MS Says Malware Recovery Becoming Impossible

[Darth Wong]

I'm told Windows security will improve with the new iteration, but honestly, why did it have to take almost 13 years for Microsoft to finally talk about adding an "su"-like feature to their multi-user operating system? There are millions of WinNT, Win2k, and WinXP users out there who log in and surf the internet as Administrator because it's a huge pain in the ass to do it any other way. And it's not as if this couldn't have been anticipated; the people who designed the original NT codebase had extensive knowledge of UNIX and the basic design concept for a secure multi-user operating system.

[Uraniun235]

I'm not sure if it was introduced in Win2k or XP, but I know that in XP Pro you can right click an application and click "Run As...", bringing up a dialog box which allows you to run the program as whatever user you want it to (if you have the password, of course).

[Xon]

It is all the fucking horrible Win9x and dos crap which was lumped onto the nice & shiny NT OS which pervasively expects to run with complete control.

A "su"-like feature doesnt actually help with this.

A well setup Windows box is virtually imposible to break, just like a well setup Nix box is. The weakest link has always and always will be the fucktard behind the keyboard.

[Edi]

The only flaw in that plan, Edi, is the idiots who port over all their data before repartitioning an OEM install. Then there's the question as to whether reverting to OEM will also revert everything into one giant partition, destroying all data the user just went to such great lengths to try to save.

OEM boxes generally nuke everything and reset to factory defaults, so using an OEM box means you need a second HD or an external HD or another computer for backup. I build my own computers from parts and install everything from scratch, so I can set up my partitions exactly the way I like and not worry about it all disappearing becasue OEMs can't be bothered to put more than one partition on their boxes.

Edi

[Solauren]

Another problem is from the users and companies themselves.

At work....
You're average data monkey does NOT need
Windows Media Player or any related software
access to the Internet
the ability to install there own software
to recieve external email
a disk drive (an external is sufficient, just plug it in, copy to disk, then unplug)
a cd-rom drive (an external is sufficient, just plug it in, copy to disk, then unplug

And an office should NOT be using a wireless network. There's no reason for it.

There's most of the problems solved right there.
Can't get on the internet, nothing can get it
no windows media player, disk or cd drive, they can't install shit.
no email, they can't recieve shit

[Xon]

Almost anybody touching a computer these days have valid reasons for accessing the internet these days.

[Lord Revan]

the problems that some what "typical" MS Windows user like myself may not know what these fancy terms mean (and may not even want to know), for example I don't know what partioning a hard drive means.

[phongn]

On a Windows box, you have to spend hours installing shit in order to make it work well, and then you have to keep those apps separately updated. Hell, even something as tightly bundled as Office has a completely separate Updates site.

Microsoft is changing this with their Microsot Update site, which handles both the old Office and Windows Update websites. I've also noticed that other programs are beginning to use their own autoupdaters, but it'd be nice if there was one location to do it.

I'm told Windows security will improve with the new iteration, but honestly, why did it have to take almost 13 years for Microsoft to finally talk about adding an "su"-like feature to their multi-user operating system?

Well, runas and the shift-rightclick Run As functionality has been exposed since Windows 2000.

It is all the fucking horrible Win9x and dos crap which was lumped onto the nice & shiny NT OS which pervasively expects to run with complete control.

Back in the day, Microsoft's developers expected everyone else to play nice ... and now that's biting them in the ass. Vista marks the beginning of strict enforcement.

At work....
You're average data monkey does NOT need
Windows Media Player or any related software
access to the Internet
the ability to install there own software
to recieve external email
a disk drive (an external is sufficient, just plug it in, copy to disk, then unplug)
a cd-rom drive (an external is sufficient, just plug it in, copy to disk, then unplug

Internet/Intranet access, WMP and external email access are rather highly needed things where I work (Verizon), even for your average datamonkey. And an optical is generally useful for when the IT guys need to install something quick instead of broadcasting it over the network.

And an office should NOT be using a wireless network. There's no reason for it.

And if wires are infeasable to run to every computer? They can be secure if competently implemented.

There's most of the problems solved right there.
Can't get on the internet, nothing can get it
no windows media player, disk or cd drive, they can't install shit.
no email, they can't recieve shit

Whoops, hard to do work, too.

[White Haven]

In all seriousness, if you're not a fucking RETARD, you don't need to go berserk about security. Run in admin, run on a single partition, fine..but don't be a moron about where you go on the net, and you're fine nine times out of ten. Not that I wouldn't like to see Windows baby-proofed...granted, I might be out of a job, but meh...but a halfway intelligent user doesn't even need half of the more advanced precautions out there. The ballbreaker is that the people who need that sort of protection are the people too willfully ignorant to use it.

[Xon]

Microsoft is changing this with their Microsot Update site, which handles both the old Office and Windows Update websites. I've also noticed that other programs are beginning to use their own autoupdaters, but it'd be nice if there was one location to do it.

