l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2004 Sep 28 09:42

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] [OT] Length of time to infect a Windows computer?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] [OT] Length of time to infect a Windows computer?



on Sat, Sep 25, 2004 at 11:39:53AM -0700, Richard Crawford (rscrawford@mossroot.com) wrote:

> Last night I got a call from someone at our church.  Her brand new
> Windows XP computer, which she had just purchased a couple of months ago
> in pristine condition, was running really slow and returning strange
> error messages.  I spoke to her son, ....


I'm running herd over a small network of WinXP boxes at work, though
with copious helpings of Free Software applied, and a set of GNU/Linux
servers offering filtering, proxying, Samba, and other services.  This
constrasts with staff systems which are pretty much bare-ass to the Net.

I was quoted in last weekend's Sunday New York Times, front page of the
Business Section:

    http://www.nytimes.com/2004/09/19/business/yourmoney/19gator.html?pagewanted=all&position=

...also available outside the sell-us-your-soul registration at:

    http://business-times.asia1.com.sg/sub/bizit/story/0,4574,129329-1095969540,00.html


The article discusses the current state of adware / spyware / malware,
largely from the business perspective, but with some user impact
perspectives as well.

I address a number of technical and cultural issues in a companion essay
I wrote immediately following publication of the Times article:

     http://linuxmafia.com/~karsten/Rants/spyware.html

To sum it up:

  - The situation on legacy MS Windows simply *sucks*.  It also
    encompasses all releases of the OS I've encountered (Win98, ME, 2K,
    XP).  Though the DOS based versions' utter lack of user-level file
    security is slightly worse.  Though typical rollouts of NT-based
    'Doze gives users admin-level privs.  I simply don't understand why
    people put up with this.

  - The foundations, I feel, are cultural.  It's the logical outcome of
    a competitive, proprietary software distribution model, vs. a
    cooperative, collaborative model epitomized particularly by Debian.
    Discussed at length in the essay.  Malware is the logical result of
    today's competitive proprietary software market.  Though I probably
    should address Apple & Mac OS X to some extent.

  - You _can_ (with luck, and I emphasize, *luck*) keep exposure to a
    minimum by locking down stuff hard.  But it's a PITA, lots of stuff
    fails to work, and you've got to root out a lot of stock software
    and programs.  And I'm _still_ not at all comfortable with the level
    of control offered.  It's a bit like driving a car with dodgy
    steering and brakes, on a mildly graded, straight road.  Most of the
    time you think you can recover, but you never know when it's going
    to get away from you and wind up in the ditch.

I had a subsequent email exchange with Orion Hill (quoted at the very
end if you find a full version of the article), president of the Napa PC
User Group.  Orion discussed both spam and malware, and while I think
both are very significant problems, I _don't_ think they're insoluble.
I should probably post exerpts of my email with the article.


But yeah....   My current headache is a WinME box which "started acting
slow" last week (after I'd mentioned the Times article).  450+ AdWare
objects found, including at least a half-dozen applications (many AdWare
results are simply cookies or other relatively benign objects).  And the
doozy:  1350+ virus instances, mostly Netsky.C, but a healthy sampling
of other cruft for good measure.

The box (and older HP Pavillion) has probably been stressed by heat and
its own poor ventilation.  I suspect the system load of viruses and
malware, as well as the newly introduced constant scans, pushed it over
the edge:  the PSU shorted out spectacularly earlier today, when I
powered it up.  So yes, the stuff *can* physically damage equipment.

> It led me to wonder: how long does is the average Windows PC on-line
> before it's compromised?  

Per /. (and you *know* it has to be true) a few weeks ago:  20 minutes.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   TWiki:  documentation for the GNU millennium.
     http://twiki.org/

Attachment: signature.asc
Description: Digital signature

_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.