You do not know unix very well. I would in fact declare it a user proof operating system if administered as recommended.
If a person has root access, he has been tested and declared as trusted. If a trusted goes wacko the only protection is backups and yet another layer of passwords for backroom functions. makes sense.
Keep in mind I *am* explaining this to you Chris [and those who may be listening].
A windows compare is invalid in this case. The differences are literally too emmense.
No you simply do not understand how trivial the features are that I mentioned when using *nix (changed on you again). See unix has "flavors". Kinda like DOS, DR-DOS, MS-DOS, Windows, NT, etc.
MacOS is a flavor as is Amiga, C-64, and NexT.
*nix itself is the same generally interoperable thing but has flavors with different feature sets. This is why it is open. Sun, IBM, Red Hat, Apple, and many others have unix'es.
The internet runs on them for the most part.
Plenty of people and small businesses have unix computers as well. It is actually the very cheapest high perofrmance computer you can buy for a single user.
Compute farms have I/O needs that outweigh the benefots of max cheap.
So stop trying so hard to "catch" me and try harder to "help" me.
On Sun, 28 Sep 2003 12:49:33 -0400, "Chris Taylor Jr" is alleged to have written:
If you believe that, Chris, it says a *lot* about you.
If you leave port 80 *outbound* open on that firewall, then you are vulnerable the *very first* time you point Internet Exploder at a maliciously designed web site. There are many of them.
If you have some method to retreive email to that box, and you use a Microsoft-provided email client like Outhouse Distress to read it, then you are vulnerable the *very first* time you attempt to read a virally-infected email. There are many of them.
If, on the other hand, you install all of the Microsoft patches on that same box, you will have plugged many, but not all, of the known holes at any given point of time, and you will have reduced your vulnerability level.
If you, also, religiously run up-to-date antivirus software, you will have reduced your vulnerability even further.
If you do all of that, and then, additionally, completely eschew the use of the Microsoft web browser for everything except downloading updates from the Windows Update site, and also completely avoid the Microsoft email/net news client, using, instead, a program which doesn't have *any* facility to even view HTML-formatted messages, much less execute embedded code of any sort, then you will have reduced your vulnerability sufficiently to the point where even someone like me might be willing to consider using it as a day-to-day PC platform.
In fact, that's exactly what I do use on a day-to-day basis. A Windows 98 SE machine, with *all* security patches currently available from Microsoft, Norton Antivirus which I update daily, or every other day at the outside, using a current version of Opera as my browser of choice, and a current version of Forte Agent as my news and mail reader of choice. There are other options which would equally fulfill my requirements for protection from security holes, but I happen to like these ones. Your mileage may vary, as the saying goes.
In any case, while this is probably sufficient, I'm not happy with the hoops I have to jump through to *keep* it sufficient.
I'll eventually replace it with a *nix OS that I can lock down even tighter, and which I'll have quite a bit more power and flexibility to use in my day-to-day job. I'll probably still end up using Agent under VMWare, however, as I *do* quite like it. Opera has a native version for my favorite *nix flavor, as well, so I'll probably use that for my web browsing needs.
This is not advocacy -- there are many options that will serve any given user's needs adequately. I'm just listing a few that I happen to like, as examples to prove that there *are* some choices out there that will allow you to maintain a reasonable level of security against hostile code. Choose whichever options make you happiest. The software that ships with any Microsoft operating system as part of the "bundle" most definitely do *not* qualify.
If you choose non-Intel-compatible hardware, your odds increase, as well....
the firewall protects from all "hack" viral attack etc.. (pop ups windows messaging or blaster etc..)
as for going to a viral infected page I make sure everything is set to "ask me" and NOT set to auto execute.
EVEN executables. I have gone to many a site where I would get the windows warning do you want to open or save this and I would "off course" pick cancel :-)
Also my outlook express is set to not read html mail. it displays it all in plain text. this means yo can not mail me malicious code that executes by itself.
I can also turn off attachment but I do not since I am intelligent enough not to click on what is an obvious virus.
I tell people this way. if god himself sent me an executable I would not open it.
I have NEVER ONCE been infected with a virus while behind my firewall. not once in almost 4 years that I have had one.
the only reason I experienced blaster was on my laptop when connected to my cell phone. I had dumly assumed the cellular connection was protected. installation of a software firewall fixed that.
Because I have other family on my network now I download and run a virus scan once every roughly 6 months of when I detect a virus on their machine.
I see TONS of activity on my cable modem very little on my router. it simply bounces it. I connected my machine ONE TIME to my cable without the firewall. :-) hehehe. never again.
yes windows is about the most holed up lousily secure peice of crap software (security wise) there probably could ever be. BUT it does not matter when the user overrides all safeties by being dumb.
you can argue with me till you blue in the face and that simple fact will not change.
Obviously you disagree even after having it explained to you. That is why you are generally considered untrainable, and we actually believe your statements, that you have made up your mind and it is firm.
It simplifies dealing with you considerably I might add.
I disregarded what I considered BS without calling you names, and spoke of an entry in the instruction manual of, how to manage and operate Chris Taylor. It was probably helpful to every rmr reader except you I suppose.
Are you serious? How many firewalls have you setup? And I mean real firewalls(PIX, Checkpoint etc) not the those $40 *firewalls* that just run NAT.
That's sw doing that, not a firewall.
That would be malicious HTML code. It's good practice to disable HTML but if you think your a 100% safe, think again.
