Microsoft Worm

Discussion in 'Computer Security' started by Dean Palladino, Aug 14, 2003.

  1. Okay, answer this one for me: Why do people continually get attacked by
    these worms? If you and I could create a firewall with the solutions
    that were posted here, why is it that people are still getting attacked
    successfully.

    I have a LinkSys Wireless-B 4 port router/switch, and I use Zone Alarm
    (save the spyware issues for another post). I wasn't even phased by the
    worm.

    To my surprise, Comcast was affected by it and it was very detrimental.
    Why? Where is the network administrator and why is Comcast not securing
    their network. If hackers can't see you, they can't hurt you, right?

    Okay, so its a bit of naivette on my part, but that does hold true in
    most cases regarding Internet security.

    What is the opinion of the security professionals in a.c.s.?

    Dino
    Dean Palladino, Aug 14, 2003
    #1
    1. Advertising

  2. Dean Palladino wrote:

    > Okay, answer this one for me: Why do people continually get attacked by
    > these worms? If you and I could create a firewall with the solutions
    > that were posted here, why is it that people are still getting attacked
    > successfully.


    Because Windows doesn't ship with a personal firewall turned on BY DEFAULT,
    that's why.


    > I have a LinkSys Wireless-B 4 port router/switch, and I use Zone Alarm
    > (save the spyware issues for another post). I wasn't even phased by the
    > worm.
    >


    There's some variant code kicking around that by-passes Zone Alarm. You
    ain't seen nothing yet. This worm was just a warning...


    > What is the opinion of the security professionals in a.c.s.?


    Use a Mac or Linux.
    kaptain kernel, Aug 14, 2003
    #2
    1. Advertising

  3. Dean Palladino

    Leythos Guest

    In article <>,
    says...
    > Okay, answer this one for me: Why do people continually get attacked by
    > these worms? If you and I could create a firewall with the solutions
    > that were posted here, why is it that people are still getting attacked
    > successfully.


    Most people get hacked because they think of the internet as they do
    their toaster - it's there and it works and I don't have to know more
    about it.

    In reality I would place most of the blame on the ISP's - they know that
    people are easy targets and that for about $50 they could provide them
    with simple NAT Routers that would block most of the attempts. If they
    provided them with NAT Router and Antivirus software it would fend off
    most of the hacks out there.

    As for this worm, anyone having a simple NAT Router would have been
    safe. People with personal firewall software, where they didn't
    misconfigure it, would be safe.

    Most people have no clue about their computers, their software, and even
    less about dial-up connections.

    --
    --

    (Remove 999 to reply to me)
    Leythos, Aug 14, 2003
    #3
  4. Dean Palladino

    Jeff Umbach Guest

    People who pay regular attention to windows update would be safe as well.

    --
    Jeff Umbach

    "Leythos" <> wrote in message
    news:...
    > In article <>,
    > says...
    > > Okay, answer this one for me: Why do people continually get attacked by
    > > these worms? If you and I could create a firewall with the solutions
    > > that were posted here, why is it that people are still getting attacked
    > > successfully.

    >
    > Most people get hacked because they think of the internet as they do
    > their toaster - it's there and it works and I don't have to know more
    > about it.
    >
    > In reality I would place most of the blame on the ISP's - they know that
    > people are easy targets and that for about $50 they could provide them
    > with simple NAT Routers that would block most of the attempts. If they
    > provided them with NAT Router and Antivirus software it would fend off
    > most of the hacks out there.
    >
    > As for this worm, anyone having a simple NAT Router would have been
    > safe. People with personal firewall software, where they didn't
    > misconfigure it, would be safe.
    >
    > Most people have no clue about their computers, their software, and even
    > less about dial-up connections.
    >
    > --
    > --
    >
    > (Remove 999 to reply to me)
    Jeff Umbach, Aug 15, 2003
    #4
  5. In article <3f3b81fc$0$18274$>,
    says...

    > Because Windows doesn't ship with a personal firewall turned on BY DEFAULT,
    > that's why.
    >


    Windows shouldn't ship with a personal firewall turned on by default.
    However Windows Server 2003 does install locked down by default.

