Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Operating Systems Software The Internet Windows

Stop Christmas-Gift PCs From Feeding Worms 416

An Anonymous Reader writes "If you recently set up a new PC with Windows XP, or if you had the pleasure to do a 'reinstall from scratch,' you probably found that many XP systems as they are shipped today are not patched against common issues like Blaster. Given that these worms are still going strong, it doesn't take long for a new system to be infected. In particular, if you have to connect it to the Internet to download all the patches. Well, help is in sight. The SANS Institute released a paper entitled Windows XP: Surviving the First Day." (Read on below.) Update: 12/24 17:59 GMT by T : Thanks for reader Bill Curnow for the updated link. Update: 12/24 19:15 GMT by T : Besides the workaround suggested below, Roblimo has a good suggestion on avoiding the first-day-of-Windows altogether.

"With many screen shots, it will walk you through the procedure to enable the XP firewall and downloading the patches without getting infected while doing so. This could be the (free) stocking stuffer that may save Christmas for your folks ;-). Given that its probably to late now to start downloading your favorite Linux distro."

But if you do have the time and bandwidth, and you're stuck on Windows, a nice live-CD distro like Knoppix or Mepis means you can download patches without racing the worms, and install your patches while offline. (And if you have time to download 50MB, you have time to grab Damn Small Linux.)

This discussion has been archived. No new comments can be posted.

Stop Christmas-Gift PCs From Feeding Worms

Comments Filter:
  • Bad link. (Score:5, Informative)

    by Animats ( 122034 ) on Wednesday December 24, 2003 @12:55PM (#7803440) Homepage
    xp.homepc.org not found.

    Check those links, people.

  • Easy (Score:5, Informative)

    by skinfitz ( 564041 ) on Wednesday December 24, 2003 @12:57PM (#7803454) Journal
    Click Start > Network and Dial up connections

    Right click on your internet connection, choose "Properties"

    Click "Advanced"

    Click the box to turn on the firewall

    Voila. You are safe from Blaster.

    As an added precaution, deselect "Client for Microsoft Networks" from all interfaces except any you really need it on.
    • by qualico ( 731143 ) <worldcouchsurfer ... m ['ail' in gap]> on Wednesday December 24, 2003 @01:01PM (#7803477) Journal
      Click Start > Network and Dial up connections Right click on your internet connection, choose "DISABLE" Voila! The proper config for any Windows Box!
      • Re:Easy Alternative (Score:5, Interesting)

        by B3ryllium ( 571199 ) on Wednesday December 24, 2003 @01:08PM (#7803528) Homepage
        No, the proper technique is called a "reach around". You reach around behind the box, unplug the network cable or phone line (I caught a worm over dialup once, that was the most hilarious thing ever), and consider yourself lucky.
        • No, the proper technique is called a "reach around". You reach around behind the box, unplug the network cable or phone line (I caught a worm over dialup once, that was the most hilarious thing ever), and consider yourself lucky.

          So what you're saying is, when your getting screwed by Microsoft, and they don't have the common courtesy to give you a reach around; I should go ahead and give myself one?

          Seems like a great idea to me! Thanks ;)

          --
    • Re:Easy (Score:3, Informative)

      Not sure about Blaster but, that will still leave you open to a whole host of worms, viruses and exploits; many of which don't have patches/fixes available. ZoneAlarm [zonelabs.com] (free as in beer) seems to consistently come out as the best firewall for Home Windows PCs in labs/test/reviews. I've been running it (on a number of different PCs) for quite a while now (over a year) and the only problem I've ever had with it was because one of the services it blocked was an RPC service (pretty sensible thing to block from

      • Re:Easy (Score:3, Interesting)

        by jandrese ( 485 ) *
        The only problem with ZoneAlarm is that it likes to pop up dialog boxes all of the time. This is extremely irritating when you've switched to something fullscreen, and it decides to freeze the network conneciton while it waits for you to answer it's dialog box (which you can't see).

