How Long is Too Long to Update? 415
StWaldo asks: "I'm sure everyone knows the story about the life expectancy of an fresh, un-updated PC, once it's connected to the internet. What about a PC which just hasn't been updated in a while? I've been deployed in Iraq for the last 9 months, and haven't been able to hook up my laptop to the internet to get updates (I do HAVE access, just can't hook up a personal laptop, gov't only). Before I deployed, I would update my software (system, anti-virus, firewall, anti-spyware, etc) regularly, but as I get closer to coming back to the States and my broadband connection, I'm beginning to wonder what the life expectancy of my PC will be. What's the lifecycle of a security exploit, hack, virus, etc - between discovery/release, propagation, and extinction (or a state approaching extinction)?"
How long could it survive... (Score:5, Informative)
1. Put your computer behind literally any personal firewall/router (Linksys, DLink, etc.) that can be had - wireless and wired or both - for under $50.
2. If you have Windows XP Service Pack 2 (SP2), just make sure the firewall for your network connection is still enabled; it is by default on SP2, and Security Center will warn you if it isn't. Unless you explicitly disabled it, it will still be enabled.
If you don't yet have Service Pack 2, simply enable the Windows firewall (Internet Connection Firewall) for any network interface(s) you have. This can be done on the Advanced tab of each connection's Properties.
3. There is no step 3.
There's nothing you have to do other than ensure you have a software firewall enabled, and optionally have your machine behind a nice little personal firewall/router. Then it doesn't matter how long it's been or what exploits are out there[1].
That's it. Even the built-in Windows software firewall on a machine with no patches or service packs installed will protect a Windows XP system. Seem simple? It is. One wonders why it took Microsoft *so long* to make it the default.
[1] Sure, there may be exploits that affect browsers or other aspects of the system that could be exploited by *visiting malicious sites*, but the machine, just sitting there, won't be vulnerable. If all you're going to do is immediately update everything anyway, you have nothing to worry about.
Re:How long could it survive... (Score:5, Funny)
Re:How long could it survive... (Score:5, Funny)
Re:How long could it survive... (Score:5, Funny)
Re:How long could it survive... (Score:4, Funny)
Re:How long could it survive... (Score:2)
Good enough, anyway (Score:3, Informative)
Re:How long could it survive... (Score:2, Informative)
Re: (Score:2)
Re:How long could it survive... (Score:2)
* I refuse to call it a CD.
Re:How long could it survive... (Score:5, Funny)
Just in case, you might also remove the hard drive and the CPU as stray electrical currents might cause these components to receive signals from "them".
Re:Who Cares About Your Computer? (Score:3, Funny)
Re:Who Cares About Your Computer? (Score:3, Informative)
There's a term used to describe people who believe "if anyone disagrees with me, even the majority of people in the world, then they're automatically wrong." It's 'hubris'. Did you even stop and consider that perhaps they might have valid views backing that up, or did you just instinctively assume "they must all be ignorant"?
decade
An arbitrar
make sure your firewall is running (Score:3, Insightful)
make sure your firewall is running
do your updates
bingo
Re:make sure your firewall is running (Score:2)
yeah right, it takes my wife's WinXP longer to go from log-in screen to usable desktop than it takes to go from boot to login because of all the crap that gets installed into auto-start; cable-modem goes crazy!
Short answer... (Score:3, Informative)
Unprotected (Score:2)
sPh
Don't do it (Score:5, Informative)
Once that install/reboot cycle is complete, grab the latest updates for your antivirus and antispyware system. For extra security, make sure you perform a complete scan for viruses and spyware after all the updates are complete.
Once that install/reboot cycle is complete, update the rest of your applications.
Under no circumstances should you attempt this without being behind a secure firewall. Even if you are, you still have to be very very careful (hence, no web browsing until your computer is up to date on Windows and antivirus updates).
For the love of bob (Score:5, Funny)
Microsoft Bob?
-everphilski-
Re:For the love of bob (Score:2)
> Microsoft Bob?
This is the holiday season, so please celebrate our religious diversity by showing respect to a devout member of the Church of the SubGenius.
(for more info [wikipedia.org])
Re:For the love of bob (Score:2)
For the love of the FSM and His Noodly Appendage!
Hardware firewall (Score:3, Insightful)
Re:Hardware firewall (Score:2)
Spend $50 to buy a hardware firewall and the life expectancy of your laptop will skyrocket
Spend $0, install a GNU/Linux or xBSD distribution, your laptop will be immortal, and you will never have to devote another brain cell to this silly discussion. You'll be promoting the freedom of ideas as well.
