To coincide with my 3rd press release :), I updated, and expanded a little, this very blog’s second (and first “real”) post ever, Avoiding and Removing Spyware.
It’s not rocket science, of course, but, just by doing what I’ve written there, and without spending a cent, my Windows XP installation from 2003 (on my home desktop / gaming PC) still “lives”, without the usual “my PC has been getting slower and slower… time for another reformat” crap.
Every time some open source software, like Firefox or Linux, has an exploitable security hole, lots of people scream “see, it’s insecure too! it’s no better than IE / Windows!”.
That has always sounded weird to me. Windows or IE have had dozens, maybe hundreds of holes and exploits, and yet, when Linux or Firefox have one, they’re “just as insecure”?!?
Is this thing binary? All or nothing? No holes = secure; one hole = as insecure as a hundred holes?
Is open source software so bad, and do you resent it so much, that you’re only using it because of its absolutely perfect security, and when you find out that it’s not perfect after all, you leave it and crawl back to IE or Windows?
If so, here’s a tip for you: “much better” doesn’t equal “perfect”. (oh, and IE is pure garbage for reasons other than security, too :))
Fine, Firefox just had one. Not really “exploited”, since it’s already been patched, but never mind that. So what? How many IE holes have there been? How many PCs are full of spyware, viruses, and/or sending thousands of spam emails a day because of IE holes?
Can Firefox even begin to compare to that? I don’t think so. It’s at least dozens of really bad exploits (not to mention the “less than really bad” ones) behind.
Symantec, among other things makers of shoddy “security” bloatware for Windows, have just stated a bunch of lies about browser/OS security.
Saw the article mentioned on Slashdot. Quite interesting and informative, IMO.
Computer Security Discussions Tech Army Blog Forum
OpenSwan, ipsec.conf man page:
CONN PARAMETERS: MANUAL KEYING
The following parameters are relevant only to manual keying, and are ignored in automatic keying.
and, still in that section:
esp ESP encryption/authentication algorithm to be used for the connection, e.g. 3des-md5-96 (must be suitable as a value of ipsec_spi(8)'s --esp option); default is not to use ESP
Note that that option (”esp”) doesn’t appear in the AUTOMATIC KEYING options list. From the above, one would guess that it’s only for manual keying, and that for automatic keying that option is ignored - that, indeed, it’s not necessary.
Right? Unfortunately, that’s not true, from what I’ve seen.
Until I added:
esp=3des-sha1-96
to a particular automatic keyed connection, it simply wouldn’t work, because the default is to use md5 instead of sha1, and the other side used sha1.
Oh well… things like this end up making us sysadmins not trust documentation. Unless it’s OpenBSD, of course. 
Having a non-patched Windows connected directly to the Internet (through a modem/ADSL/cable connection) is dangerous. A lot of people, unfortunately, are completely unaware of that. Without Microsoft’s service packs and security fixes, it’s estimated that a Windows XP PC can be infected with worms (which can, among other things, install viruses and spyware, and turn your PC into a “spam zombie”, which will be used to send gigabytes of spam - and guess who’ll pay the bill?) in minutes, if not seconds.
The problem here is that a recently installed Windows (unless it was some kind of installation CD which already included service packs and updates - but most “normal” users don’t have those) is an unpatched Windows. Now, to update it (by going to Windows Update, the only thing one should ever use Internet Explorer for), you must be connected to the Net. See the problem? Chicken and egg - you must connect it to update it, but you mustn’t connect it if it’s not updated.
How to solve this problem, then?
One thing I hear a lot: “oh, Firefox only has had less security holes because few people use it! If it ever grows to 50% market share or more, it will have as many problems as IE!”
It’s not just IE users who say it - many Firefox users believe it as well.
But there’s a flaw in that reasoning.
(this article includes parts adapted from my wiki)
A lot of people (not as many as some years ago, but still too many) have no idea what a “browser” is, yet they browse the Internet (or, more precisely, the World Wide Web) regularly.
How can that be? Well, due to some clever marketing (such as putting “Internet” in the application’s name), typical user ignorance and dislike of learning (people typically learn the bare minimum to do something, and then do everything in their power, including heavy effort if necessary, not to have to learn an iota more) and the fact that most users tend to stick to “whatever came with the computer” (in fact, with the operating system), those people use Internet Explorer (IE) without thinking, without realizing that
As everyone should know, Internet Explorer is a very insecure browser, and daily use can quickly turn a Microsoft Windows PC into a spyware-ridden, spam-sending slow, unstable abomination.
I don’t use IE at home, because Mozilla Firefox is infinitely better and more secure, but I’ve found that many people, even those otherwise educated and intelligent, think of “the Internet” as “the blue E”, and, when wanting to open a site, open IE without thinking.
So I had to do something about it.
Now, while I think that (as of mid-2005) it is still to early to implement this as official policy in a company (many bad sites or incompetently-designed intranet applications only work with IE - and sometimes only with a particular version), it can be useful in many home / small office networks.
Continue reading ‘Limiting Internet Explorer to Windows Update’
Spyware is a big problem these days. Most Windows PCs have a lot of it, without the user’s knowledge; many crashes, slowdown, popups and browser hijacking (for instance, changing the home page without your consent, and you can’t set it back to what you want) are symptoms of a spyware infestation.
RSS feed
Recent Comments