        Granted, this is on a work machine where I'm not allowed to change the settings, so maybe it can be fixed with twiddling, but I find the behavior to be extremely annoying. I much prefer ipfw on my FreeBSD box. Just my $0.02US
  • by Poilobo ( 535231 ) on Wednesday December 24, 2003 @12:58PM (#7803461) Homepage
    Our Server: Surviving the Slashdotting
  • something wrong? (Score:5, Informative)

    by Stanza ( 35421 ) on Wednesday December 24, 2003 @12:59PM (#7803467) Homepage Journal
    Bad link? It doesn't seem to work.


    Try this instead [sans.org].


    http://www.sans.org/rr/papers/index.php?id=1298

  • by Ridgelift ( 228977 ) on Wednesday December 24, 2003 @12:59PM (#7803468)
    There's been a lot of "Slashdot posts ever anti-Windows article that exists", but this article debunks that.

    I usually recommend a hardware firewall, in particular the little blue Linksys firewalls. Home users can hook up their ADSL connection, plug in the firewall, and then their PC. Then as long as they don't download email until their system is patched and anti-virus is updated, they're relatively safe from most malware.

    This year I've also begun recommending anti-spyware as well. It's amazing how ubiquitous that stuff's become over the past year.
    • I usually recommend a hardware firewall, in particular the little blue Linksys firewalls. Home users can hook up their ADSL connection, plug in the firewall, and then their PC. Then as long as they don't download email until their system is patched and anti-virus is updated, they're relatively safe from most malware.

      Except for the folks on dialup. And don't say you can't get a worm from dialup. The payloads are really tiny - it doesn't take that long on 56K. I have personally seen two computers infec

      • SnapGear's Lite2 [snapgear.com] and Lite2+ firewalls have dialup connection. They're a bit more than a Linksys at $199, because they're a much smaller company than Linksys. Also, SnapGear firewalls run embedded Linux, for those who care.
      • Is a Linksys home router less than $70? http://www.actiontec.com/products/modems/dual_pcmo dem/dpm_overview.html will do the job, and it'll allow two PCs to hookup at the same time. Also, the 2nd PC setup is practical if you're buying them a new computer, and they've already got one, which is how this /. article was spun (except it doesn't matter whether they've got one or not).
      • Except for the folks on dialup. And don't say you can't get a worm from dialup. The payloads are really tiny - it doesn't take that long on 56K. I have personally seen two computers infected with blaster via a dialup connection. If you're on there browsing the web for more than 30 minutes or so, the chances are quite good you'll get one, what with all the scans happening. Most ISPs are blocking the ms networking ports at their border, but within a segment, it's a free for all.

        The only hardware solution i

    • Slashdot does hate Windows. Just wait for all the "Windows - so insecure, they have to write a guide to getting through a single day without getting r00ted!!" comments.

      For what little it's worth, I've run a variety of Windows versions on my home machine over the last 6 years and have never been compromised. I currently run a software firewall on this box, and I'm not even being portscanned, despite having an ADSL connection running pretty-much 14 or 15 hours a day, every day.
    • Oops, shoulda waited a few minutes before posting:

      " Update: 12/24 19:15 GMT by T: Besides the workaround suggested below, Roblimo has a good suggestion on avoiding the first-day-of-Windows altogether."

      They couldn't let a not-entirely-anti-MS article go, without linking to an unrelated, "run linux!" article.
  • by rebelcool ( 247749 ) on Wednesday December 24, 2003 @01:01PM (#7803476)
    I figure if you're reading this on slashdot you don't need screenshots to find your way around a monitor...

    Obviously, this should be done before you plug the machine into any kind of internet connection.

    -Go to Start and then Control Panel.
    -Once in Control Panel, choose Network Connections
    -Right click on your connection of choice (if there's more than one, do it for all of them) and choose Properties.
    -Go to the advanced tab and check the Firewall check box.

