OH FOOKE YOU MICROSFT UPDATE

[Cagey]

Many of the exploits that infect Windows are not obvious. They're intended to turn your machine into a 'bot. Depending how many you have, you may or may not notice them until there are so many that performance is affected. Your security is compromised, so your ID and passwords can be used for other things separate from your machine, or to attack your accounts directly, or to remotely use your machine to attack others and/or collect more data. You may think you don't have any malware installed, but you do. Some of the exploits are capable of modifying any anti-[everything] code you may be running so their presence can't be discovered. Even seemingly benign sites will install tons of javascript to track your behaviour, or discover your contacts and infect them.

Even if you don't get infected, which is next to impossible with Windows, Microsoft's default settings at install are pretty dangerous. They default to "always run" and "allow everything" so people don't run into snags when they try to get things to happen. It's poor practice, but that's been Microsoft's standard behavior since day one. You don't opt in, you have to opt out, and they don't tell you what you've opted into. Makes for an OS that's so full of holes it makes a sponge look as dense as lead.

Used to be, Black Viper was a good resource for setting up a Windows install. I don't know if that's true any more; I don't deal with Windows. But, you definitely need anti-everything software running, and the best stuff isn't the expensive crap from Symantec/Norton/McAffee/et al. Do some research. You can secure Windows, but it's not a trivial task and it will complicate your life a bit.

In particular, I'd study up on how the Hosts file works, and use it. Also, never, Never, NEVER run in admin mode.

 

[Dan025]

i had an iphone and it didn't work in cold weather and i may have gotten mild hypothermia becasue i couldn't call a friend to open their front door.... the gps never worked often prefering network location which sometimes put me on the wrong side of the hudson river and it was impossible to hear anything. then again people had similar complaints about the captivate that i loved. i do recomend people buy nexus devices if they are interested in android. at one time the proprietary stuff offered interestign things but the play store has taken over for anything that you don't get on a nexus device these days. some nexus devices recieved 3 years of support before they were decided to be too old to need or run the new versions and not much as far apps wont run on android 2.3.x which is supported in the first nexus device which might be my favorite android device, why? because it worked! it didn't have the multimedia abilities or a big screens of today or good resolution with it's pentile matrix 480x800 display.. the numbers looked good compared to the existing phones but it was pentile matrix... ugh. it was pocketable, and the screen was big enough to be typed on and the track ball made for easy navigation which a large screen can't replace. they really f'ed up the android form factor since then. it even gave you notifications without the screen on by lighting the trackball in multiple colors.

i run linux at home. i prefer the windows 7 interface over mac and on linux i run kde which has many of the windows 7 features. i am traditional like that. gnome2 was also very nice but it's configurability was a hinderance i spent more time setting up shortcuts that were unique to my computer than i ever saved using them, not that they would benifit anyone but me. i am not a fan of the big tiles and search based app launching that ubuntu and windows 8 have replaced the traditional interfaces with. i know how to acess the search features when i need them and it is an effective way to browse but sometimes i'd rather save the typing and just click something knowing where to find it. i like that mac is terminal based and it's nice once you teach yourself the hot keys but i just think the traditional windows interface is better. they each have advantages and capabilities and loyalties by users and frustrating problems.

 

[Dan025]

Many of the exploits that infect Windows are not obvious. They're intended to turn your machine into a 'bot. Depending how many you have, you may or may not notice them until there are so many that performance is affected. Your security is compromised, so your ID and passwords can be used for other things separate from your machine, or to attack your accounts directly, or to remotely use your machine to attack others and/or collect more data. You may think you don't have any malware installed, but you do. Some of the exploits are capable of modifying any anti-[everything] code you may be running so their presence can't be discovered. Even seemingly benign sites will install tons of javascript to track your behaviour, or discover your contacts and infect them.

Even if you don't get infected, which is next to impossible with Windows, Microsoft's default settings at install are pretty dangerous. They default to "always run" and "allow everything" so people don't run into snags when they try to get things to happen. It's poor practice, but that's been Microsoft's standard behavior since day one. You don't opt in, you have to opt out, and they don't tell you what you've opted into. Makes for an OS that's so full of holes it makes a sponge look as dense as lead.

Used to be, Black Viper was a good resource for setting up a Windows install. I don't know if that's true any more; I don't deal with Windows. But, you definitely need anti-everything software running, and the best stuff isn't the expensive crap from Symantec/Norton/McAffee/et al. Do some research. You can secure Windows, but it's not a trivial task and it will complicate your life a bit.

