Things are out of hand...

J

j4zzee

Limp Gawd
Joined
Mar 6, 2004
Messages
290
People are really exploiting the open security of windows. Spyware, Maleware, Trojans, AdWare, Viruses, & Hijacking are driving me NuTs! It seems that everyone I know who uses windows is now infected with some sort of Windows Crud and wants me to fix it...

I also spent most of the other day cleaning up a W2K web server at a friend's business. They were running fully up2date antivirus, but were missing one iis security patch, and got hit by that IIS RPC exploit. 4 trojans ground the server to a halt.

Something has to change!
Or maybe its just that everyone I know is an idiot and I am their LeAdeR :p
sorry, had to vent...
 
If you use updated windows, updated antivirus, updated anti-spyware, and a firewall, you have nothing to fear provided you practice safe computing.

1. Distrust E-Mail attachments. Require non E-Mail confirmation that the attachment is legitimate.
2. Distrust popups. Popups are used by marketers to grab your attention. Do not believe what they say, however serious sounding it is.
3. Do not download free scren savers, games, toolbars, or anything of the like, without careful precaution. Remember that someone spent time and effort creating these, and the usual motive is that of privacy invasion.
4. Do not pirate. Not only is it illegal, but illegitimate file sharing networks are infested with viruses and malware.
5. Make regular backups. Use of write-once media such as CD-R or DVD+-R protects the integrity of your data from anything that may happen to your PC.
6. Use a strong password. Strong passwords increase security tremendously. Use a combination of letters of both cases, numbers, and punctuation. Avoid names, words, dates, etc.
7. Do not repeat passwords across services. This ensures that if a password is comprimised, the attacker's access is limited.
8. Protect your identity online. Do not respond to E-Mail with personal data, and shop only at reputable stores using 128 bit SSL encryption. Look for a Verisign or BBB seal confirming identity.
9. Do not give out youe E-Mail address, except to trusted sites and known friends. Anything promising you something in exchange for your E-Mail address is to be distrusted.
 
Such a shame that we have to purchase all these programs just to remain intact. Seems like when spyware took off, so did the spyware programs ;-) But i'm not assuming nothing.. Really...
 
Huan said:
Such a shame that we have to purchase all these programs just to remain intact. Seems like when spyware took off, so did the spyware programs ;-) But i'm not assuming nothing.. Really...
Click to expand...
Spyware can be combated with freeware, and by not installing it in the first place. Remember that Anti-Virus and Anti-Spyware programs are reactionary. Be proactive and protect yourself.
 
I think people are exploiting stupidity more than anything else here. If people would keep their systems updated and stop clicking 'yes' to every fucking box they see and don't read then we wouldn't have anywhere near the number of problems we have. The most secure operating system in the world wouldn't make people not stupid.
 
Heh, aye.. Some folks will download/agree/install anything. Bunch of goofs.
 
jpmkm said:
I think people are exploiting stupidity more than anything else here. If people would keep their systems updated and stop clicking 'yes' to every fucking box they see and don't read then we wouldn't have anywhere near the number of problems we have. The most secure operating system in the world wouldn't make people not stupid.
Click to expand...
I agree. I hate it when people bitch about Windows being such an unstable and insecure OS. Windows XP is incredibly stable, and secure if you know what you're doing. The main reason Windows becomes unstable is because of the software that is loaded on it. If you're installing "1000 Smilies addon-packs" and other shitty spyware ridden freeware like that, your computer will die and you deserve to lose all your data. People need to realize that running updates to patch the OS really aren't "at your discression", if you don't do the updates, you are choosing to leave yourself vulnerable.
Windows is unstable because of the user's ignorance. And anytime someone bitches about "Windows screwed me over", or "I've had it with Windows", they are just showing that they know very little about maintaining an OS. And of course Windows is going to be insecure when you install the malware and viruses yourself. And for Christ's sake, run a damn firewall people!
Windows is very stable if you know what you're doing.

And I'm not flaming anyone in this thread, just stupid people who know nothing about PC's and think they are SuperTech.

Nothing like a good rant to work up an appetite :D
 
Its hard to keep a lid on things when a typical user visits a website and they get an official looking dialog box that says "your system time is off, click herer to fix" or "Warning, we have detected Spyware on you computer... click here". It all goes down hill from there....

I know some very smart people that need my help just running windows update; let alone how to decide what is bogus or legit when a dialog box is staring at them waiting for that "yes" click.
 
M11, nice list. Try explaining that to the general user base of any company and you see the problem.

The proactive approach isn't education, sadly, because that is a constant uphill battle. How did that work in the virus arena? After ALL these damned virii people will still open attachments. I can't get my users to remember their passwords, what makes you think I can get them to be web-aware?

The only proactive solution is to prevent the spyware from getting installed in the first place. Just like AV, which, BTW, IS proactive since it scans before running things. The method for virii definitions isn't proactive, and never will be (heuristic scanning anyone?) The web will be the same way. You will have a filter that parses all HTML just like a virus scanner. The software isn't mature enough *yet*.

Remember the early virus days, when Norton would catch 90% of all Virii, and McAfee would be the same. There were virii that Norton couldn't catch and vice versus. To be REAL safe you ran both.

It's the same with ad-aware/spybot/<insert other spyware removal tool here>. No single tool is good enough to really clean a machine. To be safe you must run more than one.
 