    If you want to know more about how to configure it and modify the settings, click the link below that checkbox for directions.
  • by Anonymous Coward on Wednesday December 24, 2003 @01:02PM (#7803481)
    I had just plugged my joystick into the USB port when it started wildly moving in my hand! Worms infected it I swear!
  • Let's not forget... (Score:5, Informative)

    by GarfBond ( 565331 ) on Wednesday December 24, 2003 @01:02PM (#7803482)
    those great OSS packages that you can install on Windows, if your recipient insists on keeping that as the main OS :)

  • by Space cowboy ( 13680 ) on Wednesday December 24, 2003 @01:02PM (#7803483) Journal
    It's a classic catch-22 when you need to download the patches, but the act of downloading them makes you vulnerable ... I have just bought my parents a new PC (with XP, they're not up to Linux just yet ...) and I never thought twice about doing the windows-update thing... OTOH, they are behind a decent firewall (that does run Linux :-) so the risk is pretty minimal.

    Perhaps all these DSL/WiFi combo boxes will be a blessing in disguise because they all come with a firewall (on by default, with Cisco's Linksys ones :-)

    Simon
    • Odds are, your parents never will be. The only way you'll get the majority of the population to linux is to bring linux down to them.

      c'mon, we live in a society where people can't figure out how to set the time on a VCR. You think they're going to take the time to 'learn' an OS? Most people are happy with a 4 year old system that lets them check their e-mail, save the pictures people send them, view web pages, and maybe word processing and a spreadsheet.

      Now, to keep this from being completely off topic
      • "Most people are happy with a 4 year old system that lets them check their e-mail, save the pictures people send them, view web pages, and maybe word processing and a spreadsheet."

        There are a LOT of people in this situation, and they are the perfect candidates for using Linux. They have a fixed set of needs. Give them a preinstalled and preconfigured Linux box, and they treat it like a fixed-function appliance.

        I'll skip the long details, but my 57 year-old mother got so fed up with Windows' unreliabilit
  • It's not just XP (Score:3, Informative)

    by AndroidCat ( 229562 ) on Wednesday December 24, 2003 @01:03PM (#7803487) Homepage
    Any distro of anything should be installed with some caution about exploits that may have popped up since the distro was made.

    Some might argue that WinXP comes with the Best Before date already expired, but there's a lot of CDs for many OSs out there with "open security". (The main problem with standard XP is the stupid requirement to phone home to register before downloading the patches to make it safe to be on the net in the first place.)

    • Re:It's not just XP (Score:5, Informative)

      by SoCalChris ( 573049 ) on Wednesday December 24, 2003 @01:09PM (#7803534) Journal
      The main problem with standard XP is the stupid requirement to phone home to register before downloading the patches to make it safe to be on the net in the first place.

      That's FUD. XP gives you 60 days to activate your copy of windows. During those 60 days, Windows is fully functional and allows you to connect without any activation related troubles.
  • by jaredmauch ( 633928 ) <jared@puck.nether.net> on Wednesday December 24, 2003 @01:03PM (#7803491) Homepage
    Microsoft needs to ship everyone who does "Product Activation/Registration" with them a CD [google.com] that includes the patches necessary to secure ones systems. Yes, it will always be out of date, but at least you won't get infected with some 1-2 year old vulnerability.

    People should return non-patched systems that are shipped from the manufacturer, and return systems where the install CDs don't put them to the same patch level they are shipped with.

    while this isn't a cure-all solution to the patch mania that is necessary, but will go a long way to help bring up the baseline security of all these end-user hosts on the internet.

  • First day? (Score:3, Interesting)

    by Xzzy ( 111297 ) <sether@tr u 7 h . o rg> on Wednesday December 24, 2003 @01:04PM (#7803497) Homepage
    Try first ten minutes.

