Re: My Solution to Securing Windows 98, ME Against Network Modification and Spying, using Linux.

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 05/26/03 

Date: Mon, 26 May 2003 10:44:32 -0400

Keheheheh.

Brad wrote:
> Where do I download those angry guard dogs?
>
>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
> message news:eYq1LFyIDHA.2280@TK2MSFTNGP10.phx.gbl...
>> In addition to the other comments, nobody ever said Win9x/ME were
>> secure - they're not, weren't designed with security in mind. Anyone
>> who really cares about security and wants to run Windows is going to
>> be using NT, 2k or XP, also with all patches, firewalls, and angry
>> guard dogs installed....
>>
>> grunes wrote:
>>> -----------------------------------------------------------------
>>>
>>> My Solution to Securing Windows 98, ME Against Network
>>> Modification and Spying, using Linux.
>>>
>>> (Caution: I am not a security expert, merely paranoid.)
>>>
>>> Written by Mitchell R Grunes, grunes@yahoo.com, May 25, 2003.
>>>
>>> -----------------------------------------------------------------
>>>
>>> A fundamental flaw of Microsoft Windows is that it is not a
>>> secure operating system, because there exist deliberate and
>>> accidental security back-doors that let a remote computer user
>>> break into, spy on, and modify your system. This is inevitable.
>>> Tens of thousands of people were involved in creating it, or in
>>> the drivers used to run 3rd party devices. If even 25% have
>>> included their own deliberate back doors, and there are others
>>> due to simple error, that is a lot of people with access to your
>>> system.
>>>
>>> To some extent this is also true of Linux, though what is
>>> included in Redhat Linux, and many other Linux installations, is
>>> "Open Source", where you can see the source code, which tends to
>>> make it a little harder to create such back-doors, so Linux, and
>>> open software in general should be considered a little more
>>> secure. But accidental and sneaky deliberate back-doors still
>>> exist in Linux.
>>>
>>> -----------------------------------------------------------------
>>>
>>> The closest thing to a secure operating system for PCs may be
>>> OpenBSD (see http;//openbsd.org), but most software is not
>>> available for OpenBSD. The big market is still Microsoft Windows,
>>> and almost everything is available for it, and some web pages
>>> only work with the extremely insecure Microsoft Internet
>>> Explorer. It is slightly plausible, though unlikely, that
>>> someone has created a hidden back-door in OpenBSD as well. Even
>>> in that unlikely event, OpenBSD is still likely to be more
>>> secure against ordinary hackers than anything else. Only my lack
>>> of knowledge of OpenBSD prevents me from using it for this
>>> application instead of Linux.
>>>
>>> -----------------------------------------------------------------
>>>
>>> Security and privacy are desirable for several reasons. It is
>>> generally accepted that many software programs, such as almost
>>> everything from Microsoft, Netscape, Real Player, CD-ROM burners,
>>> etc., create detailed logs of things installed or used on your
>>> computer, places you visit, music and videos copied, perhaps of
>>> passwords, credit cards, etc., and send them off to various
>>> internet sites. This may seem fine if all of your software is
>>> legal, and you haven't used or copied any copyrighted music or
>>> videos (if you have, privacy would really matter; I suggest it
>>> is a good idea to be safe and legal in spite of the cost), but
>>> it isn't, because what you use with these software programs may
>>> be private information. Passwords and Credit card numbers can
>>> be quite dangerous. Further, bad people may remotely use your
>>> computer for illegal or immoral purposes, such as spam, stealing
>>> info, or storing pirated software, music and videos and porn, for
>>> which you are legally and financially liable.
>>>
>>> Another issue exists if you leave a microphone or video camera
>>> connected to your system. People can use them to spy on you.
>>> A sneaky program can store the information when you are off-line,
>>> then send it when you connect. I bet this is a lot more common
>>> then most people realize. (They might even use it in a
>>> commercial porn movie, though not legally.) Leave these
>>> disconnected when you don't need them!
