Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > New Microsoft Security scare?

Reply
Thread Tools

New Microsoft Security scare?

 
 
Micheal Robert Zium
Guest
Posts: n/a
 
      02-13-2004
Leythos wrote:

>In article <(E-Mail Removed)>, mrozium@XSPAMX-
>yahoo.com says...
>> Leythos wrote:
>>
>> >Next time you get a chance, run a full install of Red Hat 9.X on a home
>> >PC, pretending that you know nothing about computers, and then hook it
>> >directly to the internet. Oh, one other thing, do a full install of it,
>> >just like Win XP Professional would have.

>>
>> Now, that would hardly be a fair comparison. A fully installed Redhat
>> box would likely survive for quite a while (until a person of
>> questionable scruples finds it) unaffected, unlike an XP box which
>> would likely last only minutes before it was compromised.
>>
>> Are you suggesting there is a worm that will compromise an unprotected
>> Linux box? If so, I'd like to know about it. Thanks.

>
>There are many security risks for Linux and the apps installed with most
>distros for full use workstations - all you have to do is visit cert or
>some of the popular open source sites to find them.


I agree. I do my best to keep up with them.

>While a Windows box will be compromised faster than a Linux box, the
>time is really not relevant since the number of attacks directed at the
>number of windows installations currently exceeds anything directed at
>the Linux installed base. With that in mind, a Linux distro installed by
>the same level of Windows user, one that would not secure it, could be
>compromised in the same amount of time - if the number of attacks were
>equal. What this means is that the larger target gets the brunt of the
>attacks, so a Linux box, while not secure by default, is less likely to
>be compromised in the same amount of time.


This is where we disagree. While I try to keep up with both platforms
(since I support both), I must've missed the Linux worm. Worms are
what affect (and infect) Microsoft OSes the most, in context of merely
placing an unprotected computer on the Internet (not counting user
intervention, such as hostile websites, e-mail, etc.). While it may
be trivial to exploit some of the Linux program's holes, I know of no
automated (worm) program in the wild. Maybe I'm behind the times.
Many people feel that if (perhaps when) Linux has an equal presence on
desktops, then the equal amount of worms will come. We can't know for
sure until that time comes, so it's really futile to speculate.

>You can't really tell me you've not followed the last years worth of
>security alerts for all the different OS's?


I try to. It's pretty tough to keep up with them all, especially
since most of the Linux program's problems are either trivial or don't
affect any of the setups that I control. Microsoft, on the other
hand, well...

I'm behind you 100% when you advocate securing your boxes no matter
what OS is installed. Know your OS. Sleep at night.

 
Reply With Quote
 
 
 
 
David Postill
Guest
Posts: n/a
 
      02-13-2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <(E-Mail Removed)>, on Wed, 11 Feb 2004 21:27:56 +0000,
"(E-Mail Removed)"
<(E-Mail Removed)> wrote:

| On Wed, 11 Feb 2004 21:02:41 GMT, Leythos <(E-Mail Removed)> wrote:

<snip>

| FYI I am MCSE in win2k and NT 4.

<snip>

| I connected a WinXP (cursed sw) box to the internet for a friend and
| within 5 minutes it was BLASTERed. i wiped it and put on Windows 98.

I am not an MCSE (I have 20 years experience of using PCs instead - all flavours
of MS operating systems from Windows 3.0 IIRC onwards).

Before connecting an XP box to the internet you should have

1/ turned on the built in firewall.

2/ connect to the internet and patch the OS

3/ download a decent firewall (there are several excellant free ones available)

4/ disconnect from the internet

5/ turn off the built in firewall

6/ install/configure the decent firewall

7/ connect to the internet

As an MCSE you should have known better.

<davidp />

- --
David Postill

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com
Comment: Get key from pgpkeys.mit.edu:11370

iQA/AwUBQCyxSXxp7q1nhFwUEQLVpwCeP738NlCjkwq1MrATLUC/KpGjocYAnjIq
iOf9yLq9zu1RkrXlU2mPUF83
=x+UM
-----END PGP SIGNATURE-----

