Windows security after recovery?

Discussion in 'Computer Security' started by Whoever, Aug 3, 2005.

  1. Whoever

    Whoever Guest

    If an installation of Windows gets messed up such that it won't boot,
    automatic recovery can be done using the original installation disk.

    However, after this automatic recovery, many old files are re-installed.
    What if these files are vulnerable to security issues such as buffer
    overflows, etc.? After doing a recovery in this way, Windows Update will
    still think all the security patches are properly installed, despite
    rolling back many files to older versions.

    Is this a big hole? If so, what is the solution?
    Whoever, Aug 3, 2005
    #1
    1. Advertising

  2. Whoever

    Donnie Guest

    "Whoever" <> wrote in message
    news:p...
    > If an installation of Windows gets messed up such that it won't boot,
    > automatic recovery can be done using the original installation disk.
    >
    > However, after this automatic recovery, many old files are re-installed.
    > What if these files are vulnerable to security issues such as buffer
    > overflows, etc.? After doing a recovery in this way, Windows Update will
    > still think all the security patches are properly installed, despite
    > rolling back many files to older versions.
    >
    > Is this a big hole? If so, what is the solution?

    ###########################################
    Some people say that Windows is a hole in itself. Assuming that is true,
    hopefully your network is behind a router running NAT along with any other
    firewall rulesets you think are needed. That way, you won't have to depend
    on MS for your security.
    donnie.
    Donnie, Aug 4, 2005
    #2
    1. Advertising

  3. Whoever

    Winged Guest

    Donnie wrote:
    > "Whoever" <> wrote in message
    > news:p...
    >
    >>If an installation of Windows gets messed up such that it won't boot,
    >>automatic recovery can be done using the original installation disk.
    >>
    >>However, after this automatic recovery, many old files are re-installed.
    >>What if these files are vulnerable to security issues such as buffer
    >>overflows, etc.? After doing a recovery in this way, Windows Update will
    >>still think all the security patches are properly installed, despite
    >>rolling back many files to older versions.
    >>
    >>Is this a big hole? If so, what is the solution?

    >
    > ###########################################
    > Some people say that Windows is a hole in itself. Assuming that is true,
    > hopefully your network is behind a router running NAT along with any other
    > firewall rulesets you think are needed. That way, you won't have to depend
    > on MS for your security.
    > donnie.
    >
    >

    Running NAT or not you should patch associated software as required. If
    you don't, and are touching remote potentially compromised hosts, you
    are buzzard meat irrespective of NAT.

    If the initial writer has the original build on the system that he is
    attempting to do a partial restore, it will fail miserably if the
    recovery build is pre SP2 and SP2 had been loaded on the system before
    it failed. In this case his best option is SYDSO (SORRY YOU DIE START
    OVER). Partial recovery should not be attempted and will not be
    successful. If he is doing the rebuild option as it sounds like he will
    be, though he may not realize it yet, the system is vulnerable until he
    gets patches installed. In this case it is good to repartition (if
    nothing else divide partition then repartition to current settings),
    reformat the drive and start clean.

    I do not recommend loading the system with all the crud a commercial
    vendor thought you might want as most of the software most folks don't
    use, takes up space, and much of it has its own security issues.
    Hopefully "whoever" made an OS disk when they could (a number of mfgs do
    not supply original OS disk but allow the user to build one(of course at
    this point in time it is too late to build it). If not get an OS disk
    from someone, and use your old software key to install it.

    At a minimum he needs a firewall that is secured before he even goes to
    get the updates. Current survival time for an unfirewalled system is 22
    minutes according to SANS. Inbound ports below 1024 (old guy was right)
    should be blocked before the system goes online to down load security
    patches and software updates.

    Once the system is up to date, firewalled, antivirused, Firefox set as
    default browser with Java applets disabled, Sun Java loaded, Spybot host
    list and immunizations installed, services reduced to only what is
    required, using any mail product other than outlook express (Thunderbird
    is not a bad product but there are many fine products), then he will be
    reasonably secure until he downloads that "free" game somewhere he just
    has to have and compromises the system. Hopefully before this time he
    has already made a complete backup of his base system so recovery will
    take a few minutes instead of hours.

    From what I gathered, though there are too many unknowns provided, I
    suspect "whoever" is going to rebuild the system the hard way only
    because he didn't know he couldn't go back beyond the sp2 install date
    using partial recovery method. MS neglected to tell folks this very well.