    OS should only be that: an OS.
    Dean Palladino, Aug 15, 2003
    #5
  6. Dean Palladino

    Leythos Guest

    In article <>, tpacpl1220
    @netscape.net says...
    > The real question should be, " Why do people continue to use such crap
    > software like Microsoft?"


    You've got it wrong - the real question is why don't ISP's provide a NAT
    device or personal firewall for ANYONE connecting to their services?

    The MS Bashers seem to forget the weekly vulnerabilities found in Linux
    and the others found in non-MS OS's.

    If the ISP's were to provide some instruction and blocked ports that
    don't need to be exposed to the internet for the common OS's it would
    prevent most of the problems. Blame the ISP's, not MS - if every ISP
    would block ports 135~139 and a hand full of others, the net would be a
    much nicer place.

    --
    --

    (Remove 999 to reply to me)
    Leythos, Aug 16, 2003
    #6
  7. Dean Palladino

    Frode Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Bit Twister wrote:
    >> If the ISP's were to provide some instruction and blocked ports that
    >> don't need to be exposed to the internet for the common OS's it would
    >> prevent most of the problems. Blame the ISP's, not MS - if every ISP
    >> would block ports 135~139 and a hand full of others, the net would be a
    >> much nicer place.

    > Yes, it is the ISP's fault for not blocking ports for services
    > that Micro$loth should have disabled on install.


    I hate M$ as much as anybody, but the same is true of a good number of
    Linux distributions. It may have changed recently but last time (a year or
    two ago I guess) I fired up vmware to have a peek at a few distributions
    they all had tons of crap in startup scripts and inetd.conf enabled that
    shouldn't be.

    There's pretty much two very simple things Microsoft have been slow in
    doing. Fixing its email clients to not automatically execute every freakin
    scripting language supported by the OS when simply previewing a message,
    and firewall enabled by default. It is getting there. Real slow.


    - --
    Frode

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.2

    iQA/AwUBPz5yPeXlGBWTt1afEQLm5gCgk2lbKq0hJ3j64NsD+7/kAk7WqucAniHa
    vsP79wh00LYgZi4vjtE81jxE
    =mW81
    -----END PGP SIGNATURE-----
    Frode, Aug 16, 2003
    #7
  8. Dean Palladino

    Leythos Guest

    In article <>,
    says...
    > In article <>, tpacpl1220
    > @netscape.net says...
    > > The real question should be, " Why do people continue to use such crap
    > > software like Microsoft?"

    >
    > You've got it wrong - the real question is why don't ISP's provide a NAT
    > device or personal firewall for ANYONE connecting to their services?
    >
    > The MS Bashers seem to forget the weekly vulnerabilities found in Linux
    > and the others found in non-MS OS's.
    >
    > If the ISP's were to provide some instruction and blocked ports that
    > don't need to be exposed to the internet for the common OS's it would
    > prevent most of the problems. Blame the ISP's, not MS - if every ISP
    > would block ports 135~139 and a hand full of others, the net would be a
    > much nicer place.


    Again you miss the point - MS uses ports 135~139 for network traffic -
    they use it as a base part of the OS so that it makes life easier for
    networking in LAN/WAN environments. While the flaw in RPC is not
    something I defend, the fact that ISP's have know about RCP traffic on
    their networks for years and have done nothing about it is the root of
    the problem.

    I'm not a MS Lover, I don't care about the company. I have MS NT4, 2000,
    XP, AIX, SCO and a couple other OS's here.

    ISP's should be responsible for installing a NAT router at the least for
    every customer - for business accounts they should require a firewall.
    This will keep the broadcasts and inbound traffic down and prevent
    ignorant users from being compromised.

    You will find that 135~139 is needed in a normal business network - it's
    part of the OS. There is NO NEED to allow 135~139 outbound or inbound
    from a personal or business network. If you want remote access you
    create a VPN connection.

    So, don't bitch about MS, they provided a patch before this hit.

