I am a “Technologist”, a Technology enthusiast that is usually the one that is called should a major catastrophe strike an end user. My saga of computer rescues becomes a plot that is ever so thickening, if not only for the fact that’s it’s becoming incredibly easy for hackers and malicious code writers these days to invade personal property to find, seek, and destroy. Each year, virus and hacker threats increase, and in addition the damage trail left behind is something of a problem. Not to forget, a majority of “PC Panic” cases I’ve come across are often times the same common, “major” problem.Educating the casual computer users is often the hardest. (Hopefully with this article, at least one person out there will take my advice seriously and avoid a major problem). Casual PC users often times see my views of the importance of anti-virus software and firewalls as being somewhat “paranoid”, but it’s often those same people who come to me weeks later wishing they had heed my words.
As I’m writing this, a new worm has been found, dubbed “MSBlast”. In just one short day, a vast majority of users at a message board I am a member of were inflicted with the virus almost instantaneously. For this, I cannot stress enough the absolute importance of Antivirus software. Sure, none of it is foolproof, but it’s an additional weapon that may protect you should a download be of the most unlikely. Even so, a great deal of cases that have been brought to me, were those of virus infected computers of those that did have antivirus software, yet had not updated the virus definitions.
Thankfully, there is a wide selection of software available to help in the fight for your data. Symantec, McAfee, and Trend Micro have packages available to help protect your PC. In some cases, even free software packages will suffice.
Each passing year, software which protects against viruses is becoming more and more crucial. If you’re reading this and you do not have virus protection, I’d advise you to get it as soon as you can. In the industry, I’ve watched viruses grow from a small unpopular sci-fi story arc, to a real life nightmare, and it’s only getting worse.
On the same subject as viruses, security is also something the majority of computer users these days don’t think about. Firewalls are a great choice; Firewalls are applications that attempt to block unauthorized access to your computer by mass marketers and even hackers. A PC without a Firewall is much like a diary without a lock; The data on a machine without proper security measures taken is considered fair game by many of the code warriors out there, and they do exist. Sygate, as well as McAfee and Symantec, produce acceptable Firewall packages to help protect your data. As with some Antivirus software, some are even free for a single user license.
How do viruses find their way to your hard drive? The most common response to this is downloading from an untrustworthy source, and even opening an email attachment from an unknown (or even known) individual. Indeed, this is often the case, but it seems these days hackers themselves can hack into your machine and place the virus in your computer without you having to download anything, which makes security even more important.
It has always been my belief that since we are all part of a global network, we are all equally responsible for the spread of viruses and malicious code, due to the fact that it is through unprotected machines that viruses spread, and I believe if more people took action, virus infections would decline, rather than spread at the rate they are now.
We should all take action now, and secure our own machines, not only for the sake of our own private data, but in addition to help stop the spread of hackers and viruses. The MSBlast worm, which has infected 12 more computers from the time I started this article to the point I’m at now, has further proven my fact.
Hopefully we can all work together and help stop the ease of spread this malicious code has.
To sum it up:
- PC security is not just for the paranoid, it’s for every PC user
- In this day and age, anti-virus software is imperative
- Any PC connected directly to the Internet needs a firewall
- Failure to heed these steps makes us part of the problem, as our PC could be used to spread the attack.
If you’d like to get a great deal on Norton Systemworks, OSNews readers can get a great price here.
a:> format c:/
like always…
You’re either part of the solution or part of the problem.
PC users should disable useless services, apply security patches, and setup a firewall or secure NAT device.
it is not only affecting Windows, but also Linux, AIX, Solaris, True64 and Unicos. Probably others as well.
While I think users should take a big part in their own computers security, the manufactures should also deliever the computer/os in the most secure yet usuable state. This doesn’t mean turn on every service just because it may be used.
This goes for both M$ and any other OS out there. If 99% of your users don’t need the service…don’t turn it on by default or don’t even install it.
-Nick
p.s. seeing how long it takes before moderators are awake
Call me crazy, but that is one of the reasons I prefer Apple. Yea it may have its limitations, but I have never in the past ten years had to worry about any of my Macs unlike the my windows 98, 2000 and now XP boxes I have. I spend far less time working on the box and more time using it, maybe windows can still learn a thing or two from apple?
That’s like saying every home owner should have a gun: Sheer and utter bollocks.
