×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

The Cost of Computer Naivete

CmdrTaco posted more than 10 years ago | from the stupid-costs-a-lot dept.

Security 917

wiredog writes "What happens when you put an unprotected Windows 98 box on a broadband connection? Two perspectives from two reporters for the Washington Post (frr,yyy): The User's " an odyssey that has taken $800 and roughly 48 man-hours over nearly three weeks" and Digital Doctor's "Her PC was in such bad shape, it required 10 1/2 hours of surgery to restore it to working condition.""

Sorry! There are no comments related to the filter you selected.

Slow computer! (4, Funny)

NeoFunk (654048) | more than 10 years ago | (#9980256)

Geez... it takes 10 1/2 hours to install Linux these days? Have all distributions gone the way of Gentoo?

Re: Slow computer! (3, Funny)

Black Parrot (19622) | more than 10 years ago | (#9980369)


> Geez... it takes 10 1/2 hours to install Linux these days? Have all distributions gone the way of Gentoo?

Hours??? You've obviously never tried it over a dialup connection!

To be fair to Microsoft (5, Insightful)

Anonymous Coward | more than 10 years ago | (#9980262)

(Yeah I know, fair to Microsoft... on Slashdot!)

Windows 98 is 6 years old and isn't sold with computers anymore. This test just shows remaining Windows 98 users they should keep up to date or upgrade to XP.

Re:To be fair to Microsoft (4, Insightful)

HBI (604924) | more than 10 years ago | (#9980305)

To be fair, if I put up my 1996 version of Slackware on the net or a copy of System 7.5.3 on an old 68k Macintosh I wouldn't have these problems, at least not to that degree.

I don't absolve Microsoft at all.

Re:To be fair to Microsoft (5, Funny)

Throtex (708974) | more than 10 years ago | (#9980333)

If you wanted to be really fair, I could say that I could put my Commodore 128 on the Internet and let anyone who telnets to it run anything they damned well please, and I still wouldn't have problems...

Re:To be fair to Microsoft (0)

Anonymous Coward | more than 10 years ago | (#9980364)

There are no exploits in linux software from 1996? I find that difficult to believe after seeing exploits in Apache, SSH, etc, etc.

Re:To be fair to Microsoft (1)

tomhudson (43916) | more than 10 years ago | (#9980409)

Compare apples and oranges, please. Last I looked Win98 didn't come from Microsoft with Apache, SSH, etc...

But if you *do* want to compare Apache against PWS, go ahead - even MIcrosoft didn't consider PWS a real web server - just something you could use to test and play with.

Re:To be fair to Microsoft (0)

Anonymous Coward | more than 10 years ago | (#9980434)

I don't recall what all Slackware installed in 1996 by default, I just have a hard time believe none of it had any exploits.

Re:To be fair to Microsoft (1)

Short Circuit (52384) | more than 10 years ago | (#9980457)

Microsoft doesn't consider anything you don't pay for "real" ... at least, in my experience.

(Which, I'll admit, is pretty limited regarding MS products. I didn't have a Windows box until I installed XP Pro on a spare system last month...)

Re:To be fair to Microsoft (3, Interesting)

dave420 (699308) | more than 10 years ago | (#9980385)

Yes, and that OS can't do as much as Windows 98 can for that particular user. Let's compare like with like here. I mean, I could say "and I can turn on my Spectrum 128 +2 and it would run fine!" - technically true, but hardly a real comparison.

And this is /., so no-one expects microsoft to be absolved, even if they did nothing wrong ;)

Re:To be fair to Microsoft (2, Informative)

HBI (604924) | more than 10 years ago | (#9980437)

What exactly *can't* a Macintosh do?

Admittedly the 68k boxes were paltry low-end 486 class performers even in their best incarnation, but many a person was running Win98 on a comparable machine in 1998.

I'll answer my own question: "DirectX games". That's about it.

Re:To be fair to Microsoft (5, Informative)

garcia (6573) | more than 10 years ago | (#9980428)

To be fair, if you installed a stock version of Slackware from 1996 on the net, without a firewall, you would be subject to known exploits either in the kernel or the userland programs that were included in the stock distribution.