    Due to some oddities in the purchasing orders for new hardware this year, it ended up that some of us unix guys were tasked with hauling new windows boxes around the workplace for people. We weren't expected to set them up, just unpack, plug em in, and turn em on. Ignorant of how vulnerable windows boxen are, we did just that, doing the silly clicky crap that any OEM relase makes you do, and walked off.

    Within ten minutes, the traffic sniffers the security team has up were getting alarms caused by the machines we had set up and their ports got blackholed in about 15 minutes. One of the machines was already being used as a spam relay, the rest all had whatever viruses are still floating around.

    Was quite an eye opener, I'd thought those viruses were over and done with and weren't a cause for concern anymore. Made me wonder how much bandwidth is being wasted that we don't even acknowledge. Spam is easy because it generates email.. but there's this underlying background noise sucking up bandwidth that you don't even see.

    Course us "unix guys" had a good laugh over it, patting ourselves on the back in true bigot fashion over how secure unices are. But later that afternoon the nfs server that serves our home directories puked it's guts up so it put us in our place pretty quick.
    • Re:First day? (Score:3, Informative)

      by pavon ( 30274 )
      No kidding, I just setup some computers for my brothers who just started college. I got a windows messenger (not the IM one) popup before I even had a chance to click on the windows update icon. That was 30 seconds after I logged in, at most 3 minutes since I turned the thing on.

      Once I got the patches, virus protector, and ad-aware installed, everything was fine, but still, there was a reason I wanted to do a clean install.
    • Re:First day? (Score:3, Interesting)

      I work for a company which sells PCs retail, we've had a couple computers which had worms *OUT OF THE BOX* (brand new machines, never openend. We're still trying to figure that out.
    • Actually, This is in no way shocking to me. At the last NANOG [nanog.org] meeting I attended (Chicago), I heard about machines being infected in about 3 minutes from power-on to infection. They were infected while downloading the patches from the Windows Update [microsoft.com] site.

      This has increased my public requests for microsoft to send postcards or CDs to people who have registered their product. Since this is mandatory (is my understanding, I don't actually have XP installed because I refuse to buy a new copy of windows each

  • by aml666 ( 708712 ) on Wednesday December 24, 2003 @01:05PM (#7803502) Homepage
    My systems are behind a Hardware Proxy and a software firewall. I feel safe and have not been compromised... yet.

    Those poor home users who are not technically savvy are pretty screwed. They won't be able to figure out *nix and don't want to pay the bucks for Apple.

    Microsoft should offer (no not MSN) a method for new Windows machines to dial direct for patches before connecting to the Internet.

    This method should be over ridable for the safer crowd.
  • Re: (Score:2, Funny)

    Comment removed based on user account deletion
  • Sadly enough (Score:2, Interesting)

    by jsav40 ( 614902 )
    We received a couple of new machines from Dell last week. They were missing just a few patches... actually a few *months* worth of patches. Inexcusable on the vendor's part- how hard is it for them to keep their base install/image up to date??? I had a CD ready to go with the relevant patches etc. & got all of the critical stuff installed before ever connecting to the internet. No wonder that so many home machines are unpatched, people incorrectly (but justifiably) assume that the new PC they just purc
    • Re:Sadly enough (Score:3, Informative)

      by KingDaveRa ( 620784 )
      Its hard and it isn't hard to keep an image up to date. If you're an OEM building systems, you basically build a base install and you then go into a special 'system builder' mode. This enables you to configure the system, load software and set everything up, all without accepting a license agreement or entering user details. If you did that, the copy of windows would be licensed to you, and you only. When its all sorted, you put the PC into its Out Of Box Experience mode. The OOBE is the first thing a new P
  • The Easy Way (Score:2, Insightful)

    by Jaysyn ( 203771 )
    Or you can just do what I did & get your Mom an iMac....