Use your brain and you won’t get virusses. A virus is the result of a lack of security.
I’m not afraid of computers. I’m not afraid of hackers, and I’m certainly not afraid of viruses; why? because they aren’t that big of a deal. I’ve been avidly using computers for 12 years now and have never once ran into a problem, why? because I don’t share media, I don’t open unsolicited e-mails, and I always use a hardware firewall.
I personally don’t think that there would be as much of a problem if these things became a norm of computing, but they’re not. People share files left and right, and they not only commit a crime doing so, but in my opinion, get what’s coming to em through trojan horses and such. People always open the unsolicited mail, because they believe that some one named Darla, “missed them last night.” (Yea right) And finally, no one uses hardware firewalls because they’re too cheap to spend twenty bucks on a router to stick between them and the internet.
You can blame the OSes all you want, they’ll never be perfect. There will always be a flaw in the program to take advantage of, and there will always be someone out there who wants to take advantage of it in order to flew their “muscles.” People are not perfect, so the software they produce will never be perfect.
I’m not afraid of these things that are the norm of today’s computing world, I’m afraid of the people who are unwilling to use there brains while using their computers.
just as I’m not perfect with my spelling errors.
I’ve been reading up on something called “capabilities” that seem to really help. Supposedly, they can not only greatly increase security but also make a computer almost totaly virus-proof.
/throwing ideas at you
Yeah! Macs are so secure that my boss forgot his password and I was able to boot into single user mode and take over the root account. You see this was a brand new mac from factory. They also have their share of security issues. Other than that they are pretty good computers. No OS is totally perfect.
I don’t use a firewall (have a hardware firewall, but it’s turned off), and I don’t have anti-virus software running in the background.
I do occasional checks every now and then for the not-so-obvious ones (and no, my antivir isn’t damaged by a virus. It gets reinstalled during every update).
And I never revieved a single virus/worm in my life.
I think that when you are an experienced user, you shouldn’t need either one (firewall nor AV). I think it’s more imperative for the non-experts and companies.
revieved=recieved
Looks like I need a AV in my head
.
Any machine you have physical access, is insecure.
Give me a sledgehammer, and I’ll give you a denial of service attack, no matter what operating system you use. 🙂
running a mac and running a PC with Linux on it :-p
I do have an XP laptop, as far as that goes, it is not on-line enough to worry about.
It is not the user’s stupidity that causes the problems with Windows security — it is Microsoft. For some facts, see
http://news.com.com/2100-1002-5062832.html?tag=nl
First step : buy an old pentium and install a real firewall on it.
Second step : send your copies of Windows, Norton and Sygate to the Salvation Army.
Third step : format your hard disk.
Fourth step: install the stable branch of a free OS on your disk
Fifth step : sit down, relax and enjoy your computer for the first time in your life.
From now on, you won’t spend your hard earned money either on a Fisher Price operating system (Windows) or on scotch tape that prevent Windows from collapsing (antivirus, Sygate and other nonsense). No more “Code Red”, “Melissa” or “Tchernobyl”.
>That’s like saying every home owner should have a gun: Sheer and utter bollocks.
>Use your brain and you won’t get virusses. A virus is the result of a lack of security.
Anti-virus programs and firewalls are security tools. Not all viruses propagate by users opening attachments–some spread by exploiting vunrabilities present in default and normal installs of operating systems. For Windows, the lack of security, many times, rests in the operating system itself. The user must take extra steps to make the default install more secure. Installing an anti-virus or firewall package seems simpler than explaining how to disable services in Windows XP/2k. Any operating system takes extra steps to become secure
Not everyone needs a gun for security (OpenBSD) BUT doors and windows do need locks and latches (AV and simple firewall)
That’s all well and good if companies (not mentioning any names) would make it so you could trust that you were actually getting a security patch AND ONLY a security patch! Sometimes I feel I need more security from non-disclosed OS maker than from the evil-doers of the net!
“and I always use a hardware firewall. ”
Installing a firewall on Windows is just plain stupid since Windows is so bloated. However using a software firewall on BSD’s or Linux is very similar to using a hardware firewall (as long as you do a minimal installation). After all, that is what a hardware firewall is, a minimal operating environment with a software firewall on top and hardware that accelerates it’s ability to process packets.