In particular, I'd study up on how the Hosts file works, and use it. Also, never, Never, NEVER run in admin mode.

yeah linux might bother the average person setting executable bits and user permissions using frequent passwords to be able to execute programs you download but it sure does make things secure. try to infect my computer without my expressed permission! i dare you!

 

[Cagey]

I have run MS Windows sans anti virus for the past 5 years and haven't had any issues.  When I did have anti virus software I picked up viruses, so I said screw it, and after my subscription expired, didn't renew. 

I didn't address this in the earlier post, but it also needs to be said.

Doesn't it strike you as curious that when something was looking for exploits, it found them, and when nothing was looking for them, you didn't get any? Did it occur to you that you still got exploits, but didn't know about them because nothing told you they were there?

Windows is a house of cards, my friend. It's the most vulnerable, insecure, unstable OS extant, bar none. You need to be seriously proactive about protecting yourself, or you could end up with more than a misbehaving machine. Somebody else could use you to do something illegal, and when the FBI or NSA or whatever alphabet agency traces down your machine as the vector for kiddie porn or <shudder> music file distribution, YOU will be the one to go to prison for ever and ever, amen.

 

[dudesweet157]

Many of the exploits that infect Windows are not obvious. They're intended to turn your machine into a 'bot. Depending how many you have, you may or may not notice them until there are so many that performance is affected. Your security is compromised, so your ID and passwords can be used for other things separate from your machine, or to attack your accounts directly, or to remotely use your machine to attack others and/or collect more data. You may think you don't have any malware installed, but you do. Some of the exploits are capable of modifying any anti-[everything] code you may be running so their presence can't be discovered. Even seemingly benign sites will install tons of javascript to track your behaviour, or discover your contacts and infect them.

Even if you don't get infected, which is next to impossible with Windows, Microsoft's default settings at install are pretty dangerous. They default to "always run" and "allow everything" so people don't run into snags when they try to get things to happen. It's poor practice, but that's been Microsoft's standard behavior since day one. You don't opt in, you have to opt out, and they don't tell you what you've opted into. Makes for an OS that's so full of holes it makes a sponge look as dense as lead.

Used to be, Black Viper was a good resource for setting up a Windows install. I don't know if that's true any more; I don't deal with Windows. But, you definitely need anti-everything software running, and the best stuff isn't the expensive crap from Symantec/Norton/McAffee/et al. Do some research. You can secure Windows, but it's not a trivial task and it will complicate your life a bit.

In particular, I'd study up on how the Hosts file works, and use it. Also, never, Never, NEVER run in admin mode.

Cagey, I'm not going to argue with you because I know how you get when you step up on your soapbox, but five years with no major issues sort of speaks for itself, and I'm not stupid/jaded.  If you don't know what you are doing, you can have serious issues with Windows.  I'm not arguing that.  From a price/compatibility/my needs standpoint, Windows gives me more than I can get from any other OS, and it makes me happy,  so let's just leave it at that.

 

[Jumble Jumble]

Cagey hasn't used Windows for many years, which is pretty obvious from that post. Windows security defaults these days are so tight that most people find themselves wanting to slacken it a bit.

Saying stuff like "you may think you don't have any malware installed, but you do" and "never run in admin mode" is probably true if you're talking to my mum. But I'm a very well paid computing professional of nearly 20 years experience, most of that gained in extremely security-critical environments (investment banking), and all of it on Windows. I know what I'm doing.

 

[Cagey]

Ok. Well, if you guys are happy, far be it from me to burst your balloons. I was a programmer back before Microsoft even existed, let alone Windows, so I've kinda sorta seen how things have progressed and where they are now. I know better than to use Windows outside of a high-walled sandbox, and as long as you stay in the box, it's a fine thing. There's lotsa very good software out there that runs on it, which is why I keep a laptop with Windows on it. Never let it on the 'net - it's not even connected - so it's ok. I've got safe machines to download updates on, so I'll be ok. Not that I'll need many updates, since 99% of them are for security.

 

[dudesweet157]

I have run MS Windows sans anti virus for the past 5 years and haven't had any issues.  When I did have anti virus software I picked up viruses, so I said screw it, and after my subscription expired, didn't renew. 

I didn't address this in the earlier post, but it also needs to be said.

Doesn't it strike you as curious that when something was looking for exploits, it found them, and when nothing was looking for them, you didn't get any? Did it occur to you that you still got exploits, but didn't know about them because nothing told you they were there?