Maybe overstating things (Score:5, Informative)
My wife hadn't touched her laptop computer in 6 months. She fired it up, it was updated in 5 minutes and she was fine.
Two things helped:
a hardware firewall
It already had XP SP2
If that's your situation, just fire it up and go.
You'll be in good standing... (Score:2, Funny)
Survival Time History (Score:3, Informative)
Options (Score:3, Interesting)
2) Connect to the internet behind a hardware firewall/NAT device. Then update everything.
I would recommend doing both.
Re:Options (Score:3, Interesting)
A firewall (or at least a router) is a good thing tho, and recommended.
Lifetimes... (Score:2, Insightful)
The machine will have a lot shorter lifetime than an American soldier in Iraq...
We look forward to having you back, by the way! While there are those here on /. who opposed the war, politically, I think we all wished you (and all the other soldiers there) nothing but the best. Our thanks for a difficult job.
Re: Lifetimes... (Score:2)
Windows XP SP2 came out in August 2004, IIRC. Not to say that that's perfect - but it does fix some problems, right?
For updates since then, you might check the Microsoft Security Bulletin Search [microsoft.com]; I got that from a smithii page on slipstreaming [smithii.com], which also includes a file to download those files, up through November, anyway. That requires Cygwin, although you could just pull the URLs out of that & fetch them all. Either way, you could down
Re:Lifetimes... (Score:3, Insightful)
I fully agree. We look forward to having you all back.
Re:Lifetimes... (Score:2)
One can oppose the war without opposing the individuals fighting in it. The soldiers are in Iraq because they were ordered to be. They are given orders, and do their best to carry them out. They should not be disrespected for that, indeed, they should be commended.
However, if the le
Re:Lifetimes... (Score:3, Insightful)
Those two things are not mutually exclusive; I oppose the war(s), and I wish all the American troops nothing but the best. Honestly.
Re:Lifetimes... (Score:3, Insightful)
See, I'm not American, so theres none of the 'my country right or wrong' thing. Its more like 'right, not wrong' for me.
I admire the courage of the American soldiers going into a difficult place and for the job they do. I also happen to admire the courage of the Iraqi soldiers (the ones under Saddam) going to war against a far stronger enemy in the same thinking of 'my country right or
Re:Lifetimes... (Score:2)
Re:Lifetimes... (Score:5, Insightful)
I just have to say this: You're a dick. Straight up. You think this soldier ordered the war? You think he made the policy decisions that led to Iraq's destruction? No. He's just some guy making about $10 an hour, trying not to get killed, all for the dubious reward of trying to save ungrateful shitheads like yourself. So go fuck yourself with the largest pointy object that you can find.
Bash Bush and the decision makers all you like...I'll be right in there with you. Bash a soldier and I'll tell you what a worthless piece of crap you are. Bash one in range of my hearing and you won't do it again.
You'll notice I sign my name. "Anonymous Coward" fits you like a glove.
Re:Lifetimes... (Score:2)
But this strikes me everytime I read it. You say:
As if that is some vindication, or that being a leftwing democrat is automatically means you are correct where the rightwingers are wrong.
The biggest problem with this country are political parties, specifically the big two, pr
Re:Lifetimes... (Score:3, Interesting)
Re:Lifetimes... (Score:2)
In short, they're regular guys with a shitty job that they're not allowed to quit.
Now, Chimpy McFlightsuit and the rest of his cabal of criminals ought be hauled out and shot. But this guy isn't one of them.
To set you straight, the only axe I'm grinding is that of "get those poor fuckers out of tha
Hmmmm... depends.. been 4 years for me (Score:3, Funny)
I have an old Redhat 8 system running on a AMD K63-500. It hasn't been rebooted in 4 years (yes, the kernel is horribly out of date... but there are few outside services, and no untrusted users). I'm afraid to upgrade such an old beast... I can't imagine Fedora Redhat and the QA folks spending much time on these ancient chipsets.
You aren't running Windows, are you?
Someone answer the quest. (Score:3, Informative)
Re:Someone answer the quest. (Score:2)
Re:Someone answer the quest. (Score:2)
Order the update CD from MS now (Score:2)
Survival (Score:3, Informative)
On the net raw running windows: 30m.
On the net raw running linux: depends on the daemons.
Re:Survival (Score:3, Informative)
It's probably not reasonable to expect an unpatched Windows machine would survive more than a very few minutes.