“I don’t use a firewall (have a hardware firewall, but it’s turned off), and I don’t have anti-virus software running in the background. ”
I don’t know if you are being serious or not, but if you do have a firewall and you are not using it, you do not know as much as you think you do. Just because your system is patched up, it doesn’t mean that there aren’t any unknown exploits in your services that a hacker might know about. Furtheremore, with a firewall, you can limit connections to outgoing only and limit even further limit connections to syn or ack packets.
“Yeah! Macs are so secure that my boss forgot his password and I was able to boot into single user mode and take over the root account.”
This is not a security ‘problem’. It is a feature. I’m not being sarcastic. Anyone who has access to the physical computer should be able to do whatever he wants. When someone can physically get to the computer, no amount of security is going to be able to protect you.
well, similar discussion was help on one czech forum. Some ppl were nearly laughing and calling users lamers, because they don’t know that they should block port X or Y by default, use firewall etc. I can even see one hero here suggesting buying hardware router.
Well, excuse me, I am at least slightly advanced PC users and yet installing and configuring hw router would be new job for me. Now – should we really blame average users? Should we tell them – don’t use your PC, if you don’t know, what does TCP/IP, firewall etc. term mean? That sounds plain stupid to me.
I think that in today’s complex sw systems age, OS companies should think first, release afterwards. MS surely invests millions in UI ergonomics experts, yet I still have to see single dialog asking user plain and stupid – do you understand one of following terms? – firewall, tcp/ip port, etc. … if the answer is not, I would enable/install firewall protection by default.
I am starting to think that MS has to know it, but it somehow has to fit their marketing machinery, that the word Windows is covered in the media from time to time, because of mass vulnerability attacks, which could be prevented by more sophisticated OS installs …
-pekr-
Slash, Can a Pentium 60-75 running a BSD OS be sufficient to be a Firewall?
The reason that there are a lot of insecure computers on the net is, imho, a combination of:
– incompetent admins. There’s tons of ‘highly trained’ IT-professionals that _still_ haven’t patched their companies windows boxes.
– ignorant users. Ask anyone who has ever worked at a helpdesk…
– a popular OS that wasn’t designed to be secure. And worst of all, they don’t even care, although they say they do.
– a general trend to prefer features and ease of use over security. This also includes weak/hidden-under-keyboard passwords.
So what can be done? Educating admins and users would be a good start. But as long as certain software giants don’t start spending genuine attention to security, nothing will change.
But then again, I’m just an OpenBSD-running geek who couldn’t help laughing while reading the news today 😉
Are people expected to make sure their car is safe from manufacturing defects? You know, get under the hood and do all kinds of things requiring specialized knowledge about automobile engineering?
Am I supposed to be my own doctor? Lawyer? Fridge repairman? Plumber? OK, like I really have time to do all these things, and acquire all this specialized knowledge.
Firewalls and Antivirus – people should not have to even know what these are or think about them. This should all be handled by the people that make the machines we buy. Wintel is a giant sham because it foists problems on people THEY should fix. Screw them. They should earn their goddamn money instead of scamming us.
” Each year, virus and hacker threats increase, and in addition the damage trail left behind is something of a problem.”
Correct, but only because the predominant operating system is coded the way that it is.
” For this, I cannot stress enough the absolute importance of Antivirus software.”
Quite true for users of Outlook and its variants.
“Even so, a great deal of cases that have been brought to me, were those of virus infected computers of those that did have antivirus software, yet had not updated the virus definitions.”
Or those computer newbies, like a friend in another state, who received AV software with his new XP, but it was only good for 6 months. No, he did not pay additional $$ to purchase further protection. And once he got infected, he left his system connected via DSL, and didn’t reboot, retry or reinstall.
“Thankfully, there is a wide selection of software available to help in the fight for your data.”
Yeah, Redhat, Suse, Debian, Gentoo, Ark, Arch, Libranet, FreeBSD, OpenBSD, NetBSD, etc.
“Each passing year, software which protects against viruses is becoming more and more crucial.”
You mean “Micrsoft Viruses.” By all means, if we are precise in our descriptions, no one will be confused as to what is being discussed here.
“How do viruses find their way to your hard drive?”
Microsoft makes it very easy for Microsoft viruses to infect your systems. Google for “outlook security holes” and you will see what I mean.
“…but it seems these days hackers themselves can hack into your machine and place the virus in your computer without you having to download anything, which makes security even more important.”
