Is complete home security possible?

Probably for cygwin (which is what makes Windows slightly bearable), but who cares -- [PrtScr] [PrtScr] [1], and my trusty old KVM brings me back to a more decent OS. :-)

Regards,

Reply to
Arthur Hagen
Loading thread data ...

snipped-for-privacy@address.com (Joe Samangitak) wrote in news: snipped-for-privacy@posting.google.com:

Then how the hell did you get the Trojans to begin with, Mr. Know It All? Not only are you clueless, you're an arrogant asshole. Everything you've posted in this thread trumpets your so-called knowledge of Windows and your computer, yet you came begging here for advice because yuour system was infected and you didn't know how it happened.

Reply to
elaich

And in the case of Windows, the Tuesday critical security updates that always require a reboot. How many were there today -- a dozen? As for memory leaks, if they warrant a reboot, that must be an OS memory leak, then! Else you normally only have to kill the process that has the leak (*cough*java*cough*).

It also tells you the current time, how many users are on the system, and the load average for the last 1, 5 and 15 minutes. All on one line.

But yeah, just knowing how long a system has been up is useful in itself, especially combined with SNMP monitoring. If a system uptime value decreases between polls, and nothing has been scheduled, you immediately know something is *seriously* wrong.

Regards,

Reply to
Arthur Hagen

You missed the point. The Average Home User is neither incapable nor ignorant, they merely don't want to know - because the PC is supposed to just work, safely, like the fridge and microwave.

The 'rest of us' know it ain't that simple, but the AHU doesn't see why it should be his problem. He's right.

Triffid

Reply to
Triffid

Yea, a great many were people that had no clue, but I hardly blame that on MS or anyone except the users. I've seen fully exposed SQL Servers with production databases online with no SA password! Even sending warnings to them did no good, they just left them online.

Windows doesn't install SQL server in any variant by default, not MSDE, etc... You have to install something like Office Development tools or Visual Studio (or VS.Net) or any of the development platform tools. I'm sure there were zillions of installations by the ignorant masses...

The point goes back to firewalls and security - none of it would have happened if a simple firewall policy was put in place. SQL data ports do not need to be exposed to the Internet for data to be shared - they can use a VPN or a IP:IP rule, but to expose it to everyone is just plain stupid. The same goes for about any service - as an example, I block almost 100 subnets from accessing our network (mostly foreign countries) and it's made a big difference in our FTP/HTTP/SMTP traffic connections/attempts at exploits, it's just not a complex thing - limit your exposed surface, protect it, make sure you're patched, and make sure you can detect a problem...

For home users, which is where this started, it's fairly simple to secure a Windows based platform, but they have to seek the answer first, then want it bad enough to do the steps.....

There are the terminally incapable, the terminally ignorant, and the terminally stupid, and then there are the rest of us :)

Reply to
Leythos

I never "begged" for anything in my life, arsewipe. Least of all, useless advice. I already mentioned in the post you quoted from, how the trojan worked its way into calling out the net. But I guess that would take someone other than a complete idiot to be able to read that far into someone's post. Find someone who graduated from elementary to read my post to you, and maybe you'll figure it out.

Reply to
Joe Samangitak

Like you would know, Karnak. You can't even tell the difference between useless advice, and useful advice, so who cares what you think?

Reply to
Joe Samangitak

There you said it. You may have clicked/opened, whatever you want to call it, something that lead to the compromise.

If the O/S is a NT based O/S, then both applications were running as services. Services could stop running by themselves and there is nothing to say that didn't happen. But it could be and and most likely was a program running on the machine stopped the services and exposed the machine if the malware program was running with the security context rights of Admin. Services just don't stop running all on their own 99% of the time.

There is no magic bullet and the machine can never be 100% hack proof, because of that one element using the keyboard and mouse.

If the malware has made it to the machine by any means and has been executed in some kind of shape form or fashion, I would think it could stop XP's FW just like any other PFW solution.

Duane :)

Reply to
Duane Arnold

I've seen from experience that its certainly possible to inadvertently download a malware program to your drive, from simply visiting a malicious web site (with ANY browser). As I already mentioned, if said program can write code to your registry without your direct intervention, then that's all it takes to load onto your system, since Windows does the rest of the work.

Yes, but you're leaping to conclusions if you say its the malware that stopped these programs. The fact that these two programs run as services may have nothing to do with it. It could have been "StartRight" got screwed up. That is a program I use to delay the startup of programs during boot. It controls startup programs, and its own 'registry' may have developed a fault, perhaps due to premature shutting down of the system.

Except the Security Center is not a firewall. That's a different program altogether. Sp2's security center has only one purpose: to ensure your firewall and AV program is operational. It loads at boot, presumably before other startup programs (my malware had to load at startup, like other trojans I presume).

Reply to
Joe Samangitak

And how is that different from terminally ignorant?

The rest of us don't see why it should be the AHU's right. He's a problem.

Reply to
Arthur Hagen

The only fix you can imagine is rebooting?

Reply to
CyberDroog

If driving your car outside the conditions listed in the owner's manual, and continuing to drive after the check engine light comes on, yes, you should be treated like an idiot.

If mowing down people on the sidewalk because you think it's the car manufacturer's job to protect them from you, you should be treated as a criminal idiot.

And, even more of an anology here, I don't see a lot of people refusing to lock their cars and never do oil changes, because they believe they shouldn't have to think about it.

Reply to
Arthur Hagen

There were a lot of home users who didn't know they had any servers installed - but did, and had them in default (read 'wide open') unprotected mode. A lot of *nix users are unaware they are running services too. For example, what does '/bin/netstat -tupan' show on that FC3 box? Don't show me (the netstat man page explains what's what), but did you realize those were running?

