Linked by Howard Fosdick on Mon 6th Sep 2010 21:56 UTC
Windows In previous OS News articles, I've claimed that mature computers up to ten years old can be refurbished and made useful. My last article identified and evaluated different ways to refurbish these computers. One approach is to keep the existing Windows install and clean it up. This has the advantage of retaining the Windows license and software, the installed applications, and the existing drivers. But it takes some work. In this article we'll see what this entails.
Order by: Score:
How to secure Windows?
by cmost on Mon 6th Sep 2010 22:08 UTC
cmost
Member since:
2006-07-16

Install it in a virtual machine within Linux and restrict its access to the Internet. Problem solved.

Reply Score: 2

Nice article.
by Tuishimi on Mon 6th Sep 2010 22:22 UTC
Tuishimi
Member since:
2005-07-06

While I keep mine more or less behind two firewalls, I still appreciate that you are willing to address methods to secure Windows instead of "throwing it away" in favor of Linux or Mac OS X or some BSD.

I've always said if properly configured (and this does not assume that I agree or disagree with what you've addressed in your article) Windows is solid and relatively safe. It's a good operating system. Every operating system is good tho' to me, so take that with a grain of salt.

Anyways, my point is that I appreciate that you aren't just slamming Windows, but working WITH it in this article.

And if this doesn't make sense, forgive me, I am on my second martini. ;)

Reply Score: 6

RE: Nice article.
by WereCatf on Mon 6th Sep 2010 22:36 UTC in reply to "Nice article."
WereCatf Member since:
2006-02-15

While I keep mine more or less behind two firewalls, I still appreciate that you are willing to address methods to secure Windows instead of "throwing it away" in favor of Linux or Mac OS X or some BSD.

This is exactly what I thought when I saw the article: this is exactly the kind of things I'd love to see more here, and I love the fact that it's not about bashing something but instead trying to make the best out of whatever you have!

While Linux or BSD or [insert-your-favorite-here] might be a better or more secure choice than Windows the fact remains that they won't suit everyone and there's always bound to be someone who wants Windows. Thus it's better to show how to make Windows more secure and not just resort to forcing your own preferences on others.

Good work, and keep it up! ;)

Reply Score: 2

RE: Nice article.
by Lennie on Tue 7th Sep 2010 00:04 UTC in reply to "Nice article."
Lennie Member since:
2007-09-22

I would like to point out:
that firewall are needed, but over 80% of the attacks nowadays come from the browser/user/email, not over the network where the packet-filtering firewall lives.

Reply Score: 3

RE[2]: Nice article.
by Tuishimi on Tue 7th Sep 2010 04:48 UTC in reply to "RE: Nice article."
Tuishimi Member since:
2005-07-06

True. That comes down to caution and common sense and perhaps some plugins that warn about sites, etc.

Reply Score: 2

RE: Nice article.
by kaiwai on Tue 7th Sep 2010 02:06 UTC in reply to "Nice article."
kaiwai Member since:
2005-07-06

While I keep mine more or less behind two firewalls, I still appreciate that you are willing to address methods to secure Windows instead of "throwing it away" in favor of Linux or Mac OS X or some BSD.

I've always said if properly configured (and this does not assume that I agree or disagree with what you've addressed in your article) Windows is solid and relatively safe. It's a good operating system. Every operating system is good tho' to me, so take that with a grain of salt.

Anyways, my point is that I appreciate that you aren't just slamming Windows, but working WITH it in this article.

And if this doesn't make sense, forgive me, I am on my second martini. ;)


I would argue that Microsoft Security Essentials is more than sufficient for almost all end users - it does what it needs to do, it doesn't use weird kernel mode hooks, it scores well on the tests and when coupled with an alert and aware end user the experience can be secure and reliable with minimum fuss and bother.

I second that, it is great to see an article that isn't senselessly bashing Windows or some other operating system for that matter - the problem is that the bashers tend to be able to make wordy essays but none of it is based on reality - I'm gradually woking my way through a book on Windows 7 kernel changes and other low level system features, if the Windows critics read at least half the book I have I think their view of Windows would change dramatically.

Reply Score: 2

RE[2]: Nice article.
by Tuishimi on Tue 7th Sep 2010 04:49 UTC in reply to "RE: Nice article."
Tuishimi Member since:
2005-07-06

I'm gradually woking my way through a book on Windows 7 kernel changes and other low level system features, if the Windows critics read at least half the book I have I think their view of Windows would change dramatically


I am with you there! I've been saying that for over a year (as others have). Some serious work has gone on, and is continuing.

Reply Score: 2

RE[3]: Nice article.
by Neolander on Tue 7th Sep 2010 06:28 UTC in reply to "RE[2]: Nice article."
Neolander Member since:
2010-03-08

I am with you there! I've been saying that for over a year (as others have). Some serious work has gone on, and is continuing.

Well, let's see if they got rid of the most obvious flaws : is a web browser still part of several GUI rendering operations (including that of critical control panel applications) ? Do applications still have absolute access to user files without asking ?

Reply Score: 4

RE[4]: Nice article.
by Tuishimi on Tue 7th Sep 2010 06:40 UTC in reply to "RE[3]: Nice article."
Tuishimi Member since:
2005-07-06

Browser engine/backend rendering some UI components, that is becoming more commonplace in most modern applications. That's not the same as hitting sites that host malware or what-not from a web browser application.

File protection can be tightened easily. The somewhat lax default settings are still a result of older dependencies that Microsoft has been slow to eliminate - the old "backwards compatibility" issues.

Reply Score: 2

RE[5]: Nice article.
by kaiwai on Tue 7th Sep 2010 07:43 UTC in reply to "RE[4]: Nice article."
kaiwai Member since:
2005-07-06

Browser engine/backend rendering some UI components, that is becoming more commonplace in most modern applications. That's not the same as hitting sites that host malware or what-not from a web browser application.

File protection can be tightened easily. The somewhat lax default settings are still a result of older dependencies that Microsoft has been slow to eliminate - the old "backwards compatibility" issues.


It's the old story of trying to move the platform forward without isolating a whole heap of customers - I only hope and dream that maybe Microsoft will put its foot down and make the changes even in the face of much protest from the unwashed masses. It bugs me something silly that an organisation who has a million dollar private jet consider upgrading a software title from an incompatible version to the latest one as 'not part of requirements for the core operations of the company'.

The big mistake was the compromise they made in Windows 2000; they should have forced upon the market an operating system with no compromises from day one and accepted that the transition would be slow than compromising for the sake of keeping a few whiners happy.

With that being said we can't go back in time and change history so Microsoft is doing their best to meet that balance - having given Windows 7 a go it is definitely the step in the right direction that will hopefully translate into a small evolutionary step forward with Windows 8 and future releases.

Edited 2010-09-07 07:45 UTC

Reply Score: 2

RE[6]: Nice article.
by pgeorgi on Tue 7th Sep 2010 09:30 UTC in reply to "RE[5]: Nice article."
pgeorgi Member since:
2010-02-18

I only hope and dream that maybe Microsoft will put its foot down and make the changes even in the face of much protest from the unwashed masses.

