| FREE PC PROTECTION: (Not an exhaustive list. Your results may vary. Void where prohibited. For entertainment purposes only. No wagering, please. Whattayawantfernuthin'.) (Thanks, but "Buy a Mac" doesn't qualify as "FREE PC protection") |
|
 |
|
Posted on 05/17/2004 11:54:24 AM PDT by E. Pluribus Unum
Security in all mainstream operating systems is non-existent; however, things are especially bad for Windows. Windows happens to be the favorite target of worm and virus writers. Conventional wisdom suggests that the huge installed base of Windows helps spread the worms and viruses, and also makes it a highly attractive target for worm/virus writers. The installed base of Windows certainly has an undeniable effect on the prevalence of malware on Windows, but this is not all there is to it.
Worms and viruses are so stunningly effective on Windows only because Windows provides some atrocious functionality which makes it easy for worms to strike. It might seem counterintuitive but Windows Registry, and a misdesigned Windows Update are the primary culprits that create a hospitable environment for worms and other malware.
A typical Windows system follows a simple lifecycle: it starts out with a clean Windows installation, which gradually deteriorates as programs are installed, and uninstalled. Eventually, the Windows registry accumulates so much crud that the user is forced to do a clean install. When a user does a clean install that user's system loses all the previously applied security updates, and becomes a sitting duck for worms and other malware.
Things wouldn't be so bad if the user was able to update the new system with security patches painlessly, but Windows Update makes it very hard to do so. My personal experience with the killer duo is an enlightening example of how all of this works.
I purchased a Thinkpad X21 with Windows 2000 Professional in January 2002, and since then have gone through three clean install cycles. After the second cycle I decided to stick with a deteriorating installation no matter what happened.
As expected, pretty quickly the registry started accumulating all sorts of rubbish, and the system started exhibiting strange bugs. First Mozilla stopped working; reinstallations, uninstallations, upgrades did not resolve the problem, so I switched to Opera.
A few months later Windows explorer started to hang on folder right click. I did my best to search for a solution to this problem on the internet, but never managed to find a solution. Resigned, I eventually learned to avoid right clicks on folders, and became adept at killing and reinvoking the explorer process after an inadvertent forbidden click.
Then I made the mistake of installing VMWare 30 day demo on my system. As soon as I booted Linux under it as a guest OS, the the sound card went bonkers, and started producing high pitched screeching sounds. I tried reboots which didn't work; as a last resort I uninstalled VMWare but that didn't work either. This forced me to lower the volume of the speakers to muffle the screeching, but I continued using the same setup.
Finally, I had the bright idea of downloading a registry cleaner to fix things. The product I downloaded turned out to be some pathetic crippleware, and I uninstalled it. Well, that was the fatal fatal mistake; the next time I rebooted, Windows refused to load. Safe mode, last known good configuration, etc., all failed, and so I was forced to do a clean install.
As expected the clean install took care of the bugs. However, it also got rid of all the security updates. I immediately connected to Windows update to download the service packs, and the critical updates. Rather quickly I was welcomed by Messenger Service spam. The Messenger Service spam was only a minor inconvenience as I knew how to turn it off; however, within a short while I got a message from Windows saying that svchost.exe had crashed: the Blaster worm had struck.
The Blaster worm attacks Windows XP, and Win2K systems. In order to infect a system the worm needs to send the correct payload for the respective OS. The worm is not able to differentiate between the XP and Win2K so it randomly guesses the OS type; however, if it guesses wrong the RPC service crashes, and Windows reports it as a crash of svchost. The Blaster attack was quite a surprise as the major outbreak of the worm occurred back in August 2003, and I was expecting all infections of the worm to be fixed by now.
I was in no position to do anything about the Blaster attack, so I continued downloading the 35 MB service pack 4 over my dialup connection. It took me a couple of hours to download it, but Windows Update refused to install it; Windows Update probably needed some functionality provided by the crashed svchost.exe.
I rebooted and connected to the internet, which was a mistake as I was giving the worm a second chance to infect my system. Anyway, I proceeded to Windows Update, and tried the same download again. Alas, Windows Update had forgotten all about the 35 MB it had downloaded previously, and started downloading the same stuff all over again. Worse, the Blaster worm crashed svchost again, and I had to discontinue the download.
I knew about the existence of a standalone security update to patch the vulnerability Blaster exploits, so I decided to bypass Windows Update and download it directly. The download was small less than 1MB, but as soon as I tried running it I learned that it requires at least service pack 2 to install, which I didn't have.
Microsoft provides a separate download for service packs as well, and I decided to download the latest service pack, service pack 4. Well, the standalone service pack 4 distribution turned out to be a mammoth 129 MB download. This is about the maximum I have ever downloaded over a dialup connection; a download of this size can easily take 10 or more hours to complete.
