Re: How About a Hardended Win2K Image to Bash?

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 01/25/05


Date: Mon, 24 Jan 2005 21:29:08 -0600

Antivirus is not an end all solution but a tool that has it's purpose. I
don't doubt that a stout version of the operation system can be built and
use such myself. Note that it is trivial to take admin privileges when one
has physical access to the computer so it will be hard to weed out cheaters,
though if the original admin password has been changed that would be a give
away.

Since Windows 2000 and 2003 have been out I have been running a couple here
at home for 24/7 always logging on as an admin without any antivirus
protection because I did not want to buy AV for server and these are
test/learning servers. I use them as my everyday computers for email and
browsing the internet and never have had an infection on any for over five
years now. I do however keep them behind a firewall, keep them current with
critical updates, harden Internet Explorer and OE, disable unneeded
services, harden the ones that I use, and use strong passwords. I had a
kiosk W2K computer at my business for over two years running Windows 2000
without AV and never had a problem. It had a locked computer case and no
cdrom or floppy drive, just internet connection.

Having said that I am not an average user and that is what makes most of the
difference. For the average user I would consider virus protection a
necessity and smart to do in a business environment as things tend to slip
in between the cracks. If I had to choose between only antivirus protection
or installing critical updates, I would take security patches any day of the
week. Anyhow have fun and I will not take you up on your challenge. I assume
you will have OS configured to do automatic install of critical updates,
disable WSH, disable IIS, telnet, etc and maybe even harden with ipsec
filtering policy and tcp/ip filtering for TCP. --- Steve

"Gordon Fecyk" <gordonf@pan-am.ca> wrote in message
news:uwd2c7nAFHA.2584@TK2MSFTNGP09.phx.gbl...
>A lot of folks have come up to me saying, "this is crazy. You can't rely
> solely on ACLs to prevent viruses."
>
> Well, they're right. Preventing viruses before the fact on Win2K and XP
> requires a combination of approaches. However, I argue that a combination
> of protections applied before the fact can do more than conventional
> anti-virus software can after the fact. In fact, I believe you can use
> what's included in the system to prevent most, if not all, problems before
> the fact.
>
> To this end, I'm prepared to make the same offer to everyone that I made
> to
> Stefan and Karl. If you have legitimate product keys for Win2K Pro or XP
> Home, and Office XP[1] or later, I'm prepared to supply a Norton Ghost
> 2003
> image of a bare-bones installation that uses just the drivers it needs to
> boot, to see if you can infect it with a virus or somehow install spyware
> on
> it.
>
> Here's the catch though:
>
> * You won't get the administrator password. You'll be able to restore the
> image, provide a valid product key and log on as one of the included
> limited
> users. Sysprep (at least on Win2K SP4) does not actually let you change
> the
> administrator password during setup if it's already set, so, that won't
> work. No cheating!
>
> * If you have a net card without a driver included for 2K or XP, I can see
> to installing that on the image. But beyond that, only drivers included
> with 2K or XP will load. (sysprep -pnp will be used)
>
> * You have to infect or corrupt the system itself, not just one of the
> limited user accounts.
>
> It will take some time to prepare the image as I also have a day job in
> consulting. I also need to check the legalities of this sort of thing -
> while I'm not going to supply product keys, I don't know yet if supplying
> a
> pre-installed OS to several people is kosher, even if those people already
> have their own keys. I suppose it wouldn't be any different than if I
> showed up at your door and reinstalled your OS with your own CD-ROMs and
> product keys, but I'd like to make sure first.
>
> So, who's up for it? Want to help me find more holes in Windows? Want to
> laugh at me for being a flaming idiot? Or maybe break your addiction to
> anti-virus updates and laugh at the anti-virus vendors you've grown
> addicted
> to?
>
> [1] Office 2000 does not seem to get past "Preparing to Install..." for a
> first-time limited user, even if you have the Office 2000 CD-ROM inserted.
> That was fixed in Office XP. Office 2000 works fine from an
> administrative
> installation on a network, however. Go figure.
>
> --
> PGP key (0x0AFA039E): <http://www.pan-am.ca/consulting@pan-am.ca.asc>
> What's a PGP Key? See <http://www.pan-am.ca/free.html>
> GOD BLESS AMER, er, THE INTERNET.
> <http://vmyths.com/rant.cfm?id=401&page=4>
>
>