S1nF1xx said:
... The main reason Windows becomes unstable is because of the software that is loaded on it. ...
Click to expand...
Such as IE and Outlook Express... (Or is MS still of the opinion that IE is part of the OS? In which case, the OS itself isn't secure.)
 
M11 said:
If you use updated windows, updated antivirus, updated anti-spyware, and a firewall, you have nothing to fear provided you practice safe computing.

1. Distrust E-Mail attachments. Require non E-Mail confirmation that the attachment is legitimate.
2. Distrust popups. Popups are used by marketers to grab your attention. Do not believe what they say, however serious sounding it is.
3. Do not download free scren savers, games, toolbars, or anything of the like, without careful precaution. Remember that someone spent time and effort creating these, and the usual motive is that of privacy invasion.
4. Do not pirate. Not only is it illegal, but illegitimate file sharing networks are infested with viruses and malware.
5. Make regular backups. Use of write-once media such as CD-R or DVD+-R protects the integrity of your data from anything that may happen to your PC.
6. Use a strong password. Strong passwords increase security tremendously. Use a combination of letters of both cases, numbers, and punctuation. Avoid names, words, dates, etc.
7. Do not repeat passwords across services. This ensures that if a password is comprimised, the attacker's access is limited.
8. Protect your identity online. Do not respond to E-Mail with personal data, and shop only at reputable stores using 128 bit SSL encryption. Look for a Verisign or BBB seal confirming identity.
9. Do not give out youe E-Mail address, except to trusted sites and known friends. Anything promising you something in exchange for your E-Mail address is to be distrusted.
Click to expand...

One can follow all that but would still be vulnerable to things like this: http://www.theregister.co.uk/2004/06/10/ms_inpatched_ie_flaw/ The user doesn't always have to be an idiot for their machine to get jacked. Granted, user ignorance is the biggest part of the problem, but it is only part.
 
Cardboard Hammer said:
Such as IE and Outlook Express... (Or is MS still of the opinion that IE is part of the OS? In which case, the OS itself isn't secure.)
Click to expand...
You're right, IE and Outlook are very insecure compaired to competing products. The main downfall of Outlook is the stupid users that open every attachment they get. Although the easy hijacking of the address book doesn't help either.
 
Shouldn't we have had someone in here with the standard response of "I'm running *nix/apple and I'm perfectly fine, muhaha microsoft sucks blah blah" by now?

Slackers... :rolleyes: :p
 
Phoenix86 said:
M11, nice list. Try explaining that to the general user base of any company and you see the problem.
Click to expand...
I do every day:p

Some days, I wish I could lock accounts for stupidity. The bottom line is when a company pays for computer service by the hour, the Owner/Accountting can see the direct result of smiley packs and browser toolbars: bills for repair.

As administrators, we can help protect the users from themselves, such as password requirements and other similar GPOs. Hell, one company I consult to fines any employee $20 for writing down passwords and leaving under keyboards, just to get around the requirement.

I will revise the list and repost it.
 
M11 said:
I do every day:p

Some days, I wish I could lock accounts for stupidity. The bottom line is when a company pays for computer service by the hour, the Owner/Accountting can see the direct result of smiley packs and browser toolbars: bills for repair.
Click to expand...

Gee, how's that working for you? Sounds like your doing it every day, and it's not helping. ;)

<---- Wishes I could show the lost productivity of smiley central and mywebsearch to someone who cared.
 
Phoenix86 said:
Gee, how's that working for you? Sounds like your doing it every day, and it's not helping. ;)

<---- Wishes I could show the lost productivity of smiley central and mywebsearch to someone who cared.
Click to expand...
I just point out to whoever pays the bill (I'm a consultant) that user X installed non-work-related product Y, and now you're paying me Z to remove it. Correlate unneeded software directly with lost money and lost productivity, and explain why spyware is bad. Managers respect the bottom line. I love my work, and there is no shortage of malware to clean up. I spend twice the time putting out fires as I do configuring the network/AD or setting up new equipment.
 
M11 said:
I just point out to whoever pays the bill (I'm a consultant) that user X installed non-work-related product Y, and now you're paying me Z to remove it. Correlate unneeded software directly with lost money and lost productivity, and explain why spyware is bad. Managers respect the bottom line. I love my work, and there is no shortage of malware to clean up. I spend twice the time putting out fires as I do configuring the network/AD or setting up new equipment.
Click to expand...

Key words in my statement "someone who cares."

I can proove it's a waste of time (we are internal IS, so it's a little harder than pointing at a bill for X time). It's really a corporate structure/political issue. Not much to be done about it on my end. :(
 
Phoenix86 said:
Key words in my statement "someone who cares."

I can proove it's a waste of time (we are internal IS, so it's a little harder than pointing at a bill for X time). It's really a corporate structure/political issue. Not much to be done about it on my end. :(
Click to expand...
ouch. sorry to hear that. well, anyway, help me revise these and maybe it will be of sufficient quality for distribution to end users
 
OK, I'll go through a couple of line to give you a heads up why I don't think this is for general users. Advanced, maybe. :)

edit: actually, there is 0 chance that's an end usre document. I'll do point one and show you why. ;)
 
You must log in or register to reply here.
Back
Top