How to make your Windows machine more stable and secure

[MrX]

i knew you were going to hammer me on the sp2 thing. it was a pre sp1 release of xp pro.
that's why I prefer an OS without virus' or malware. welcome to warez world. i mean BeOS. damn i love that. ive gotta register that domain.

Mr X :beos:  :beos:

[muzzy]

You knew I was going to hammer you with it, because you knew beforehand that the damn thing was vulnerable to various worms and you'd get spanked for staying on the net for only few minutes with it? For this reason, you also figured it'd be better to not mention it? It doesn't help your anti-windows cause if you purposedly hide facts which you find significant.

You should've known better about using ancient unpatched version, and you should've known better to not try to use it as an example here. The malware was your own damn fault and you know it. Undeniably the old versions are vulnerable, but full well knowing it going to the internet with it makes it your fault, not the system's fault.

Please format and reinstall, with network cable unplugged. Once done, enable windows firewall, after which it's safe to connect to network and patch your system. Thanks.

[MrX]

...the damn thing was vulnerable to various worms...

there's Microsoft for yeah.

but full well knowing it going to the internet with it makes it your fault, not the system's fault.

Vancouver Sun, Monday March 21
just today, the front page of the newspaper warned:
Computer working when you're not? It may be a Zombie
it talks about how windows computers get turned into zombies, especialy because they are windows machines (okay, i put the last part in  :p )
side fact sheet:
"7360 new win32 viruses and worms documented in the six months, an increase of 64% of over the first half of the year."
"Vulerabilities in web applications made up 48 percent of all documented vulnerabilities, up from 39% . "
"97 percent of vulnerabilities disclosed were rated as moderately or highly servere."
[/quote][/i]

i feel sorry for you and your shattered windows.
but i have a phd in pain . your welcome.

Mr X

[muzzy]

Fine. Go install Firefox 0.8 and then I'll make you a website to browse, let's see if you'll whine about firefox sucking ass when your system gets brutally owned.

NEWSFLAWS: Old software contains bugs.

This is in no way specific to microsoft or windows. Old linux distros are equally vulnerable, old browsers, old web servers, old php scripts, old everything. Bugs are found, bugs are fixed. The only way to stay secure is to stay recent. If you are using some age old version of software AND YOU KNOW IT, it's your own fault.

I suspect you are only trying to blame microsoft for your own faults. You can't possibly believe it's microsoft's fault if you know shit is going to happen and then it happens. I recommend you try walking in front of cars and suing everyone you can, because it's so obvious that cars are a health hazard and properly designed cars shouldn't hurt you even if you jump in front of them.

[Calum]

good call, muzzy, i don't know how anybody could argue with that.

the reason there's a firefox 1.0 is because firefox 0.8 and 0.9 were not stable (although you say they are not secure either, perhaps this is true for some versions, i wouldn't know. that's not the point anyway, the point is i agree with you here)

but

most linux users weren't running any sort of firewall. They were loudly stating that linux doesn't need firewall because it's secure.

hmm, this doesn't really sound like linux users. are you sure linux users weren't loudly stating that they didn't need a virus checker? to me it seems like anybody using the internet should know they need a firewall, and i am hardly the most educated computer user.

[Calum]

"put it back or you cant use other stuff" applies to every system regarding dependencies. You can't really remove libc either. If it's statically linked, it's not removed. It's still there, and used.

i'm not really sure what you propose as a better model here.

are you suggesting that all functions be reimplemented from scratch for every program and process that wants to use them? and that libraries should only be usable by the specific application they are associated with? this sounds quite similar to having a "Program Files" directory with each program in its own directory with its own dlls but surely this has the potential (in the existing windows model anyway) for confusion between similarly named (but functionally different) libraries, and also, i can imagine it to be about as resource hungry as static linking, no?

it's clear i've misunderstood what you're proposing, please clarify.

[skyman8081]

There is one(virus/spyware scanner), it's called chkrootkit, and it shoould be in every linux users cron.

remember, spyware needs only to run under a users account to collect and send data.  A clever one would come as an rpm download and ask to install a needed library.  the user say yes, and it installs a daemon that greps the net-logs for urls and sends it back.  Granted, it would be harder, and less users to grab info from, but still possible.

