How to make your Windows machine more stable and secure

[Calum]

We seem to have some differing views about very nature of communication. You see, what I said still means the same thing from my point of view. However, different people interpret same words in different ways. Please read this text about Wiio's Laws to understand what I mean, I think it explains it pretty well.

yes, i understand this, but trying to have agreed definitions of particular words (like they do in the dictionary et cetera) is an attempt to reduce misunderstanding, and having a cavalier approach to the definitions of words does in no way help the situation.

[muzzy]

I wouldn't be too hard on muzzy. After all, he is a Win-d'ohs guy with a Win-centric way of thinking. It's hard to adjust to a new paradigm when you've been dealing with an op-sys that continually blurs the distinction between an application and the OS itself. It takes a crowbar and a case of dynamite to pry Inter-nut Expl-Horror from Win-Doesn't; to ditch Mozilla/Galeon/Firefox from Linux takes an uninstall. It's no surprise that he doesn't get this.

Oh my. What about the horrors such as GLIBC integrated into the linux operating system? It's so tightly integrated that half of the world breaks if you try to remove it! And yet, it's called a library, so it's supposed to be modular? What's this then?

While I admit that it's a slightly extreme to compare the components IE uses to the C library, the point remains. It's trivial to get rid of it, however if there are things that depend on it, those things will break. This is why microsoft doesn't want to remove IE, it's a library that third party developers are depending on.

[jtpenrod]

While I admit that it's a slightly extreme to compare the components IE uses to the C library, the point remains.

No, it's a whole lot of extreme, and not apropos either. Glibc is simply a shared library of functions and subroutines to take care of implementing such convenience functions as "printf" and Co., to look after the malloc arena, make system calls, etc. You can quite easily ditch it with a simple rm -f libglib*. Of course, then you would either need to write your own library to implement the same functionality or code in all low-level access and statically link it. IE is still an application, regardless of what you want to call it: "...however if there are things that depend on it, those things will break. This is why microsoft doesn't want to remove IE, it's a library that third party developers are depending on". This is something that never should have happened in the first place. It's still a piss-poor design philosophy. Aside from that, the IE "library" sux ballz, and has been responsible for most of the BSODs you get with Win (and Inter-nut Expl-Horror is the shittiest browser I have ever used). After uninstalling IE from Win-95, I went for months without seeing a BSOD.

[muzzy]

Well, go ahead and remove iexplore.exe, and you'll see that the application is indeed gone.

What comes to IE on w9x platform, I've had similar experiences with it causing unstability. Doesn't happen on NT series. The BSODs are because the OS itself (the 9x-series) sucks, not because the application sucks. IE is fine.

And the IE libraries can be reimplemented as well, and applications can do low level access if they want to. However, it's quite practical to use things like InternetOpen() in win32 to do HTTP work.

[MrX]

[Calum]

Oh my. What about the horrors such as GLIBC integrated into the linux operating system? It's so tightly integrated that half of the world breaks if you try to remove it! And yet, it's called a library, so it's supposed to be modular? What's this then?

While I admit that it's a slightly extreme to compare the components IE uses to the C library, the point remains. It's trivial to get rid of it, however if there are things that depend on it, those things will break. This is why microsoft doesn't want to remove IE, it's a library that third party developers are depending on.

this is a little misleading though and i'll say why:

with windows, you want to remove something, and if you do, and other things depend on it, you're stuffed. that's it, totally buggered. put that thing back, or you can't use the other stuff.

theoretically, even with something like libc, you *can* remove it if you do it sensibly on an open source/gnu system. this is because you can compile everything that is written against this library statically (or is it link it statically? i am no genius when it comes to this...) and then remove the library. This is actually done as part of the install process for the likes of "linux from scratch" (an extreme method of installing and maintaining linux that a few brave souls go for), they compile everything from source, statically, to make a bare bones system, then use that system to recompile another entire system so they can get rid of the static one (i think)

anyway, the point is that if you did this, everything would be huge and take up tons of memory, which is why it doesn't get done and why (generally) there are a lot more dependency issues under, say, linux than windows, because a lot of windows programs bring their own libraries with them, for instance, and are independent of the system's, or each other's libraries.