 
Reply With Quote
 
 
 
 
sam1967@hetnet.nl
Guest
Posts: n/a
 
      02-13-2004
On Fri, 13 Feb 2004 11:24:06 GMT, David Postill <(E-Mail Removed)>
wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>In article <(E-Mail Removed)>, on Wed, 11 Feb 2004 21:27:56 +0000,
>"(E-Mail Removed)"
><(E-Mail Removed)> wrote:
>
>| On Wed, 11 Feb 2004 21:02:41 GMT, Leythos <(E-Mail Removed)> wrote:
>
><snip>
>
>| FYI I am MCSE in win2k and NT 4.
>
><snip>
>
>| I connected a WinXP (cursed sw) box to the internet for a friend and
>| within 5 minutes it was BLASTERed. i wiped it and put on Windows 98.
>
>I am not an MCSE (I have 20 years experience of using PCs instead - all flavours
>of MS operating systems from Windows 3.0 IIRC onwards).
>
>Before connecting an XP box to the internet you should have
>

<snip >

i wasnt the one who was going to use it.
the user was incapable of operating a firewall and the chances of her
keeping her AV dats up to date were practically nil.
in the circumstances I made the wisest choice : give her windows 98 SE
+ AVG and set it to update automatically.
if i had installed a FW she would have been on the phone every 5
minutes pestering me abou this message and the next.
I know enough about XP to avoid it like the plague and refuse to run
it here or install it for anyone. I will NEVER use it.
 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      02-13-2004
In article <(E-Mail Removed)>, sam1967
@hetnet.nl says...
> I know enough about XP to avoid it like the plague and refuse to run
> it here or install it for anyone. I will NEVER use it.


You are almost correct - you DON'T KNOW XP WELL ENOUGH to secure it so
that anyone can use it.

In about 10 minutes one can secure a standard Dell shipped XP box so
that it can be put on the internet without any additional software so
that you can download the MS Updates from MS.

As a troll you've proven that you are not really a MCSE, that you can't
even really be a MCP, and that you really can't have worked for any
support group that handles Microsoft products.

--
--
http://www.velocityreviews.com/forums/(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
Craig A. Finseth
Guest
Posts: n/a
 
      02-13-2004
In article <(E-Mail Removed)>,
Leythos <(E-Mail Removed)> wrote:
...
>In about 10 minutes one can secure a standard Dell shipped XP box so
>that it can be put on the internet without any additional software so
>that you can download the MS Updates from MS.

...

So, why doesn't someone at Dell spent those 10 minutes and do it for
everyone?

That way, the people who want to spread worms can do so with only 10
minutes of work and the rest of us don't need to deal with them (the
worms).

Craig

 
Reply With Quote
 
sam1967@hetnet.nl
Guest
Posts: n/a
 
      02-13-2004
On 13 Feb 2004 15:34:38 GMT, Craig A. Finseth <(E-Mail Removed)>
wrote:

>In article <(E-Mail Removed)>,
>Leythos <(E-Mail Removed)> wrote:
> ...
>>In about 10 minutes one can secure a standard Dell shipped XP box so
>>that it can be put on the internet without any additional software so
>>that you can download the MS Updates from MS.

> ...
>
>So, why doesn't someone at Dell spent those 10 minutes and do it for
>everyone?
>
>That way, the people who want to spread worms can do so with only 10
>minutes of work and the rest of us don't need to deal with them (the
>worms).
>

And after you have spent your ten minutes *securing* XP (cough,
splutter) you visit grc.com and discover your XP box has been
vulnerable to the mother and father of all security flaws for 6 months
(yes 6 whole months) without MS even bothering to tell you.
And as far as we know there may be other huge HOLES that have not been
disovered yet. So Leythos if you really think you can secure XP in 10
minutes you are either a bigger fool or a bigger blowhard than I
though you were.
How do you secure XP against unknown holes ? You cant.

let Mr Steve Gibson take it up from here

***************** http://grc.com/default.htm *************

This vulnerability is being called "the mother of all Windows
vulnerabilities" because it allows Windows-based commercial Internet
servers and regular Windows users to be remotely compromised by
malicious hackers through many different avenues.

Security experts were upset to learn that Microsoft was informed of
this extremely serious vulnerability more than six months ago, yet
took until now to fix the problem. The vulnerability was obvious and
easy to resolve once it was known, yet Windows NT, 2000, XP, and 2003
machines have remained susceptible. Now known publicly, the
vulnerability is readily exploitable.

Users of Microsoft Outlook and Outlook Express are made vulnerable
through their eMail client as well as other avenues, and Windows
machines with default "network bindings", which are not protected by a
personal firewall or NAT router, are directly vulnerable to remote
Internet compromise.