    Jaysyn
  • i get lots of help calls from friends, ralatives, etc. i honestly answer that i can't help them with XP problems. i haven't used windows since 98. i do it nicely, and don't try to be mean, but i expalin that i use linux, and os x, and that i don't know to solve their problem. when they ask about viruses, i explain that i don't have that problem. just say no , and do it politely. if you help them, you are really just perpetuating the problem. and if they persist, at least bring them a cd with OO.org,
  • by VariableSanity ( 578725 ) on Wednesday December 24, 2003 @01:15PM (#7803564)
    I recentally had to install xp from scratch (because my roomate downloaded some virus). After I get xp running again, and get all my programs installed again. I went and bought Nortin Anti-Virus. After the first scan a few hours after I re-insalled everything I already had the blaster worm and some other type of worm! I guess that is what I get for not installing the patches the moment I install xp...
  • When your only link to the internet runs at 19kBps or less due to telephone line noise, you're paying for the internet telephone call by the second, and you are given a PDF file which turns out to be 1.4Megabytes in size, the first thing I do is hit the cancel button and forget it. Can you summarise the conclusions or does anyone have a small ASCII version of the file please?
  • by jhines ( 82154 ) <john@jhines.org> on Wednesday December 24, 2003 @01:18PM (#7803580) Homepage
    Steve B and Bill G install a new Windows PC, without any help, or special privileges, or special help lines.

    Now, that is what I call a reality show.
  • Using Knoppix and Mozilla, I am getting all the patches from here: TechNet [microsoft.com].
  • I mean, really. All an ISP (or corporate network admin) needs to do to stop Blaster is block incoming/outgoing NetBIOS ports on their main connection to the internet. It's not hard. And no one should be using them anyway. I'm surprised that all the routers and firewalls sold aren't blocking these ports by default. They really should. It would save THE WORLD so much hassle.
    • by pigscanfly.ca ( 664381 ) on Wednesday December 24, 2003 @01:41PM (#7803689) Homepage
      Your ISP shouldnt have to filter out random ports because someone somewhere wrote some crap software which is now easily explotaible over those ports .
      The fault is all the users who didnt patch there systems .
      I dont know about you but when my ISP starts port filtering I get pissed off , that my decision to make not theres (stupid monkies blocked of port 20 through 25 . I had to run ssh on a different port!)
      • Your ISP shouldnt have to filter out random ports because someone somewhere wrote some crap software which is now easily explotaible over those ports.

        Well, yes but what happens when the ISP's network is flooded with worm traffic? They really don't have much choice.

        • Well, yes but what happens when the ISP's network is flooded with worm traffic? They really don't have much choice.

          Wouldn't it be much better to just disable the ports where virus floods are coming from and have an auto-dialer call up the customer and tell them their computer is infected, giving them a phone number to call once the system is fixed? Then they would be aware of their problem and probably take some more measures in the future to prevent it...
  • by uncleroot ( 735321 ) on Wednesday December 24, 2003 @01:29PM (#7803623)
    I do DSL tech support for a large telco with a three letter name starting with "S" and ending with "C" and I have to bite my lip every time these poor, dumb people call in connecting their brand new Dells and Compaqs to the DSL with no firewall and not a clue as to what Windows Update is and why they need it. The reason I bite my lip is that Windows Update and firewalls are outside my scope of support and I was already told by my team lead not to waste time helping people with that stuff. Even worse, offical training tells us to leave the Windows firewall off when configuring a PPPoE connection - I am not making that up!

    It's sad and irresponsible to let these people wander onto the Internet with their unprotected Windows computers like dogs wandering onto the freeway.
    • It may seem wrong to you personally, but it *is* outside the scope of your job. You are a help desk to get people connected to the internet, not their personal windows guru. If they want windows help, let them call the PC manufacturer.
      If we use a car idea model, that would be the difference between calling the DMV/BMV to ask how to change your oil, or have them explain why it's important to do so.
  • If Microsoft could reduce the size of patches then they could create a tool that creates a list of downloads required. This list could be placed on a USB memory card, then another tool could be used on a PC with all the patches installed (and a net connection). This tool would download all the patches onto the memory card. The patches could then be installed on the new PC, which could then be connected to the net safely.
  • It took me five tries to get the PDF, so here is a mirror if anyone needs it.

    xpsurvivalguide.pdf [compuliant.com]
  • Windows XP: Surviving the First Day

    That's all well and good.. but how do you survive (suffer?) Windows XP after the first day? ;)

  • A friend of my Dad gave him XP Pro as a gift a month ago. He installed it then connected to the net. It took 4 minutes until he was hit by blaster.