Windows is a house of cards, my friend. It's the most vulnerable, insecure, unstable OS extant, bar none. You need to be seriously proactive about protecting yourself, or you could end up with more than a misbehaving machine. Somebody else could use you to do something illegal, and when the FBI or NSA or whatever alphabet agency traces down your machine as the vector for kiddie porn or <shudder> music file distribution, YOU will be the one to go to prison for ever and ever, amen.

I DO run anti-mal/spyware programs every night while I sleep that do pick up the occasional threat that is then summarily disposed of (mostly tracking cookies), and I have Microsoft Security Essentials installed that I run every once in a blue moon when I'm bored, but it has never found a virus either.  I've configured my boot up programs to the bare essentials, and my PC boots up and runs lightning fast all the time/every time (even better with a SSD) and has for years.  I've had an Ivy Bridge 7 machine for the past year, but before that, I ran a Core 2 Duo XP notebook for 4 years sans anti virus (longer with AV).  When I quit using it,  it booted in less than a minute, and for basic Office functions, web browsing/email, etc, was perfectly fine.  Unfortunately, my recording projects (via Cubase, yes I know it sucks, but it was given to me) and newer/prettier games pegged out it's RAM and made it pretty unusable.  I still have it.  My cousin uses it to play my old computer games when he comes over.  There's nothing wrong with it other than its hardware is obsolete for today's software.

 

[Jumble Jumble]

I'd like to see the news stories about all these people who are going to prison because their infected Windows PC was doing something with kiddie porn where the FBI somehow traced it to their machine but couldn't trace it any further. Sounds like FUD to me.

 

[Cagey]

I'd like to see the news stories about all these people who are going to prison because their infected Windows PC was doing something with kiddie porn where the FBI somehow traced it to their machine but couldn't trace it any further. Sounds like FUD to me.

It is FUD. But, it's plausible and I don't want to tempt fate. I know how easy it would be to do, so I have to assume all the ass holes do, too.

 

[Jumble Jumble]

It's not really that plausible though. The necessary scenario is that these criminals get the questionable material on to your PC in a way that can be traced, and then from yours to theirs in a way that can't be. If they've got a way of getting data around untraced, what do they need my PC for?

And what's in it for the FBI, just putting away one person because they've found data going to their machine? They want to put away the actual criminals, so once they seize your PC, they'll find all the malware and likely be able to use it to find someone a bit more worthwhile chasing.

If you were in a jury and someone said "my windows PC was full of malware", I'm fairly sure you'd believe them - or at least find it plausible, from what you've said in this thread. That seems like "reasonable doubt" to me.

 

[dudesweet157]

I'd like to see the news stories about all these people who are going to prison because their infected Windows PC was doing something with kiddie porn where the FBI somehow traced it to their machine but couldn't trace it any further. Sounds like FUD to me.

It is FUD. But, it's plausible and I don't want to tempt fate. I know how easy it would be to do, so I have to assume all the ass holes do, too.

That's like refusing to go to the beach because you're afraid of being attacked by a shark.  53 people were attacked by sharks in the USA last year out of the MILLIONS of people that visited the beach.  America's busiest beach (according to Yahoo) is Venice Beach, CA, which receives about 16 Million visitors each year.  Even if all 53 shark attacks happened there, that's still only a 0.0000033% or a 1 in 301,886-ish chance of being attacked by a shark.

I think I'll take my chances...

 

[Jumble Jumble]

It's more like he's just going to a different beach really. He's not doing himself out of anything.

 

[dudesweet157]

OK, bad analogy, but the chicken little mentality persists.

 

[Cagey]

It's not really that plausible though. The necessary scenario is that these criminals get the questionable material on to your PC in a way that can be traced, and then from yours to theirs in a way that can't be. If they've got a way of getting data around untraced, what do they need my PC for?

And what's in it for the FBI, just putting away one person because they've found data going to their machine? They want to put away the actual criminals, so once they seize your PC, they'll find all the malware and likely be able to use it to find someone a bit more worthwhile chasing.

If you were in a jury and someone said "my windows PC was full of malware", I'm fairly sure you'd believe them - or at least find it plausible, from what you've said in this thread. That seems like "reasonable doubt" to me.

Reasonable doubt? Look at the myriad lawsuits the RIAA, MPAA and all manner of other crybabies have filed against people based on nothing more than an IP address. I don't know about England, but it's a booming industry here. There's literally millions of dollars in it. Yet, there's no irrefutable connection to someone with an IP address. It's nothing more than an assumption.