    If they disabled everything by default 90% of the users would never be
    able to us their computers and then you would be bitching about that
    too.

    People use MS because it's got TONS of support, works well, is as easy
    to use as the next OS, supports more hardware/software than any other
    OS, and is cheap.



    --
    --

    (Remove 999 to reply to me)
    Leythos, Aug 16, 2003
    #8
  9. Dean Palladino

    Bit Twister Guest

    On Sat, 16 Aug 2003 19:14:49 GMT, Leythos wrote:

    > ISP's should be responsible for installing a NAT router


    I do not want MS stupidy costing me money to us a service.
    Now, if the ISP makes it a requirement for NAT routers for
    MS users, ok I go along with that.

    > Again you miss the point - MS uses ports 135~139 for network traffic -
    > they use it as a base part of the OS so that it makes life easier for
    > networking in LAN/WAN environments. While the flaw in RPC is not
    > something I defend, the fact that ISP's have know about RCP traffic on
    > their networks for years and have done nothing about it is the root of
    > the problem.


    Nope, there is no good excuse for shipping product with the services
    enabled. MS has plenty of wizards to allow the user to turn them
    on if required.

    Third Party Software install wizard can ask user if user wants
    port opened if required.
    Bit Twister, Aug 16, 2003
    #9
  10. Dean Palladino

    Bit Twister Guest

    On Sat, 16 Aug 2003 20:20:43 GMT, Leythos wrote:

    > Do you hammer the Open Source community and Red Hat when they provide
    > products that have holes in they too or do you just slam MS?


    That is a related problem.

    > Thanks for the conversation, it was good to chat about this, but we have
    > two different views on the causes of internet related problems and how
    > they could easily be corrected.


    Yes, I just cannot see why everyone else has to limp when Microsoft's
    leg is broke. :)

    You would think that with the history of viruses/worms MS would
    implement basic security settings during install.

    They finaly bought a firewall product. Was it enabled during install
    on Home XP. Why have they not put those in products and Service Packs
    to clean up basic security holds on current products. They updated
    Internet Explorer for 98.

    Yes the User has to load the SP. MS needs to at least _start_ putting
    out the forest fire instead of hauling logs to the fire.
    Bit Twister, Aug 16, 2003
    #10
  11. Dean Palladino

    Chris Guest

    On Sat, 16 Aug 2003, Leythos wrote:

    > You've got it wrong - the real question is why don't ISP's provide a NAT
    > device or personal firewall for ANYONE connecting to their services?
    >
    > The MS Bashers seem to forget the weekly vulnerabilities found in Linux
    > and the others found in non-MS OS's.
    >
    > If the ISP's were to provide some instruction and blocked ports that
    > don't need to be exposed to the internet for the common OS's it would
    > prevent most of the problems. Blame the ISP's, not MS - if every ISP
    > would block ports 135~139 and a hand full of others, the net would be a
    > much nicer place.


    Perhaps you forget the ISP's customers who have actually have a clue about
    securing their machines and who require full access to the internet. If
    every provider imposed NAT on their customers and started blocking ports,
    then the net rapidly becomes unusable for many network developers, users
    of certain type of tunnels/VPNs (or more crucially many games and
    applications), software developers, or anyone with an interest in any
    networking beyond simple web browsing and email collection.

    Regarding vunerabilities found in non-M$ OS's, most of these are not the
    OS's themselves, but the server software run on those OS's. This software
    is usually quickly fixed but, unfortunatly, often left unpatched by the
    users. Is there really a need to restrict the use of this software
    (through blocking of ports) due to a few careless admins/users?

    --
    Chris (BALDRICK) Remove "^nospam^." to reply.
    PGP Key fingerprint = C138 73D1 B970 57D1 B90C 7616 E350 2F4C 5416 2DE2
    Chris, Aug 17, 2003
    #11
  12. Dean Palladino

    Leythos Guest

    In article <>,
    chris@^nospam^.baldrick.org says...
    > On Sat, 16 Aug 2003, Leythos wrote:
    >
    > > You've got it wrong - the real question is why don't ISP's provide a NAT
    > > device or personal firewall for ANYONE connecting to their services?
    > >
    > > The MS Bashers seem to forget the weekly vulnerabilities found in Linux
    > > and the others found in non-MS OS's.
    > >
    > > If the ISP's were to provide some instruction and blocked ports that
    > > don't need to be exposed to the internet for the common OS's it would
    > > prevent most of the problems. Blame the ISP's, not MS - if every ISP
    > > would block ports 135~139 and a hand full of others, the net would be a
    > > much nicer place.