While it would be nice for a single location to offer patches & stuff, there is one major reason; legality.

It is a legal minefield, maybe one day it'll be sorted out. But the easiest way is to just ignore it. Microsoft actually publishes the full specs & technologies so anyone could actually setup a Microsoft/Windows update site of thier own for 3rd party apps.

Back in the day, Microsoft's developers expected everyone else to play nice ... and now that's biting them in the ass. Vista marks the beginning of strict enforcement.

Back then everyone was, mostly, responsible practicing adults. Then the rest of the population got interested in this 'computing' thing, and the number of fucktards increased.

Internet/Intranet access, WMP and external email access are rather highly needed things where I work (Verizon), even for your average datamonkey. And an optical is generally useful for when the IT guys need to install something quick instead of broadcasting it over the network.

Optical also is a garrentied read-only medium. You dont need to worry about the CD being rootkited and infecting the network.

And if wires are infeasable to run to every computer? They can be secure if competently implemented.

Wireless might get a bad rap, but thats because fucktard idiots are trying to use something which is a little more involved that "plug in, turn on".

Running wires everywhere is actually expensive and highly dependant on when the cabler can get around todoing the job. Legally, you probably cant do it yourself. Waiting months for the external contractor to show up & get the job done is not unknown.

Wireless really is quite easy to setup, if you have half a brain.

[Xon]

In all seriousness, if you're not a fucking RETARD, you don't need to go berserk about security. Run in admin, run on a single partition, fine..but don't be a moron about where you go on the net, and you're fine nine times out of ten. Not that I wouldn't like to see Windows baby-proofed...granted, I might be out of a job, but meh...but a halfway intelligent user doesn't even need half of the more advanced precautions out there. The ballbreaker is that the people who need that sort of protection are the people too willfully ignorant to use it.

Amen.

I've been run as admin on a WinXP machine for years, and never gotten any spyware or viruses on my computers. It takes true levels of stupidity to pickup viruses or trojans.

Even if you download zero-day warezNot that I would do that, it is incredibly rare to pick something up. You are more likely to pick some sit up downloading from one of those sites which collect torrent tracker links than from a zero-day release.

The majority of spyware and viruses these days are; email "viruses", and dodgy porno-sites interested in making money from spyware. Self-propagating viruses are for all purposes extinct these days, it requires human stupidity for the "viruses" to propagate. Ofcourse, trojans in crappy DLed stuff still occurs, but you generally have to download that from suspect locations to begin with.

[Bounty]

I've been run as admin on a WinXP machine for years, and never gotten any spyware or viruses on my computers. It takes true levels of stupidity to pickup viruses or trojans.

Plus anyone with half a brain can babyproof an XP install themselves. I've setup a few PC's for people who can barely tie their own shoes and they're still running fine.

[TheFeniX]

Running wires everywhere is actually expensive and highly dependant on when the cabler can get around todoing the job.

I worked for a small network/cabling company for 5 years and came to the conclusion that wireless is a good supplement to a wired network, not a replacement. The equipment is considerably more expensive than it's wired equivalant. You also can't get anywhere NEAR gigabit speeds on a wireless network. In fact, since there's no dedicated bandwidth, every PC you add is cutting into your avaiable bandwidth.

Sure, there's some products out there offering switched based 802.11x, but you're working off different frequencies, and there's only so many out there you can use. 10 Gb is becoming more standard on backbones now and that'll be up to 100 Gb in the near future. Outperforms the poky 54 Mb (maybe 108) wireless connections.

I don't know of one PC you can buy now that doesn't come with an RJ45 NIC in it. Hell, Dell offers gig-NICs on everything. Add in the cost of the wireless install (plus security), plus installing Wi-Fi NICs in all the PCs (and configuring them) and your lackluster performance speeds: and wireless tends to cost more than wire.

Cat6 or fiber is still the way to go.

Legally, you probably cant do it yourself.

I got out of the cabling portion later on in my job, but last I checked: most the standards for network cabling were set by the client, not the government. Those guys just can't keep up with the pace of progress in the technology.

One customer had to use us because the bank required it (security, etc). Now, that was a legal issue: but the "code" was set by the bank based on the security the government expected them to have.

I think the only solid "code" for networking cable that you can get busted for is: you have to use plenum rated cable for open-air systems. This prevents a fire in one side of the building with PVC cable from killing everyone from the fumes. Plenum fumes don't kill you like PVC fumes do.

Feel free the check me on any of this, it's been a while.

Waiting months for the external contractor to show up & get the job done is not unknown.

There's a lot of competition in the network cabling business (at least in Texas). If some guy waited a month to START a job, he wouldn't be in business very long. We've cabled entire school districts in a few months.

Wireless really is quite easy to setup, if you have half a brain.

That is true (besides secure RADUIS installs, which aren't hard, but time-consuming). But wireless is not (and will never be) a replacement for hard-wire fiber or UTP.