Re:To be fair to Microsoft (4, Interesting)

callipygian-showsyst (631222) | more than 10 years ago | (#9980444)

Actually the ONLY time I was ever 0wn3d--either Windows or other--was with a circa 1996 version of RedHat!

Someone got into my pc using the LPD Root Exploit [pestpatrol.com] . Of course, I was stupid enough to put a Linux box on the Internet with no firewall! Still my personal experience from that time was the Linux had a problem!

Re:To be fair to Microsoft (4, Funny)

sw149 (570618) | more than 10 years ago | (#9980307)

Mac OS 7 secure and stable as ever.

Re:To be fair to Microsoft (0)

Anonymous Coward | more than 10 years ago | (#9980365)

so is my box running DOS 6.22.

Re:To be fair to Microsoft (0, Redundant)

polyp2000 (444682) | more than 10 years ago | (#9980341)

This test just shows remaining Windows 98 users they should keep up to date or upgrade to XP.

I tried to upgrade my mothers PC to XP, its a 400mhz AMD K6. It didnt work. So I installed Mandrake 10. No problems whatsoever.

If they don't want to pay $200+ (0)

Anonymous Coward | more than 10 years ago | (#9980353)

Then they should just get linux. Many people don't want to spring the $200+ it costs to buy windows XP professional (XP home is a joke).

Looks like the first story of 800$ could have been avoided by switching to linux. You can run MS Office in CrossOveroffice, which costs $40. And you'd avoid the virus issues, and the cost of upgrading.

She could have avoided the $800 headache too.

These stories just make me sad. If only people knew what was out there.

If you ever have problems using linux, head over to one of the friendly irc chans for your distro on irc.freenode.net (use xchat or a graphical irc program, it's really easy to use.. just type /join #nameofdistro, e.g. /join #mandrake or /join #suse once you're connected)

Yes but... (5, Insightful)

ColourlessGreenIdeas (711076) | more than 10 years ago | (#9980374)

Consider a hypothetical Win98 user. For the sake of argument call her 'my mum'. She runs a Pentium II-450 and uses it for email, word processing, web browsing and very occasional other bits of office. The computer runs all these tasks fine, but it really isn't powerful enough to run XP. Windows 2000 would make life better, but it will go out of support soon and if you worry about getting legal copies, it's not available in a home edition so it's very expensive. Windows ME can hardly be called an improvement.

So you're saying people in this position need to spend money to upgrade their hardware despite the fact that the current computer runs all the software they want to run at a speed they find acceptable.

Yes I know; install Linux.

Re:To be fair to Microsoft (5, Insightful)

Nick of NSTime (597712) | more than 10 years ago | (#9980379)

Consider this for a moment. Jane Boxwine buys a brand-new computer in 1999. It's a Pentium II 400 with 128MB RAM, 8MB HD, and Windows 98. She spends $2000 on it.

Jane Boxwine uses this computer for Quicken, maybe to email her family, Solitaire, and simple things like that. Her computer has not outlived its usefulness, but it is woefully underpowered by today's standards.

So now you're telling her that she has to spend $100 on a Windows XP upgrade *and* install an OS that will be very noticeably slower on her machine? You're telling her that Microsoft made mistakes and now Jane has to pay for it?

So what's the solution for Jane Boxwine?

Uh, patches? (0)

Anonymous Coward | more than 10 years ago | (#9980453)

Keep Windows 98 patched and up to date?

Re:To be fair to Microsoft (-1, Troll)

callipygian-showsyst (631222) | more than 10 years ago | (#9980493)

So now you're telling her that she has to spend $100 on a Windows XP upgrade *and* install an OS that will be very noticeably slower on her machine? You're telling her that Microsoft made mistakes and now Jane has to pay for it?

$100? That's a BARGAIN compared to what Apple [jerkcity.com] charges for OS-X.