Downloading a large file over dialup requires the ability to resume downloads which Internet Explorer does not provide, so I downloaded Wget to acquire that ability. Wget is a commandline tool and is invoked by calling it with the URL name. I tried pasting the URL on the command line, but it turns out that the cut and paste functionality disappears after a blaster attack, so I was forced to manually type the URL.
Normally, typing a URL is not a big deal. Everyone types URLs all the time, and I do too, but I do mind typing gibberish strings of 95 characters like the following:
http://download.microsoft.com/download/E/6/A/E6A04295-D2A8-40D0-A0C5-
241BFECD095E/W2KSP4_EN.EXE
To cut a long story short I managed to download and install the service pack, and the Blaster security update. Finally, the Windows Update started working and after another 30-40 MB of downloads, and 3 or so reboots, I managed to installed the 18 security updates available there (another 5 have been added to that number as of now).
After this experience I cannot help but laugh at the 'usability' problems Windows users are reporting about GNOME and KDE. It has become pretty clear to me that Windows users are so accustomed to usability problems that they don't even recognize them as usability problems. But, as soon as these people move to a different environment they start complaining simply because the new environment does not replicate the features and bugs of Windows exactly.
The other big lesson from all this is that most Windows users are incapable of 'securing' their systems. This is precisely why an unprotected system gets attacked in a matter of seconds, and spammers are still sending out Messenger service spam. Worse, Microsoft is directly responsible for this state of affairs. Windows encourage users to reinstall it every once in a while, and when they do, Windows Update actively prevents users from updating their systems.
The whole idea of Windows Update is a joke. Using an unreliable and insecure network as the primary means of distributing security updates is simply idiotic. This is like asking people to walk through a minefield to get to a shelter. I was able to download security updates off the internet only because the current generation of worms are not particularly malicious; they are just minor irritants.
If Microsoft is serious about Windows security it needs to fix Windows Update, and get rid of the damned Registry for good. Unfortunately, Microsoft's approach is to layer half baked fixes over utterly broken things to keep them going for as long as possible. Microsoft knows that there is a problem with the Registry, but the way it is dealing with it is by offering Registry rollbacks, and similar worthless functionality.
I did a search on Google for "System Restore Does Not Work" and as anticipated there are plenty of complaints about XP's System Restore functionality. Furthermore, such approaches even if they somehow became reliable would still not work. There is a very simple reason for that, users cannot reliably associate the problems they are experiencing with changes in the Registry. For instance, if svchost crashes how is a user to know whether changes in the Registry caused it or a worm caused it? The extra functionality will likely lead to futile rollbacks and additional frustration for the users.
The upcoming SP2 update for Windows XP is another good example of a clueless fix. According to the reports I have read SP2 will enable the XP firewall by default, and will also include many nifty features to protect the system. It is pretty obvious that such updates cannot work in the presence of the Windows Registry. Windows users who install any kind of software will sooner or later be forced to downgrade because of registry problems, and when they do they will get fried.
I am not saying Microsoft should not do what is doing, but it should focus on the more important things first. For the short term the correct approach is to fix Windows Update so that users aren't forced to connect to a network to get security updates. Windows update should encourage users to create a Windows Update CD that contains all the security updates the user has downloaded so far. The CD should contain a setup routine that is capable of installing all the updates in an automated fashion without requiring user intervention. Inevitably, when the user downgrades he/she can use that CD to update the system, and then connect to a network to download any further updates. Such a CD should be shareable amongst users, so that if someone doesn't have an update CD, he/she can simply get one from a friend or an acquaintance.
Actually, Microsoft does offer a security update CD, and is willing to ship it to customers free of charge. But, as always Microsoft has made a mockery of a decent idea. First of all, 2-4 weeks are needed to deliver the CD. Then there is the problem of availability, the CD is not available everywhere (I live in Pakistan, and the CD is not available for Pakistan). Also, the CD Microsoft is offering is horribly out of date. There is no fix for this last problem, if Microsoft starts updating the CD every other week, then people will start asking for a new CD every other week. Obviously, shipping a CD to every customer every few weeks is quite an expense, and Microsoft doesn't want that. So, the Microsoft Update CD is there just for moral support.
Overall, Microsoft is flat-out confused about how to deal with Windows security problems. The recent decision to disallow pirates access to Windows XP SP2 is another action reflective of that confusion. I can't understand why Microsoft is so jittery about supporting pirates. Microsoft's paying customers are suffering because of insecure Windows systems; therefore, Microsoft's first priority should be to get the worm infected systems fixed. If this requires distributing security updates to pirates so be it.