They did, to a degree: UAC. Notice how everyone whined about it?
It's a good measure to tell people (and developers, directly or by proxy) that there's something wrong with their apps, so there's pressure on devs to minimize the problems that lead to UAC notices (and they did), while not breaking ancient, unmaintained legacy apps (they just get a tad annoying, hopefully pushing users to plan to migrate off of them eventually).
Windows 8 or 9 might do away with UAC, _finally_ breaking those ancient apps (or transparently pushing them in a sandbox - that already starts in Win7 with the namespace virtualization), while giving everyone a chance to fix things in the meantime.

That's what I like with Windows or Solaris: Their maintainers care about compatibility, while planning how to move forward with hacks like these to push people in the right direction. (Sadly on Solaris it's less so since they started with OpenSolaris)

On Linux, you simply get changes thrown at you, forcing you to cope _immediately_ with them (or lack new features because to update, you'd have to update libfoo, which requires udev no older than x.y, which requires you to switch the device detection mechanism, which ... and so on) - that model is good for 0.0.x versions, where experimentation happens, but I really despise it for "mature" systems (such as those I'd like to work with daily)

Reply Score: 2

RE[7]: Nice article.
by kaiwai on Tue 7th Sep 2010 10:55 UTC in reply to "RE[6]: Nice article."
kaiwai Member since:
2005-07-06

They did, to a degree: UAC. Notice how everyone whined about it?
It's a good measure to tell people (and developers, directly or by proxy) that there's something wrong with their apps, so there's pressure on devs to minimize the problems that lead to UAC notices (and they did), while not breaking ancient, unmaintained legacy apps (they just get a tad annoying, hopefully pushing users to plan to migrate off of them eventually).
Windows 8 or 9 might do away with UAC, _finally_ breaking those ancient apps (or transparently pushing them in a sandbox - that already starts in Win7 with the namespace virtualization), while giving everyone a chance to fix things in the meantime.


But the poor communication explaining UAC to the average user didn't help either; if the average user knew that the UAC could be avoided if the software vendor actually updated their software then you might see the end user putting the hard word on software by pestering them.

That's what I like with Windows or Solaris: Their maintainers care about compatibility, while planning how to move forward with hacks like these to push people in the right direction. (Sadly on Solaris it's less so since they started with OpenSolaris).


True, but even with Apple they're pretty fair with their transition; the only things I've seen broken on movement between different versions of Mac OS X are vendors using private frameworks that should never have been used in the first place.

On Linux, you simply get changes thrown at you, forcing you to cope _immediately_ with them (or lack new features because to update, you'd have to update libfoo, which requires udev no older than x.y, which requires you to switch the device detection mechanism, which ... and so on) - that model is good for 0.0.x versions, where experimentation happens, but I really despise it for "mature" systems (such as those I'd like to work with daily)


Agreed; and worse comes when there is no smooth transition from one to the other; you can put in the older way of doing things but then a whole heap of interoperability problems rear their ugly head.

Edited 2010-09-07 10:56 UTC

Reply Score: 1

RE[7]: Nice article.
by lemur2 on Tue 7th Sep 2010 11:40 UTC in reply to "RE[6]: Nice article."
lemur2 Member since:
2007-02-17

On Linux, you simply get changes thrown at you, forcing you to cope _immediately_ with them (or lack new features because to update, you'd have to update libfoo, which requires udev no older than x.y, which requires you to switch the device detection mechanism, which ... and so on) - that model is good for 0.0.x versions, where experimentation happens, but I really despise it for "mature" systems (such as those I'd like to work with daily)


Solution: Install a LTS (Long Term Support) Linux distribution with a back-ports repository.

Here are two candidates:
http://distrowatch.com/?newsid=06030

http://distrowatch.com/?newsid=05334

You will not then have to contend with any of the problems you claim, yet the installations will be supported (with security updates but not necessarily feature updates) for a long time into the future (at no cost other than a bit of Internet bandwidth).

PS: On Linux, you do not have to install updates immediately, or indeed at all if you do not want to.

http://ubuntuforums.org/showthread.php?t=541173
Is there a way I can somehow "blacklist" udev so that running apt-get dist-upgrade will upgrade every package except udev?

...

Highlight the package in Synaptic, then go to "Package" and check "Lock Version".


Edited 2010-09-07 11:44 UTC

Reply Score: 2

RE[6]: Nice article.
by Tuishimi on Tue 7th Sep 2010 14:11 UTC in reply to "RE[5]: Nice article."
Tuishimi Member since:
2005-07-06

definitely the step in the right direction that will hopefully translate into a small evolutionary step forward with Windows 8 and future releases


Exactly.

Reply Score: 2

RE[5]: Nice article.
by Neolander on Tue 7th Sep 2010 19:17 UTC in reply to "RE[4]: Nice article."
Neolander Member since:
2010-03-08

Browser engine/backend rendering some UI components, that is becoming more commonplace in most modern applications. That's not the same as hitting sites that host malware or what-not from a web browser application.

That it has become common isn't an excuse for introducing this security flaw. Especially when we know that Microsoft started it all, in the Windows 98 days, as an attempt to keep IE bundled in their OS.

Having a web engine handling critical things is fundamentally a mistake, in my opinion. That's because as time passes, web standards get more and more bloat... complete, and just about nothing is ever removed. Consequently, web browsers become in turn more and more complex, which in developer's terms mean more lines of code. When you have security in mind, more lines of code means a less trusted program, because more exploitable flaws can be around here due to human error.

As IE keeps getting overtaxed with features, like any modern web browser, chances are higher that one day, we'll see the control panel asking us about administrator password in an unusual place. And the average Joe will give it. And disaster will occur.

Or am I wrong ?

File protection can be tightened easily. The somewhat lax default settings are still a result of older dependencies that Microsoft has been slow to eliminate - the old "backwards compatibility" issues.

So Microsoft has some plans for ditching the old user/admin paradigm and finally introducing some tightly sandboxed security model that doesn't let user files exposed to the first unprivileged malware which comes around ? If it's true, that's truly great ! I envisioned that as one of the killer features of my hobby OS, and am glad that 90% of the desktop/laptop computer market will get this major improvement in security too. Many thanks to Microsoft for planning to fix that hole !

Edited 2010-09-07 19:21 UTC

Reply Score: 2

RE: Nice article.
by lemur2 on Tue 7th Sep 2010 06:56 UTC in reply to "Nice article."
lemur2 Member since:
2007-02-17

Tuishimi:

While I keep mine more or less behind two firewalls, I still appreciate that you are willing to address methods to secure Windows instead of "throwing it away" in favor of Linux or Mac OS X or some BSD.

I've always said if properly configured (and this does not assume that I agree or disagree with what you've addressed in your article) Windows is solid and relatively safe. It's a good operating system.


http://blog.linuxtoday.com/blog/2010/04/junk-cyber-crim.html

Werecatf:
While Linux or BSD or [insert-your-favorite-here] might be a better or more secure choice than Windows the fact remains that they won't suit everyone and there's always bound to be someone who wants Windows. Thus it's better to show how to make Windows more secure and not just resort to forcing your own preferences on others.