    >
    > Perhaps you forget the ISP's customers who have actually have a clue about
    > securing their machines and who require full access to the internet. If
    > every provider imposed NAT on their customers and started blocking ports,
    > then the net rapidly becomes unusable for many network developers, users
    > of certain type of tunnels/VPNs (or more crucially many games and
    > applications), software developers, or anyone with an interest in any
    > networking beyond simple web browsing and email collection.
    >
    > Regarding vunerabilities found in non-M$ OS's, most of these are not the
    > OS's themselves, but the server software run on those OS's. This software
    > is usually quickly fixed but, unfortunatly, often left unpatched by the
    > users. Is there really a need to restrict the use of this software
    > (through blocking of ports) due to a few careless admins/users?


    Nope, I didn't forget about them - I just know that there is a lot of
    ways to limit exposure without limiting services that are available to
    most users and businesses.

    Case in point - VPN's - blocking ports 135~139 does not impact any VPN
    and it doesn't stop you from doing anything else. I've seen people
    complain about how they can't connect without 135 and such, but it's not
    that they can't connect, it's that they built a solution on something
    that was FLAWED to begin with - IT WAS THE WRONG WAY TO DO IT.

    As for NAT, I've always had a NAT system on my home internet connection
    - it never stopped me from running servers, games, etc... It always
    stopped the probes into my network for ports that were not forwarded to
    an internal IP.

    I would hazard a guess that more than 90% of the windows machines
    connected directly to the internet would not be impacted in any way by
    imposing NAT and that it would save us from about 98% of the cracks out
    there.

    The Net does not become unusable due to NAT, in fact, the Net lives on
    NAT - NAT does not mean you can't get port access to machines. I have a
    group of IP's and a firewall appliance running in NAT mode, each IP can
    have many rules to forward the external traffic to internal IP's. I
    never expose the OS level stuff to the external interfaces - if that's
    needed I create a VPN path for the user and give them access through it.

    Again, nothing is lost by blocking 135~139. I write code in a dozen
    languages, design services that run at the OS level, and also design
    networks and firewall solutions - I've never found a development project
    that could not live through a VPN solution that was working on an open
    connection.

    So, unless you can show me something that must have exposed public
    access for ports 135~139 I will firmly continue to tell people they are
    implementing bad solutions when they do that.

    I have clients all over the country that were NOT impacted in any way by
    the worm or the ISP's blocking 135 - their solutions were designed the
    correct way and the secure way.

    Don't take this wrong, but as I said before, "Just because you found a
    way to do something and it works for you does not make it the correct
    way to do it".

    Sincerely,
    Mark



    --
    --

    (Remove 999 to reply to me)
    Leythos, Aug 17, 2003
    #12
  13. Dean Palladino

    mto Guest

    "Leythos" <> wrote in message
    news:...
    <SNIP> ISP's should be responsible for installing a NAT router at the least
    for
    > every customer - for business accounts they should require a firewall.


    You're forgetting the cost factor here. The public wants CHEAP net access.
    Adding NAT for every user would significantly raise the cost to the ISP and
    lead to endless tech support problems from the huge number of customers that
    cannot configure their own dial-up. End-user price would have to be raised
    accordingly, leading to a mass exodus to cheaper ISPs. This idea might be
    good security but it is BAD business.