Re:To be fair to Microsoft (2, Insightful)

PoprocksCk (756380) | more than 10 years ago | (#9980380)

It may be true that Windows XP is much more stable and in some cases, secure, than its 9X predecessors. However, I have found that 99% of the problems that occur with Windows machines are due to spyware and viruses that have plagued the machine.

Merely switching to XP is not enough. As a relatively proficient user, if I were to set up a Windows machine for a friend or family member, for instance, I would make sure a virus scanner was available, along with a spyware scanner and tell them to run the spyware scanner once a week. I would also replace Internet Explorer with Firefox, or maybe Mozilla Application Suite.

The point is, Windows may be more stable out of the box than it used to be, but it is still susceptible to the exact same problems that its predecessors were, mainly due to flaws in IE and other MS programs such as Outlook.

Re:To be fair to Microsoft (1)

hb253 (764272) | more than 10 years ago | (#9980425)

I do some work on the side. Regardless of OS (98, XP, etc), a majority of the PC's I work on have major problems due to viruses, spyware, and general lack of maintenance. People simply are not aware of how to take care of a PC. They don't know about patches, firewalls, antivirus, defrag, spyware, disk space, screen resolution/refresh rate, etc. I guess they view computers as appliances and expect them to be as reliable and maintenance free.

As part of my service, I try to educate customers about these things, and generally, they're receptive. But there's a limit to how much of my time people are willing to pay for in order to learn "computers."

reg only? (-1, Troll)

ack154 (591432) | more than 10 years ago | (#9980265)

Shouldn't there be some sort of warning that registration is required?

Re:reg only? (1)

Papineau (527159) | more than 10 years ago | (#9980278)

(frr,yyy): (free registration required, yada yada yada)

Re:reg only? (2, Funny)

marol (734015) | more than 10 years ago | (#9980303)

I read Why? WHY? WHY?!?

Re:reg only? (4, Informative)

Vacuum Sux (654207) | more than 10 years ago | (#9980294)

It's said "Washington Post (frr,yyy)" Free Registration Required, Yadda Yadda Yadda.

Re:reg only? (0)

Anonymous Coward | more than 10 years ago | (#9980295)

nevermind... i'm partially illiterate.

Re:reg only? (1)

Mantorp (142371) | more than 10 years ago | (#9980311)

did you get scared?

and there was

Re:reg only? (1)

TopShelf (92521) | more than 10 years ago | (#9980346)

yikes, hopefully the grandparent won't sue for "pain & suffering"...

Re:reg only? (1)

tod_miller (792541) | more than 10 years ago | (#9980370)

frr:yyy

I think you are going to run into year 1000 issues with a format like 'yyy' *adjusts foil hat*

Re:reg only? (1)

Short Circuit (52384) | more than 10 years ago | (#9980386)

Worked fine for me...Firefox killed a bunch of popups, though.

Windows 98? What about XP? (5, Interesting)

Brain Stew (225524) | more than 10 years ago | (#9980266)

It is bad enough with 98, but what if the same experiment where conducted with XP, considering all the wild RPC attacks?

Re:Windows 98? What about XP? (1)

lucabrasi999 (585141) | more than 10 years ago | (#9980396)

but what if the same experiment where conducted with XP

Based on the number of attacks my firewall gets a day, I think that experiement is going on all the time. Of course, the XP users are unaware that it is happening...

Re:Windows 98? What about XP? (4, Interesting)

MadRocketScientist (792254) | more than 10 years ago | (#9980474)

My recent XP experiment:
I was installing a firewall for a client a couple of months ago after they got a new DSL circuit installed. The connection failed, so I called the provider and was informed that the line was disabled for security violations. Someone had plugged in the WinXP home edition desktop before I got there. Needless to say, it was so laden with trojans we didn't bother trying to clean it, we just went straight to the system restore disk.

Re:Windows 98? What about XP? (0)

Anonymous Coward | more than 10 years ago | (#9980489)

Or what about a stock install of [INSERT ANY OS FROM 2001 THAT ISN'T PATCHED]?

fp (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9980270)

first post suck dick loser bitches

I just got a new pc... (0)

Anonymous Coward | more than 10 years ago | (#9980274)

And I am putting windows 2000 on it. I have read here, and on other sites, that it will likely be infected before I can download the proper security applications.