In and of itself this is perfectly correct.

However, IMO, it is downright dishonest not to point out to people that virtually all the malware that exists targets only Windows, and that therefore any malware at all that one is ever likely to encounter will only be a threat to one's machine if one is running Windows.

Other OSes are way more secure, there is virtually no chance of one encountering any malware that can target other OSes, and using other OSes is just as easy (or as hard, for that matter) as Windows, and anything that an ordinary user might want to do with their machine can be done, and done well, by good programs available for no cost under other OSes.

Bill Shooter of Bul:
I have done what the article talks about countless times. Sometimes successful, sometimes not successful. Its a lot of work. A lot. It really stinks to spend 12+ hours trying to do this and fail becuase the viruses are more exotic than you think.


Oh yes, this is very very true. It takes ages to try to repair a compromised Windows system, it is a boatload of work and time, and quite often it is not successful.

This should be emphasised over and over. Only if one's time is worth nothing should you consider trying to re-instate a broken/compromised Windows installation. In comparison, booting a decent Linux distribution LiveCD and installing a full Linux desktop with a complete suite of applications takes only thirty minutes or so.

Edited 2010-09-07 07:12 UTC

Reply Score: 1

RE[2]: Nice article.
by moondevil on Tue 7th Sep 2010 08:03 UTC in reply to "RE: Nice article."
moondevil Member since:
2005-07-08


This should be emphasised over and over. Only if one's time is worth nothing should you consider trying to re-instate a broken/compromised Windows installation. In comparison, booting a decent Linux distribution LiveCD and installing a full Linux desktop with a complete suite of applications takes only thirty minutes or so.


Assuming 100% hardware support, which is not always the case.

Reply Score: 2

RE[3]: Nice article.
by lemur2 on Tue 7th Sep 2010 09:50 UTC in reply to "RE[2]: Nice article."
lemur2 Member since:
2007-02-17

"
This should be emphasised over and over. Only if one's time is worth nothing should you consider trying to re-instate a broken/compromised Windows installation. In comparison, booting a decent Linux distribution LiveCD and installing a full Linux desktop with a complete suite of applications takes only thirty minutes or so.


Assuming 100% hardware support, which is not always the case.
"

Indeed. Happily, it is exceedingly easy to test first before installing ... just boot a Linux LiveCD and check out that all the hardware works. It should for most systems.

If we are talking about refurbishing older computers, as is the subject of this thread, then if an older Windows machine has been compromised, and it is necessary to re-install the OS, then for most cases this will only be possible if one has available ALL of the original CDs for the machine itself (e.g. motherboard drivers CD), for the OS, for all of the peripherals (e.g. printers), and for all of the applications. Without all of those, re-installation is not possible.

Given the state of many home computers, in many cases, it is far more likely that installing Linux would be achievable, but re-installing Windows not.

Reply Score: 3

RE[4]: Nice article.
by Kroc on Tue 7th Sep 2010 09:59 UTC in reply to "RE[3]: Nice article."
Kroc Member since:
2005-11-10

Downloading drivers is not hard. The only times you have to look out for a difficult machine is Windows XP machines using SATA hard drives. Usually the motherboard is emulating IDE and XP will install from any disc, but in the case of Dells like this, the SATA drivers were slipstreamed into their custom XP disc.

Regardless, most OEM machines come with a hard drive recovery accessible via a special key before boot, and if the original MBR is gone, you can use GParted to set the boot flag on the hidden partition which forces the OEM recovery to run.

edit: In five years of full time repair work I have had to install Linux on a machine only once (a pirate copy of Windows with no way to repair the install). Any machine that came with Windows can run Windows. Statements like “Given the state of many home computers, in many cases, it is far more likely that installing Linux would be achievable, but re-installing Windows not.” are idiotic. Changing a system known to work on the machine to a foreign system that may yield compatibility (if not at least usability) problems is no good way to be reducing workload. The idea is to remove problems, not remove them and replace them with totally unrelated, new problems that keeps you coming back to the job week after week (I bought a webcam it doesn’t work. “I tried downloading Skype—Windows version—and it didn’t work”. I can’t find my files…).

Edited 2010-09-07 10:18 UTC

Reply Score: 2

RE[5]: Nice article.
by lemur2 on Tue 7th Sep 2010 10:54 UTC in reply to "RE[4]: Nice article."
lemur2 Member since:
2007-02-17

Statements like “Given the state of many home computers, in many cases, it is far more likely that installing Linux would be achievable, but re-installing Windows not.” are idiotic.


Not so. Simply not so.

Every time I have been asked to re-instate a borked Windows machine, being a home machine belonging to an ordinary Windows user, said user has been unable to supply all of the installation CDs. Every single time.

In some cases, it has been possible to wipe the machine and get it working again with full drivers (via online downloads ... this takes ages and ages, and is fraught with error). In many cases, however, without the installation CDs, this has not been possible.

Testing the exact same set of machines with a Linux LiveCD has shown me that Linux works 100% on more machines than those on which Windows can be 100% restored.

So if you don't mind ... that makes my claim real-world-factual rather than idiotic.

Reply Score: 5

RE[6]: Nice article.
by fanboi_fanboi on Tue 7th Sep 2010 15:00 UTC in reply to "RE[5]: Nice article."
fanboi_fanboi Member since:
2010-04-21

In my experience (using Linux since 1995) a Windows machine that boots to Safe Mode is infinitely more useful than even the latest Ubunutu distro.

Linux is for servers. Forever.

Reply Score: 1

RE[7]: Nice article.
by mahiyu on Tue 7th Sep 2010 21:36 UTC in reply to "RE[6]: Nice article."
mahiyu Member since:
2010-08-06

How so? I use Ubuntu as my main OS and have bery few problems with it. I may just be lucky (most of my hardware happens to be reasonably well supported in Linux) but I actually find it less problematic than Windows, and certainly more usable than Windows booted in safe mode.

Reply Score: 1

RE[2]: Nice article.
by saynte on Tue 7th Sep 2010 09:31 UTC in reply to "RE: Nice article."
saynte Member since:
2007-12-10

Other OSes are way more secure, there is virtually no chance of one encountering any malware that can target other OSes, and using other OSes is just as easy (or as hard, for that matter) as Windows, and anything that an ordinary user might want to do with their machine can be done, and done well, by good programs available for no cost under other OSes.


I can't agree. There is software in many cases that either is worse or just unavailable in Linux (for example). To be fair a lot of software is also better on Linux, that's why I use Linux as my primary operating system.

However, one has to appreciate that Windows has its uses. My co-workers predominantly use Windows, and I need to interoperate with them. This means I need to have Windows installed in a virtual-machine to do things involving Word, Powerpoint and Excel (OpenOffice tends to eat my work-mates spreadsheet files, so I kindly no longer inflict this on them ;) ). Although highly subjective, I also find Powerpoint much easier and faster to use than the OOffice equivalent. Additionally, I release some cross-platform software for Windows now and again, so I have to test it.

