Who do you trust?

Discussion in 'other security issues & news' started by Ice_Czar, Jan 23, 2007.

Thread Status:
Not open for further replies.
  1. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
  2. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Well, nobody told him to use IE, 6 or 7:rolleyes:
     
  3. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    very true that

    I wasnt even presented the option in the automatic updates "review" setting
    probably becuase I cant "skip" a version :p

    http://i16.tinypic.com/2yphv12.jpg

    Hog Tied with a noaccess.rat, IP restricted at the firewall, and denied some privileges at the HIPS

    but the majority of the public have it all set to truely automatic and are on IE6 err...were on IE6 :cautious:
    a forced update that is literally stuffed down the throats of the majority of the public with a high incidence of breaking installs\web functionality is beyond arrogant, bordering on criminal
     
  4. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    :D I was refering to Opera or FF, but :eek:
     
  5. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    the point here I gather is that if you were on IE6 even with your main browser as FF or Opera, and were either not paying attention when updating or had it set to automatic you got tricked into IE7

    of course having only one browser installed seems silly to us :rolleyes:
    I mean what if it breaks? how do you reinstall it or an alternative?
    But for the majority they don't even realize that there is a choice and once its busted they are really stuck for fixing it relying on just the grey matter between their ears and no internet reference
     
  6. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    What can i say. You're right, and so is he...
    hummm Mrk and Alphalutra's (and iceni's, yours, etc) words echoing: Ubuntu, kubuntu, Suse, lol

    The problem: i'm too used to Windows. Even though i don't see myself using Vista, if it comes in every pc... i don't know, maybe now that i know better Linux will come naturally
     
  7. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    I was surprised myself that MS had ranked the IE7 update critical as well. How ever I manually update all programs on our PCs` the soul exception being the AV. One other thing in this last batch of critical(?) updates they did was include Nvidia drivers. These caused a Clients PC I was working on at the time to go into a continuous boot loop :mad: . Safe Mode and removal of the drivers was the only fix. Just glad he was not here watching. :ninja:
     
  8. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    look on the bright side at least you didnt need to access it from a parallel install
    the other day I forgot to turn off a preboot defrag and altered both pagefile locations & sizes :cautious:
    It hung permenantly till I looked sideways at it from a different install and deleted the defrag ap & virtual partition, after that I was able to skip the lingering preboot defrag code, boot in and repair it from inside the OS
     
  9. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    Considering that, yep, I got off easy. Besides, hurts my eyes to look at something sideways. :cautious: :blink: :ouch:
     
  10. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    the wif have a wicked backhand? :p :D
     
  11. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Having had a bad experience with an Office installation back in Win95 days, in any installation, I always look at the "customized" first (if available) just to check...


    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  12. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    Matter of fact....... :cool: Bet you thought I only wore these to look cool. :shifty:
     
  13. herbalist

    herbalist Guest

    Between the stunt MS pulled with WGA, then reading here that IE7 was going to be automatically installed, I've disabled the auto-updating on most of the PCs I maintain for others. I'd been holding off updating my clients PCs to IE7, waiting to see how it worked for others. This incident just made that decision permanent. I had very little trust left for M$ as it was, but this tactic of theirs has ended what little there was, enough so that I've changed the firewall rules on systems I maintained to make certain that there's no auto-updating. It'll be more work, but I'll update them all manually from now on using "allow once" responses to firewall prompts. Maybe I can get some of them to look at a live CD of Ubuntu or Knoppix.
    This doesn't strike me as idiocy. They've adopted a "we'll do what we want with your system" mentality. Their policies are all attempts to force users in the direction they want. With Vista, I can accept that the motive is at least partially profit thru designed obsolescense, but that doesn't fit here. They aren't making anything by shoving IE7 down users throats. If Vista with its DRM and "locked" kernel is any indication of their intentions, I question if IE7 has similar "features" portrayed as security enhancements. Too often, "security" seems to apply more to their protecting their monopoly than it does to protecting the user.
    The more I see of Microsofts tactics of late, combined with the advances in rootkits, the more I'm glad I still run 98 and am safe from both, on my own PC anyway.
    Rick
     
  14. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Hello,

    It's been said already: Linunununununununununununux.

    Why settle for corporate vampires when you can enjoy superb, high-quality open-source, free, advanced, secure, modern alternatives? Windows is old and demands huge hardware requirements. Linuxes are constantly developed, they are shiny new fresh and will run three times faster on half the hardware required for a relatively comparable Windows.

    My SUSE 10.2 is a new OS, less than 6 months old. My SUSE 10.1 is only a year old. Ubuntu and Kubuntu 6.06 and 6.10, again about a year old.

    Windows XP is 5-6 years old. Vista is a joke.

    The choice is so simple.

    Important: for anyone afraid of Linux, I'll keep writing articles. Coming soon, a detailed how-to into installation of drivers, compilation of sources, scripting, addition of scripts / drivers to the boot sequence, configuration of network and printer sharing, and more....

