lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 22 Sep 2009 14:29:11 -0600
From: Chris <r0ck@...ramail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Dumb question: Is Windows box behind a router
	safe ?

> I have a dumb question: Is a Windows box 
> behind a router safe ?

No.

> It is my father's PC and the Windows OS was not updated regularly. 

Why not?  Is he incapable of clicking on an OK button?  With Automatic 
Updates, there is absolutely no excuse to NOT be fully updated.  Don't 
give me the "old application" excuse either.  You've already said he 
surfs the web and pulls email.  Stop being lazy and tell him to update.
Period.  End of story.  Otherwise, he is being irresponsible and a risk
to himself and the Internet.

> The Windows box was connected through wire (RJ45) to the router. 
> The router is then connected to the DSL modem.
> The Windows Box has SP2 installed and the default Windows firewall enabled
> - and I think was last updated from 
> Windows Update on in 2008. It has AVG anti virus.

So, he/you knows how to use Windows Update.  Why haven't you? 

The firewall, router, RJ45 cable (cute) mean dick.  He is operating a computer.
Microsoft has made applying updates idiot-proof.  Get it done. 

> The PC was never moved anywhere and is always behind the router. 

Doesn't matter.

> The router has default settings, which I believe has no ports open.

Something you should probably check on, hrm?

> He never installed any applications or downloads anything off the net -
> mainly it is used for emails and general web browsing (using Firefox, not
> IE). I informed him to use Firefox, since IE has so many security issues.

Doesn't matter.  He is connected to the Internet and running an operating system
that is out of date.  He is in danger.

> My questions are:
> 
> 1.  There are many exploits and vulnerabilities of Windows, but I was
> wondering if outdated Windows box behind router generally safe ?  Since, the
> Windows box was not updated with the latest updates.

No.  Update the box.  Quit being a lazy SOB and get it done.  You and he are being
irresponsible by not doing so.  It's a few clicks and a reboot.  Why haven't you
updated?

> I have always thought that having a computer behind the router (since router
> has firewall) is generally safe, but I would love to hear insights or
> thoughts.

You are wrong...horribly wrong.  Get that box patched.  Turn on Automatic Updates
if you can't be bothered to point and click.

> 2. If a Windows box is behind a router, could a botnet be installed to it ?
> Assuming, the end user does not install/download any applications from the
> Internet and always use Firefox.

Yes.  Patch the box.  Patch patch patch.




-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com

Powered by Outblaze

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