Another point: a member of my family has the need to use some specialized tax software, which is unavailable for Linux. Linux for them would unquestionably cost them more time than it would save, so it is untrue to say that you should only repair/continue to use a Windows installation if you don't value your time.

Reply Score: 1

RE[3]: Nice article.
by lemur2 on Tue 7th Sep 2010 10:37 UTC in reply to "RE[2]: Nice article."
lemur2 Member since:
2007-02-17

I can't agree. There is software in many cases that either is worse or just unavailable in Linux (for example). To be fair a lot of software is also better on Linux, that's why I use Linux as my primary operating system.

However, one has to appreciate that Windows has its uses. My co-workers predominantly use Windows, and I need to interoperate with them. This means I need to have Windows installed in a virtual-machine to do things involving Word, Powerpoint and Excel (OpenOffice tends to eat my work-mates spreadsheet files, so I kindly no longer inflict this on them ;) ). Although highly subjective, I also find Powerpoint much easier and faster to use than the OOffice equivalent. Additionally, I release some cross-platform software for Windows now and again, so I have to test it.


One is always entitled to an opinion, but it helps if you can back it up with solid examples rather than just stating an unsupported opinion.

What you are talking about for Office software is actually format lock-in. Stated fairly, you actually mean that Windows is far less interoperable with other platforms than other platforms are interoperable with Windows ... Windows Office software chokes far worse over OpenDocument (ODF) files than OpenOffice in handling MS Office files. OpenOffice handles MS Office files far, far better than MS Office handles OpenOffice files.

Solution: if you need a group of workers collaborating and exchanging Office data, simply install OpenOffice on all machines. If you need a central collaboration repository, use Alfresco and not Sharepoint. Headache-free. Significantly cheaper, too.

http://en.wikipedia.org/wiki/Alfresco_%28software%29

As far as financial/accounting applications go, there are plenty of personal financial applications available for Linux. Moneydance is perhaps the best of them:

http://en.wikipedia.org/wiki/Moneydance
http://www.moneydance.com/features
http://moneydance.com/faq
Moneydance is not directly compatible with any tax programs, however you can use the TXF export extension available from the following URL to export your data to a file that can be used by TXF-compatible applications such as TurboTax.


Here is a more objective look (in that it has actual facts) at the various solutions for desktop financial/accounting applications:

http://en.wikipedia.org/wiki/Comparison_of_accounting_software

Anyway, once you have a TXF file exported from your personal finance application, you can use any browser in conjunction with TurboTax Online.

http://www.tax-preparation.com/
Tax filing using Income Tax Preparation Software including Turbo Tax 2009 is giving way to online tax filing.
All a user needs for filing their income tax online is any PC equipped with a web browser.
Tax filers that dread installation of the tax software may opt for online tax filing instead.
Not many companies producing income tax software as those providing online tax filing services.
Income tax preparation software makers have been in business for very long and are very popular with tax filers.


My bold.

Enjoy.

Edited 2010-09-07 10:43 UTC

Reply Score: 2

RE[4]: Nice article.
by saynte on Tue 7th Sep 2010 12:42 UTC in reply to "RE[3]: Nice article."
saynte Member since:
2007-12-10


What you are talking about for Office software is actually format lock-in. Stated fairly, you actually mean that Windows is far less interoperable with other platforms than other platforms are interoperable with Windows ... Windows Office software chokes far worse over OpenDocument (ODF) files than OpenOffice in handling MS Office files. OpenOffice handles MS Office files far, far better than MS Office handles OpenOffice files.

Solution: if you need a group of workers collaborating and exchanging Office data, simply install OpenOffice on all machines. If you need a central collaboration repository, use Alfresco and not Sharepoint. Headache-free. Significantly cheaper, too.


OpenOffice deals with OpenOffice files better than MS Office. MS Office deals with MS Office files better than OpenOffice. That's a reason to use Windows if you have many MS Office files around. Telling everyone to switch to OpenOffice doesn't work in all cases (consider legacy documents). Again, unconvincing argument, sorry.


Here is a more objective look (in that it has actual facts) at the various solutions for desktop financial/accounting applications:


It's not even related to what I said. I said it would most certainly cost them more money than it would save to switch to another format. Your argumentation isn't even on the same topic, it even demonstrates you didn't read what I wrote.

Let me recap so you can maybe take another stab at this: format lock-in is a reason to use Windows.

You have every right to dislike this concept, but unless you can refute it you'll have to admit that there are reasons to use Windows.

Reply Score: 1

RE[5]: Nice article.
by lemur2 on Tue 7th Sep 2010 13:18 UTC in reply to "RE[4]: Nice article."
lemur2 Member since:
2007-02-17

Let me recap so you can maybe take another stab at this: format lock-in is a reason to use Windows.

You have every right to dislike this concept, but unless you can refute it you'll have to admit that there are reasons to use Windows.


It is indeed very often touted as a reason to use Windows. People without imagination or current knowledge of the capabilities of Linux desktop applications quite often believe that using Linux is not a viable alternative for them.

My point is that this is changing. Legacy MS Office documents and application installations cannot seamlessly interoperate with current versions and formats of MS Office. The current .docx format is not a standard (requirement for interoperability) of any kind (it is NOT ISO 29500), and it is next to useless for interoperability.

http://en.wikipedia.org/wiki/ISO_29500
A later edition, was standarized by ISO and IEC as an International Standard (ISO/IEC 29500), this edition is still not implemented in any products.


A single-platform, single-vendor format-lock-in application is the very worst choice imaginable for any kind of Office interoperability/collaboration ... even insofar as interoperability with legacy and touted future versions of the same product.

Save yourself and your company an absolute fortune, both now and for future (incompatible) upgrades, get off the Office treadmill, and install OpenOffice everywhere.

It is, after all, fully supported by some very heavy hitters in the IT industry, and many large organisations have already saved millions by using it in preference to MS Office ...

http://ulyssesonline.com/2009/09/14/ibm-replaces-microsoft-office/

http://www.lostintechnology.com/how-to/replace-your-office-suite-wi...

http://technocrat.net/d/2006/8/31/7344/

http://www.ilovefreesoftware.com/16/windows/business/office/ibm-lot...

http://www.zdnet.co.uk/news/desktop-apps/2005/06/23/indian-openoffi...

http://www.zdnet.co.uk/news/application-development/2005/01/19/fren...

http://computerworld.co.nz/news.nsf/news/FE73A77E2BB96F21CC25742500...

http://www.israelnationalnews.com/News/News.aspx/55243

http://tech.blorge.com/Structure:%20/2008/10/25/openoffice-v30-...

http://www.guardian.co.uk/technology/blog/2010/aug/26/local-governm...

(These are just a ver few recent examples).

OpenOffice has over 20% installed base measured in some markets. That is no small beans.

Format lock-in is an excuse for some frightened IT staff (who know nothing but MS software) to continue to recommend MS office to their organisations, but organisations in the know are already starting to move to OpenOffice in large numbers. Very large numbers. Savings of millions can be made, ongoing year after year savings, and that is a very powerful motivator indeed.