Well yes, Microsoft products make such a task trivial to do. If only Microsft would take security seriously.
“…we are all equally responsible for the spread of viruses and malicious code…”
Sorry, I did not code any Microft products, so am not the one who put such obvious security holes in wide circulation across the world. But thanks for playing.
“In this day and age, anti-virus software is imperative”
I guess so if you use Microsft products. One would even call anti-virus a necessity in that case.
“Failure to heed these steps makes us part of the problem, as our PC could be used to spread the attack.”
billy gates why do you make this possible?
Stop making money and fix your software!!
I rest my case.
To the person who said that he had some experience with
computers, but that he had none configuring routers:
I thought I would share my own experiences with a Linksys
router I purchased to protect my home cable modem Internet
connection. First, I took out the power supply block and
plugged it in. Then I plugged it into the router itself.
Next, I plugged the cable from the cable modem into the
router. Then I plugged the computer into the router. I was
online with a firewall. That was it.
DSL users may need to enter PPOE data, but that is done
via a Web browser. You can also tweak other things
(again, via the Web based interface), but that isn’t
needed.
OK, so now you described how to plug in a firewall. The missing part is the configuration… never mind.
depends on the amount of bandwith it has to handel.
i had an 486 with bsd for a 4mbit connection no problem
a pentium 75 should be abel to handel a 10mbit conection.
for a 100mbit conection i would say a p2 233 is the minimum.
of course if you would want qos traffic shaping and other cool stuf it takes more hardware
I have a D-Link hardware firewall and, if I remember correctly, all I had to do was fill in the blanks with the values from my xDSL provider and then set the MTU setting to 1492 (the ISP uses pppoe). I have since recommended this solution to a bunch of clients, faculty members and friends – and every one of them has been able to figure it out.
At $60 Canadian is there any reason NOT to have one of these?
(I also have an OpenBSD bridge set up between my home LAN and this box for paranoia’s sake, but the D-Link is doing a great job)
— “Yeah! Macs are so secure that my boss forgot his password and I was able to boot into single user mode and take over the root account. You see this was a brand new mac from factory. They also have their share of security issues. Other than that they are pretty good computers. No OS is totally perfect.”
Set the open firmware password. A PC is just as insecure without its BIOS password set…
Include the fact that OS X 10.3 will include the ability to easily encrypt the entire home folder, and you will have a system not just more powerful and capable than any windows box, but also more secure.
“Educating the casual computer users is often the hardest. (Hopefully with this article, at least one person out there will take my advice seriously and avoid a major problem).”
Jeremy, I think in posting your article on OSNews, you’re preaching to the converted. Not exactly a hangout for typical “end-users”
—
Mac-user and virus-free since 1986
Here is the problem with this article. The vast majority of PC users are not tech saavy and don’t care about security. Most do not have broadband connections or run software or hardware firewalls. Most probably do not have an OS more modern than MR and if they do the firewall is not on or properly configured.
Your Linux users are a little bit more saavy often having experience with more than one operating system. The Mac users can be just as clueless as PC users but more likely than not they proabably do use PCs on a daily basis so they are somewhat familiar with their problems.
I would say that educating users is important but at the same time MS really needs to focus on making their OS less infallible than it is. It would not at all surprise to find that a majority of these attacks are launched by script kiddies with less than an intermediate knowledge of TCP/IP, networking and Windows.
You can always say that no OS is perfect but with Windows coming from a company whose economic, intellectual and R&D assets that are about infinite compared to small operations like Apple, BSD and Linux its really a pathetic excuse and not worth mentioning.
“Slash, Can a Pentium 60-75 running a BSD OS be sufficient to be a Firewall?”
Yes, I have FreeBSD 3.4 on a 386SX/33 between my cable modem and my network. Works fine. Has since 3.4 was current. Doesn’t do stateful firewall rules, but it does what I need – and that’s the important part.
Does anyone know of a Open Source Firewall for Windows?
I meant Windows ME
Keep your OS up to date.
It’s hard right now not to chirp in about Macs and OS X vs XP but how many of these attacks are people going to take before they seek alternatives. Many companies just don’t have the it budget that it takes to keep all the PC’s up to date. I just finished updating a couple of computers that were just installed a couple of months ago and software update showed 7 critical patches that needed to be updated. The average user doesn’t take the time or is afraid to install the patches. If you add up all the extra time and aggravation it takes to try to keep these computers up to date and virus free it makes Mac’s look downright inexpensive.
