Re: How About a Hardended Win2K Image to Bash?
From: Gordon Fecyk (gordonf_at_pan-am.ca)
Date: 01/26/05
- Next message: Adam Sandler: "Re: W2K Server Security Template"
- Previous message: Vanguard: "Re: secure file deletion"
- In reply to: Steven L Umbach: "Re: How About a Hardended Win2K Image to Bash?"
- Next in thread: Steven L Umbach: "Re: How About a Hardended Win2K Image to Bash?"
- Reply: Steven L Umbach: "Re: How About a Hardended Win2K Image to Bash?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Jan 2005 17:46:27 -0600
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:udbLm3oAFHA.1452@TK2MSFTNGP11.phx.gbl...
> Antivirus is not an end all solution but a tool that has it's purpose.
Sure. And that purpose is to act as a security blanket. It's not doing
much else.
I'll ask you the same question I asked Karl: When Melissa came out, McAfee
stayed up and uninfected while most of McAfee's customers were infected.
They hadn't released a patch for their anti-virus products until a few days
after the first sightings, yet they stayed up and uninfected. Why? Surely
they use Windows, and surely they use their own products as a matter of
corporate policy.
I doubt they used the techniques I brought up here, because Win2K wasn't
released yet. So how did they stay up?
> don't doubt that a stout version of the operation system can be built and
> use such myself. Note that it is trivial to take admin privileges when one
> has physical access to the computer so it will be hard to weed out
cheaters,
> though if the original admin password has been changed that would be a
give
> away.
These are things that could happen on any system with any amount of
protection short of encrypting the entire file system. But how often does
it happen that some Joe Six-pack deliberately wants to hack their own PC?
Besides when they forget their passwords, that is... heh heh
The problem is keeping malicious, or ideally, unauthorized code from doing
damage. "Oh, it it is so easy to poke someone's Windows PC while they're on
the Internet, install something behind their backs, or make them install
something without realizing it, and monitor everything they do." No OS is
going to save you from some burglar physically breaking into your home and
stealing your PC to hack it later, but I insist that the "covert" break-ins
are stoppable with what's built into the system right now.
> I had a
> kiosk W2K computer at my business for over two years running Windows 2000
> without AV and never had a problem. It had a locked computer case and no
> cdrom or floppy drive, just internet connection.
With examples like this, why are folks whining that Windows Is So Insecure?
Not just insecure, but
"paper-thin-easily-hacked-to-pieces-by-two-bit-script-kiddies" insecure?
> Having said that I am not an average user and that is what makes most of
the
> difference. For the average user I would consider virus protection a
> necessity and smart to do in a business environment as things tend to slip
> in between the cracks.
OK, you're prepared to leave a public kiosk running Win2K open to use, with
only an Internet connection without AV, yet would insist on AV in an office
running the same thing? Even if you removed the CD-ROM drives and floppy
drives, and denied access to usbstor.inf/pnf to disable USB memory cards?
I'd have thought office staff would be MORE trustworthy than the general
public.
> Anyhow have fun and I will not take you up on your challenge.
What are you afraid of?
I won't even do the things you mentioned (disable Windows Scripting Host,
disable IIS, disable Telnet, set a ton of IP filters).
-- PGP key (0x0AFA039E): <http://www.pan-am.ca/consulting@pan-am.ca.asc> What's a PGP Key? See <http://www.pan-am.ca/free.html> GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>
- Next message: Adam Sandler: "Re: W2K Server Security Template"
- Previous message: Vanguard: "Re: secure file deletion"
- In reply to: Steven L Umbach: "Re: How About a Hardended Win2K Image to Bash?"
- Next in thread: Steven L Umbach: "Re: How About a Hardended Win2K Image to Bash?"
- Reply: Steven L Umbach: "Re: How About a Hardended Win2K Image to Bash?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