For reasons of sovereignty over their digital data, some governments around the world have begun to mandate OpenDocument format, and this is also a trend that is starting to gain significant moment. (Proprietary formats mean that governments do not really have control over digital data stored in such formats, and governments can become beholden to a sole-source supplier. For most governments, a sole-source foreign supplier at that. They don't like that at all).

Your argumentation isn't even on the same topic, it even demonstrates you didn't read what I wrote.


Au contraire, I showed that there exist perfectly viable options on Linux for every single use case that you explicitly mentioned, including Office files interoperability and collaboration, and tax lodgement software.

Edited 2010-09-07 13:31 UTC

Reply Score: 2

RE[6]: Nice article.
by saynte on Tue 7th Sep 2010 13:37 UTC in reply to "RE[5]: Nice article."
saynte Member since:
2007-12-10


Au contraire, I showed that there exist perfectly viable options on Linux for every single use case that you explicitly mentioned, including Office files interoperability and collaboration, and tax lodgement software.


You just did it again. I'm saying that SOME people use Windows because it hosts the programs that are able to best read their data, which cannot be transformed in a satisfactory way to another format.

The world is a big place, sometimes people can use Linux to great effect, sometimes not. Vice-versa for Windows. There is a place for both, and people make their own choice to use Windows if they want, possibly for very good reasons.

My personal choice of OS is Linux, but I place no judgement on such individuals who use Windows, as it would be incredibly arrogant of me to do so.

Reply Score: 1

RE[7]: Nice article.
by lemur2 on Tue 7th Sep 2010 14:00 UTC in reply to "RE[6]: Nice article."
lemur2 Member since:
2007-02-17

The world is a big place, sometimes people can use Linux to great effect, sometimes not. Vice-versa for Windows. There is a place for both, and people make their own choice to use Windows if they want, possibly for very good reasons.


Of course. My point is that on many occasions Windows is chosen not for good reasons but through ignorance of any alternative. This is particularly the case in the "refurbished PC" scenario with ordinary users use cases.

My personal choice of OS is Linux, but I place no judgement on such individuals who use Windows, as it would be incredibly arrogant of me to do so.


I make no judgement of people also. Not everyone is in a position to make the best choice for themselves. Because information about real, viable and perfectly cost-effective alternatives to Windows (particularly in the arena of refurbished PCs) is very difficult for most people to become aware of, it is beholden of us who know about potential alternatives to point them out.

Hence my point that Linux is a perfectly viable, usable, secure, cost-effective solution (particularly in the arena of refurbished PCs) in far, far more cases than most people realise.

It is just that people in general don't know much about Linux.

The right thing to do then is tell them, so that they realise they do have a choice other than Windows.

Edited 2010-09-07 14:04 UTC

Reply Score: 2

RE[5]: Nice article.
by lemur2 on Tue 7th Sep 2010 13:51 UTC in reply to "RE[4]: Nice article."
lemur2 Member since:
2007-02-17

OpenOffice deals with OpenOffice files better than MS Office. MS Office deals with MS Office files better than OpenOffice. That's a reason to use Windows if you have many MS Office files around. Telling everyone to switch to OpenOffice doesn't work in all cases (consider legacy documents)


OpenOffice has between 10% and 20% installed base. "Legacy documents" and indeed "Office files" include OpenDocument files.

You are correct ins saying that: (a) OpenOffice deals with OpenOffice files better than MS Office, and (b) MS Office deals with MS Office files better than OpenOffice, but you omit mention of the fact that (c) OpenOffice deals with MS Office files much better than MS Office deals with OpenOffice files.

Given that OpenOffice has between 10% and 20% installed base (depending on the market), point (c) is very much a serious flaw in MS Office that is only a minor problem in OpenOffice.

Do indeed consider legacy documents vs current versions of MS Office and OpenOffice, and also consider legacy versions of MS Office vs current formats of MS Office and OpenOffice ... OpenOffice supports interoperability better.

Edited 2010-09-07 13:53 UTC

Reply Score: 2

Other tools
by Blind on Mon 6th Sep 2010 23:04 UTC
Blind
Member since:
2009-09-24

From Combofix.org
Download combofix and Smitfraudfix, both are great tools and offer a lot, great way to start working on heavily infected Windows computers. I also recommend Super antispyware.

Reply Score: 1

RE: Other tools
by anduril on Tue 7th Sep 2010 12:17 UTC in reply to "Other tools"
anduril Member since:
2005-11-11

I wouldn't advise a normal person to hit a machine with Combofix. The tools great but it can very easily mess a machine up

Reply Score: 1

Comment by Lazarus
by Lazarus on Mon 6th Sep 2010 23:45 UTC
Lazarus
Member since:
2005-08-10

Adding entries to the hosts file also does wonders.

http://www.mvps.org/winhelp2002/hosts.txt

Reply Score: 2

RE: Comment by Lazarus
by Bringbackanonposting on Tue 7th Sep 2010 02:00 UTC in reply to "Comment by Lazarus"
Bringbackanonposting Member since:
2005-11-16

That's cool, thanks for that!

Reply Score: 1

RE: Comment by Lazarus
by stabbyjones on Tue 7th Sep 2010 02:10 UTC in reply to "Comment by Lazarus"
stabbyjones Member since:
2008-04-15

Spybot s&d (in the article) will add almost 15,000 entries to your hosts file.

Reply Score: 2

RE[2]: Comment by Lazarus
by mbpark on Tue 7th Sep 2010 03:31 UTC in reply to "RE: Comment by Lazarus"
mbpark Member since:
2005-11-17

That is if you let it.

If you do that, you will have issues with DHCP and performance due to every site needing to be looked up in a huge file.

Don't add the entries to the HOSTS file. DNS changes instantly, and this will not protect you against the fast-flux attacks that are so popular these days. Also, for this protection to be effective, you'd need to update daily and have 200,000+ domains.

What if you have to blacklist entire IP ranges? HOSTS fails here. DNS does not.

Configuring a DNS sinkhole service on a local DNS server, however, is a much more scalable and efficient option that will work once for your network, and will be updated at least daily!

Here's a PDF on how to do it, step by step:

http://www.whitehats.ca/downloads/sinkhole/DNS_Sinkhole_installatio...

Reply Score: 2

RE[3]: Comment by Lazarus
by pysiak on Tue 7th Sep 2010 15:15 UTC in reply to "RE[2]: Comment by Lazarus"
pysiak Member since:
2008-01-01

Or use OpenDNS. You can configure it to block malware sites, spyware sites, adware sites, even gambling or pr0n if you wish.

I can recommend it!

Reply Score: 1

Just to make it clear
by TheGZeus on Tue 7th Sep 2010 00:05 UTC
TheGZeus
Member since:
2010-05-19

This is only legal if you are the original licensee.
You cannot pass on a Windows license. Any new purpose/computer owner/user needs a new license, legally.
Ernie Ball uses Linux on all their workstations and servers because MS sued them for 5 figures, and refused to let them simply pay for the new license (they didn't even know that it wasn't permitted by the license terms).