    The real problem(s) are computer and software manufacturers that provide
    absolutely zero information on basic security in terms that the average
    non-geek can understand and put out computers that have "features" that
    should be used with caution turned on by default with neither a warning nor
    an explanation to the average user. Decent help files would not be all that
    hard to write. "Take a Tour" could also cover the issues. A little
    knowledge can be a dangerous thing but it can also go a long way. Education
    is the key.
    mto, Aug 17, 2003
    #13
  14. Dean Palladino

    Chris Guest

    On Sun, 17 Aug 2003, Leythos wrote:

    > In article <>,
    > chris@^nospam^.baldrick.org says...
    > >
    > > Perhaps you forget the ISP's customers who have actually have a clue about
    > > securing their machines and who require full access to the internet. If
    > > every provider imposed NAT on their customers and started blocking ports,
    > > then the net rapidly becomes unusable for many network developers, users
    > > of certain type of tunnels/VPNs (or more crucially many games and
    > > applications), software developers, or anyone with an interest in any
    > > networking beyond simple web browsing and email collection.
    > >
    > > Regarding vunerabilities found in non-M$ OS's, most of these are not the
    > > OS's themselves, but the server software run on those OS's. This software
    > > is usually quickly fixed but, unfortunatly, often left unpatched by the
    > > users. Is there really a need to restrict the use of this software
    > > (through blocking of ports) due to a few careless admins/users?

    >
    > Nope, I didn't forget about them - I just know that there is a lot of
    > ways to limit exposure without limiting services that are available to
    > most users and businesses.


    Ok, firstly I'd like to apologise if my post came across as arguing
    directly against your points. I didn't make my point very clear, but I was
    mainly arguing against ISP's imposing firewalling and other services as
    standard, which affect user's connections.

    My reasons for my statements are simply that I beleive an internet
    connection from an ISP should be just that - a connection to the internet
    where you are assigned an external IP and are, for all intends and
    purposes, directly connected to the Internet.

    > Case in point - VPN's - blocking ports 135~139 does not impact any VPN
    > and it doesn't stop you from doing anything else. I've seen people
    > complain about how they can't connect without 135 and such, but it's not
    > that they can't connect, it's that they built a solution on something
    > that was FLAWED to begin with - IT WAS THE WRONG WAY TO DO IT.
    >
    > As for NAT, I've always had a NAT system on my home internet connection
    > - it never stopped me from running servers, games, etc... It always
    > stopped the probes into my network for ports that were not forwarded to
    > an internal IP.


    I agree 100% with your points above, and the other technical related posts
    you make throughout your post. I've also used NAT with great results in a
    few circumstances. As I stated above though, I think my point was (maybe
    understandably) misunderstood as it was intended to be less about the
    technical aspects involved. Once ISP's start restricting one thing or two
    things many other restrictions appear until, IMO, the services become
    only a partial service.

    >[SNIP]
    > I would hazard a guess that more than 90% of the windows machines
    > connected directly to the internet would not be impacted in any way by
    > imposing NAT and that it would save us from about 98% of the cracks out
    > there.


    A similar example would be the excessive spam filtering on one of the
    ISP's mailservers I used to work for - something else I disagree with, but
    which was made into a company policy while I was there. While most users
    may not have noticed this, a great number stopped receiving valid emails
    and there were a lot of complaints. I know that isn't quite the same as
    we're discussing here, but it's maybe similar enough for you to see where
    I'm coming from about compulsory restrictions. In this case it was purely
    an incompetent ISP who didn't really have much experience and didn't
    listen to the technical staff (I didn't stay there long btw).

    Back to the the issue.. I would agree with you about the benefits of
    ISP's blocking certain ports and maybe using NAT/etc.. *IF* there was a
    way customers could opt out of those (with a valid reason). Perhaps this
    opt out could be on subscription accounts only - That would be up to the
    ISP's to decide..

    >[BIG SNIP]
    > Sincerely,
    > Mark


    --
    Chris (BALDRICK) Remove "^nospam^." to reply.
    PGP Key fingerprint = C138 73D1 B970 57D1 B90C 7616 E350 2F4C 5416 2DE2
    Chris, Aug 17, 2003
    #14
  15. Dean Palladino

    Leythos Guest

    In article <>,
    chris@^nospam^.baldrick.org says...
    [snip]
    > Back to the the issue.. I would agree with you about the benefits of
    > ISP's blocking certain ports and maybe using NAT/etc.. *IF* there was a
    > way customers could opt out of those (with a valid reason). Perhaps this
    > opt out could be on subscription accounts only - That would be up to the
    > ISP's to decide..


