Running Windows for 3 weeks no viruses and no anti-virus!

[toadlife]

How do you know the "attacks" are coming from owned GNU/Linux boxes? Couldn't the cracker just be using their own box or some other box they have legit access to?

That's possible, but unlikely. The pattern in the log file is the classic one of an owned box randomly tryinging weak root passwords on random addresses. I see this exact pattern of login attempts daily basis - from linux machines all over the planet. They either try to log in as root around 20-50 times with common passwords, or they try a slightly different tactic -they will try to find password-less/test accounts by trying many common usernames like test, operator,email,joe,paul,chris,daniel, etc.

[ksym]

Bullshit. I mount cd-images in daemon tools as a power user all the time at work.

Afaik running as a Power User is almost as insecure as running as admin.

Or am I totally lost?

[Refalm]

Afaik running as a Power User is almost as insecure as running as admin.

Or am I totally lost?

There is little difference between local administrator and power user in Windows NT/2000/XP.

[ksym]

There is little difference between local administrator and power user in Windows NT/2000/XP.

Thanks for the info

I am just lazy, so I go with adming rights ... and it won't matter if my Windows goes boom, since I can easily reinstall it. It resides in another HD than my Linux installation.

[toadlife]

There is little difference between local administrator and power user in Windows NT/2000/XP.

I wouldn't say that.

Power Users cannot install/remove device drivers
Power user cannot install activeX controlls
Power users cannot take ownership of system files
Power users cannot change networking settings
Power users cannot change (or even READ) security policies/IPSEC policies
Power users cannot read the security log, and cannot clear any of the logs
Power users cannot change the firewall settings


All of these things make rootkits virtually impossible to install as a power user. It also keeps "drive by downloads" in IE from working, and many other nasty things from happening if the user executes some bad code.

Yes, you can write to many directories and some parts of the registry that regular users can't, but to say there is little difference from a power user and an administrator is wrong.

[worker201]

My ISP filters ports 135,139,445,and 1025 so I don't get hits from owned Windows boxes, but I'm sure they're out there.

My ISP, a huge strongly firewalled university network, gets no outside hits unless specifically authorized.  But inside, anything goes.  I get hits on 445 every couple minutes.  Activity on the other ports has not been as strong.  And all the hits are from different IP addresses - meaning that there is a sick amount of computers on campus that have viruses.  Antivirus is required to protect you from the stupid, as well as the crafty.  And let's face it, most Windows users are retarded.

[toadlife]

Yeah, I know what you mean. I work at a school. Back when msblaster was out, I set up a sniffer to listen for port 445 knocks and then blocked their mac addresses in our core routers. Tons of students were infected and blasting the network with packets. We posted a sign in the doorms telling them to clean up their computers and then come by the IT office to have their access restored.

[Refalm]

I wouldn't say that.

Damn that Dutch Windows 2000 :rolleyes:

So Power User = Beperkte mogelijkheden

In which case, you're right.

[toadlife]

"Beperkte mogelijkheden" == "Restricted possibilities"


hehe  

[Refalm]

"Beperkte mogelijkheden" == "Restricted possibilities"


hehe  

Okay, now I'm really confused, even more confused than learning Active Directory (which gave me headaches from the chaos and the mess).

[Lead Head]

I ran window for 3 months without anti-virus, i didnt get any viruses but the amount of spyware was incredible

[Aloone_Jonez]

Did you have anti virus installed?

Did only access the Internet from a limited user account?

Have you installed any shareware?

[Lead Head]

at that time i didnt have anti-virus and it was not a limeited acount with no sharware installed.When i finally got anti-virus it found no viruses but ad-aware found lots of spyware regularly, Even with Firefox. I get maby 3 or 4 different spyware every 2 months now so.........

[Aloone_Jonez]

Yes that's because you used an administrator account which leaves your system wide open to infection - you're very lucky you wern't infected with a really nasty virus.

[Lead Head]

ya, i was looking for an anti-virus at the time because i hated to keep paying for norton/McAffe