Yeah.
I left Windows behind 3.5 years ago.
Don't miss it.

Reply Score: 2

RE: Just to make it clear
by Bending Unit on Tue 7th Sep 2010 00:20 UTC in reply to "Just to make it clear"
Bending Unit Member since:
2005-07-06

Nonsense.

Reply Score: 1

RE[2]: Just to make it clear
by TheGZeus on Tue 7th Sep 2010 15:55 UTC in reply to "RE: Just to make it clear"
TheGZeus Member since:
2010-05-19

I know, isn't proprietary software silly?

Reply Score: 1

RE: Just to make it clear
by DrillSgt on Tue 7th Sep 2010 01:28 UTC in reply to "Just to make it clear"
DrillSgt Member since:
2005-12-02

This is only legal if you are the original licensee.
You cannot pass on a Windows license. Any new purpose/computer owner/user needs a new license, legally.
Ernie Ball uses Linux on all their workstations and servers because MS sued them for 5 figures, and refused to let them simply pay for the new license (they didn't even know that it wasn't permitted by the license terms).


Huh?? What are you smoking? Of course you can transfer the license, and in fact OEM licenses are transferable, as they go with the machine they came with, not a specific person. Volume licenses are different of course, but both Retail and OEM are transferable.

Reply Score: 1

RE[2]: Just to make it clear
by TheGZeus on Tue 7th Sep 2010 15:55 UTC in reply to "RE: Just to make it clear"
TheGZeus Member since:
2010-05-19

Yeah, sure. Tell it to the judge... Or just read the EULA.

Reply Score: 1

RE[3]: Just to make it clear
by DrillSgt on Tue 7th Sep 2010 16:48 UTC in reply to "RE[2]: Just to make it clear"
DrillSgt Member since:
2005-12-02

Yeah, sure. Tell it to the judge... Or just read the EULA.


According to the EULA, you can. The Judges have already proven that in courts.

What happened with Ernie Ball was multiple instances of the same software installed, not transferring it. Different scenario than what you had claimed.

Reply Score: 3

RE: Just to make it clear
by SuperDaveOsbourne on Tue 7th Sep 2010 01:46 UTC in reply to "Just to make it clear"
SuperDaveOsbourne Member since:
2007-06-24

http://news.cnet.com/2008-1082_3-5065859.html

Old news, and one company that did the right thing when they got pooched by Micro$haft.

Reply Score: 2

RE[2]: Just to make it clear
by Soulbender on Tue 7th Sep 2010 04:49 UTC in reply to "RE: Just to make it clear"
Soulbender Member since:
2005-08-18

Wait, what are you saying? That it is possible to run a successful and internationally respected business without MS products? Heresy! We all know that you can't do business without MS Office, Exchange and Windows. Right? Right??
Clearly this is some kind of OSS zealot conspiracy to end capitalism.

Reply Score: 4

RE[3]: Just to make it clear
by lemur2 on Tue 7th Sep 2010 07:22 UTC in reply to "RE[2]: Just to make it clear"
lemur2 Member since:
2007-02-17

Wait, what are you saying? That it is possible to run a successful and internationally respected business without MS products? Heresy! We all know that you can't do business without MS Office, Exchange and Windows. Right? Right??
Clearly this is some kind of OSS zealot conspiracy to end capitalism.


Do I detect a note of sarcasm here?

http://www.dailyfreshnews.info/1672/google-replace-windows-with-lin...

http://www.technewsworld.com/rsstory/68441.html?wlc=1283843958

http://www.neoseeker.com/news/5436-ibm-will-not-use-windows-vista-b...

I guess my sarcasm detector wasn't broken (and I knew the original poster was being sarcastic).

My post here is only to make the sarcasm clear to people who may not have picked up on it, and who may have thought the original comment was serious.

Reply Score: 3

RE[4]: Just to make it clear
by TheGZeus on Tue 7th Sep 2010 16:03 UTC in reply to "RE[3]: Just to make it clear"
TheGZeus Member since:
2010-05-19

Dude, I _am_ serious.
I unrar enough files that the proprietary rar is a basic neccessity for me, and I have flash on one machine.
Other than that, I'm 100% free software, to my knowledge.
I just can't abide restrictive licensing terms. I own this computer, I don't want to rent software.

Reply Score: 0

RE[5]: Just to make it clear
by Fergy on Tue 7th Sep 2010 17:57 UTC in reply to "RE[4]: Just to make it clear"
Fergy Member since:
2006-04-10

I unrar enough files that the proprietary rar is a basic neccessity for me

www.7-zip.org will extract rar.

Reply Score: 1

RE[6]: Just to make it clear
by TheGZeus on Tue 7th Sep 2010 23:37 UTC in reply to "RE[5]: Just to make it clear"
TheGZeus Member since:
2010-05-19

Reliably? And those with passwords?
I've not had good luck with free extractors in the past, but only with the .rar format.
I'm not saying you're wrong, not at all, just making sure. I use an all-archive-formats extractor front-end called atool (aunpack is all I've had great luck with, apack seems less reliable) but I'm sure I could hack it into working with 7zip as an unrar program.

Reply Score: 1

RE: Just to make it clear
by sithlord2 on Tue 7th Sep 2010 08:01 UTC in reply to "Just to make it clear"
sithlord2 Member since:
2009-04-02

Not MS's fault if the IT staff doesn't know the difference between an OEM license and a normal license...

Reply Score: 1

RE[2]: Just to make it clear
by TheGZeus on Tue 7th Sep 2010 16:00 UTC in reply to "RE: Just to make it clear"
TheGZeus Member since:
2010-05-19

...and if you change out the mobo it's considered a new computer.
If you change out enough components, I think MS considers it another machine.
Wasn't it an issue with at least Vista that a main HD change constituted a 'new computer' by their licensing terms and WGA would kick in and shout at you?
...or did I dream that last bit.
I do know the first is true, absolutely.

Reply Score: 0

Useless.
by UltraZelda64 on Tue 7th Sep 2010 00:32 UTC
UltraZelda64
Member since:
2006-12-05

While I thought some of the past articles in the series were interesting, useful in some cases even, I can't say the same about this one. Really, it's a losing battle trying to "secure" (if you can actually call it that) a compromised Windows machine. It cannot be trusted, as is stated in the article--period. And you have to go through hell, hours of it, just to even get that "feel-good" sense of accomplishment. It's just not worth the time and effort. Especially for the types people this series seems to be targeting, people who are new to and unfamiliar with the inner workings of computers.

IMO, the first step should almost always be to wipe and start over anyway--especially for those less experienced users. If that means bending over to get the serial number off your machine, going to its manufacturer's web site and getting their phone number, and then calling it to ask for a set of OS install discs to be sent in the mail (most likely for a heftier-than-should-be charge), then that's what should be done first. Otherwise, try to look for the original disc set (if you have them) or look into Linux for older hardware (as was described in previous articles in this series).