    He finally had to resort to getting the guy that gave him XP to make a CD up of the patches so he could actually use XP on the net.

    Personally I just have to say thanks to my linux firewall.
  • Given that these worms are still going strong, it doesn't take long for a new system to be infected. In particular, if you have to connect it to the Internet to download all the patches.

    Just uhh... use a router/firewall. Problem solved
  • They give away printers these days, why not just give each customer a free single port firewall...

    And a cdR with the latest Service Pack/Security Patches.. ( and make it auto-run for the newbees )

    What would that cost a vendor.. 10 bucks tops?
  • Most worms are either email, script faults or RPC/fileshare.

    So don't read email, visit non-update sites or open your ports below say 1000 to the outside world.

    Wow I'm a fucking genius. Since most homes have multiple computers anyways you will want a cheapo 100$ router anyways.

    Praise me!
  • patching xp (Score:2, Insightful)

    by agwis ( 690872 )
    I finally had to give in and purchase a new computer with xp. 2 things that frustrated me right off the bat was the fact that this new computer was way behind on patches, secondly...just how big the patches were I had to download. Even though I'm on highspeed dsl it still took a good 15-20 minutes to download and install all critical updates.

    I can just imagine how inexperienced people getting new computers for Christmas will feel, especially on dial up connections. When your excited about a new machine, wh
  • An Anonymous Reader writes "If you recently set up a new PC with Windows XP, or if you had the pleasure to do a 'reinstall from scratch,' you probably found that many XP systems as they are shipped today are not patched against common issues like Blaster. Given that these worms are still going strong, it doesn't take long for a new system to be infected."

    I had to nuke & rebuild my parents' machine this past Thanksgiving. I set up a dial-up connection on it and proceeded to the Windows Update site.

  • Firewall (Score:3, Interesting)

    by Stigmata669 ( 517894 ) on Wednesday December 24, 2003 @01:56PM (#7803754)
    As much as everyone insists that XP has more holes than swiss cheese, behind a crappy Linksys firewall my two boxes have never had any problems. I'm lazy about patches and tend to ignore them for months but i've never had a virus. Why? because i don't use their crap email client, i have a firewall, and i don't download warez off kazaa.

    Computers don't get viruses, users do.

  • Windows Update is great for keeping up to date, but a fresh install requires that you connect to the internet before it is "safe" to connect to the internet. This is a problem.

    It would be nice if you could go to the windows update page and download a zip file of all the updates necessary for a fresh install (maybe it requires a CD key or something so it knows what to give you).

    Use another computer that is safe to DL this zip and burn it onto a CD, then you can be guarenteed to have your windows box up to
  • by reallocate ( 142797 ) on Wednesday December 24, 2003 @02:04PM (#7803792)
    When installing any operating system, you need to be protected before you open your machine to the depravatoins of the internet.

    Although Windows users incur a higher risk due to the ubiquity of the product. all operating systems are vulnerable to oen degree or another.

    Personally, I am unable to install Windows and download the updates without being infected with at least one virus. When I need to install Windows, the first thing I do is to disconnect the machine from the internet. After the install, I set up my internet connection, enable the Windows firewall, and reboot. Then I download the minimim number of updates needed to install the current version of the Norton antivirus/firewall product. Then I disable the Windows firewall and install Norton.

    The first widespread Linux virus will do damage to the OS' reputation beyond any reasomable limits. Consumer Linux distributions should disable all servers and activate a simple firewall by default. Give the user the option to turn it , not on.

