G'day Bob

16 May 04 10:59, Bob Lawrence wrote to David Drummond:

 BL>  I expect that Microsoft is pretty much like that. Who better to fuck
 BL> up the system than the guys *writing* the system?

 BL> BTW, what's this new Sasser worm that exploits a "flaw" in WinXP?

An unused port that reponds to inbound traffic and actions it. Not an issue
if one has a firewall betwen one's machine and the the Internet (or runs an
OS without such silly shortcomings). This is not the first worn to exploit
unprotected ports in Xp - remember the MSBlaster worm?
[...]
 DD>> (The Sasser worm could spread through Win 95/98/Me too)

 BL>  How?

The same unprotected port I guess.

 BL>> Apparently, it infects any machine to which you connect, and
 BL>> its effect is to become TSR and reboot... continually. 

 DD>> _IF_ it can connect Bob. Read your Linux security blurb, it
 DD>> says to close all ports you're not using. Windows doesn't read
 DD>> that blurb, it has ports open and welcoming all over the bloody
 DD>> place. 

 BL>  I *know* how it gets in... how does it get RUN?

It drops executables in the right places and patches the registy to use them.

 BL>  I remember a few years ago, when Keith ran a fancy new firewall that
 BL> monitored all his ports. He said he was getting an average of two or
 BL> three attacks every day! And some of them were persistent.

Many are not "attacks" - merely something "feeling" ports.

 BL>  Life is too short to waste it stuffing around with making my PC safe
 BL> from the Internet. It's easier to simply not connect. I have learned,
 BL> that no matter how smart you are (or think you are) there is always
 BL> someone a dollar ahead and a day early. The Internet connects you to
 BL> the entire world, and it is the height of hubris for you to say that
 BL> you can beat them all. If Bill Gates can't beat them...

The firewall people can, Linux can. It's Bill Gates theory that a computer
should be easy to use (or easy for him to control every PC on Earth - or
Splong). There in lies Bill's problem.

 DD>> Do not connect a Windows machine directly to the outside world
 DD>> without first installing a firewall package that isn't made by
 DD>> Microsoft. 

 BL>  It's not just Microsoft, David. Any well-known firewall runs the
 BL> same sort of risk of penetration - especially if they use the same
 BL> Windows O/S. I've seen it happen with Borland and Norton. They are
 BL> really just another version of Microsoft. To be safe, you need to
 BL> write your own... or do as I propose: don't connect Windows at all.   

A firewall is not just a software package running on a WinBox. I do NOT run
any firewall software here on the Windows machines (nor on the hundreds at
work).

Do not connect the Windows machines directly to the outside world.

 DD>> Of course, that still leaves viruses and trojans..... Do not
 DD>> run untrusted executables (and trust very few). 

 BL>  This is the problem - whom do you trust? My answer is no one.

I'm not having any problems here - the Gassons aren't having problems.
Surely we're not the only two housholds in the world who've got this
sussed?

 BL>  I plan to set up two machines: the Linux gateway that runs 24/7 but
 BL> with *no* product on it. Anything I produce will be kept on the other
 BL> machine, on another hard drive with a plug I can pull, physically. If
 BL> I must run an executable, then I'll do it on the Linux machine. If it
 BL> becomes infected then stiff shit... I'll just reload the entire
 BL> machine. This Linux installs in ten minutes.

If you're serious about the Linux box being a router/firewall only take a
look at one of the single diskette router distributions of it (LRP or
Freesco or such). These boot from a wite protected floppy, load inot a RAM
drive and run from there. If something odd happens, just reboot and it
automatically runs a "clean" copy.

Regards,
David

--- Msged/LNX TE 06 (pre)