I just see no reason anyone who needs to know (ie. doesn't already know) all this stuff mentioned in the article should have to go through this long, tedious and (potentially to them) confusing process. Installing an OS tends to be a much simpler process, as long as it's an "easier" Linux/BSD distro or the OEM version of Windows from the computer's manufacturer. The "official" Microsoft versions of Windows will likely leave a less experienced user, and hell, even experienced users in some cases, with headaches (not to mention cost a hell of a lot more, if you don't already have a copy). All thanks to the fact that most of the time OEMs put hardware in their machines that aren't supported by a bare Windows installation without first installing third-party drivers.

Edited 2010-09-07 00:38 UTC

Reply Score: 2

So much prejudice
by sukru on Tue 7th Sep 2010 00:50 UTC
sukru
Member since:
2006-11-19

Thanks for the article. But I cannot understand the reasoning behind most of the comments here.

I still don't believe Linux supporters live with historical anecdotes of Windows, but not the current reality. Linux is a secure OS, as long as you take care (many servers are hacked each year). And the same is true for Windows. Do not look at home users to judge Windows security, since their (hypothetical) Linux root password would be 'abc123' anyways (or whatever simple thing passes the installation requirements).

Reply Score: 4

Comment by marcp
by marcp on Tue 7th Sep 2010 04:44 UTC
marcp
Member since:
2007-11-23

I'm sorry, but one must be insane to reuse existing windows installation ... malware infested OS is *already compromised* and may lead to further compromising of the future user's data. Windows license key can be obtained via appropiate application and reused in a clean installation manner. That is a far better thing to do IMHO.

Besides - if it really is an old machine, then why would you ever use Windows on top of it? It will only degrade in time, slow down and make your work crippled. There are so many valuable OSs these days, so you should - at least - reconsider available options.

However - I suppose that the OS-related critics are not especially in place here because it's about refurbishing an old PC with Windows, so I will just shut up ;)

Reply Score: 4

A thousand times Yes.
by Bill Shooter of Bul on Tue 7th Sep 2010 05:36 UTC in reply to "Comment by marcp"
Bill Shooter of Bul Member since:
2006-07-14

I have done what the article talks about countless times. Sometimes successful, sometimes not successful. Its a lot of work. A lot. It really stinks to spend 12+ hours trying to do this and fail becuase the viruses are more exotic than you think. THe antivirus that does remove it won't work on the os. The updates to the os service pack won't work becasue it conflicts with an existing app/ crashes with the mother board. Like I said, I've doen this many many times. I'm sick of wasting all of that time.

New procedure:

1) Try installing ubuntu/fedora depending on which one installs. use that.
2) If not, then reinstall windows if possible.
3) If that fails, remove usable parts for other computers ( hard drive, memory, video card, ethernet card, network card, ect) and send to recycling center.

Reply Score: 3

RE: A thousand times Yes.
by Kroc on Tue 7th Sep 2010 08:10 UTC in reply to "A thousand times Yes. "
Kroc Member since:
2005-11-10

12 Hours?

I fix consumer’s PCs for a job. The average job is 2 hours—in, cleaned up, secured, done. I have it down to a fine art.

Windows computers is all that’s being sold in shops for the price range and that’s not going to change. Especially now that all machines are coming with Windows 7 the problems are greatly minimised.

What some are simply not willing to accept is that Windows does the job well enough for the majority and can be secure with the simplest of software—user caution given.

All a Windows machine needs is:

a) Decrapify the craplets
b) MSSE
c) Firefox + AdBlock, Foxit Reader

That’s it. The user’s router will have a firewall and the Windows firewall will suffice. Since after Blaster32, I have never seen a machine infected through the firewall. 80%+ of infections are coming through Flash+PDF. Wake up people times have changed.

Reply Score: 5

RE[2]: A thousand times Yes.
by marcp on Tue 7th Sep 2010 10:24 UTC in reply to "RE: A thousand times Yes. "
marcp Member since:
2007-11-23

You see, both of use have some valuable points. It's true that the terrible Windows XP malware-infested computers are gone to some extent, but there are new problems which you probobly already know of if you read IT security news:

1. DLL loading problem / vulnerability
2. Windows 'link' vulnerability
3. flash vulnerabilities

and so forth. Most of them have critical status which means that the end user is almost completely helpless. No matter what security mechanism/software he's using on his Windows machine - he will probobly get infected anyway - sooner or later, but it will be there eventually.

So yes, the times have changed, but I'm affraid it's a change for bad, not for good. MS Windows - as the biggest target - gets $@#$%# all the time and now it's easier than ever before to get infected and robbed out of your data.

Reply Score: 2

Bill Shooter of Bul Member since:
2006-07-14

Nope 12 hours. I 've spent 12 hours trying to decrapify/ repair some pcs. (Note these were pcs that were really in the wild at internet cafes in third world countries, but I've spent a n equal amount of time on donated computers as well. Sometimes the most difficult malware, is the coperate installed malware.

Its that first step "Decrapify" that takes the longest. You really are naive, if you've never met a virus you couldn't remove with anti-virus of any kind ( much less free anti-virus tools, they seem to be worth what you pay for them).

Reply Score: 2

RE[3]: A thousand times Yes.
by Kroc on Tue 7th Sep 2010 19:16 UTC in reply to "RE[2]: A thousand times Yes. "
Kroc Member since:
2005-11-10

I’ve met every worst nightmare of a rootkit you can imagine. Granted, I did say that average job is 2 hours. If ComboFix can’t scrape the rootkit out then I just format and re-install which still takes the same amount of time as a decrapify.

Reply Score: 1

RE[4]: A thousand times Yes.
by Neolander on Tue 7th Sep 2010 19:20 UTC in reply to "RE[3]: A thousand times Yes. "
Neolander Member since:
2010-03-08

I’ve met every worst nightmare of a rootkit you can imagine. Granted, I did say that average job is 2 hours. If ComboFix can’t scrape the rootkit out then I just format and re-install which still takes the same amount of time as a decrapify.

If I understand well, he needs 12 hours because he tries not to wipe Windows out of the disk. A noble task, actually. Didn't knew it was even possible.

Reply Score: 2

RE[5]: A thousand times Yes.
by Kroc on Tue 7th Sep 2010 19:42 UTC in reply to "RE[4]: A thousand times Yes. "
Kroc Member since:
2005-11-10

The last rootkit I had to remove manually took about 5 hours (lots of NTFSDOS and rebooting), so yes, it’s far from practical compared to wiping and installing Linux. I however personally feel that replacing Windows with Linux just changes the problem, rather than solving it. Fixing someone’s car by replacing it with a tank does solve the problem, sure, but now they have to learn how to drive a tank.

Reply Score: 1

RE[6]: A thousand times Yes.
by Neolander on Tue 7th Sep 2010 20:22 UTC in reply to "RE[5]: A thousand times Yes. "
Neolander Member since:
2010-03-08

The last rootkit I had to remove manually took about 5 hours (lots of NTFSDOS and rebooting), so yes, it’s far from practical compared to wiping and installing Linux. I however personally feel that replacing Windows with Linux just changes the problem, rather than solving it. Fixing someone’s car by replacing it with a tank does solve the parking problem, sure, but now they have to learn how to drive a tank.

