gnu-misc-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: i bought a walmart cheapie


From: Kenneth Lantrip
Subject: Re: i bought a walmart cheapie
Date: Thu, 01 Jul 2004 10:59:54 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040413 Debian/1.6-5

Jean-David Beyer wrote:
Theorem wrote:

::::::  I am very careful on my Windows box.



I personally do not think it is possible to be careful enough with Windows that you can safely expose it to the Internet (give it a public address).


I was talking to the chief Techie at my ISP about putting Windows XP Home on one of my machines. After saying "Don't do it!" he told me of one of their clients who installed it, and the first thing he did was dial up the Internet to get all the Microsoft Updates. During the time he was downloading those, a cracker took over his machine.

It was that techie that suggested firewalling it before even allowing it to communicate with the Internet. And not the firewall that comes with it.

The only somewhat safe way to use Windows is on a private address behind a suitably configured Unix firewall and to never ever run Lookout Express or Internet Exploder. Even then, anti-virus software is a must. Even then...

My firewall (on a Linux server) is set up using iptables so that my Windows machines accept _no_ incoming messages except those in reply to something I sent out.

Furthermore, the firewall will not allow the Windows machines to send anything out except to Microsoft (needed just for updates), Intuit (TurboTax for updates, and Quicken for updates and downloading data), and American Express, and my broker (because Quicken uses these). And those only to port 80.

So it is pretty difficult to infect my Windows machines, and even if you do, you will be severely limited in what you can send out and to whom. And any failures will be logged.

There is another something to consider when using Windows in a corporate environment... No matter how well the internet firewall is set up,... Joe Schmoe will take his lapdog home with him and infect it there. Then he'll bring it back to work and spread the fun to all your wonderful and nifty servers and workstations there.

Also, with the new and improved "back-doors" in Internet Exploror, you can still get infected from behind a firewall if someone were to just visit the right web site. And if the buggies are smart enough, once behind your firewall it'll get fun from there!

Be safe.  Don't use Windows.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]