Re:Survival (Score:2)
As long as you have a firewall it's usually alright, they were behind a router
Call me Paranoid... (Score:2)
Paranoid? (Score:5, Insightful)
Re:Paranoid? (Score:2)
I object!
Re:Paranoid? (Score:2)
Or a belief that they are out to get YOU specifically when in a group. Like you may be on the battle field,and they certianly are out to get the people in your uniform, but that doesn'y mean they are looking for you specifically. Or the belief they are out to get you because you have been visited by aliens and have 'special powers'.
Service Packs and Routers (Score:2)
If you connect your Cable/DSL modem directly into the computer then you are at risk without a firewall and the most recent service packs. All of the big exploits occure on machines without SP1 and there are a few for machines without SP2.
If you download Service Pack 2 sta [microsoft.com]
What the Windows XP Firewall Blocks (Score:2)
No. The WinXP SP1 firewall by default blocks UPNP, windows file and printer sharing, and most windows components you woulnd't want recieving connections from the internet. None of the major self-propigating exploits would have been possible if the WinXP firewall was on by default, even in SP1 form.
The SP2 firewall block all incomming services by default, prompting the user to allow them or not. The SP2 firewall does not block o
Google for AutopatcherXP (Score:5, Informative)
You are just doing an update... (Score:5, Informative)
Check out http://www.msfn.org/board/index.php?showtopic=318
Kinda sucks (Score:2)
What killed them? Windows Firewall. I think MS learned their lesson on that one.
Do what everyone else does. (Score:5, Funny)
su
emerge sync
emerge -pv world
emerge world
??
Re:Do what everyone else does. (Score:5, Funny)
Re:Do what everyone else does. (Score:2)
Re:Do what everyone else does. (Score:2)
Deeply Wrong (Score:3, Insightful)
Re:Deeply Wrong (Score:2)
Think about it.
emerge -a (Score:2, Informative)
Hardcore! (Score:2)
as I get closer to coming back to the States and my broadband connection, I'm beginning to wonder what the life expectancy of my PC will be
Now that's a geek.
How does this look? (Score:3, Interesting)
OS Version: 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Original Install Date: 9/27/2004, 12:49:15 PM
System Up Time: 184 Days, 4 Hours, 3 Minutes, 16 Seconds
The only time i had to bring it down was to replace hardware (i am behind a corporate firewall, the XP firewall is active) and i don't care about patches. No, i am not trolling - windows machines enjoy decent uptimes too. Let me know if anyone wants too look at a screenshot.
Re:How does this look? (Score:2)
Steadfast against spyware (Score:2)
The downside to Steadfast is that you can't use Antivirus updates with it unless you figure out which files need direct access to the disk, and spyware updates are hard to apply too. These days it's more important on publi
Have patches available on CD (Score:3, Informative)
If you can't burn a CD from another computer, and you're pre-XP SP2, you might be better off operating behind a hardware firewall until the updates are completed.
Also remember that if you have a minor bug before completing updates, you can usually clean the system after you're up to speed (antivirus, antispyware, etc). The main issue with the auto-infect feature of new systems is that most users won't take the time to clean the system or even investigate if it's infected.
It's all about the Service Packs. (Score:4, Insightful)
* Does it have SP2? - If no, get it and forget it.
* Is there constant hard disk activity? - If yes, reinstall.
* Do you visit online gambling/porn sites? - If yes, reinstall periodically (evidence? what evidence?)
* Does it take longer for you to be able to do something productive with the 'Start' button than it did to boot? - If yes, reinstall.
After reinstalling, install AVG antivirus, Google up some Windows hardening/protection techniques (msconfig, services to disable, etc) **INSTALL NO SHAREWARE OR THIRD PARTY "WINDOWS FIXING" UTILITIES**, enable Windows firewall, and set Windows Update to perform weekly updates with no intervention.
If things get weird after that, you have nobody but yourself to blame. After having resurrected Windows installations dating back to 95/3.11, I can say that the only sure-fire fix is a fdisk/reinstall.
It's Windows - it *will* break in an inaccesssible or unrecoverable fashion.
Make your time, and don't get taken in by supposedly friendly utilities, banners, offers, websites, emails, etc. This advice is applicable everywhere - life included.
Thanks (Score:2)
BTW: We hope you get to look forward to something as mundane as Windows viruses real soon now. In case anyone hasn't mentioned it yet, "Thank you for the job you're doing."
Re:Thanks (Score:2)
On the off chance that you're serious, please kill yourself now. You're not helping.
love, the left-wing Arbiter
Paranoia? (Score:2)
How many people do you think there are out there scanning IPs looking for unprotected Windows boxes to molest? And out of those, who actually attempts to sploit the sploit? How many of *those* are successful?