In Outlook you don't have to click on the infected email to get infected.
How about Elvis? :)
Again, your *firewall* is only blocking ports, not blocking a malicious email. The last virus that infected me was the Stoned virus; 12 years ago! Beat that :)
Zone Alarm?
Tell your end users to do it weekly if not bi-daily. Have them consider it as important as changing the oil in thier cars.
Good boy!
More like uneducated than dumb.
Chris, don't you work for a ISP? At this point in the game I'm *real* curious what you do at that ISP.
IT is the single most effective firewall. now if its a concentrated "personal" attack ok its not enough but for the other 99% of us it stops anything we usually need to worry about.
Al I can think to say is DUH. let me quote from 5 lines above if you will. "I would get the WINDOWS warning" (emphasis added)
I am 100% safe from e-mailed HTML malicious code. so in that regard and it was the only one with which I was speaking I am 100% correct. GO ahead send me html anythign you want.
YES you do if you have HTML turned off. PLAIN text can not execute anything. so you are WRONG. you MUST CLICK IT to get infected by it UNLESS you are viewing and executing HTML.
but I am not WORRIED about the e-mail. I have enough intelligence not to execute a virus.
Ok sure. I have been on computers since what ? before 1990 ? I still have my TRS and VIC machines. and even some older. I HAVE NEVER ONCE been infected by a virus that was user activated.
the ONLY one I ever got was Blaster and that was only because my cellular company lied to me and said I was behind a firewall (which I was not and since have remedied)
yes. its "good enough" I know the mcafee personal firewall is much better but I prefer free
Nah. I do not even bother. I just do it myself. I log into each machine remotely once a week and run utilities spyware detection etc..
well my router was acting goofy (thought it was the modem since I could network fine) anyway comcast wanted me to connect right to the modem. Never do that again.
Absolutely. Dumb just popped into my mind. but seriously many are DUMB. I mean come on some of these viral mailing are so CLEARLY OBVIOUSLY not "kosher" that I am amazed at how many people open them.
you can nix 90% of the viral attacks out their (maybe 99%) JUST by educating people about what NOT to open in their E-Mail.
Technical support and am very good at it and was paid accordingly.
1976, CDC Plado - Learned a flight sim, cub scout leader worked at Control Data
1978, Some stupid punch card thingy in grade school
1979, Built a Timex Sinclair, got the kit from popular science
ugh, I've been doing computers for over 2/3rds my life. Is this a good thing???
Before I begin, know that I am a Microsoft *flag-waving* fan. I don't mind Linux/Unix though, and have much good to say about them also. All of my current home-base systems are Microsoft based OS. This is largely due to the fact that I code mostly in MS ware. All of my remote hosting boxes are Linux/Apache. This is largely due to the monetary costs involved. I also will say that any OS is only as secure as the person(s) who lock it down, although, some OS are easier to do so than others, to include differing variations and plugins on top of OS shells...
Having said this much:
decidedly false. Change "all" to "most". Also, not all firewalls are equal.
also false. I have right now a few web adresses for which none of these methods work in MS IE. However, I will not propogate their pander here, so you will just have to take my word for it. By the time one of these sites got done with me, I had 131 popup, virii, browser take-over, spyware, or other such mal-content items to remove. It was an enlightening experience. Oh, and I was behind a firewall... both times.
The plain text option is not *completely* plain text. It will encode web and email addresses. But this is not a huge security risk unless the user clicks on it.
Laughing note: family has propagated to me more SPAM and problems than any intentional mal-content has or ever will. I have a _very_ large family... but they can be taught... most of the time~!
Opinion: that's a bit sparse... but suit yourself.
For the most part, Chris, I understand and agree with the main point you are driving at here. The above are just a few technicalities. I have seen both MS and *nix systems succeed and fail, for varying reasons. For example:
My primary host just had to retrograde 9000+ customers to a previous version of RedHat due to kernel flaws. Multiple engineers were brought in to assist with the instability problem. Driver engineers from Intel, Linux Kernel developers, RedHat engineers, and various other industry experts were employed around the clock to resolve the problems relating to the kernel crashes being experienced. Finally, the stability problem was narrowed down to a bug in the *entire* 2.4.20 series of Linux kernels (even some that had been out for almost a year), and included the 2.4.9 series from RedHat Advanced Server. The major cause of the performance issue was resolved Linux NFS v3 code had a seemingly unknown bug, which caused very poor NFS performance under heavy load. Once this was discovered, they reverted back to NFS v2 and the majority of the performance issues were resolved, and found immediate stability.
One of my biggest clients had MS Windows 2000 Server problems, where memory levels would climb and climb until the machine froze. We had over 2gb of memory on that box, with a gigabit connection, dual XENON 2.4 gh CPU's (server class), and a full RAID 5. The problem was traced down to (believe it or not) Norton Anti-virus Corporate Server, and the way it was accessing files on the through-put. We moved the anti-virus server to another box and voila, once again had our kickin' file server.
Not necessarily... they probably _do_ have a firewall... behind which you and _several_other_users_ all reside. So unless you were talking to the dungeon IT techies, you were probably not understood.
Now I understand your lambasting of users in general. Understandable (been there), but it doesn't necessarily take into account ease-of-setup/learning curve, as is exemplified by your statement below:
"Nah. I do not even bother. I just do it myself. I log into each machine remotely once a week and run utilities spyware detection etc.."
PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.