“Keep your OS up to date.”
Oh, you mean like my neighbor, who has had his Windows XP system get hosed one too many times, from visiting Windows Update, and won’t go near that website with a ten foot pole anymore?
No matter how good antivirus software or how secure the firewall on a computer is worth shit in the hands of a dumb user
sorry but i hav to disagree okay maybe you are talking about a the majority of Windows users, i have been a windows user since 3.1, and i have had every version of windows since including, the NT server releases, i have a wide understanding of Hardware & software, i have used SuSE linux 8.2, red hat 5.1, gentoo Linux 2.0.1, MenuetOs 0.74, SkyOs 3.8.9, Aros 3.0, Amiga 3.1, OpenBeOS, V2 0s, Lindows and Mac Os 9, all of which hav there security holes, so far the most secure Os i have come accros is V2 Os but its a CLI system, built in assembler which means not many 3rd party Apps (eg trojan horses, Worms & viruses) can violate the system as many of these are multithreaded and v2 Os is not, making it basically usless as a Os for other than Dos style commands, the next most secure in my experience is SkyOs, because it is a totally original kernel and code it doesnt have any code which present Linux/Unix/Mac/Win viruses could use to propergate, the most secure distro of linux in my experience is Gentoo, because all files must start off as code and must be compiled before use, and the compiler scans for errors and code that could render the system comprimised, but in later releases of Gentoo that could have changed. i no i’ve babbled on long enough 🙂
you refer win users as Pc Users and linux users as linux users, remember the vast majority of Linux distros are for x86 / i386 systems so that would make Linux users Pc Users, wow and will you look at that, that would mean majority of linux users are not tech savvy, wow isn’t it amazing how life just comes and bites u right in the ass
I disagree with you, anonymous. A virus is something that can only enter your system through a lack of security in other areas, or through a lack of brains in the user.
If you use a virus-sensitive operating system then that’s your problem, I too use windows sometimes, and I have *never* had a virus on it. Never. Do you know? Because I use my brain.
Surely my mailbox is probably filled with them, but my email client is smart enough not to randomly execute them, and so am I.
Unless you can afford a Cisco router, all the other ones available are crappy. They do the job, but as for security, I’ve seen much better. First of all, it allows ICMP requests. Enough said.
I agree though, the problem comes from users not knowing what they’re doing. But 2 years ago, I found the best solution to all those problems: *nix.
hehehe, that was such a good joke. another proof of the crappy software they produce.
“I’ve been reading up on something called “capabilities” that seem to really help. Supposedly, they can not only greatly increase security but also make a computer almost totaly virus-proof. ”
That would be EROS.
http://www.eros-os.org/
People saying “I never run AV in the back and I don’t feel the need to run a software firewall” are being very careless and will be vulnerable as butter in direct sun.
This is because sonner or later they will install some shareware or freeware on the PC they use for the internet. This apps open many doors that one does not know about, even if you spend time checking wich app is opening what or if it loads on start up (as a hidden – from the user – service). By using a good firewall – a firewall that starts before ANY other service starts – you are safer.
As for software firewalls that is a must today. There are so many win32 machines connected that hackers (or crackers to be accurate) devote more time learning win32 vulnrabilities.
Linux/BSD is not safe either without a software firewall, just think how many users run apache without knowing, for example; Linux just doesn’t receive as much crackers’ time.
If you want to get your sensitive files secured put them all on a non shared OS file for a start, encryot it. And buy a good software firewall for windows (You will be amazed by security logs reading), at least for windows, (linux/BSD distros normally have one but very poor stuff if you don’t use default, /etc/*???*, and difficult (time consuming) if yoou don’t know how to configure it …
http://www.ebcvg.com/articles.php?id=104
comes to this conclusion:
Conclusion:-
More and more application that you choose to run, the more you put your network into danger
).