Security experts expect new Internet worms and new eMail exploits to
appear shortly, so please update all potentially vulnerable systems as
soon as possible. This is a big one folks . . .
************************************************** *****

Sam1967 : MCSE 2K + NT 4 (and ashamed of it)


 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      02-13-2004
In article <(E-Mail Removed)>, sam1967
@hetnet.nl says...
> On 13 Feb 2004 15:34:38 GMT, Craig A. Finseth <(E-Mail Removed)>
> wrote:
>
> >In article <(E-Mail Removed)>,
> >Leythos <(E-Mail Removed)> wrote:
> > ...
> >>In about 10 minutes one can secure a standard Dell shipped XP box so
> >>that it can be put on the internet without any additional software so
> >>that you can download the MS Updates from MS.

> > ...
> >
> >So, why doesn't someone at Dell spent those 10 minutes and do it for
> >everyone?
> >
> >That way, the people who want to spread worms can do so with only 10
> >minutes of work and the rest of us don't need to deal with them (the
> >worms).
> >

> And after you have spent your ten minutes *securing* XP (cough,
> splutter) you visit grc.com and discover your XP box has been
> vulnerable to the mother and father of all security flaws for 6 months
> (yes 6 whole months) without MS even bothering to tell you.
> And as far as we know there may be other huge HOLES that have not been
> disovered yet. So Leythos if you really think you can secure XP in 10
> minutes you are either a bigger fool or a bigger blowhard than I
> though you were.
> How do you secure XP against unknown holes ? You cant.


You didn't post anything that we didn't already know, and yes, you can
secure your machines against every day attacks. As usual, you clearly
show that you are not and have never been a technical support person and
are just a troll.

The hole, while it is very serious, can be protected against - you even
posted how, but I don't imagine you read that part either.

--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
sam1967@hetnet.nl
Guest
Posts: n/a
 
      02-13-2004
On Fri, 13 Feb 2004 15:48:49 GMT, Leythos <(E-Mail Removed)> wrote:

>In article <(E-Mail Removed)>, sam1967
>@hetnet.nl says...
>> On 13 Feb 2004 15:34:38 GMT, Craig A. Finseth <(E-Mail Removed)>
>> wrote:
>>
>> >In article <(E-Mail Removed)>,
>> >Leythos <(E-Mail Removed)> wrote:
>> > ...
>> >>In about 10 minutes one can secure a standard Dell shipped XP box so
>> >>that it can be put on the internet without any additional software so
>> >>that you can download the MS Updates from MS.
>> > ...
>> >
>> >So, why doesn't someone at Dell spent those 10 minutes and do it for
>> >everyone?
>> >
>> >That way, the people who want to spread worms can do so with only 10
>> >minutes of work and the rest of us don't need to deal with them (the
>> >worms).
>> >

>> And after you have spent your ten minutes *securing* XP (cough,
>> splutter) you visit grc.com and discover your XP box has been
>> vulnerable to the mother and father of all security flaws for 6 months
>> (yes 6 whole months) without MS even bothering to tell you.
>> And as far as we know there may be other huge HOLES that have not been
>> disovered yet. So Leythos if you really think you can secure XP in 10
>> minutes you are either a bigger fool or a bigger blowhard than I
>> though you were.
>> How do you secure XP against unknown holes ? You cant.

>
>You didn't post anything that we didn't already know, and yes, you can
>secure your machines against every day attacks. As usual, you clearly
>show that you are not and have never been a technical support person and
>are just a troll.
>
>The hole, while it is very serious, can be protected against - you even
>posted how, but I don't imagine you read that part either.
>


Q: And how many Internet users are not behind a PF or NAT router ?
A: millions and millions (apologies to C Sagan)

Attached (see SCAN RESULTS below) is a scan of my local subnet using
the MS KB scanner and as you can see many many machines are not behind
a PF or NAT router and that is only a single subnet.

Q: Given the state of the security situation at present and the known
flaws (not to mention the unknown ones ) in NT-based code what is the
wisest decision that a techie can make on behalf of a home user ?
a) Give them XP plus AVG plus a PF plus lots (and lots) of education
on security issues
b) Give them Windows 98 SE which is known to be immune from 90 % of
the current worm exploits

IMO b) is the more informed choice which is why I choose it.

************ SCAN RESULTS **********************************
Microsoft (R) KB824146 Scanner Version 1.00.0257 for 80x86
Copyright (c) Microsoft Corporation 2003. All rights reserved.