I dunno - I loose track of which worm exploited which hole. I was thinking that Slammer was also exploiting a "gee, users might need this, so let's install it by default" setup in ordinary windoze installs, but trying to search through a data base to find that is a lost cause.

You know that - I know that - I think most of the people _here_ know that. But configuring a firewall that works takes two or three brain cells, and it seems that few people using computers have those.

We're tightening things down a bit further. We just got a new net block, and are moving all of our public IPs into that block (DNS, web, mail and FTP). The rest of our blocks are not being reset to refuse all non-related connections inbound. So far, so good. On the public block, we've always had a pretty Draconian set of firewall rules.

You do have to have an understanding of what networking principals are. We were seeing tons of Messager spam attempts - even though none of our systems run any variety of windoze. While the firewall blocks non-related inbound, UDP is usually a one shot deal (yes, for us it's normally DNS replies, easily filtered), but we've gone a step further. Source port numbers are normally chosen as 'the next available' starting at 1024. We're running port translation outbound such that should a system source a packet from (example) 1024-1100/udp, the firewall translates it to an available number above that range. This means there can't BE any valid response to ports 1024-1100/udp. Then, the firewall simply drops any incoming UDP to those ports.

One has to question why it's a problem in the first place. OpenBSD has an excellent reputation for security (because the code is audited to extremely high standards), but part of the reputation is because out of the box, it offers ZERO services, even if you installed everything. Their philosophy is that if you want to offer services you have to RTFM to find out how, and that includes even enabling the service in the first place. This philosophy is spilling over into the other BSDs and Linux. Do you _really_ expect that this could work with any version of windoze? No, because

and we're in the minority.

Old guy

Reply to
Moe Trin

[compton ~]$ uptime 11:57am up 84 days, 4:37, 21 users, load average: 0.10, 0.08, 0.09 [compton ~]$ [chandra ~]$ uptime 11:57am up 339 days, 17:33 7 users. load average: 0.54, 0.54, 0.54 [chandra ~]$ [galileo /home]$ uptime 11:57am up 346 days, 15:47 3 users. load average: 0.04, 0.01, 0.01 [galileo /home]$ [kuiper /var/log]$ uptime 11:57am up 311 days, 16:08 2 users, load average: 0.00, 0.00, 0.00 [kuiper /var/log]$ [spitzer /var/spool/mail]$ uptime 11:57am up 142 days, 12:52 8 users, load average: 0.02, 0.00, 0.00 [spitzer /var/spool/mail]$

Of course not - none of the systems are running windoze, so there isn't that need. But every tech support idiot I call on my upstreams ask if I have rebooted to solve any problem I might be complaining about - like their primary name server going t*ts up while I can still reach the secondary. Remember that few ISPs will let you speak to anyone other than a trained monkey who is reading from a script and the first question they are supposed to ask is...

Old guy

Reply to
Moe Trin

Nope, I didn't miss anything - terminally ignorant and stupid describe the user that doesn't want to know because the "THINK" they don't have to know anything.

Yea, spend $1000 on a toy, after hearing about all the nasty things on the internet from the News/News Papers, and what's happened to friends computers, and still claim ignorance? Not really, it's just plain stupidity, but I was giving them a chance/hope of just being ignorant.

Sorry, no one forced him to use the computer or purchase service from the ISP - he made the choice and didn't seek any form of learning BEFORE getting compromised - that's worse than ignorance.

Reply to
Leythos

Very well put. I wonder how many here would like to be treated like idiots next time they try to get help for problems with their car.

Geo

Reply to
"GEO" Me

If they walk into the garage spouting off about how they have been working on cars for twenty years and know what they are doing, yet the problem turns out to be that the oil, which has never been changed, has now run out... yes, they should be treated like an idiot.

Reply to
CyberDroog

Try the command when you feel better - briefly, you'll probably see at least several servers running, but they are probably only listening on the loopback port. This is a drastic change from the way it was in the mid 1990s when a common workstation install would have telnet, ftp, smtp and portmapper open to the world - even before you installed a real server configuration.

and perfectly reasonable. See the HOWTOs that should be installed on the system. A bit old, but the

287057 Jul 23 2002 Security-Quickstart-Redhat-HOWTO

has a lot of guidance worth reading. I think Hal wrote it against RH7.2, but he put a fair amount of thought into it.

Take two 750 ml of 80 proof, and call me in the morning.

Old guy

Reply to
Moe Trin

With windoze, you don't have that much choice - you don't have the source to be able to go in an see what caused the problem, but this is the philosophy I'm referring to. Nobody wants to find out what the real problem is - they just say that 'stuff happens' and ignore the problem. The application provider doesn't care - the sheep keep buying the stuff even though it crashes, so why bother fixing the problem?

Old guy

Reply to
Moe Trin

snipped-for-privacy@address.com (Joe Samangitak) wrote in news: snipped-for-privacy@posting.google.com:

Yeah that's true but one still has to go to the malicious site or they were redirected to the site. Still the human element is involved.

Anything is possible. But still a malware program can stop the service too.

It's a sevice running on the machine and it can be shutdown if the malwere program is running with Admin rigths.

It's like I discovered today and the Security of the .Netframework CLR (Common Lanuage Runtime) that was giving one of my programs a Security Exception Error terminating the program - indicating that the program was trying to do something the CRL wouldn't allow. The program didn't have the permissions. Well, I ran Caspol -security Off at the Command Prompt because I was Admin on the computer and no more secuirty checking by the ..NetFramework.

Duane :)

Reply to
Duane Arnold

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.