I agree with most everybody else, that MS is a large company and should be even more concerned about the security of thier OS’s then the actions are proving. Altho I don’t use MS products often actually very rarly why because I am connected to the net directly via my cable modem and currently have no firewall or AV setup yet, I just got connected and as I said I rarly use it. My primary Desktop os is Linux and as it’s been said already and I tell other’s when they ask no OS is perfect, That’s why I actually have two firewall system’s complimenting each other with the Secure MDK kernel, uses GRsec pathes, currently my system has been tested to be tru-stealth via grc.com and other’s, and yes even icmp get’s droped also but I also realize that I’m still not totally imune to anything, I think more OS supplies, Distro Company should also pay more attention to default security, especially in the “Desktop” Distro’s there is just two many services on by default, luckilly I know this and how to stop them, but unfortunatly many don’t, ok I’m done rambilling
Make sure you cut the receive wires on your ethernet cable… hee hee!!!
Linux/BSD is not safe either without a software firewall, just think how many users run apache without knowing, for example; Linux just doesn’t receive as much crackers’ time.
That arguement works with some linux distributions, but the BSDs do not turn on apache by default, and most linux distributions at least mention that they are running various servers. I agree with the point of your post though.
On another note the trouble is that they say things along the lines of these servers are running they might cause security issues but probably not so you don’t need to disable them. This is bs, not only are they security hazards but they waste memory. Why run apache, an ftp server, MySQL, postgresql and sshd if you don’t need them? even freebsd wants to run sshd and inetd (which in turn runs nothing) by default.
Oh well, I’ve yacked enough so I’ll shut up.
Jared
This is such a loaded discussion. However, I have a few questions. First, let me posit that I have never owned a Win machine (O.K. there was that Compaq laptop, but I never really booted into WinXP, just formatted the HD). I currently work with Solaris/Linux/OSX. I have the following observations that I would like to get some comments on from the general audience.
1) Physical acess to a machine aside, I do not understand the arguements going along the lines of “mac is just as insecure as windows…” I’ve used various mac os versions starting with 7.3 and I’ve never run across a virus that spread through an email attachment or via port schenanigans. The only virii I’ve ever run across (and this was a while ago) were concentrated in Office macro packages… Not really a mac problem since it only affected Office. Can someone please point me in the direction of a site describing Nimbda or Code Red or Slammer or … class virii that have infected the MacOS? Extra points for ones remotely rooting OSX.
2) The whole “windows has so much market share…” arguement for why it is targetted is a no-go. The server space is not dominated by windows, yet that OS is the only one being hit. Isn’t it more the issue of M$ purposefully making a system allowing remote compromises? Why should an email attachement be allowed to make changes to the OS? Do the programmers not know how to check for buffer overflows?
3) Should it really be the BOFH’s responsibility to buy more expensive software to insure that their already bloated expensive software is secure? All services are turned off by default in most *nix variants (including OSX).
4) Finally, I pay for bandwidth. How is it that every time some stupid scriptkiddy unleashes some pathetic exploit on Windows previously published, I have to suffer? My servers are not perpetuating this yet they are being clogged with stupid worm/virus probes. I _still_ get Code Red probes? As a result, my business suffers because my servers are spending time dealing with other peoples and ultimately M$ inept coding practices.
Any insights would be appreciated.
If everyone on a given network is running the same software, than a single exploit is potentially capable of taking out all of the machines on the entire network.
If one is running a mix of different platforms, the probability of that happening is likely very low.
Maybe more inportant for businesses than for home users, but I’m sure glad I’m running a mixed OS/2, Windows, and Linux network here with the Windows boxes locked tight behind a packet filtering firewall…
…
This latest worm did not send any email nor did the computer user have to visit any website. It searched out & infected vulerable computers on its own, most within a few minutes of being connected to the internet. So don’t tell me about how you’ve no need for proper security because you don’t open email or because you don’t surf “unsafe” sites! And if the author had taken a little more care with his worm, most folks wouldn’t have even known they’d been infected!
(…) i have a wide understanding of Hardware & software (…) so far the most secure Os i have come accros is V2 Os but its a CLI system, built in assembler which means not many 3rd party Apps (eg trojan horses, Worms & viruses) can violate the system as many of these are multithreaded and v2 Os is not, making it basically usless as a Os for other than Dos style commands (…)
Ho hum. Talk about tech savvy.
The problem with that is that it is hard to realise in a large corporate environment. Surely it’s easy enough to use different Os’s for different operating system, but I would hate to teach all my accounts how to use *nix for their daily accounting functions!