    Mrk
     
    Last edited: Jan 25, 2007
  15. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    I can not wait, especially descriptions about system and security settings, if there are any.
    Till then, I will use Windows, I trust it, because it never let me down (talking about security).
     
  16. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    I'm confused by this thread. I've updated 3 machines in the past week, using express install and each time I got a pop-up option of whether to install IE7 or not.
     
  17. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    Automatic Updates has 4 possible levels

    Off

    notify if available (to download and install)

    auto download and review (before install)

    full auto (download and install without any reviews)

    full auto is the "recommended" level
     
  18. EASTER.2010

    EASTER.2010 Guest

    :D

    Indeed. Couldn't have said that any better myself. It "HAS" to be obvious by now that M$$$$ is only barely securing anything on each and every new "patch" and "operating system".

    BTW, speaking for 98's which few seldom do anymore except some of us still using it lol
    If you haven't already seen this one (which likely you have), it's said to vastly improve Win 98. Gonna overwrite my 98 with it soon. Downloaded only 57 times. LoL

    ~Link removed - See the TOS - Ron~
     
    Last edited by a moderator: Jan 24, 2007
  19. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Hello,

    There are two levels of tweaking for Linux:

    1. Configurations, which can be confusing and tricky sometimes, especially for beginners - drivers, various settings, compilations, installations etc. But even these are rather simple, once the person gets a hang of things.

    Like I said, I've written a very long and detailed article that explains how to install, how to compile sources, how to write scripts and execute them, how to add drivers and scripts to the boot chain, how to setup network and printer sharing, some other configurations. It just waits its release time, as I have a set pipe of articles, a bit of computers, a bit on 3d, a bit of life etc.

    One more thing, Tom:
    In Linux, EVERYTHING is a file. Hard drives, drivers, mount points, everything is a file. You can edit and change everything. You control the system 100%. Think about it. Compiling your own C code. Writing drivers. Changing kernel configurations. You decide what happens. Completely. Linux is one big hack. In Windows, you play with GUI. High-level stuff.

    2. Security, which is hardly needed. Because Linux is secure.

    Security in Linux - good strong root password, firewall, no ssh, keep software up to date. That's it. Nothing else is needed. All these can be configured in about 5 minutes. It may sound disappointing after years of running AV, AT etc.

    Mrk
     
  20. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Don´t be afraid :) Live CDs and virtual machines are your new best friends :D
     
  21. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    Picked up 5 of the Ubuntu 5.10 when they were being offered free. When I travel Almost always have my lap top and use the disk when connecting to "questionable" networks.
     
  22. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Yes, i've been playing with Linux in VM. I'm getting there, but some things are weird in the beggining.

    Like where's system32? Or the registry?:D One by one i'm getting there. I go on reading articles like the file system - no system 32 lol, and i assume no registry. Much better, but, you know...
     
  23. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Hello,

    Registry is one big corporate joke.
    One extra beautiful thing in Linux is: everything is a file, everything is editable. What you see is what you get. What you know is what you do.

    The closest thing to system32 is a set of directories containing boot scripts and configurations files. Each of these directories contains different sets of scripts for each runlevel. You can add and remove to your liking. Simply editing config files will often do.

    You wish to remove a driver - simply comment its line in a relevant script. As simple as that. You wish to add a new driver - add a line, if it's globally defined, or create a script and place it in the required directory.

    The sheer power you have as a user in Linux is incredible. In Windows, you play around. In Linux, you dig. And really get to understand how an operating system works.

    Mrk
     
  24. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
  25. herbalist

    herbalist Guest

    As interesting as that looked, I don't know where I'd find the time to try it out. I haven't found time to try a lot of the other modifications I've downloaded.
    I definitely wouldn't overwrite my existing system with that without backing it up first, just in case it doesn't work with something else I use.
    For me, Linux is the same problem. I just don't have the time to work with it. I have a poor mans install of Knoppix on this box but rarely have time to do anything with it. I've got several Linux ISOs burnt to CD plus one or two BSD OSs, but no time to give them a real tryout.
    For me, it's not that critical. Since M$ doesn't support my OS anymore, I don't have to worry about what they're installing without asking first. Likewise I don't have to worry about the latest rootkits finding new ways to hide in my system. There's no way to hide in a DOS system like they do in XP, and most likely Vista. The more I read about rootkits and new ways to hide them, the problems with detecting and removing them, and the near futility of trying to stop all the ways they're finding to deliver them, either thru exploits or social engineering, I'm at a loss to understand how it's supposed to be more secure than a DOS based system. IMO, the ability to completely conceal malware more than offsets any other security gains claimed for it, especially when critical vulnerabilities are found in it on an almost daily basis. About the only place I see any advantage is if the "security threat" is an unwanted user at the keyboard.
    Rick
     
Loading...
Thread Status:
Not open for further replies.