OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: De Velopment (devel_at_www2.kparker.org)
Date: Tue Oct 08 2002 - 00:19:41 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    First off, thanks everyone for the massive response to my "can of worms".

    One person summed it all up when he told me, "I'm sure there's ten
    million answers being sent on this". Maybe not 10 million, but
    definitely lots of widely varying responses.

    To my question about downloading patches via dialup, I got projected
    speeds of everywhere from 90 minutes to 4 hours, 16 minutes! Several
    responses suggested that I get all of the fixes for Windows XP via
    broadband and burn them onto a CD. (Sorry, no CD burner and none
    of my own PC's have XP on them). I got two EXCELLENT suggestions,
    however, to request a CD from Microsoft. One person said I should
    be able to get one, "no questions asked". The other person narrowed
    the scope by telling me to ask for a CD of the "Microsoft Security
    Toolkit".

    To the question on safety, one person suggested that I have my friend
    turn the PC off, put it in a closet, and put blankets on it to make
    it safe! Other responses ranged from "a dialup machine is not a very
    large target and not to worry too much" to "running an XP system out
    of the box is suicide" or "it will be hacked in ten minutes". One
    suggested that it be converted to OpenBSD. (I use Linux, myself,
    by the way, but that's not the point of this particular exercise).
    The best suggestions here, in my opinion, were that Anti-Virus and
    Firewall software (Black-Ice Defender most popular) is as important,
    if not more so, than getting XP up to date. (Turns out that the
    system came preloaded with Norton Anti-Virus, by the way).

    To my question about Microsoft releasing XP, already patched,
    several consider this a great idea. (Microsoft, are you reading
    this?) A couple of responses suggested that this sort of thing is
    the responsibility of the OEM, and that my friend should call
    Gateway about XP updates. (She said she will call Gateway tomorrow,
    by the way).

    The wide variation in responses is quite telling, by the way,
    and suggests that Microsoft needs to be clearer about securing
    its operating systems. A few people game me links to Microsoft
    Technet pages, and I will certainly review them. The problem,
    however, is that people purchasing new computers may not be
    computer literate, and, therefore, may not even know that they
    are sitting on a potential powder keg.

    Again, thank you kindly for all the responses. They have given
    me a direction to take in helping my friend, and a general
    understanding on Windows XP Security issues.

    Best regards,

    Ken Parker