>>>
>>> Once people manage to remotely install software on your computer
>>> system, which they can do without your knowledge, it can do
>>> anything bad that computer programs legitimately installed on
>>> your system could conceivably do.
>>>
>>> -----------------------------------------------------------------
>>>
>>> A complete solution to computer security does not exist
>>> (some internet sites like doubleclick.com may record information
>>> in their own storage, instead of on your hard disk), but it is
>>> possible to be more secure than most people. I am told that
>>> hackers consider that they "own" most people's computer systems.
>>> I.E., most people's computers have been broken into to spy on
>>> them, or to use for their purposes. It might even be true.
>>>
>>> -----------------------------------------------------------------
>>>
>>> A very good solution to this problem is mentioned in
>>>
>>> http://www.heise.de//ct/english/99/11/206
>>>
>>> in which you run entirely from CD. If you use a removable hard
>>> drive (hard drives can be mounted on removable trays), then
>>> there is nothing that windows can write to, other than its
>>> temporary RAMDRIVE, and everything is forgotten when you turn
>>> the computer off (I'm not sure a mere reboot wipes memory).
>>> I haven't played with this yet, and can't speak to it.
>>>
>>> -----------------------------------------------------------------
>>>
>>> Here is my own solution, not nearly as good as running completely
>>> from CD, but a little more convenient for me:
>>>
>>> -----------------------------------------------------------------
>>>
>>> I partitioned my hard drive, to leave room for multiple
>>> partitions. The version of Windows that will see the net is on
>>> one partition. Since disk space is cheap (Western Digital
>>> recently briefly made 120 GB drives available through Circuit
>>> City for $80), I will be quite wasteful. The following
>>> partitions are desirable.
>>>
>>> 1. Windows 98, created in a slightly under 2 GB (2047 MB)
>>> partition, just in case I run into any uses that get confused at
>>> the 2 GB boundary. This was a clean new load, containing nothing
>>> but the original software and device drivers. I did let
>>> Microsoft's
>>>
>>> http://update.microsoft.com
>>>
>>> update it for security (and to be really paranoid, first
>>> downloaded and applied some of their security fixes on a seperate
>>> load), but otherwise the machine had no network access during
>>> this entire disk setup. NOTE: The only real way to make sure the
>>> network can't see the system while you are setting it up is to
>>> disconnect phone and internet cables! Windows 98 actually only
>>> needs a few hundred MB, I was just leaving more extra space than I
>>> actually needed. This allows room to grow, and room for virtual
>>> memory swapping if you want to use large memory programs. (I
>>> admit it slows down the back-up process a bit to have the
>>> partitions this large.) Before installing the first windows 98,
>>> you will want to use the FDISK and FORMAT commands from the
>>> installation floppy to clean your disk of bad blocks created by
>>> improper shutdowns:
>>>
>>> fdisk/mbr (Installs a new master boot record. Will
>>> later be replaced by GRUB boot loader.)
>>>
>>> fdisk c: Use to create a single large partition
>>> that encompasses the whole disk.
>>>
>>> (reboot) (DOS/Windows need to be rebooted anytime
>>> you re-partition, or they mess up the
>>> partitions.)
>>>
>>> format c: /u /c (Cleans everything, creates a new bad
>>> block table.)
>>>
>>> scandisk c: /surface (Looks for bad blocks; this takes a
>>> long time.)
>>>
>>> fdisk c: Get rid of that partition, create a new
>>> 2047 MB one, an extended DOS/Windows
>>> partition containing the rest of the
>>> disk, and any other desired DOS/Windows
>>> partitions, as discussed below. FDISK
>>> calls partitions inside "logical
>>> drives". There is something to be said
>>> for making all DOS and Windows
>>> partitions the same size, so you can
>>> easily over-write the backups of one
>>> with the other, if you decide it is
>>> more useful. The only problem is that
>>> 2 GB may be a bit small for Windows NT,
>>> 2000, 2003 and XP.
>>> (reboot)
>>>
>>> format c: /u /s (Will hold Windows 98.)
>>>
>>> scandisk c: /surface (Because I'm not sure that the bad block
>>> table survives repartition and format.)
>>>
>>> You should also format and scandisk
>>> partitions to be used for other Windows
>>> installations. But note that to be usable,
>>> DOS and Windows partitions for versions
>>> prior to Windows 98 must be formatted
>>> with the FORMAT from their own version,
>>> because they can't use Windows 98 VFAT.
>>>
>>> f: (or whatever drive letter corresponds to
>>> the CD-ROM containing the Windows 98 CD,
>>> including setup.exe)
>>>
>>> setup Follow directions to install Windows 98.
>>> Then install any device drivers you need.
>>> If you need to download these from the
>>> net, you will probably first want to go
>>> through this whole document, back-up the
>>> Windows 98 partition, download the
>>> drivers to the exchange partition, then
>>> restore the Windows 98 from back-up, and
>>> apply the drivers. This prevents the
>>> device driver web sites from
>>> contaminating your setup, though some
>>> device drivers may themselves be spyware.
>>>
>>> -----------------------------------------------------------------
>>>
>>> 2. The DOS extended partition contains the remaining partitions,
>>> as follows. Both the Windows partitions, and the extended
>>> partitions should be created using Windows 98 FDISK, to make sure
>>> everything is done right. Furthermore, it is essential that the
>>> first partition, and the first partition in the extended
>>> partition (partitions inside the extended partition are called
>>> logical drives) be created by Windows, because Linux FDISK does
>>> not always get all the btyes right when used to create partition
>>> tables, according to its own documentation.
>>>
>>> -----------------------------------------------------------------
>>>
>>> 3. A second Windows 98 partition, that will never see the
>>> network. I use grub's HIDE command (see below) to alternately
>>> hide different Windows partitions from each other. You could
>>> also use the Linux fdisk command to change their partition type
>>> to something Windows doesn't recognize. For now, you just create
>>> this as an an empty formatted partition of the SAME SIZE as the
>>> first Windows 98 partition (so it can be copied to from the
>>> original, as mentioned below).
>>>
>>> -----------------------------------------------------------------
>>>
>>> 4. An exchange partition which can be temporarally unhidden to
>>> allow safe exchange of temporary files between operating systems.
>>> This should be of type VFAT, which is what Windows 98 FDISK and
>>> FORMAT usually create, because everything can read and write to
>>> it. However, if you wish to use anything prior to Windows 98,
>>> you may need a standard FAT partition. (The problem is that FAT
>>> partitions don't handle long or mixed case file names right.)
>>> You probably want this to be at least a GB, maybe another full
>>> 2047 MB.
>>>
>>> -----------------------------------------------------------------
>>>
>>> 5. Any other DOS or Windows versions you want--e.g., 95, ME, etc.
>>> There are a number of special issues associated with Windows NT,
>>> 2000, XP and 2003, that I haven't played with, because they need
>>> a special boot loader. In partitcular, you would need to install
>>> their boot loader, then, in a later step, use the GRUB bootloader
>>> installation to make a copy of it that GRUB can boot. As I said,
>>> I haven't tried this with this setup, so I can't help you.
>>>
>>> As mentioned above, you initially just create space for the
>>> partition, maybe format them with a version of DOS or Windows
>>> FDISK which is at least as old as the operating system in
>>> question. Later, we will use Linux or GRUB to hide the DOS and
>>> Windows partitions from each other while installing those other
>>> Windows system partitions.
>>>
>>> -----------------------------------------------------------------
>>>
>>> 6. A reasonably full version of Redhat Linux 9 (9 is desirable,
>>> because it can use that VFAT partition), if you want it. Maybe
>>> two, one which will see the net, one not. These versions of
>>> Linux should not mount each other's partitions, though if you
>>> aren't too paranoid, they might share the same SWAP partition.
>>> Each time you will create a boot floppy, and install the GRUB
>>> boot loader on the MBR (master boot record), so you can play with
>>> the new partition, but that boot floppy will not be needed once
>>> the partition mentioned in step 8 has been properly configured. I
>>> generally create Linux in a single partition, mounted as /,
>>> rather than creating a seperate /boot partition, to keep things
>>> simple. Remember: the only time anyone can figure out how to
>>> configure Redhat Linux is at install time, so do everything
>>> right then, or you will end up re-installing.
>>>
>>> -----------------------------------------------------------------
>>>
>>> 7. One or more Linux SWAP partitions, so you can run large
>>> memory programs. I think you can safely use partitions with up
>>> to 2047 MB. If you have space, make two of them, so you can run
>>> multiple BIG programs.
>>>
>>> -----------------------------------------------------------------
>>>
>>> 8. A tiny (say, 750 MB) extremely minimal version of Redhat
>>> Linux 9, that will never see the net, that contains no fancy
>>> utilities that are unsafe. It is this version that will be used
>>> to back up your Windows and Linux systems, and which will contain
>>> the /etc/grub.conf file that configures the final GRUB boot
>>> loader. I haven't yet tried creating this with a /boot partition,
>>> and just using that. Maybe that would let it be smaller, but
>>> I'm not sure it would work.
>>>
>>> -----------------------------------------------------------------
>>>
>>> 9. OpenBSD, or other operating systems, if you want them.
>>>
>>> -----------------------------------------------------------------
>>>
>>> 10. A really big Linux partition, which will just be used for
>>> back-ups, but has no operating system.
>>>
>>> -----------------------------------------------------------------
>>>
>>> When I create the version of Linux mentioned in step 8, I make
>>> sure to mount the other linux and VFAT partitions. For example, I
>>> associate /dev/hda1 (the first partition on the first IDE drive)
>>> with directory /hda1, /dev/hda5 (the 5th partition on the first
>>> IDE drive) with /hda5, /dev/hdb1 (the first partition on the
>>> 2nd IDE drive) with /hdb1, etc. I forget how to use SCSI device
>>> names, as I think SCSI drives are a waste of time and money
>>> (having a SCSI controller seems to increase boot time many fold),
>>> but the idea should be similar. Note also that Linux considers
>>> the first partition inside the extended partition to be numbered
>>> 5 (e.g., /dev/hda5), even if there is only one primary partition,
>>> as is true in my proposed setup.
>>>
>>> The Linux 9 install will not get all these things right in the
>>> /etc/fstab that configures the mounts. In my case it confused
>>> which partitions were vfat (DOS/WINDOWS VFAT) which were
>>> ext3 (Linux), and which were Linux swap, so, after install, you
>>> may want to make sure it has created all these directories, and
>>> get your /etc/fstab to look something like:
>>>
>>>
>>> # Version created by mitch. This boot has access to everything.
>>> # Lines starting with "#" are comments.
>>> #Principle Windows 98, with networking
>>> /dev/hda1 /hda1 vfat defaults 0 0
>>> #2nd Windows 98, never connects to network
>>> /dev/hda5 /hda5 vfat defaults 0 0
>>> #Windows ME, never connects to network
>>> /dev/hda6 /hda6 vfat defaults 0 0
>>> #Shared (exchange area) VFAT drive
>>> /dev/hda7 /hda7 vfat defaults 0 0
>>> #Big Redhat Linux 9
>>> #/dev/hda8 /hda8 ext3 defaults 0 1
>>> #Linux swap area
>>> /dev/hda9 swap swap defaults 0 0
>>> #(This) Tiny Linux
>>> /dev/hda10 / ext3 defaults 0 0
>>> #Big Linux partition, used for backups
>>> /dev/hda11 /hda11 ext3 defaults 0 0
>>> #Floppy disk drive
>>> /dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0
>>> #CD/DVD reader
>>> /dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0
>>> #CD RW
>>> /dev/cdrom1 /mnt/cdrom1 udf,iso9660 noauto,owner,kudzu,ro 0 0
>>> #I'm not sure what these are, but Linux 9 adds them, so I do too.
>>> none /proc proc defaults 0 0
>>> none /dev/shm tmpfs defaults 0 0
>>>
>>> -----------------------------------------------------------------
>>>
>>> Obviously that needs modification for your particular layout.
>>>
>>> By the way, tabs and spaces seem to mean the same thing in
>>> /etc/fstab. Note that I have left the final field to be 0
>>> for most of the partitions, especially the VFAT partition,
>>> so you will not waste time with fsck at boot time. Besides, I
>>> don't trust Linux's fsck to handle VFAT partitions. Some people
>>> would say the other Linux system partitions should be fscked,
>>> so the last field should be 1 for the other ext3 partitions.
>>> Most of the time that will not take much time at boot, but Linux
>>> always wastes a lot of time on the VFAT partitions marked for
>>> fsck.
>>>
>>> -----------------------------------------------------------------
>>>
>>> None of the other Linux system partitions should contain
>>> /etc/fstabs that mount each other or the VFAT drives, or they
>>> could contaminate each other.
>>>
>>> -----------------------------------------------------------------
>>>
>>> A really important step is to reconfigure the GRUB boot
>>> installer in the partition mentioned in step 8. It must hide
>>> system Windows partitions from each other, and from networked
>>> Linux partitions, for safety, and because Windows does not work
>>> right if there is more than one recognizable system Windows
>>> partition. For example, here is a sample /etc/grub.conf file:
>>>
>>> #Comment lines start with #. Note that grub boot-time partition
>>> #numbers are one less than Linux partition numbers, e.g.:
>>> #(hd0,0) /dev/hda1 Windows 98
>>> #(hd0,4) /dev/hda5 2nd Windows 98, no network
>>> #(hd0,5) /dev/hda6 Windows ME, no network
>>> #(hd0,6) /dev/hda7 Exchange VFAT area
>>> #(hd0,7) /dev/hda8 Big Linux
>>> #(hd0,8) /dev/hda9 Linux Swap
>>> #(hd0,9) /dev/hda10 Tiny Linux, no network
>>> #(hd0,10) /dev/hda11 Big ext3 file for backups
>>> default=0
>>> timeout=4
>>> splashimage=(hd0,9)/boot/grub/splash.xpm.gz
>>> #Note that makeactive only works right for the primary
>>> #Windows partition, and would mess things up on anything
>>> #else.
>>> title /dev/hda1 Windows 98
>>> unhide (hd0,0)
>>> hide (hd0,4)
>>> hide (hd0,5)
>>> hide (hd0,6)
>>> rootnoverify (hd0,0)
>>> makeactive
>>> chainloader +1
>>> title /dev/hda1 Windows 98, with shared partition
>>> unhide (hd0,0)
>>> hide (hd0,4)
>>> hide (hd0,5)
>>> unhide (hd0,6)
>>> rootnoverify (hd0,0)
>>> makeactive
>>> chainloader +1
>>> title /dev/hda5 2nd Windows 98, do not connect to network
>>> hide (hd0,0)
>>> unhide (hd0,4)
>>> hide (hd0,5)
>>> hide (hd0,6)
>>> rootnoverify (hd0,4)
>>> # makeactive
>>> chainloader +1
>>> title /dev/hda6 Windows ME, do not connect to network
>>> hide (hd0,0)
>>> hide (hd0,4)
>>> unhide (hd0,5)
>>> hide (hd0,6)
>>> rootnoverify (hd0,5)
>>> # makeactive
>>> chainloader +1
>>> #Redhat Linux 9 installer does this all wrong. It uses labels
>>> instead #of explicit drive names and numbers, which leads to
>>> incorrect booting. #I did it right.
>>> title /dev/hda8 Big Redhat Linux 9
>>> hide (hd0,0)
>>> hide (hd0,4)
>>> hide (hd0,5)
>>> root (hd0,7)
>>> kernel /boot/vmlinuz-2.4.20-8 ro root=/dev/hda8 hdd=ide-scsi
>>> initrd /boot/initrd-2.4.20-8.img
>>> title /dev/hda10 Tiny Redhat Linux 9, no net, sees all
>>> unhide (hd0,0)
>>> unhide (hd0,4)
>>> unhide (hd0,5)
>>> root (hd0,9)
>>> kernel /boot/vmlinuz-2.4.20-8 ro root=/dev/hda10 hdd=ide-scsi
>>> initrd /boot/initrd-2.4.20-8.img
>>>
>>> -----------------------------------------------------------------
>>>
>>> If you later install another operating that over-writes the boot
>>> loader, you should use the boot floppy made from the tiny "sees all"
>>> Linux partition to boot it, go into /etc, and type
>>> grub-install /dev/hda
>>>
>>> -----------------------------------------------------------------
>>>
>>> Be sure to copy the /etc/fstab and /etc/grub.conf files from the
>>> tiny Linux partition into the big backup partition.
>>>
>>> OK. Now for back-ups. Here is a backup.sh file in the big Linux
>>> back-up partition, that you can run using
>>> source backup.sh
>>> It back ups partition /hda1, the first Windows 98:
>>>
>>>
>>> #This mount creates an error message, that can
>>> #be ignored, if it is already mounted.
>>> echo "mount /hda1"
>>> mount /hda1
>>> #We write lots of zeros into the unused part of
>>> #the partition, so it will compress well.
>>> #
>>> echo
>>> echo "cat /dev/zero > /hda1/junkzero"
>>> cat /dev/zero > /hda1/junkzero
>>> # If the partition were larger than 2048 MB, we
>>> # might want to write more zeros, with something like
>>> # cat /dev/zero > /hda1/junkzero2
>>> # cat /dev/zero > /hda1/junkzero3
>>> # ...
>>> echo
>>> echo "rm -f /hda1/junkzero*"
>>> rm -f /hda1/junkzero2
>>> echo
>>> echo "umount /hda1"
>>> umount /hda1
>>> #Copy and compress the disk partition image
>>> echo
>>> echo "cat /dev/hda1 | gzip -c - > hda1back.gz"
>>> cat /dev/hda1 | gzip -c - > hda1back.gz
>>> #Just in case something goes wrong, make another!
>>> echo
>>> echo "cat /dev/hda1 | gzip -c - > hda1back2.gz"
>>> cat /dev/hda1 | gzip -c - > hda1back2.gz
>>> echo
>>> echo "ls -lad *.gz"
>>> ls -lad *.gz
>>>
>>> -----------------------------------------------------------------
>>>
>>> This backup can be restored, and should be every few days, to
>>> wipe network induced changes, or after you have used your credit
>>> card number, by booting up the tiny linux and:
>>>
>>> umount /dev/hda1
>>> zcat hda1back.gz > /dev/hda1
>>>
>>> In fact, you can create your second (non-network) Windows 98
>>> setup by
>>> unmount /dev/hda5
>>> zcat hda1back.gz > /dev/hda5
>>>
>>> Then boot up that windows version, go into the control panal for
>>> the network, and delete the entries for the modem and ethernet
>>> adaptors, to make mistakes less likely. However, physically
>>> disconnecting the network and modem cables is the only way to be
>>> sure.
>>>
>>> I don't know how to make sure a Linux system partition can't
>>> access the net; you must just be careful to keep cables
>>> disconnected.
>>>
>>> In general, after you have used this setup to hide Windows
>>> partitions from each other's system boots, you can finish
>>> installing the other windows.
>>>
>>> -----------------------------------------------------------------
>>>
>>> You can do something quite similar to back up the other Windows
>>> and Linux partitions, other than the tiny Linux partition itself.
>>> I'm not sure that it would work right for a mounted drive, so the
>>> tiny Linux partition probably can't be used to back-up itself. If
>>> it goes bad, re-install it. I guess one could have two safe
>>> (not-networked) partitions, and use each to back-up the other.
>>>
>>> -----------------------------------------------------------------
>>>
>>> It is a good idea to copy your back-ups and other files from
>>> the big back-up partition to CD-ROM. After all,
>>> a really malicious program could mess up partitions even if they
>>> aren't mounted or its operating system doesn't understand them.
>>> If you only know how to do this using a Windows program like
>>> EZ CD-Creator, just copy the desired backup file to the exchange
>>> partition, bring up the non-networked version of windows to make
>>> the CD, do so, then delete all files from the exchange partition.
>>> Get back into the tiny Linux, and do something like
>>> mount /dev/hda7
>>> rm -rf /hda7/*
>>> cat /dev/zero > /hda7/junkzero
>>> rm -f /hda7/junkzero
>>> to get rid of all traces of the back-ups in the exchange
>>> partition.
>>>
>>> -----------------------------------------------------------------
>>>
>>> I hope in the future to migrate to the idea of running off of
>>> CD that was discussed in that earlier mentioned link
>>>
>>> http://www.heise.de//ct/english/99/11/206
>>>
>>> but to also include Linux on that CD. Any time I connect to the
>>> net, the hard drive with my private stuff will be out of the
>>> machine. If I must download stuff, it will be to a floppy, zip,
>>> or re-writable CD drive. I'm not yet bright enough to figure how
>>> to do this yet.
>>>
>>> -----------------------------------------------------------------
>>>
>>> In any event, it is critical that after setup you remember to
>>>
>>> 1. Disconnect modem and internet cables before booting the
>>> machine from partitions that are not supposed to see the network.
>>> In fact, if you are paranoid, you will disconnect before every
>>> boot, because your BIOS a vulnerability during boot.
>>>
>>> 2. You must periodically (certainly every few days) refresh the
>>> partitions from their back-ups, preferably CD-ROM versions, to
>>> get rid of what the world has done to them.
>>>
>>> 3. Also, never use your own machine to post or read email or
>>> usenet discission groups with a mail program or news reader. Much
>>> safer to do email through a website like
>>>
>>> http://mail.yahoo.com
>>>
>>> (and click on secure, to get the https link)
>>>
>>> and usenet through a website like
>>>
>>> http://deja.com
>>>
>>> This is because most email and usenet programs have major
>>> security flaws.
>>>
>>> 4. Use the msconfig program (Start-up Menu -> Run -> msconfig
>>> to reduce start-up processes to an absolute minimum. Not only is
>>> this more secure, you will crash a lot less often. Use the disk
>>> clean-up (something like Start-up Menu -> Accessories -> System
>>> -> disk cleanup) to clean out everything it will let you often,
>>> then use Start-up Menu, Find or Search to get rid of cookie and
>>> history files. While you are at it, try to set up your browser
>>> to kill cookies at the end of every session. You won't
>>> completely succeed, the bad guys are always hiding things, but it
>>> will make you feel better.
>>>
>>> 5. Leave your microphone and video camera disconnected any time
>>> you aren't using them, and dress properly when you are.
>>>
>>> 6. Use a good virus checker, and a pseudo-firewall program like
>>> Zonealarm (zonelabs.com) to make spyware and malware work a
>>> little harder. Most evil people are just as lazy as anyone else,
>>> and prefer to go after those who take no precautions.
>>>
>>> 6. Pray no one gets too sneaky.
>>>
>>> 7. Pray that someone takes over Microsoft who cares about
>>> security.
>>>
>>> -----------------------------------------------------------------
>>
>>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.481 / Virus Database: 277 - Release Date: 5/13/2003