Re: My Solution to Securing Windows 98, ME Against Network Modification and Spying, using Linux.

From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 05/26/03 

Date: Mon, 26 May 2003 09:50:05 -0400

"grunes" <grunes@yahoo.com> wrote in message
news:2c0d6c85.0305250925.78c3baef@posting.google.com...

> To some extent this is also true of Linux, though what is
> included in Redhat Linux, and many other Linux installations, is
> "Open Source", where you can see the source code, which tends to
> make it a little harder to create such back-doors, so Linux, and
> open software in general should be considered a little more
> secure. But accidental and sneaky deliberate back-doors still
> exist in Linux.

Well, do note that the root kits that modify core OS utilities to make it
difficult to detect an intrusion were until recently only a *nix phenomenon,
not Windows.

> The closest thing to a secure operating system for PCs may be
> OpenBSD (see http;//openbsd.org), but most software is not
> available for OpenBSD. The big market is still Microsoft Windows,
> and almost everything is available for it, and some web pages
> only work with the extremely insecure Microsoft Internet
> Explorer. It is slightly plausible, though unlikely, that
> someone has created a hidden back-door in OpenBSD as well. Even
> in that unlikely event, OpenBSD is still likely to be more
> secure against ordinary hackers than anything else. Only my lack
> of knowledge of OpenBSD prevents me from using it for this
> application instead of Linux.

I'm not sure OpenBSD is a good choice for a workstation for most users.
It's secure because most things are disabled by default, there is no GUI by
default, and once the user starts enabling these other workstation-type
services, it can decrease the security and will definitely increase the
number of remotely exploitable vulnerabilities in OpenBSD. Even then, you
still need to patch just like any other OS.

Your idea of reloading the OS from an image at regular intervals is not a
bad idea and has been used successfully in environments like computer labs
in universities. However, note that it doesn't make your windows 98
computer any harder to hack or more resistent to viruses. Someone who hacks
into the system has more or less free reign until the system is wiped, at
which point the person would have to hack in again. [Or, if there was, say,
a worm on the network that spreads automatically via NetBIOS shares, the
computer could immediately be reinfected after each reboot, unless antivirus
catches it or a patch of some sort is installed.]

Additionally, this setup may work for Windows 9x because there are few to no
patches being released for it. However, with Windows ME and other OSes,
you'd either have to rebuild your image whenever a new patch comes out, or
your system would start having holes in it.

Another potential issue is that you'd probably be wiping out your antivirus
signatures with each image reload, unless you used some sort of solution for
that.

You say you used the default install of Windows 98... as you might already
know, there are some things that you can change to the default install of
Windows 98 to improve its security. [Possibly you did some of these things
and I just missed the section where you mentioned it.]

Relevant Pages

  • Re: eMachines OEM XP woes - time to buy $tandard?
    ... >>> under Windoze. ... Let's say one wants to install NVU. ... Now show how much easier it is to install MS Office on Linux than ... Windows OS's from Win3.1 to Windows 2003 Server. ...
    (microsoft.public.windowsxp.general)
  • Re: bad experience with Suse 9.1 on Inspiron 8200
    ... > it is an M$ bug, such technicalities are irrelevant to the end user. ... :-) Windows has ... work as long as they work, trying to install a nitrous ... Linux are at least a *little* bit curious about how their computer works ...
    (alt.os.linux.suse)
  • Subject: Re: Linux sucks?
    ... > the applications I run in my field do not run on Linux. ... I have cygwin on Windows ... so Windows users only hit this rarely at install. ... XP users hit this when they add hardware and the 'automatic ...
    (Fedora)
  • Re: Linux, the final decision
    ... >> how Windows deals with an analogous situation. ... > That drivers have access to the gui is not a hard and fast rule. ... >> Unreal engines can run under Linux. ... no one has to install Windows because the ...
    (comp.os.linux.misc)
  • Re: Linux hates windows
    ... Linux, the underlying philosphy stays pretty stable and lessons you ... Install VMWare (I haven't ... a complete virtual computer, into Windows, in a window on your Linux ... > pretty much rely on books, ...
    (alt.os.linux.suse)