Re: How About a Hardended Win2K Image to Bash?

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 01/25/05


Date: Mon, 24 Jan 2005 21:29:08 -0600

Antivirus is not an end all solution but a tool that has it's purpose. I
don't doubt that a stout version of the operation system can be built and
use such myself. Note that it is trivial to take admin privileges when one
has physical access to the computer so it will be hard to weed out cheaters,
though if the original admin password has been changed that would be a give
away.

Since Windows 2000 and 2003 have been out I have been running a couple here
at home for 24/7 always logging on as an admin without any antivirus
protection because I did not want to buy AV for server and these are
test/learning servers. I use them as my everyday computers for email and
browsing the internet and never have had an infection on any for over five
years now. I do however keep them behind a firewall, keep them current with
critical updates, harden Internet Explorer and OE, disable unneeded
services, harden the ones that I use, and use strong passwords. I had a
kiosk W2K computer at my business for over two years running Windows 2000
without AV and never had a problem. It had a locked computer case and no
cdrom or floppy drive, just internet connection.

Having said that I am not an average user and that is what makes most of the
difference. For the average user I would consider virus protection a
necessity and smart to do in a business environment as things tend to slip
in between the cracks. If I had to choose between only antivirus protection
or installing critical updates, I would take security patches any day of the
week. Anyhow have fun and I will not take you up on your challenge. I assume
you will have OS configured to do automatic install of critical updates,
disable WSH, disable IIS, telnet, etc and maybe even harden with ipsec
filtering policy and tcp/ip filtering for TCP. --- Steve

"Gordon Fecyk" <gordonf@pan-am.ca> wrote in message
news:uwd2c7nAFHA.2584@TK2MSFTNGP09.phx.gbl...
>A lot of folks have come up to me saying, "this is crazy. You can't rely
> solely on ACLs to prevent viruses."
>
> Well, they're right. Preventing viruses before the fact on Win2K and XP
> requires a combination of approaches. However, I argue that a combination
> of protections applied before the fact can do more than conventional
> anti-virus software can after the fact. In fact, I believe you can use
> what's included in the system to prevent most, if not all, problems before
> the fact.
>
> To this end, I'm prepared to make the same offer to everyone that I made
> to
> Stefan and Karl. If you have legitimate product keys for Win2K Pro or XP
> Home, and Office XP[1] or later, I'm prepared to supply a Norton Ghost
> 2003
> image of a bare-bones installation that uses just the drivers it needs to
> boot, to see if you can infect it with a virus or somehow install spyware
> on
> it.
>
> Here's the catch though:
>
> * You won't get the administrator password. You'll be able to restore the
> image, provide a valid product key and log on as one of the included
> limited
> users. Sysprep (at least on Win2K SP4) does not actually let you change
> the
> administrator password during setup if it's already set, so, that won't
> work. No cheating!
>
> * If you have a net card without a driver included for 2K or XP, I can see
> to installing that on the image. But beyond that, only drivers included
> with 2K or XP will load. (sysprep -pnp will be used)
>
> * You have to infect or corrupt the system itself, not just one of the
> limited user accounts.
>
> It will take some time to prepare the image as I also have a day job in
> consulting. I also need to check the legalities of this sort of thing -
> while I'm not going to supply product keys, I don't know yet if supplying
> a
> pre-installed OS to several people is kosher, even if those people already
> have their own keys. I suppose it wouldn't be any different than if I
> showed up at your door and reinstalled your OS with your own CD-ROMs and
> product keys, but I'd like to make sure first.
>
> So, who's up for it? Want to help me find more holes in Windows? Want to
> laugh at me for being a flaming idiot? Or maybe break your addiction to
> anti-virus updates and laugh at the anti-virus vendors you've grown
> addicted
> to?
>
> [1] Office 2000 does not seem to get past "Preparing to Install..." for a
> first-time limited user, even if you have the Office 2000 CD-ROM inserted.
> That was fixed in Office XP. Office 2000 works fine from an
> administrative
> installation on a network, however. Go figure.
>
> --
> PGP key (0x0AFA039E): <http://www.pan-am.ca/consulting@pan-am.ca.asc>
> What's a PGP Key? See <http://www.pan-am.ca/free.html>
> GOD BLESS AMER, er, THE INTERNET.
> <http://vmyths.com/rant.cfm?id=401&page=4>
>
>



Relevant Pages

  • Internet only in safe mode
    ... the internet from a normal boot. ... when i was uninstalling an outdated norton 360 and installing avira ... When i boot in safe mode i am able to connect to the ... error checked for malware using my antivirus and have had the ...
    (microsoft.public.windowsxp.network_web)
  • Re: Bet You Cant Fix This
    ... >happening after installing anything in particular? ... Uninstall, ... >You should also empty your Internet Explorer Temporary ... >You should also verify that your System Restore feature ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: OT - Opened Apps Freeze
    ... so before I do an XP repair (not from Repair ... you can try installing the ... free avast.com antivirus product without having to uninstall your ... Yesterday I did system restore to two weeks ago (symptoms started two ...
    (alt.sys.pc-clone.dell)
  • Re: browser problem
    ... Tried installing history ... Google Toolbar advice section for these.) ... to have something running like antivirus software - and it prevents browser ... Empty your Temporary Internet Files and shrink the size it stores to about ...
    (microsoft.public.windowsxp.security_admin)
  • Re: NTAUTHORITYSYSTEM?
    ... > installing things, ... to have something running like antivirus software - and it prevents browser ... Empty your Temporary Internet Files and shrink the size it stores to about ... Once it is done, click OK, close Internet Explorer ...
    (microsoft.public.windowsxp.help_and_support)