Then again .. it’s easy enough to use a web-based client interface for most applications (though it would be rather cumbersome to do your accounting in a single browser window).
I keep hearing the line that “it shouldn’t be the users’ responsibility”, since it also isn’t a car driver’s responsibility to keep his engine up-to-date and install modifications.
When you want to drive a car, you need to get a drivers’ license. This it to make sure that the road is a reasonably safe place, with everybody driving on it having reasonable basic skills and knowledge.
At least over here in The Netherlands, cars are periodically checked after a certain age, to make sure they still comply to safety and environmental rules.
Also at least over here in The Netherlands, you’re not allowed to plug just any phone into the nationwide net. They have to be approved by the telecom service.
Maybe you shouldn’t be allowed to plug “just anything” into the internet anymore. It’s like Dr. D said: Even if you are tech savvy and a “responsible netizen”, you pay for the ignorance and/or irresponsibility of others.
There’s a web site somewhere (too lazy to look it up) with a long explanation about why Windows machines “have no place on the net”.
what I don’t understand is this…..
It is easy enough to comprehend that the msblast trojan will attempt a denial of service attack on Microsoft and Windows Update site.
BUT – Microsoft release a flawed product (i.e. Windows) and expect users to go to the update site and patch all their machines. This means that they will be getting more connection requests than any trojan cope hope for.
BUT – becasue Windows is so flawed with lax security, how long will it be before Microsoft realises that another security patch is needed and issues another warning that gets more users to try to connect to the site ?
Maybe it is just me, but I think if Microsoft would have spent more time locking down the system instead of wasting time on the crappest user interface on any system, then it might be worth someones while actually using it !
…something that you simply cannot shut off on Windows 2000, Windows XP and likely Windows Server 2003…
I know, it’s silly. You don’t need it for basic day to day computer tasks, but Windows SIMPLY WON’T ALLOW YOU TO SHUT IT OFF.
To me, that is the worst of useless bloat ever conceived. That’s all I am going to say about that…
Mac. Problem solved.
Boy, lots of finger pointing going on here.
It is Microsoft’s fault
It is the <insert derogatory comment here> user’s fault
The fault lies with the jerk(s) who got their kicks writing this exploit and letting it loose.
Yes, Software vendors need to recognize that there are criminals out there and provide better protection for their users. They are beginning to get the message (yes, even Microsoft) but I imagine securing 60+ million lines of code, or whereever XP stands now on the lines of code list, is a bit of a challenge. It will take time.
Yes, users need to recognize that getting onto the Internet now requires them to demonstrate some responsibility. But the Internet was founded on openness and freedom. If we ‘require’ people to be licensed, you will remove the main benefit of the Internet and turn it into a hangout for the “technologically elite”. Instead, the learning curve and $$ cost needs be brought down to a point where it becomes a no-brainer to the least tech-savvy.
Maybe it is the ISPs that should start shouldering some of this burden. If you sell connectivity to an end user, you should be providing a modicum of security (basic firewall built into the cable modem would be a start). Maybe you require the end-user PC to run an agent that reports its patch level to the ISP. Not patched and you can’t get beyond the ISPs network (ISP would need to have a patch distribution mechanism). Sure, a tech-savvy user could find a way to bypass this, but they are most likely to be able to handle patching themselves.
Maybe they can get into licensing agreements with AV makers. ISP service comes bundled with AV with forced definition downloads – like Norton AV corp edition.
I know sonicwall’s can be bundled with MacAfee (sp?) and block outbound traffic if definitions are out of date. An ISP should be able to bundle similar services and make it a selling point.
My 1,000,000 pesos
Well, I do believe that antivirus software is extremely important, but using MSBlast as a major incentive to get the software is invlalid. My computer was never infected with the virus, but my cousin’s computer was. The thing is, he had the virus more than week before the new virus definitions in Norton AV could pick it up. I was at his house and was noticing all the funky stuff going on. We ran Norton with the latest definitions, and nothing. My point is, yes, antivirus software is neccessary, but if you are an average computer user, chances are you are going to be hit by a serious virus. There will always be these people whose computers will spread viruses like this, simply because they lack the knownledge the is required to prevent themselves from doing so.
On WinInformant, Paul has a nice article blaming the users and exonerating Microsoft. Great logic there.