[muzzy]

"put it back or you cant use other stuff" applies to every system regarding dependencies. You can't really remove libc either. If it's statically linked, it's not removed. It's still there, and used.

[MrX]

this post has more than 765 views. what the internet world wants is how to make their shitty windowze computer more stable and secure. because a:
it is not stable
b:
it is incredibly insecure.

there.  :mad:

Mr X :beos:  :beos:

[muzzy]

a) Windows 9x is not stable. Windows NT is stable.
b) Windows 9x is not secure. Windows NT is secure.

[MrX]

i beg to differ. with winxp (based on NT)

within five minutes, i got 3 worms just from being on some warez sites. what has this world gotten too? good thing im not using that computer.

Mr X

[muzzy]

Let's see. You were using IE. Unpatched IE? And you were going to some warez sites, which are known to contain malicious stuff. Or did you think that sites which are open about illegal activity would be there just to serve you, out of goodness, paying all that bandwidth out of their own pockets to fight the system?

So, now you've fucked your system by doing something stupid. Weren't you a firefox user, though? Oh, so it wasn't your computer? That's really responsible of you, trashing other people's systems and then blaming it on the OS. You could've at least turned high security settings on before going to a known-hostile site, with a likely vulnerable system.

Anything else?

[Aloone_Jonez]

this post has more than 765 views. what the internet world wants is how to make their shitty windowze computer more stable and secure. because a:
it is not stable
b:
it is incredibly insecure.

there.  :mad:

Mr X :beos:  :beos:

tell people how to fix their Windows problems - that's really going to encourage them to convert to Linux, BeOS, BSD, MacOS etc.

 :tux:  :beos:  :bsd:  :macos:

[jtpenrod]

or is it link it statically? i am no genius when it comes to this...

Compiling is simply preparing *.o (object files) that don't really do anything until you link them into an executable. So it's static linking, which brings into the executable the actual library code instead of simply adding remote calls to library routines.

This is actually done as part of the install process for the likes of "linux from scratch" (an extreme method of installing and maintaining linux that a few brave souls go for), they compile everything from source, statically, to make a bare bones system, then use that system to recompile another entire system so they can get rid of the static one (i think)

Yuppers, that's how it's done. The whole point of the static linking is to create a basic toolchain that's independent of the header files that are on the system that does the initial toolchain compiling. Though this is not strictly necessary, it does result in a new Linux system that's not a derivative of another distro.

Definitely not for the impatient and/or faint-hearted.

[MrX]

muzzy:

oh- i forgot to say that i was using zonealarm AND firefox.
i was quite 'fluxmoxied' to notice the strange new processes running in the backround after my first reboot after installing xp. thank goodness for Security Task Manager- it has saved my butt many times.
my usual routing for a 'windows install is'
download zonealarm. download firefox.  everything else.

Mr X  :beos:  :beos:

[muzzy]

Then how the heck did you get that malware? I'd like a video prepared of this kind of experience, to show exactly what the user does, so I could see that nothing funny is done.

Oh, ofcourse, unless you install XP in pre-SP2 state, then get on the internet. This is why microsoft has been shipping out SP2 CDs for free. It's damn necessary, unless you're going to enable the windows builtin firewall before connecting to the net.

This whole thing reminds me of incident with linux tcp/ip stack several years ago. There was this fragmentation attack which could remotely crash the kernel, and most linux users weren't running any sort of firewall. They were loudly stating that linux doesn't need firewall because it's secure. Well, how will you patch your system if you can only get the patch from the net, and the network code is vulnerable? A friend of mine had to use another system to download the patch as people were flooding his ip with the attack. When something like this happens, there just aren't any beautiful solutions to it. The default XP pre-SP2 installation happens to be insecure, so you'd better get a slipstreamed installation CD prepared in case you need to reinstall, or a real hardware firewall. Otherwise, you're going to have to enable the damn firewall before you patch, and spend some quality time downloading SP2 right after installation.