<+> Starting scan (timeout = 5000 ms)

Checking 80.225.9.0 - 80.225.9.255
80.225.9.30: connection refused
80.225.9.17: connection refused
80.225.9.31: connection refused
80.225.9.49: connection refused
80.225.9.6: connection refused
80.225.9.39: connection refused
80.225.9.42: patched with both KB824146 (MS03-039) and KB823980
(MS03-026)
80.225.9.21: connection refused
80.225.9.47: patched with KB823980 (MS03-026)
80.225.9.70: connection refused
80.225.9.64: unpatched
80.225.9.69: patched with KB823980 (MS03-026)
80.225.9.54: patched with both KB824146 (MS03-039) and KB823980
(MS03-026)
80.225.9.77: connection refused
80.225.9.99: connection refused
80.225.9.96: patched with both KB824146 (MS03-039) and KB823980
(MS03-026)
80.225.9.83: connection refused
80.225.9.112: connection refused
80.225.9.104: connection refused
80.225.9.116: connection refused
80.225.9.103: patched with both KB824146 (MS03-039) and KB823980
(MS03-026
80.225.9.108: connection refused
80.225.9.125: patched with both KB824146 (MS03-039) and KB823980
(MS03-026
80.225.9.100: unpatched
80.225.9.132: connection refused
80.225.9.141: connection refused
80.225.9.136: patched with KB823980 (MS03-026)
80.225.9.138: connection refused
80.225.9.145: connection refused
80.225.9.170: connection refused
80.225.9.180: connection refused
80.225.9.173: connection refused
80.225.9.179: connection refused
80.225.9.151: patched with both KB824146 (MS03-039) and KB823980
(MS03-026
80.225.9.175: patched with both KB824146 (MS03-039) and KB823980
(MS03-026
80.225.9.183: connection refused
80.225.9.149: connection refused
80.225.9.67: patched with both KB824146 (MS03-039) and KB823980
(MS03-026)
80.225.9.163: connection refused
80.225.9.191: patched with KB823980 (MS03-026)
80.225.9.150: unpatched
80.225.9.176: unpatched
80.225.9.177: connection refused
80.225.9.127: unpatched
80.225.9.190: unpatched
80.225.9.196: connection refused
80.225.9.169: patched with both KB824146 (MS03-039) and KB823980
(MS03-026
80.225.9.203: connection refused
80.225.9.206: connection refused
80.225.9.209: connection refused
80.225.9.202: patched with both KB824146 (MS03-039) and KB823980
(MS03-026
80.225.9.213: connection refused
80.225.9.204: connection refused
80.225.9.212: connection refused
80.225.9.219: connection refused
80.225.9.153: patched with both KB824146 (MS03-039) and KB823980
(MS03-026
80.225.9.229: connection refused
80.225.9.231: connection refused
80.225.9.243: connection refused
80.225.9.228: connection refused
80.225.9.245: patched with both KB824146 (MS03-039) and KB823980
(MS03-026
80.225.9.220: patched with KB823980 (MS03-026)
80.225.9.240: connection refused
80.225.9.233: patched with KB823980 (MS03-026)
80.225.9.252: unpatched
80.225.9.253: patched with KB823980 (MS03-026)
80.225.9.232: patched with both KB824146 (MS03-039) and KB823980
(MS03-026
80.225.9.222: patched with both KB824146 (MS03-039) and KB823980
(MS03-026
80.225.9.224: patched with KB823980 (MS03-026)
80.225.9.140: patched with both KB824146 (MS03-039) and KB823980
(MS03-026
80.225.9.237: patched with KB823980 (MS03-026)
80.225.9.114: this host needs further investigation

<-> Scan completed


 
Reply With Quote
 
Woz
Guest
Posts: n/a
 
      02-13-2004
>"(E-Mail Removed)" <(E-Mail Removed)> wrote in message >news:<(E-Mail Removed)> ...

<-snip->
> How do you secure XP against unknown holes ? You cant.


You'll be pleased to know that eEye have a list of another 9
vulnerabilities that they've reported to Microsoft and are now
awaiting patching.

http://www.eeye.com/html/Research/Upcoming/index.html
 
Reply With Quote
 
donutbandit
Guest
Posts: n/a
 
      02-13-2004
"(E-Mail Removed)" <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> malicious hackers


Hmmmmm........
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSE 4 11-15-2006 02:40 AM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola Microsoft Certification 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSD 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd realexxams@yahoo.com Microsoft Certification 0 05-10-2006 02:35 PM
microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework,microsoft.public.dotnet.framework.windowsforms,microsoft.public.dotnet.general,microsoft.public.dotnet.languages.vb Charles A. Lackman ASP .Net 1 12-08-2004 07:08 PM



Advertisments