For such a huge company you’d think they’d have the resources to test things. Case in point, Q823803 a fix for NT servers. After release users found out it stopped RAS from working, MS then had to fix the fix and reissue it. How could they have missed the fact that it stopped RAS from working? This is basic, basic functionality. Inexcusable!
And why oh why when I apply a patch do I have to reboot the friggin server? I mean you can do whole upgrades of Unix kernels without rebooting, but put on the latest IE patch and it’s reboot city. Microsoft claims they’re a key player in the enterprise…….give me a break. And sadly patching Windows 2003 follows the same pattern (although I have applied 2 patches that didn’t need a reboot).
Finally, MS needs to stop releasing Beta software as ‘gold’. ‘Oh that will be fixed in SP1’ Why not fix it before you release it? God forbid you let your much delayed product slip another month or so. Can’t wait for the 300+ list of fixes for Office 2003 SP1.
“On WinInformant, Paul has a nice article blaming the users and exonerating Microsoft. Great logic there.”
Microsoft is to blame on so many things that such article is jut a waste fo time to read.
//Boy, lots of finger pointing going on here.
It is Microsoft’s fault
It is the <insert derogatory comment here> user’s fault//
Because it is their fault. Both of them. Microsoft was negligent. There are thousands of viruses for Windows and less than fifty for *nix. Obviously an OS can be created that is less vulernerable because they have been yet Microsoft can’t even come close. They don’t care about security. Their lack of security is causing unecessary downtime. How about some indemnification from that!
It is the users fault also. They are not educated and because of this other people have to suffer. Why should competent, responsble people have to put up with the inadequacy of other users? If you can’t drive a car then I don’t want you on the road. If you’re a danger to the internet then maybe you shouldn’t be on the internet.
The person who wrote the msblast worm did everyone a favor. It could have been a lot worse and a lot harder to detect. Hopefully these people will patch their computers now so others won’t have to suffer even more when a more advanced worm comes along using the same exploit.
I would think that from a security standpoint you’re better off not being n the OS that 95% of the population uses. If your ‘unusual’ OS is somewhat secure, all the better.
“MS surely invests millions in UI ergonomics experts”
I would be curious to see evidence supporting your assertion. I think if there was any such investment, the default location of the “Start” menu would be in the same area as a window’s file menu, thus reducing the need for excessive vertical travel of the mouse.
Va Kommen Naeh Sistona? or Whos fault is it?, well in reality everyone is to blame, Linux can be brought down by a memory leak in 0x0000002 but this only applies to older kernels, windows can be brought down by even the most basic QBasic commands for format and lock harddrive, with no Y/N option, MacOs can be brought to its knees using Unix based viruses and worms, or even a simple Trojan that has the user/root command capability, the fact is software producers are to blmae they use varying versions of drivers & api’s, Os makers thay make Oses that can be compramised telling us its a feature so you can regain access to your system, and users who stick tons of crap on their systems, which alters registry files, system files and drivers to ones which may be incompatible with the Os, bringin it down, also in response to a post that SuSE linux can’t crash, BS SuSE linux is notorius for its registry coruption, the only reason the end user doesnt get to know about it because of the unix based backup system
I wonder if we will ever have a good open source anti-virus solution? Would it be possible? I somehow doubt that the existing commercial anti-virus solution providers would choose to open source their work?
Maybe it would be possible as a joint non-commercial and publicly funded effort of universities etc.? But to reach the level of the leading commercial anti-virus solutions, lots of constant work is needed: the frequent updates to virus definition databases etc. which costs a lot.
I also realize that the virus problem is often just a problem related to buggy and unsecure software like email clients, the OS in general etc., and that you may escape the virus problem if you just understand to be careful, but you can’t always expect that from a Joe User. Also the viruses tend to become smarter too, so the virus problem is likely here to stay.
Bram wrote:
> The problem with that is that it is hard to realise in a
> large corporate environment. Surely it’s easy enough to use
> different Os’s for different operating system, but I would
> hate to teach all my accounts how to use *nix for their
> daily accounting functions!
A corporate environment should already have a centralized administration and software install/update function center in place.
Some end-user training might be required for changes in individual applications, but the OS should be irrelevant if software is being installed as it should be — by the folks whose job it is to install/maintain/update software on end-user systems.
It’s not that hard, really. When I worked at Northwest Airlines, we had end-users working on Windows, MacOS, and Solaris desktops, and it worked just fine.