[Calum]

look *i'm* not saying linux doesn't need a virus checker (although for a number of reasons it is a lot less important than on a windows machine) however i am saying that i have a much easier time imagining a lot of linux users saying they don't need a virus checker, than that they don't need a firewall.

everybody needs a firewall, how could anybody not know this and be in charge of an internet connection?

[muzzy]

Firewalls aren't needed for systems that don't provide services, or servers which aren't interested in filtering some ip ranges. Firewalls are needed for networks, when someone might connect something nasty there which you aren't responsible of. I ran unfirewalled windows 2000 for years without issues. When the DCOM exploits came out, I had already turned it off ages ago. I was slightly pissed about the RPC port still being open, microsoft wouldn't let me close it

Also, regarding linkage and stuff, I'm not proposing anything, that's your own interpretation. It seems you are against rewriting functionality from a scratch. If so, why are you against the internet functionality libraries that IE depends on?

[Calum]

i'm not against rewriting functionality from scratch at all, i'm just thinking that if tons of programs need to implement the samething then some will do it worse than others, why not rely on the open source model and give everybody the benefit of the "best" way to do something? also, it represents a lot of time wasted and wheels reinvented if everybody holds their cards to their chest.

but for the purposes of getting rid of crufty old software with deeply embedded bugs for example, i'm all for rewriting for functionality's sake.

all i said btw was "i'm not sure what you're proposing", this is hardly me interpreting something, all i am saying is, you complain about something here (which i think is a minor point, but which you and other may not), but don't give any alternative, and i am kind of asking you what options you might put forward.

[muzzy]

I thought you were the one complaining about IE. Also, it works pretty damn fine for me. You seem to have quite a talent in twisting "open source" into everything, completely sidestepping the real issues.

I'm merely pointing that IE isn't integrated to system any more than any other library. You could say that the default C library is a lot more deeply integrated into the system, as it's even harder to remove.

[Calum]

I thought you were the one complaining about IE. Also, it works pretty damn fine for me. You seem to have quite a talent in twisting "open source" into everything, completely sidestepping the real issues.

you say nothing, while throwing in a couple of "quick stabs" of your own. please elaborate.

I'm merely pointing that IE isn't integrated to system any more than any other library. You could say that the default C library is a lot more deeply integrated into the system, as it's even harder to remove.

i know you said this, is this then another semantic discussion about what integrated means? i would rather avoid the whole thing, if that's what this is really about.

[muzzy]

Ah, we get to "what do words mean" thing now? Fine, how about telling me how having a system library perform things is less secure design than having every application implement things themselves? I thought this "integration" was what bugged you about IE? Are you also annoyed about "integration" of zlib into linux, and how it made unmeasurable amount of applications insecure when a hole was found? Are you perhaps annoyed about how opengl is "integrated" into systems, too? I suspect not. Why only IE?

Regarding my quick stab, I was referring to "why not rely on the open source model and give everybody the benefit of the "best" way to do something" and how it completely ignores the issue of libraries. Once applications is written against a library, it needs a rewrite to work against a new solution if a "better" one comes around. Also, availability of an implementation to link/work against doesn't require open source in any way. Any advantages that opensource have are also available to proprietary solutions, as long as you have right to link against them. Microsoft is providing apis which are good, and people are free to use them or free to use "open" alternatives. I recall this wasn't the first time you've purposedly narrowed your views to favor your point of view, while ignoring a broader view. I might be guilty of the same too in some posts though, not sure. It just annoyed me quite a bit here as we seem to be talking about completely different things which only touch each other slightly.

[Calum]

seemingly.

shame that is a cause for annoyance with you, considering  annoyance does nothing to further the discussion.

i am not convinced that APIs can be considered to be as good as having full read access. sometimes they will be, but that's at the discression of the publisher of those APIs. and if the API is required to write good software, and the company publishing the APIs has an interest in outdoing their competition, then there's a motive for publishing incomplete specs right there.

not saying this happens, just that the model is not very good when taken in the real world.

[muzzy]

Talking about different things and pretending they're about same subject doesn't further discussion either.

This whole thing started from jtpenrod's comment: "It takes a crowbar and a case of dynamite to pry Inter-nut Expl-Horror from Win-Doesn't". I was trying to argue that this isn't the case, and that any issues that result from removal of IE are not specific to IE but rather apply to all library type entities.

You're welcome to ditch IE, but third party apps might expect it's there. Microsoft doesn't want you to remove it because of these dependency issues, so you have to do some little work to get rid of it.