It takes clicking, installing, running. It's not like bareback fucking a hooker in Bangkok.
Sure, you may be open to som
Re:Paranoia? (Score:2, Interesting)
Re:Paranoia? (Score:5, Interesting)
Not all of those attempts are trying to break in to Windows vulnerabilities, a lot were looking for other kinds of holes, or were looking for already-infected machines. But the attempt I see logged from one minute ago was attempting to get into the Windows RPC service, which an unpatched machine might have left open.
So I don't really think it's paranoia, and I do like being the only machine behind my router.
Re:Paranoia? (Score:2)
I take it you've never looked. Try looking some time, you'd be surprised. My Apache server is constantly bombarded with attempted IIS exploits, and that's only one port! Looking at the router log, I see an absurd amount of incoming probes to random ports. Even today, you'd be surprised how many Windo
About 16 minutes (Score:4, Informative)
Buy a Broadband router (Score:3, Informative)
Since it naturally acts as a NAT gateway it will prevent 98% of exploits that can be initiated remotely.
hook up the computer and go through the update process for windows, and your antivirus software. (I would do windows updates first as it is entirely possible the anti-virus updates may require some of the patches too. especially if they are a few months old.)
Then after you've installed all your updates and you can safely leave the computer up and browse the Internet head on over to Red Hat, or some other Linux.... kidding... somewhat.
Buy a mac. Easier, and they have very nice laptops.
Keyloggers are a big problem (Score:2)
That's way too long. (Score:2)
you should be ok with almost any period (Score:2)
the AV is just a second line of defense if your firewall crashes or you do something stupid or you download code from dubious sources its a non-issue if you are just connecting.
State Approaching Extinction (Score:2)
Iraq should last another couple of years, I'd guess.
priorities (Score:2)
Just get back here alive, then update.
yes there is always some fresh Improvised Explosive Data lurking on random pages and attachments every week but as careful as you seem to be about stuff like that, you'd notice if you got infected....you DO have your firewall set to squawk if unexpected outbound traffic crops up, right?
I dunno, I don't worry about it too much (Score:2)
Obviously, I wouldn't LEAVE it unpatched and unprotected, b
Turn on your firewall! (Score:5, Informative)
Repeat as necessary.
P.S. don't forget to download Firefox for a safer browsing
LiveCD Linux (Score:2, Insightful)
Linux has a great firewall built in, separate accounts to keep system files safe, and tons of free software on board. In this day and age, you can boot up a modern distro and have basically everything you need--browser, word processor, spreadsheet, email client, games, music, video.
And there are no viruses in the Linux world (that one hears
Re:Turn on your firewall! (Score:2)
Re:Turn on your firewall! (Score:2)
Re:redundanty (Score:5, Insightful)
I do not doubt you. I have only gotten a virus when I mistakenly clicked on a link sent by a co-worker. The minute I did it I realized it was a mistake, but we are all thoughtless sometime. What I want to know is this: Without a virus scanner, how do you know they are not infected?
Re:redundanty (Score:2)
FYI (Score:2)
Not that I doubt your virus free.
I only run a virus check weekly, and I have yet to turn up anything.
I wish I could remove this anti-virus software from my system at work, it is a huge pain in the butt. Stupid bloatware.
Re:redundanty (Score:2)
Re:redundanty (Score:2)
So... do you need a doctor to tell you are sick?
Trade? (Score:2)
They don't swap files over IM, they don't click nonsense (they've learned the hard way), they don't use gnutella, etc...
Wanna trade families? :)
Re:Don't worry (Score:5, Informative)
Very poor advice. It should be 1) disconnect from the network 2) turn on the computer 3) enable the firewall 4) hook up to the internet 5) download all updates.
Its not like someone is waiting for you to get home and get ya as soon as you connect.
Uh, yes they are. What do you think all those people scanning ports are doing? All the viris that spread automatically are looking for unprotected systems all the time which is exactly what this fellow would have using your directions.
Re: (Score:2)
Re:Iraq? (Score:2)
On the other hand, if the US started drafting pe
Re:Thank you for your service! (Score:2)
Re:Thank you for your service! (Score:2)
Osama to suicide bomber: Anyone who is willing to go get shot at so that I can sit on my ass and read
Another thing I read quite often is 'our soldiers place themselves in danger for our freedom'. This can come from Al Qaeda or Bush, you couldnt tell.
T
Re:Nothing is forever (Score:2)
Re:Asinine (Score:2)