How do I avoid this?

Re:I just got a new pc... (0)

Anonymous Coward | more than 10 years ago | (#9980290)

Download updates beforehand and don't connect your Windows 2000 computer to the net until you've patched it OR put it behind a NAT/firewall device.

Re:I just got a new pc... (0)

Anonymous Coward | more than 10 years ago | (#9980310)

turn the firewall on before pluggin in the internet cable.. then just be quick. you *should* be fine if you are quick

Format? (3, Insightful)

Klar (522420) | more than 10 years ago | (#9980276)

So to sum up, I spent one day cleaning up problems created by ne'er-do-well hackers and overzealous advertisers and four more trying to resolve a known problem with a product that is supposed to help prevent problems, not create new ones.
So the tech place got the girl to pay for a 10 1/2 hours of labour for a format, install of Win98 and Norton Anti-Virus? Why not just spen $100 and put a copy of XP with a firewall turned on, or hell... spend $0 and throw a copy of linux on? If the comp was full of spyware and you could backup any infomration you wanted to save, why not just format right away if you aren't comfortable using the anti-spyware programs?

Re:Format? (1)

Throtex (708974) | more than 10 years ago | (#9980291)

No, it was for 10 1/2 hours of bringing back the system to a usable state without formatting.

Total waste!!

Re:Format? (1)

BenjyD (316700) | more than 10 years ago | (#9980401)

For that much time and money, she could have bought a whole new computer!

Re:Format? (1)

FloodSpectre (745213) | more than 10 years ago | (#9980448)

Because if the user is sad enough to have her computer this messed up, she'll never be able to figure out Linux.

10 1/2 hours? (-1, Offtopic)

travail_jgd (80602) | more than 10 years ago | (#9980280)

"Her PC was in such bad shape, it required 10 1/2 hours of surgery to restore it to working condition.""

[sarcasm]

That's pretty quick for installing Gentoo and compiling KDE!

[/sarcasm]

Re:10 1/2 hours? (-1, Offtopic)

ceeam (39911) | more than 10 years ago | (#9980342)

And for me that's THE problem with open source now.

Re:10 1/2 hours? (1)

Short Circuit (52384) | more than 10 years ago | (#9980424)

Oh, come on. Even with Gentoo, you don't have to compile everything. I use precompiled binaries on Debian, myself. (Except for mplayer, which I compiled.)

stupid (2, Insightful)

Anonymous Coward | more than 10 years ago | (#9980286)

Anyone that takes that long to backup a hard disk, reinstall Windows 98, some office apps and maybe Quicken,and then copy the data back on should be fired. This is the work of "consultants".

They're idiots (4, Insightful)

Killjoy_NL (719667) | more than 10 years ago | (#9980287)

"Her PC was in such bad shape, it required 10 1/2 hours of surgery to restore it to working condition."

It takes me a lot shorter to install Win98 on a box and that includes saving any or all documents.
1.5 hours tops.

Scotty School of Computer Repair (1, Funny)

Anonymous Coward | more than 10 years ago | (#9980329)

"This repair will take 40 hours Cap'n and not a minute less!"

"Scotty, you have 10 and a half."

"Aye sir, I'll do my best!"

(10.5 hours go by...)

"Scotty, I need that computer working NOW."

"Almost done Cap'n."

"Scotty...."

"There! Now Cap'n!"

"You're a miracle worker Scotty."

Re:They're idiots (1)

psyclone (187154) | more than 10 years ago | (#9980400)

It takes me a lot shorter to install Win98 on a box and that includes saving any or all documents. 1.5 hours tops.

I agree. Besides, you need to reinstall Win98 every 6 months anyway. I had a dual-boot machine a few years ago. I hadn't booted to Win98 in about 5 months. (The semester ended so it was time to play some old games.) I hadn't changed any hardware, but on boot, Windows "forgot" about my video drivers and network card. And that was 5 months not even running windows!

