shit myself repeatedly in fits of white-knuckle anticipation of the next version. --- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists