Re: My Solution to Securing Windows 98, ME Against Network Modification and Spying, using Linux.

From: grunes (grunes_at_yahoo.com)
Date: 05/26/03


Date: 26 May 2003 09:36:20 -0700

First a correction:

My backup.sh included the following lines

  echo "rm -f /hda1/junkzero*"
        rm -f /hda1/junkzero2

That "junkzero2" should have been "junkzero*", else it would have
filled the available space in the windows directory with a large
zero-filled file, making it hard to use.

I appreciate the various replies offered. But let me mount some
defense for acting reasonably paranoid.

>From: n1pop (n1pop@hotmail.com)
>Securing a system from most attacks takes only a little effort and
>some knowledge. You need to know how attacks could be made and what
>you can do to stop them.

Microsoft patches a "new" hole every few days through
support.microsoft.com. If you get on Redhat's mailing list they patch
a "new" hole several times a day. (Not that patch frequency relates in
a reliable way to error and backdoor inclusion.) Each of those
represented a possible way into your machine. Besides, backdoors
exist, so evil-doers may be playing with your system regardless of
patches.

>For example, no hacker in the world can get
>to a computer that doesn't seem to exist on the net, and a decent
>firewall can do that.

Incorrect. Many very useful websites use Javascript, or even worse,
Java and Active X, including some of the ones I find professionally or
personally very useful. These have all been known to open holes that
might get through a firewall. Other holes probably exist in Windows
itself, thousands, if my theories are right.

A firewall can close specific ports. But personal info and external
control instructions can go through any port, if there is bad software
to receive it. Even the timing and details of http requests can pass
encoded information. A firewall can block specific sites, and known
threats, but not all are known. If my theory is correct, most are
known only to the malicious few. Your browser has to be configured to
get through the firewall, and may itself be delivering the needed info
to the remote site. The fact that remote hackers don't have a specific
IP for you can't stop holes that are built into the system. We use a
seperate hardware firewall at my home, configured by someone more
knowledgeable and paranoid then myself, who seems to love tracking
down hackers. Zone-Alarm still finds a few things. Someone who worked
for one of the best known router companies told me that people find
new ways to break into them a few times a day; the same might well be
true of firewalls. Firewalls are sometimes useful, but they aren't a
complete answer.

>You need to develop safe surfing habits; don't open attachments from
>people you don't know, don't fall for scams like the MS security
>update email (MS never sends unsolicited email containing a fix),
>don't accept default program configurations.

There are times when all of these things are convenient. My way lets
me do all these things safely.

I figured out that MS security update scam. It was confusing, because
my workplace sends out a few security warnings a week, and this was
worded in about the same way, but it became pretty obvious when I
looked at the wierd return address. Pretty dumb hacker. A hacker that
made himself look exactly like the security memos from a large
organization would probably contaminate a lot of people's machines. Or
a hacker who broke into a router and made their machine look like the
update servers for Microsoft or Redhat. You'd never know, if they were
any good.

Some very useful free or commercial software contains spyware or
worse. For example, Adobe Reader is needed to read the documentation
for a lot of commercial software, and for many of the posts I get for
work. But recent versions of Adobe Reader start up a superfluous
resident "Download Manager", one of the more obvious halmarks of
spyware. Some useful web sites need Microsoft Internet Explorer or
Netscape to be viewed, both of which are known spyware and malware.

Again, I recently bought a common program called "TurboTax" from a
Intuit. It contained big-time spyware and malware (in my case the
video driver malfunctioned when I deleted the spyware, other people
have had CD writers fail, or boot failures altogether), a fact that I
should have known if I had looked at relevant web sites. Time being
finite, I just assumed that a well-known software package from one of
the biggest companies in the financial software arena would have to be
safe.

My home computer exists largely for recreational purposes. Some of the
clubs to which I belong post through web sites and mailing lists, and
I frequently go looking or shopping for things by going to a search
engine, and clicking on anything that looks good. I would rather not
worry much about it, then restore it back to safe state before doing
anything like using a credit card, and leave a seperate operating
system load without network access to handle private info.

>From: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]
>The number of Linux vulerabilities are on par with Windows
>vulnerabilities...both suffer from the same fate:
>SCU's. SCU's are the bane of every company, cause all security
issues,
>all vulnerabilties, and are the root of most security issues.....
what are
>SCU's? Stupid Computer Users.

We are all sometimes stupid computer users. One mistake is enough to
let in the bad guys. A way of easily recovering from a mistake is
wonderful.

The indicated solution is not appilcable to my personal work site, as
we manipulate too many gigabytes. But, most people in any given
worksite don't even care about security. Trying to stay up with
security is a full time job, often a loosing battle. Most of us are
paid to do real world jobs too.

>From: Lanwench [MVP - Exchange]
(lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
>In addition to the other comments, nobody ever said Win9x/ME were
secure -
>they're not, weren't designed with security in mind. Anyone who
really cares
>about security and wants to run Windows is going to be using NT, 2k
or XP,
>also with all patches, firewalls, and angry guard dogs installed....

Things get past those operaitng systems too, for most of the same
reasons. XP, if anything, is viewed by large parts of the security
community as the least secure and least private of the entire Windows
family.

There is another major issue. You can go to a computer show and buy a
perfectly good new computer system for under $300, a used one for a
lot less. (I assume you have an old monitor already, and that you
don't need gigaflops of processing speed.) The retail price for
Windows 2000 Professional, arguably the most secure Windows member, is
a fair bit more than that, especially if it is not bought as an
update, and does not come with the machine, and you are trying to be
completely legit. I feel that paying such prices is basically
unethical, because it encourages Microsoft to continue over-pricing
their product. Anyway, we use NT, 2000 and XP at work, and they suffer
most of the same problems, based on the security notices our work
sends out.

-------------

In summary, the world is not a secure place. Finding a way that lets
you close holes in a few minutes is not unreasonable.



Relevant Pages

  • [NT] Microsoft Internet Explorer Drag-and-Drop Redeux
    ... Get your security news from a reliable source. ... Microsoft Internet Explorer suffers from a vulnerability in its handling ... Windows 98 Second Edition ... Set the "Web sites in less privileged content zone can navigate into ...
    (Securiteam)
  • Re: Guide to secure installtion of IIS 5
    ... don't forget a well-configured firewall. ... Do not put the computer onto the network or the Internet until after the ... Follow the instructions for hardening Windows and IIS at ... Install all service packs and security fixes from Microsoft and otherwise ...
    (microsoft.public.inetserver.iis.security)
  • Re: The Myth of the secure Mac
    ... You are screwed only if you use Outlook. ... >> 1) You fail to apply necessary recommended security patches after ... >> 3) In the case of a firewall, ... >> attached as common Windows files) Make sure this Junk Mail is moved to ...
    (comp.sys.mac.advocacy)
  • Re: Antivirus Programs
    ... Shenan-you wrote an excellent security book. ... >> May I install Norton AntiVirus and McAfee Security on my ... > Windows is not the only product you likely have on your PC. ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.newusers)
  • Re: Microsoft Windows Network & Web Client Network - somebody connected to my computer?
    ... I use Windows XP. ... Doing the best I can at absorbing the necessary information about security. ... > UPDATES and PATCHES ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.security_admin)