Permit me to fix that car analogy for you ;)

(Otherwise, I agree with you, though once the learning problem has been overcome, people generally feel more at ease in their new tank *AND* don't have the parking issue anymore. Then, as others pointed out in this thread, comes the hellish update issue...)

Edited 2010-09-07 20:26 UTC

Reply Score: 2

Bill Shooter of Bul Member since:
2006-07-14

I consider it like requiring those with a Drunk driving charge to check their Blood alcohol levels before being allowed to drive again.

Their needs are 1) web browsing and 2) document creation/editing. Linux does that very well and pretty easily while preventing them from harming themselves or others.

Edited 2010-09-07 20:53 UTC

Reply Score: 1

RE[2]: A thousand times Yes.
by morglum666 on Tue 7th Sep 2010 16:12 UTC in reply to "RE: A thousand times Yes. "
morglum666 Member since:
2005-07-06

While my job no longer entails anything to do with end users, I agree with you 100%.

On my own windows machines at home I just add MSE and ensure the firewall is turned on. I also use foxit reader - not for security but because Adobe sucks. Hard.

Actually Adobe is the shining example of previously functional software that is now so bloated that anything is better. And their security sucks.

Morglum

Reply Score: 3

v Only Way
by prudhvi on Tue 7th Sep 2010 04:59 UTC
Ignoring MSE?
by gedmurphy on Tue 7th Sep 2010 07:40 UTC
gedmurphy
Member since:
2005-12-23

Seems a bit weird considering it's the best tool available now. Surely it would have been an idea to review it before writing the article?

Reply Score: 2

RE: Ignoring MSE?
by vodoomoth on Tue 7th Sep 2010 11:35 UTC in reply to "Ignoring MSE?"
vodoomoth Member since:
2010-03-30

The article says


I've excluded Microsoft's own tools from the above chart because I don't have experience with them all. Microsoft's anti-malware programs have evolved from Windows Live OneCare (once known as Windows OneCare Live), to Windows Defender (once known as Microsoft Anti-Spyware), to their current offering, Microsoft Security Essentials (also known as MSE). Along the way Windows Update (once known as Automatic Updates) downloaded and installed the Microsoft Malicious Software Removal Tool (also known as MSRT).

Whew! That's a long and winding road. The good news is that with its current free product, MSE, Microsoft has drawn a bead on malware with a very effective product. Kudos to Microsoft for making MSE freely available. MSE is not bundled with Windows so you have to download and install it.


Is it not the "MSE" you are referring to?

Reply Score: 1

No limited user accounts?
by Icaria on Tue 7th Sep 2010 09:30 UTC
Icaria
Member since:
2010-06-19

"You'll want to delete the old user accounts and replace them with your own set of user logins. Each new account should have an appropriate authorization level."

Is as close as you get to telling people to use limited user accounts for day-to-day usage. I don't even bother installing anti-malware apps on most PCs as most browser entry vector malware doesn't elevate it's privileges sufficiently to do any damage on a limited user account.

Reply Score: 1

RE: No limited user accounts?
by Kroc on Tue 7th Sep 2010 09:44 UTC in reply to "No limited user accounts?"
Kroc Member since:
2005-11-10

Except for on Windows 7 where the default UAC level means that any non-elevated exploit can instantly elevate without prompt.

Reply Score: 1

RE: No limited user accounts?
by coreyography on Tue 7th Sep 2010 23:46 UTC in reply to "No limited user accounts?"
coreyography Member since:
2009-03-06

Agreed. It was a surprise to me that he didn;t go into that in much more detail. Part of my deinfestation process of infected PCs is setting up a limited user account and then educating the user on its use (and non-use of the Administrator account). Everyone I've done that for has remained malware-free since.

He also mentions setting an Administrator password, but leaving it blank can be an option on a 1-user PC, as this automatically disables network access to that account.

Reply Score: 1

RE[2]: No limited user accounts?
by Neolander on Wed 8th Sep 2010 06:54 UTC in reply to "RE: No limited user accounts?"
Neolander Member since:
2010-03-08

In my opinion, education is a mandatory step when improving the security of computers. The sole thing we can do is reducing the amount of data which the user has to learn.

There will still be some people who look for all-technological solutions to the security issue, of course, and this is fine because it can make the teacher's life easier. But do not except this to ever block basic phishing attacks if you didn't teached the user to check security certificates when they are on a "dangerous" website (e.g. banking) ;)

Edited 2010-09-08 07:09 UTC

Reply Score: 2

CCleaner doesn't force install Yahoo
by anduril on Tue 7th Sep 2010 12:16 UTC
anduril
Member since:
2005-11-11

Just a note, none of Piriform's applications force install Yahoo without a prompt. At the very last stage of the installer they give you a prompt asking if you want to enable this or that, check for updates automatically and "Install Yahoo Toolbar."

They even have a "lite" version of ccleaner that doesn't prompt period. The standalone version that can run on a thumb drive also does not integrate in any toolbar addons.

Reply Score: 2

LockDown
by organgtool on Tue 7th Sep 2010 21:25 UTC
organgtool
Member since:
2010-02-25

I had to support a PC for my family. No matter what I did, they always managed to get viruses on it. Finally, I went crazy and locked the thing down and it hasn't had a virus in about 5 years. Here is what I did:

- Create separate partitions for the application/system files and the users' home directories
- Set all permissions on the application/system partition to read-only
- Set all permissions on the users partition to deny execution
- Set up two anti-virus programs that automatically perform thorough weekly scans late in the morning once per week as well as real-time scanning

This broke many poorly written apps, but it was well worth the effort. I realize that this is not an option for everyone, but for those with this option, I highly recommend it. (Please note that this arrangement worked with Windows XP and is not guaranteed to work well with Vista or Windows 7).

Reply Score: 1

RE: LockDown
by Lennie on Thu 9th Sep 2010 09:15 UTC in reply to "LockDown"
Lennie Member since:
2007-09-22

I still want to try this on Linux, I think it would work.

Have a home-directory and possible /tmp without execute permissions (mount with noexec).

I didn't have a reason to do that yet, Linux has been pretty resiliant. But it would be good to lock things down.

Reply Score: 3

RE[2]: LockDown
by hussam on Thu 9th Sep 2010 17:53 UTC in reply to "RE: LockDown"
hussam Member since:
2006-08-17

I still want to try this on Linux, I think it would work.

Have a home-directory and possible /tmp without execute permissions (mount with noexec).

I didn't have a reason to do that yet, Linux has been pretty resiliant. But it would be good to lock things down.

I also use luks encryption for my root and /home partitions.

Reply Score: 2

RE[3]: LockDown
by Lennie on Fri 10th Sep 2010 15:40 UTC in reply to "RE[2]: LockDown"
Lennie Member since:
2007-09-22

My non-executable home partition was more an idea where non-technical users would not be able to run a script they just downloaded from the internet.

Reply Score: 2