    • Not sure about other distros but, if you tell SuSE 8.1 or above (possibly lower versions as well) that you're going to be running as a Home/Desktop then it will turn off most of the services and setup a firewall by default. The only downside of this is that if you then want to turn FTPd on so you can copy files off you Windows box onto the Linux box over the internal network then it can be a bit of a swine to set up until you work out the exact combination of settings you have to set.

      Stephen

  • This brings up an interesting point about OEMs and patching. I've never bought a Dell, I usually build my box. Does Dell ship with the latest service pack as soon as it is available, and do they apply this critical patches to the line immediately or at all? I would at least expect the lastest service pack to be on.

    Another idea would to simply put the machine in a safe boot mode when the machine first comes up. This basically blocks all incoming traffic, and then attempts to connect to the MS site. Either v
    • I just set up a Dell for a coworker. It had the latest service patch, and many of the later critical updates. But not all. I suspect that most computer makers updated their disk images every few months or so. You always need to hit the update sight on a new computer, to see what's needed.

      As for safe mode, last time I tried, safe mode disabled all networking, period. That was Win98, however. Perhaps XP is better on that score.
  • by teamhasnoi ( 554944 ) <teamhasnoi@yahoA ... inus threevowels> on Wednesday December 24, 2003 @02:15PM (#7803860) Journal
    You can give someone is a Mac. Mom got one a while ago, and I have made two troubleshooting calls. One was due to my Dyn-dns client I had installed to reach the box ( the mac hadn't been on for a bout a month), and the other was when I got an email saying, "I can't send email". Classic.

    Compare that to a godawful dialup VNC session on a home shopping network XP box where I needed to fix blaster and the person didn't know how to get to system settings.

    I sold a mac that day with "Guess what, buy a mac and you will never have to deal with this again."

    (and I won't either, to myself) That's why it is the best Christmas present you can give yourself, if you are the designated "computer-guy". Not having to deal with other people's XP is worth its weight in Half-Life Gold, Al Franken, and Myth II: Soulblighter.

  • Microsoft's patching system makes it a snap to update your computer. Under Linux I have to groan over long and cryptic commands like "apt-get dist-upgrade" and lumber off to get a snack while my system is automatically updated. With Windows Update and a CD writer you can get a clean, protected computer with just a few easy steps. Allow me to elaborate.

    I run a Windows 2000/Redhat 9 system. I got sick of reinstalling the OS and every single driver, recustomizing, etc, everytime Windows started acting u

  • Roblimo fud (Score:3, Insightful)

    by greygent ( 523713 ) on Wednesday December 24, 2003 @02:29PM (#7803942) Homepage
    I'll probably be marked as a troll for this, but Roblimo is just wrong wrong wrong.

    Roblimo has a good suggestion on avoiding the first-day-of-Windows altogether.[link to article]

    Right, until his daughter/granny buys a webcam from the store and wants to hook it up and use it, etc. Or she wants to use x program that only runs on Windows. Grannies and relatives buy lots of this stuff off shelves at the store. The Sims, nearly another other quality game on the planet? Probably isn't going to run on Linux, is it?

    She does websites for pay... what happens when she decides she needs something like Dreamweaver, or Frontpage (gag, but a lot of people still use it) or Photoshop, in those rare cases when the (superior, IMHO) The Gimp won't fulfill her needs?

    Sure, you could use VMWare or some other such deal, but then you'll require a copy of Windows and you'll have spent more time and money than if you had just put Windows on the machine in the first place.

    What a load of narrow-minded horseshit, Roblimo. Your job as a self-appointed Linux advocate should be telling it to the people straight, and you aren't. They'll listen to you and get burned, and won't trust you or any other Linux person, next time.
  • by JonathanF ( 532591 ) on Wednesday December 24, 2003 @02:49PM (#7804051)
    I'm glad to hear that the user on linux.com is happy with her copy of Mandrake, but I can't help but think that a Mac would be much, much better so long as a given person can afford it (remember, you don't need a dual G5, just an eMac or iBook).