Re:They're idiots (1)

Killjoy_NL (719667) | more than 10 years ago | (#9980473)

Friend of mine worked with a fully working Win98 install for 5 years.

To be honest, he didn't connect to the net much

But still, I thought it was impressive :)

Re:They're idiots (1)

GoofyBoy (44399) | more than 10 years ago | (#9980471)

Even better yet, spend the 10 hours educating the users about firewalls, virus scanners, spyware and not to click on "Yes" to everything.

Mantra (5, Funny)

wbav (223901) | more than 10 years ago | (#9980297)

Whatever happened to:

Format, fdisk, re-install do da, do da?

Pull all the useful data off onto a spare disk and clean the machine. Just don't be like my neighbor, and wipe, then install your new os on the spare disk.

Re:Mantra (5, Funny)

aelbric (145391) | more than 10 years ago | (#9980412)

Format, fdisk, re-install do da, do da...

Thanks. Took me a minute to put that to the tune of "Camptown Races". Then I started laughing. Sonn as I get mod points you get one.

Re:Mantra (0, Informative)

Anonymous Coward | more than 10 years ago | (#9980490)

That should read "fdisk, format reinstall ..."

fdisking a drive you just formatted creates a waste of time. Examples are left as an exercise for the reader.

10.5 Hours? (4, Insightful)

digitalvengeance (722523) | more than 10 years ago | (#9980302)

Very few machines are worth 10.5 hours for me. Factoring in labor, I can save a lot of money by saving the data elsewhere then FDisking and reinstalling the OS. Even considering windows install time, program install time, and configuration, I don't have 10.5 hours in it and the user probably has a less glitchy machine for it.

Yeah well.. (0)

Anonymous Coward | more than 10 years ago | (#9980467)

What if you have software you don't have the install disks for.

Kind of hard to reinstall it isn't it.

Re:10.5 Hours? (1)

Junior J. Junior III (192702) | more than 10 years ago | (#9980470)

In 10.5 hours, at my billable rate, it's cheaper to replace the entire system with new hardware.

Similar idea to what I wanted to try (5, Funny)

British (51765) | more than 10 years ago | (#9980315)

I wanted to take a 98(non-second edition) box, no patches, no firewall, and no updates and visit a frew pr0n sites with IE, and see how much I could get it to be 0wned with spyware, plugins, popups, etc before it was rendered unsuable. Make it a competition to see how quickly it would bring the system down.

The screenshots would have been hilarious. If I only had VMware.

Re:Similar idea to what I wanted to try (1)

Black Jack Hyde (2374) | more than 10 years ago | (#9980356)

Make it a competition to see how quickly it would bring the system down.

Just set it up as a web server and post something on it that gets noticed on /. Instant boxen toast.

Re:Similar idea to what I wanted to try (1)

British (51765) | more than 10 years ago | (#9980469)

That would be an entirely different project. My idea (and the article's to some extent) was to get time to ownage(tt0) by visiting website, not by being a website.

Hell, every slashdot article is an experiment on web site stress.

Re:Similar idea to what I wanted to try (1)

oasis3582 (698323) | more than 10 years ago | (#9980447)

visit a frew pr0n sites with IE

I have a multitude of suggestions for sites should you decide to tackle this project. :)

Surgery? (3)

Blindman (36862) | more than 10 years ago | (#9980316)

I think someone thinks a little too highly about their profession.

And I hope she buys a Mac next time (4, Insightful)

paulproteus (112149) | more than 10 years ago | (#9980320)

While Apple's track record on security isn't perfect, I hope she'll realize that she has these problems because she chooses to use Microsoft products. That it's a choice is debateable, given MSFT's documented predatory practices. However, it's ultimately up to her to stand up to the monopoly, since the government refused to.

If she buys an Apple Mac computer next time, she will have a computer that functions better, works better, and breaks much more rarely than her current Windows computer. It's simple, really.

