BO2k |
|
|
|
Related Links |
|
What to do?
Perhaps it's a good time, today, while it's still Friday, Nevada time to doublecheck
everything you can doublecheck. Find a nice complete checklist on the net, and go point by
point - or - to start learning about operating systems which _do_ have some security in
their design.
ASK YOURSELF (some if you're using Windows3.x, all for 95/98/NT)
When did you last make an emergency boot diskette? Do you have enough tools on it? Write
protected after being built from a known-to-never-have-been-infected system?
If you have a Zip/Jazz drive, have you got an emergency recovery system on a disk for
that? When did you last back up crucial data?
Are the signature files for your virus scanning software over 2 weeks old? Does it
auto-update? When are you scheduled to update it?
j
ow much work would it be to completely reinstall everything from distributions? Do you
have clean distributions on hand? Is there anything that must be "uninstalled"
before you could "reinstall" it (if so, did you keep a write-protected copy of
the original virgin install diskette that was modified by the install process?)
Do you have a record of passwords secured somewhere offline if everything you have
auto-passworded were to disappear?
Would you be damaged if the worst case of someone having access to your hard drive
happened? What can you do to mitigate those damages? Do you cuss out your boss in an
electronic diary?
Worse? Is there some design you're working on that's not only secret, but unreplaceable?
Do you have something on your HDD that you're liable to keep secret? Trade Secrets? SEC
limited distribution items? E-Mail with a "secret lover"?
Do you maintain something on another site that you have access to, e.g. via FrontPage or
FTP with a stored password? Do you maintain a VPN tunnel as a (partially?) trusted client
on your company LAN? What if your machine becomes a "cracker's central" on
USWest.net attacking your "neighbors", or via that VPN?
There's nothing to prevent your BO infected machine from also running a commandline-style
client in the background to extend that reach to another similarly infected machine.
If you're running NT, and feel safer, ask yourself what damage could be done if BO2k runs
as supervisor. Or for convenience do you just run in the supervisor account? Or have you
extended supervisor permissions to your personal account? Remember, if BO2k on NT has even
half of the power that it may be expected to have on W95/98, it won't take long to
"trick" you into giving
it whatever it needs, especially if it's under active control. Maybe you want to make sure
that you have JUST rebooted, with your DSL connection still down, before _ever_again_
entering that supervisor account.
Just because a panel displays, if you suspect BO, don't think that that panel actually
means what it says. If it's _different_ or even _similar_ to normal use it may be a fake.
Now come up with your own questions to ask yourself. I've been quite away from Windows for
a couple of years now, and there are certainly things you can warn your friends and
associates about.
Bruce Gingery <bgingery@gtcs.com>
Alternatives:
http://www.freebsd.org/ and http://www.freebsd.org/ports/
http://www.linux.org/ and http://www.linux.org/apps/index.html
http://cart.cheapbytes.com/cgi-bin/cart/scan/mp=category/
http://www.freshmeat.net/
http://www.PLiG.org/xwinman/
http://www.kde.org/
http://www.openbsd.org/
http://www.netbsd.org/
http://www.caldera.com/
http://www.be.com/
and a now-aging overview
http://guide.vsnl.net.in/tcpip/columns/alt_os/
Or to just "move" in that direction when online
http://www.freebsd.org/~picobsd/
and similar distributions of "tiny Linux" via
your favorite search engine (can be one word) multitaskers which can boot from a single
diskette and either share or ignore your harddrive. For you AOLers, you'll have to realize
that AOL does not support anything but Windows and MacIntosh for _full_direct_ access.
and MANY MANY more.
DISCLAIMER
The advice given in this article is not in any way guaranteed
to protect your system, work, finances, faith, sex-life, nor
any other aspect of your wellbeing. It is presented with the
hope that it will help. No specific analysis of your risks
has been professionally performed in the creation of this
generalized posting.
COPYRIGHT LICENSE
This article may be excerpted to other newsgroups or quoted
in uswest.general.
-- end of forwarded message --
Other-Language Translations permitted with or without attribution.
Experts, please post back whatever ideas you have.
Vulnerability
of Windows ![[Next]](../../../homepage/ar_right.gif) |