    Nice response (I'm not being sarcastic). I was thinking about this late
    last night and got to wondering if they forced NAT on residential
    subscribers and nothing on business subscribers that it would give every
    customer a choice. While NAT might cause a few headaches for home users,
    I think that it would force ISP's to be a little more responsible with
    their service - almost like one chap mentioned about buying a car, what
    he failed to mention was that you have to pass a test in order to drive
    it. I think the ISP's owe it to all of us to make sure that unknowing
    people don't get on the net. It would only take a few minutes for users
    to read/test/sign-off on a form stating the hazards of having an open
    connection to the internet. (Ok, that may be a little extreme, but I'm
    not awake yet).

    It's interesting to speak at meetings and see how many people have home
    computers connected directly to the net and have no clue about security
    - I would guess that 90% of the people I speak with don't understand
    anything about the way that the internet works and the hazards they are
    exposing their data too. After you spend 10 minutes with them (or a
    group of them) they can't get to the local BestBuy quick enough to
    purchase a Linksys or other vendors router.

    As for being able to Opt into another level of service: I had
    residential cable modem service - After I started my own mail server I
    found that I could not send email to people on the ISP's own network -
    turns out that the ISP subscribes to a block list that blocks any DHCP
    based address. I subscribed to the business class service and didn't
    have any more problems. Yes, it does cost about 5 times what the
    residential service costs, but running a mail server is not exactly a
    residential type activity.

    Have a great weekend,
    Mark


    --
    --

    (Remove 999 to reply to me)
    Leythos, Aug 17, 2003
    #15
  16. Dean Palladino

    Leythos Guest

    In article <3f3f83d2$>,
    says...
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > mto wrote:
    > > <SNIP> ISP's should be responsible for installing a NAT router at the
    > >> least for every customer - for business accounts they should require
    > >> a firewall.

    > > You're forgetting the cost factor here. The public wants CHEAP net
    > > access. Adding NAT for every user would significantly raise the cost to
    > > the ISP and lead to endless tech support problems from the huge number of
    > > customers that cannot configure their own dial-up. End-user price would
    > > have to be raised accordingly, leading to a mass exodus to cheaper ISPs.
    > > This idea might be good security but it is BAD business.

    >
    > One of the most successful ADSL providers in my country (Norway) bases its
    > service on the premise that each user gets sent a netopia nat
    > router/firewall to plug into the wall at home. There's no option to hook up
    > without it. It's also significantly cheaper than its only major competitor
    > that only offers a pppoe solution directly exposing the connected computer.
    >
    > Any user "advanced" enough to really need to run servers inside their NAT
    > can configure forwarding rules via a webpage hosted by the ISP.
    >
    > I'm not terribly experienced in the adsl technology, but I have the
    > distinct impression you need some hardware at home either way. Based on the
    > above it doesn't seem the added cost of having at least NAT in that box is
    > prohibitive compared to a bare-bones version.


    Frode,

    Glad to see you post about it. In my experience the Cable Modem and DSL
    Modem's already have the ability to provide NAT in most cases. The
    addition of adding a Linksys NAT router to those that doesn't offer NAT
    would cost less than $25 for providers that purchase in bulk.

    I can see where he was coming from though - having to provide support to
    clients that want to do things that NAT causes problems with would
    increase your overhead expenses, but at the same time, I think that
    having less compromised machines on the network would also decrease the
    support overhead.

    With ADSL or SDSL and with Cable you need to have a modem at the home,
    if the ISP spent the extra $ to purchase a modem with NAT built in I bet
    it would not impact their bottom line at all.

    I like the web interface for changing the forwarding rules idea - I
    think that it would be a good solution to most of the issues against NAT
    devices.