    Winged
    Winged, Aug 4, 2005
    #3
  4. Whoever

    Jim Nugent Guest

    "Winged" <> wrote in message
    news:d5326$42f17d39$18d6d91e$...

    > If the initial writer has the original build on the system that he is
    > attempting to do a partial restore, it will fail miserably if the
    > recovery build is pre SP2 and SP2 had been loaded on the system before
    > it failed.


    What if the recovery build has SP2 slipstreamed in?
    --
    Jim
    "Be right back... Godot"
    Jim Nugent, Aug 5, 2005
    #4
  5. Whoever

    Winged Guest

    Jim Nugent wrote:
    > "Winged" <> wrote in message
    > news:d5326$42f17d39$18d6d91e$...
    >
    >
    >>If the initial writer has the original build on the system that he is
    >>attempting to do a partial restore, it will fail miserably if the
    >>recovery build is pre SP2 and SP2 had been loaded on the system before
    >>it failed.

    >
    >
    > What if the recovery build has SP2 slipstreamed in?


    If the recovery was built with SP2, it works. But I have not "seen" one
    work successfully otherwise if one rolls back past SP2 application date.
    It may be possible, I have only seen failure after the fact (some of
    the folks were sophisticated users) and ff I am rolling back I am
    re-imaging the system and never rollback that far. I am usually called
    in after the user has a system failure. It might be possible, I just
    have never seen it work in practice. Someone else's mileage may vary,
    objects are closer than they appear.

    Winged
    Winged, Aug 5, 2005
    #5
  6. Whoever

    Winged Guest

    Jim Nugent wrote:
    > "Winged" <> wrote in message
    > news:d5326$42f17d39$18d6d91e$...
    >
    >
    >>If the initial writer has the original build on the system that he is
    >>attempting to do a partial restore, it will fail miserably if the
    >>recovery build is pre SP2 and SP2 had been loaded on the system before
    >>it failed.

    >
    >
    > What if the recovery build has SP2 slipstreamed in?


    If the recovery was built with SP2, it works. But I have not "seen" one
    work successfully otherwise if one rolls back past SP2 application date.
    It may be possible, I have only seen failure after the fact (some of
    the folks were sophisticated users) and ff I am rolling back I am
    re-imaging the system and never rollback that far. I am usually called
    in after the user has a system failure. It might be possible, I just
    have never seen it work in practice. Someone else's mileage may vary,
    objects are closer than they appear.

    Winged
    Winged, Aug 5, 2005
    #6
  7. Whoever

    Whoever Guest

    On Thu, 4 Aug 2005, Winged wrote:

    > Jim Nugent wrote:
    >> "Winged" <> wrote in message
    >> news:d5326$42f17d39$18d6d91e$...
    >>
    >>
    >> > If the initial writer has the original build on the system that he is
    >> > attempting to do a partial restore, it will fail miserably if the
    >> > recovery build is pre SP2 and SP2 had been loaded on the system before
    >> > it failed.


    In my latest case, I was trying to recover a system that had been updated
    to W2K SP4 using the W2K SP2 install disk. This process did not lead to a
    bootable system. Re-installation was the only recourse.

    Earlier, I had recovered NT4 SP6a systems using older NT4 disks and I
    assume the same security concern arises.

    However, the success or failure of the recovery is not really the issue,
    rather, that there is a glaring hole in MS' security through the use of
    the recovery procedure. I was just trying to establish if I had overlooked
    something.
    Whoever, Aug 5, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Author Tarun Tyagi
    Replies:
    0
    Views:
    711
    Author Tarun Tyagi
    Dec 29, 2004
  2. Digital Image Recovery
    Replies:
    1
    Views:
    1,254
  3. Author Tarun Tyagi
    Replies:
    1
    Views:
    5,485
    salvationxue
    Apr 3, 2009
  4. H
    Replies:
    7
    Views:
    4,763
    Toolman Tim
    Jul 21, 2005
  5. Digital Image Recovery

    Digital Image Recovery and Memory Stick Recovery; Recovery of Lost Photos

    Digital Image Recovery, Sep 10, 2004, in forum: Digital Photography
    Replies:
    0
    Views:
    1,102
    Digital Image Recovery
    Sep 10, 2004
Loading...

Share This Page