I buy our systems through a local vendor now, gave up on Dell for new purchases. Our systems come with everything we ask for installed, ready to use, OEM, pass WGA every time, and have all the patches (up to the week that they ship) and latest stable drivers installed. It's so nice to not have to install Acrobat 7.0.3, to not have to download the last
23 security updates, etc.... Oh, and they also include the Office 2003 service patches in their installation so we don't have to go out and get those too.
Indeed. I just started using Win 2K a few months ago and I was astounded at the number of (and file sizes of) the hotfixes, sp4 and the rollup. Not to mention Acrobat and Media Player 9 ... with its huge patch. I can't imagine doing that on dialup.
Imagine if you had just bought 43 computers for the office and had to install the XP updates, Adobe Update, Office Updates, printer drivers and then driver updates, etc...
Then you will not have any difficulty securing your computer. In fact you may find it easier than some people these days who call themselves programmer.
No I just have my own experience. I gave up good studies decades ago.
Most users I know are also unable to harden their PCs.
Yes, you're right, it should have been 520 :)
Yeah but this assumes that the average user can read. I know you can read, as can the other 519 readers of this group :)
Yes, didn't Barbra Streisand sing about that? "People, offending people, are the suckiest people..."
Anyway, sorry you were offended by my observations. "Methinks..." was better kept to myself. Otherwise, the only debatable statement I made was that the article makes "an especially good point about the futility of enumerating badness." You ignored that and responded with annoyance at other comments. Debate and/or discussion ended there.
I think, also with this message the author does not hit the point. What he's criticizing, is also the concept behind Virus Scanners.
But here he's wrong here. Why?
IMHO he's telling factoids; it's not completely wrong, what he's saying, but it also is not the key point. Please feel free to compare with what I explained in
Of course, if it's possible to secure a system in a way, that it's completely secure afterwards against an attack vector, it's wrong to secure it in a way instead, that the attack vector is still possible but not likely any more.
But if this is _not_ possible, then it's a good idea to lower the likelyness of unwanted malware. And this is, why Virus Scanners can help (if one knows their constraints).
Of course, Virus Scanners are only helpers, and are not the solution for the problem.
But it is definitely not a good idea to deny that with "the futility of enumerating badness".
Though perhaps possible to counter all automated execution, fooling people into excuting malware installers will still be a thriving business. Virus scanners claim security in constant updates to virus signatures, but signature updating can never keep up with propagation, and at some point realtime scanning will be impractical (though I suppose it's conceivable the need to scan for millions of 'signed' viruses/worms is a ruse to promote multi-core processors as well as perpetual update subscriptions). A really determined intruder can use espionage, social engineering, bribery and/or custom/self-modifying malware to bypass a scanner, and installed malware can mimic the scanner. Therefore, scanning for viruses can provide a false sense of security.
If virus scanners are nevertheless "a good idea to lower the likeliness of unwanted malware" and it can be shown that outbound-scanning firewalls alert to at least _some_ common malware, it can be argued that outbound-scanning firewalls are also a good idea. But I digress again...
I don't recall reading in the article that use of virus scanners, given the current situation, is a bad idea. The article is a critique of the current situation. The point is, in the long term, enumerating badness is futile. Somehow, malware installers must be prevented from executing regardless of whether they have an identifiable signature.
A Virus Scanner is dependable with detecting known malware. A "Personal Firewall" detects by accident, if a malware author was too dumb, and every malware author knows what they're doing today.
A Virus Scanner is comparable to a SPAM filter - it helps filtering out the worst rubbish, but does not replace what we call "brain", and what is needed to detect, wether the user shall be fooled ;-)
This way, Virus Scanners ain't the solution to the problem, also not today, but they're useful helpers as long as there are so many Viruses for the most widespread OS ;-) Of course, those Viruses ain't here, because Windows is widespread - they're here, because it's so easy to hack a Virus for Windows and spread it - and it's so difficult to spread one for most of the other OSes. That has to do with the fact, that much too many people are working as Administrator with their Windows-System, a mistake, Microsoft even is encouraging with their big design flaws in Windows XP Home, the design flaw of having too late sensible concepts in the market, how ISVs can make their applications running also without administrative rights and the phlegm and stupidity of those ISVs not to react now at last.
Not to talk about the crazy idea to work as Administrator, and then let Internet Explorer 7 drop the rights afterwards, what never will be secure.
In this point we have something in common, your author of this text and I: it's stupid to design, that default is to allow in the rights-system of an OS.
Within the setup process, or the intial startup process, guide the creation of a user account and an admin account. Explain that the admin account is a special account, to be logged into only for special tasks. Better yet, allow the admin account to be logged into directly FROM the user account, exiting back into the user account when admin duties are complete.
Do not enable any network services by default. Give the option to enable them, with risks explained.
Perhaps there are os-independent functions that can be implemented in firmware, not alterable by software, that could aid in avoiding a hijack or alerting if it occurs.
Yes, they're creating an extra account - with administrative rights and just the same problems.
Yes, if they would at last... :-/
This concept will not work. Firmware is only stored first in R/O memory, but there is no way to force that it will so also while running (C64 programmers know that ;-)
I guess this must be why PCs dont come with floppies anymore. All the computers at the Compusa store close to where I live all come with no floppy drives. The floppy disk is HISTORY, that is what someone as Compusa told me. He told me that they dont make PCs with floppies any more. So the next PC you buy will come without a floppy drive.
They still make PC's with Floppy Drives, in fact, Microsoft provides Licenses via Diskette for some products.
The floppy was removed to save Vendors money, which they don't pass on to you as a savings, and as a means to limit exposure to more problems for warranty issues.
In most cases, many home users won't miss the Floppy, but many business users and many technical types will. I always order the Floppy with any PC I order.
Me too. When working on anything important I make copies to floppy every couple of minutes - has saved my bacon many times over the years. And the cost is pennies.
The last PC I bought from them does not even have a bay to put a floppy drive in. There is a connector on the circuit board for one, but no drive put to mount a floppy disk. While the motherboard makers still make floppy connectors, the cases have no drive bay to put a floppy in.
Well, while you will have a connector on the motherboard for a floppy, you will have no slot or bay to mount a floppy in. That means you cannot install either a floppy, or even a Zip drive.
What about a CD-RW drive? You can save to a CD-RW disk just as easy. The machines that have no floppy do have CD-RW or DVD-RW drives. Those will work just as well
Just because the company you buy from does not put floppy bays in does not mean that others don't.
Just to take the first example
formatting link
are 4 3.5" bays enough for you to put in a couple of floppy drives, a zip drive and something else? This was just the first well known company I looked at (and the first machine I looked at on their site), lots of other companies that still have floppy bays.
Well, the eMachines PC, which serves as my network gateway, has the connectors on the motherboard for a floppy, but there is no place in the machine where I could mount a floppy, so if I need to do anything with a floppy, I have to open up the case, and temporarily hook a floppy drive up, and then disconnect and close up the case again when I am done. The Compusa sales rep who sold the thing to me told me thats the way computers come now.
I'm not disputing that the computer you bought does not have an external
3.5" bay.
Well, if you bother to follow the link you will find out that it is obviously not true for all computer manufacturers. I also looked at the IBM website and they also have external 3.5" bays. I'll bet if I looked at most other makes I would find the same.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.