    Mark

    --
    --

    (Remove 999 to reply to me)
    Leythos, Aug 17, 2003
    #16
  17. In article <>, tpacpl1220
    @netscape.net says...
    > The real question should be, " Why do people continue to use such crap
    > software like Microsoft?"
    >
    > They can't fix what they have out now and won't rewrite the entire thing
    > ot make it safe.
    >
    > It doesn't make any difference what they do to it
    >

    You must have never programmed before. Even so, you have never
    programmed an operating system. If you did, you would realize the
    multi-milliondollar project of rewriting the operating system to fix
    security holes that even the programmers don't know about until the
    software is put into production.

    Linus Torvalds has an email address where you can ask him how many days,
    weeks, months it took to track down all the bugs and security loopholes
    that were created when he developed Linux. That is why it is open
    source: he created the kernel and distributed it to the masses. Now it
    has been updated a number of times by a number of people and its
    popularity has grown as an alternative to Microsoft.

    I have never heard of Linus rewriting his original kernel for some
    security loop hole. Most of the open source community would find a fix
    for the loop hole and submit it. Of course, not all security loop holes
    are his fault: he provided the kernel and it was up to the application
    programmer to provide the security.

    For Microsoft, they are paying people in six figures to do one-eighth of
    the programming project that is now Windows XP. Sure, it is bad
    business to deliver a product that is less than complete. However,
    software is not a product that you can do quality testing on in labs: it
    must be exposed to the average user and then the errors abound.
    Operating systems must be put to the test for which they are created --
    if they are not, then it will not perform at a most critical moment.

    I have run Windows 98 for six years and Windows XP for three months. It
    is a night and day difference between the two. Does XP have issues?
    Sure, but with the Windows Task Manager now displaying processes as well
    as running applications, usually its an application issue and not an OS
    issue.
    Dean Palladino, Aug 18, 2003
    #17
  18. In article <>,
    ks says...
    > every customer - for business accounts they should require a firewall.
    >
    > You're forgetting the cost factor here. The public wants CHEAP net access.
    > Adding NAT for every user would significantly raise the cost to the ISP and
    > lead to endless tech support problems from the huge number of customers that
    > cannot configure their own dial-up. End-user price would have to be raised
    > accordingly, leading to a mass exodus to cheaper ISPs. This idea might be
    > good security but it is BAD business.
    >
    > The real problem(s) are computer and software manufacturers that provide
    > absolutely zero information on basic security in terms that the average
    > non-geek can understand and put out computers that have "features" that
    > should be used with caution turned on by default with neither a warning nor
    > an explanation to the average user. Decent help files would not be all that
    > hard to write. "Take a Tour" could also cover the issues. A little
    > knowledge can be a dangerous thing but it can also go a long way. Education
    > is the key.
    >

    Education, plus an inexpensive NAT router like Linksys Wireless b
    BEFW11S4. Its a nat router plus 4 port switch with wireless access
    point. I have not had any Zone Alarm alerts regarding access to my
    computer. Anything coming in, goes to the NAT router first; anything
    going out has to ask permission.

    The only thing that could be a potential security threat is Microsoft
    DCOM and COM+; it constantly wants Internet access and if something
    piggy backs on that connection, I could be in trouble. However, every
    application has to ask for permission to get access.
    Dean Palladino, Aug 18, 2003
    #18
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silverstrand
    Replies:
    0
    Views:
    616
    Silverstrand
    Feb 2, 2006
  2. Lord Shaolin
    Replies:
    6
    Views:
    2,508
    John Tate
    Aug 20, 2003
  3. code_wrong

    worm/spybot.17.t (worm spybot 17t) detected by AVG

    code_wrong, May 15, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    608
    code_wrong
    May 15, 2004
  4. Imhotep
    Replies:
    4
    Views:
    568
    Edw. Peach
    Jan 30, 2006
  5. Danny

    Worm\Spybot (P2P-Worm.Win32.SpyBot.a)

    Danny, Aug 14, 2005, in forum: Computer Information
    Replies:
    0
    Views:
    484
    Danny
    Aug 14, 2005
Loading...

Share This Page