I have a wireless router here that I very rarely turn on for that very reason. The guy next door could download some bullshit Janet Jackson tune, and it's on my IP address. When the RIAA sees that and gets a hard-on, who are they going to sue? Me. And the courts are generally too unsophisticated to understand that it might not have been me who downloaded that bit of dreck. Joel Tannenbaum got fined $675,000 for downloading 30 tunes. I'm not saying he did or didn't do it; I don't care if he did or not. But, what if the guy next door decides to download 350 tunes on my router? At $22,500 each, that would be $7,875,000 on my hook.

So, it's not just the FBI (or whatever gummint agency) coming after you, it's everybody who feels a bit butthurt. The FBI and their ilk only really chase down the politically expedient types that'll make headlines, like pederasts and whistleblowers. So, what if the guy next door is a pederast or a disgruntled IRS employee? Now where am I? A pile of grossly illegal content is dead-ended on my IP address. I'm gonna be in deep, meaningful sheep dip, and I didn't do anything wrong.

 

[Cagey]

OK, bad analogy, but the chicken little mentality persists.

It's not a "Chicken Little" mentality. That describes a fear of a non-existent threat. But, in this case, the threat and the consequences are all too real.

If it wasn't a real threat, why would computer security be a multi-billion dollar business? Why is the government worried about other governments breaking into their computers? Why are they so upset about the revelations of their own misbehavior in that space?

 

[Jumble Jumble]

Can you show me one time where it's happened? The thing of downloading something but actually it was donwloaded by malware. If not, you can't really say it's  "all too real". It's more "all to speculative".

I have a wireless router here that I very rarely turn on for that very reason. The guy next door could download some bullshit Janet Jackson tune, and it's on my IP address.

Tin-foil-helmet stuff. Just turn on some decent security (WPA2) and let the potential bandwidth thieves look somewhere else. It's the old thing about not having to be able to outrun a bear, just the other guy.

If it wasn't a real threat, why would computer security be a multi-billion dollar business?

Hahahahahahaha. Yeah, right? I mean, why would any kind of bad situation ever be exaggerated when people stand to make multi-billions of dollars helping you avoid it? That would be... wrong!

Calm down. We're talking about Windows here, not whether or not hacking exists. The reason Windows is "insecure" isn't because it's worse. It's because people focus on it. If you were going to write some malware, you'd target the OS that 91% of net-connected PCs are running. It's actually just more tested.

 

[Cagey]

Can you show me one time where it's happened? The thing of downloading something but actually it was donwloaded by malware. If not, you can't really say it's  "all too real". It's more "all to speculative".

If you're unaware of Windows exploits, I have to wonder how secure your investment banking machines are.

Hahahahahahaha. Yeah, right? I mean, why would any kind of bad situation ever be exaggerated when people stand to make multi-billions of dollars helping you avoid it? That would be... wrong!

There's no question that there's a lot of advantage-taking in the security realm... mainly by those who don't mind reverse exploitation. That doesn't mean the threat does not exist, only that there are those with few scruples.

Calm down. We're talking about Windows here, not whether or not hacking exists. The reason Windows is "insecure" isn't because it's worse. It's because people focus on it. If you were going to write some malware, you'd target the OS that 91% of net-connected PCs are running. It's actually just more tested.

That's a common refrain amongst Windows users. "Windows is under attack because it's such a huge target!" Fact is, it's under constant attack because it's easy and success is sweet. Granted, it's usually not script kiddie territory these days, but it's certainly not invulnerable by any stretch of the imagination. Everybody else is under constant attack, too. But, it's rarely successful.

 

[Dan025]

yes it is true that windows has improved security policies but there are individuals out there that still run windows xp... and it still doesn't compare to linux/mac but it's getting there. or not. if people are inconvenienced by wnidows policies now imagine they ran linux needing root passwords to sudo a single operation all the time, they'd really hate it, not to mention the extra step of setting the ownership, user permissions and executable bit, even though the system knows what's executable beyond what the file extension says you still have to give it permission to be executed and say who can open it.

yes windows is more attacked and yes other systems can be exploited but not as easily, windows was always an easier target with a bigger payout. windows has had decades to improve security and other examples to follow so it's about time that they did. if you are running xp and go on the internet you may want to rethink things. or maybe you just like to live life on the edge....

 

[Cagey]

I can't remember the last time I've had to run sudo or set a permission bit. It's probably been a couple years, at least. And I don't run as admin or in root; I just have a user account. Actually, now that I think about it, I can't even remember my root password. This is distressing. I'm going to have to think about this one...