Microsoft really needs to look beyond short term remedies to solve security problems. The company has to move away from its Windows roots in order to create a secure operating system environment. Microsoft has a huge research and development budget, and it just doesn't make sense why it cannot develop a security centered OS.
| FREE PC PROTECTION: (Not an exhaustive list. Your results may vary. Void where prohibited. For entertainment purposes only. No wagering, please. Whattayawantfernuthin'.) (Thanks, but "Buy a Mac" doesn't qualify as "FREE PC protection") |
|
|
|
I'll be interested in what the microsofties have to say about this. The author has a good point. You should be able to go somewhere at MS and download an ISO image that will let you patch to the current level in one easy step. Of course, that would make too much sense.
Numerous reasons to switch to Mac OSX.
The amazing thing is not this it is so screwed up, the amazing thing is that it works at all.
An all those years, I thought it was just me.
Why should they?
People have proven time and time again that they will buy whatever crap comes out of the spigot in Redmond.
People won't look at alternatives unless they're "compatible" --- that means built on the same architecture.
I'll stick with my Macintosh.
"Ya just barely beat me to this post. This article describes why at this point, it's almost criminally stupid to run windows on internet-facing computers."
Not so. I have eight PC's running everything from Windows 3.11 for Workgroups to XP. All are connected to the internet via a broadband connection through a router.
Not one has ever been infected with a virus. Not one has been attacked by a worm. Not one has ever needed a re-install of the OS from scratch.
Why? Because I'm careful and take the precautions necessary.
The only reason Windows is attacked is because of the huge installed base. Mac/OS and the various versions of Unix/Linux also have weaknesses, but they're less attractive to the miscreants who create this malware.
The author here has installed some questionable crap on his system and he's paying for it. The fact that he downloaded some bogus registry cleaning utility is evidence of that. Had he PURCHASED a registry utility, he could have cleaned the thing up.
The fact that he has had to perform so many system re-installs says to me that he's way too prone to installing bogusware.
Windows is flawed; there is no doubt, but millions upon millions of users use Windows in one version or another with no problems whatever.
The world doesn't spin overnight.
Perhaps if Apple made a low priced computer then people would switch, but they don't. It costs a lot to switch and having to pay a 75% or more premium for their hw makes it a difficult sale.
Seeing as how Linux has a very large > 50% share of the webserver/internet server market, why aren't those servers compromised a lot?
Does anyone know if there's another worm circulating on the net? I've rec'd via email about 10 viruses this morning from some a**hole with a subject line indicating something to do with Symantec. Thus far, my firewall and virus protector has stopped the viruses.
Pointing out that the current microsoft tech isn't secure isn't anti microsoft, it's the truth.
Microsoft always says that the next verion will be perfect, yet it never is.
Ok, so who is the hottie?
That's because there is no repercussions to them when their computer is a zombie being used to send spam by some guy in Bulgaria. it's also no problem to the user when his pc is attacking mine because he's been infected with the worm-of-the-week.
Not so. I have eight PC's running everything from Windows 3.11 for Workgroups to XP. All are connected to the internet via a broadband connection through a router.
You must be a really exceptional case, because it is a known problem with windows that the systems become cranky and touchy if they are used for a long period of time without reloading.
Your claim sounds similar to the ones I used to hear from people trying to claim unbelievable windows 9x uptime. Then we found out later that windows had a bug that caused it to lock up after 45 days no matter what was done with the box.
I still think it would go a long way if microsoft would issue ISOs on a regular basis that people could use to facilitate clean installs.
I find it odd that you have been through so many reinstalls. I've done a few at work, but my home and family machines have been going for about four years without surgery.
As for the pain of reinstalling security, that is why MS offers service pacs. Currently W2k is at service pac 4. That's one file to download that bring all your updates and security up to February, 2004. If the file's too big to download, MS offers a free CD that will bring any version of Windows from '98 on up to current standards.
ROFL
The poor idiot who wrote this article just exposed his own stupidity and ignorance to the whole world!
*sigh*
I really do get tired of saying it:
When someone has a problem with Windows the problem usually lies between the chair and keyboard.
He has once again proven me right. :-)
I, also, as another poster, have Win3.11 - WinXP installed on 9 different computers and have never had a problem with viruses, malware, adware or whatever you want to call it.
The original installations of Win 3.11 - WinXP are just that.....original, in that, I have never had to re-install any of the operating systems. When I upgraded hard drives/hardware I used Norton Ghost and the recommended procedures for updating. The Win3.11 install was done in 1993. The DOS 6.22 installation, which was used to install Win 3.11 is still the original. :-)
Ignorant people just make me laugh!
ROFL
BTTT
I have a utility called 'Easycleaner' from Toniarts. It strips the accumulated crud out of the Registry, and does quite a good job of it. It is free, but due to the costs from the immense response that his program has gotten, he now asks for a fifteen dollar subscription fee to get at his downloads.
I got mine before he started charging, but it is worth it, as far as I'm concerned. If I need to get it again, I'll pay the $15.
http://www.toniarts.com/
I have absolutely no idea (though it does make you wonder what one has to do to BECOME "Miss Internet")
Ping
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.