    The reason would be the support network for when you do need support. Not everyone is or can afford to drop by, and saying "go check Ars Technica" isn't really helpful. IF they ever need professional support, it would be better to have actual phone and store support for the product.

    Not to mention that you can actually expect to find common peripherals which will work out of the box, or at least have company-supported drivers that you can install.

    Not everyone can justify the cost when you can get a new Linux box for half the price, but I wouldn't want someone spending extra on tech support (or downtime) just to save some money on the initial purchase.
  • by Lord Kano ( 13027 ) on Wednesday December 24, 2003 @02:59PM (#7804090) Homepage Journal
    I understand wanting to advocate alternatives at all times, but come on now Rob.

    There is no way in HELL that I'd consider giving a linux machine to a friend or relative who is light on technical ability.

    I am already on call to fix the computers of my friends and family, my girlfriend, my girlfriend's best friend, my girlfriend's sister, and my girfriend's sister's girlfriend.

    I'd easily double the amount of free support that I've have to give if I gave someone a linux machine. Even if most of the calls ended up being "No, I can't help you install 'Barbie goes to the beach' because the version that you have is for Windows", that is still crap that I don't want to deal with.

    I'd rather burn a disk with Ad Aware and Spybot Search & Destroy and give it to people than to have to educate people on a system that they know nothing about.

    So many people these days don't know a thing about DOS, so how can you expect them to take the time to learn bash? More times than I would like to remember, I had to use the console to fix a problem on one of my linux machines that just couldn't be done through X. Sometimes the problem was that I couldn't launch X.

    Windows is the devil that most people know. As awful as the security is, as awful as Microsoft's business practices are, Windows is the top dog and most mundanes don't care about anything but being able to check the weather, get email, bring up a few web pages, and play some games. For most people, that is easier to do with Windows.

    LK
  • by luckyguesser ( 699385 ) on Wednesday December 24, 2003 @08:17PM (#7805867)
    is called "TCP/IP port filtering". I have encountered this experience personally, on my dorm network. When I reinstalled WinXP, I didn't even have time to download SP1 before a virus made its way onto my computer and the IS dept shut off my port. However, I've found that if I leave my network cord unpliugged (card disabled, etc) until I have setup my TCP/IP filtering settings to allow only port 80, I can then download the necessary patches, update, and remove the filter. No problems yet!
  • by Shanep ( 68243 ) on Thursday December 25, 2003 @02:29AM (#7807068) Homepage
    I recently upgraded a friends PC from ME to XP Home. She purchased XP, which came with a sticker proclaiming that it included SP1a.

    Since this was a recent purchase and the after thought SP1a sticker was there, I mistakenly assumed that it would be safe against Blaster.

    Regardless, I enabled the built in firewall on the external interface NIC before I connected to the internet via her ADSL.

    I couldn't get it going. I was using the ISP PPPoE driver which was supposed to work, but the ISP suggested I use the built in XP PPPoE driver, which worked fine. The phone tech also said that I must disable any firewall due to the use of a heartbeat initiated at their end.

    So, I reluctantly did...

    Her PC had Blaster literally within a minute or two of connecting.

    But here comes the funny part... to get around the 60 seconds to shutdown, I double clicked the time to set the year back to give me a chance to remove the virus and patch her system. Unfortunately, during this, I had to reboot. At this stage the 30 day registration period was still in effect because I had not registered. Upon reboot, the 30 day period was up, XP was demanding I register now without giving me the desktop! Luckily it seems that it automatically connected.

    Next time I'll just set it back an hour!

    This kind of crap just has not happened to me on my Apple. In the end, I enabled the firewall and she has not had a problem. It might not have happened if I knew XP better (first install), but then I gave up on Microsoft long ago.

Kiss your keyboard goodbye!

Working...