(Me, I use Debian GNU/Linux because I value the freedom that is in Debian's goals. I recognize that Apple shares to some degree these goals, looking at its KHTML-based Safari goals.)

Flame me, since many of you will, but consider that whether you blame the creators of Gator, Microsoft, or worm writers, she would have a better experience on a Mac.

"choice"

Re:And I hope she buys a Mac next time (1)

callipygian-showsyst (631222) | more than 10 years ago | (#9980397)

While Apple's track record on security isn't perfect, I hope she'll realize that she has these problems because she chooses to use Microsoft products. That it's a choice is debateable, given MSFT's documented predatory practices. However, it's ultimately up to her to stand up to the monopoly, since the government refused to.

While it's obvious you're one of Apple's hired astroturfers, I'll answer you anyway.

Installing Windows 98 on a machine is equivalent to installing Mac OS-8 on a machine. And pre OS-X, there were all sorts of Mac problems kicking around.

Re:And I hope she buys a Mac next time (1, Flamebait)

dave420 (699308) | more than 10 years ago | (#9980442)

"functions better, works better, and breaks much more rarely" - that's your opinion. I could voice my opinion, which is that it would cost a lot more, function less, work less and break more. And if she likes playing games, forget it.

People don't want to buy hardware/software because of ideological reasons. They want what can do the job. A PC and XP does the job, and is cheaper than a mac. By far. As for Linux? Sure. If the user likes compiling or having to find "alternatives" for everything they want to do.

I'm not having a go at anyone, or saying anything trollish. Let's just stop speaking out of our collective asses.

Re:And I hope she buys a Mac next time (1)

PoprocksCk (756380) | more than 10 years ago | (#9980463)

I think the problem with Macs isn't the machines themselves, or even the OS and how it functions. The problem is perceived lack of applications, as well as cost. People seem to think that they won't be able to continue using the programs they use every day by switching to a Mac. And cost is a big factor too... a top-of-the-line Mac costs more than a comparable PC (or even one with more overall power).

Re:And I hope she buys a Mac next time (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#9980494)

This is the only post I've ever seen marked as "Score: 2, Flamebait".

Naive? (2, Funny)

Anonymous Coward | more than 10 years ago | (#9980331)

So are they naive because they let their computer get that bad or because they paid a ridiculous amount of money to fix it?

And modem users? (1)

tmk (712144) | more than 10 years ago | (#9980337)

What do you do with an unprotexted Win98/2000/ME/XP and modem connection? Before you get the first servicepack you have to reinstall the system.

Wow fdisk is really slow... (1, Informative)

ellem (147712) | more than 10 years ago | (#9980339)

10.5 hours to run:

C:\>fdisk /mbr

And reinstall W2K?

Damn that tech was milking it.

Were they trying to clean it from within? (1)

jea6 (117959) | more than 10 years ago | (#9980343)

It would have made more sense to take the drive out of the machine in order to correct problems on it. Or at least not boot off it...

Surgery? (5, Insightful)

kaleco (801384) | more than 10 years ago | (#9980348)

'Surgery' is a little misleading since it suggests hardware damage was incurred. If I was determined to use a metaphor, I'd go for 'therapy' :)

Hard to believe! (3, Informative)

callipygian-showsyst (631222) | more than 10 years ago | (#9980351)

Her PC was in such bad shape, it required 10 1/2 hours of surgery to restore it to working condition.

C'mon now! IF runing Spybot S&D and Microsoft's own repair process didn't fix it, you could have just reinstalled Win98.

Total time, 2 hours MAX!

It's Interesting (5, Insightful)

aynrandfan (687181) | more than 10 years ago | (#9980363)

I find it interesting (and a little frightening) how otherwise educated people (reporters, for instance) can be so clueless in critical areas. Is this inevitable for people?

And yes, I do consider basic computer literacy a critical skill; your computer is not just an appliance. Letting your computer get 0wned is much like letting your car run out of oil.

letting your car run out of oil (1)

wiredog (43288) | more than 10 years ago | (#9980500)

Not an uncommon occurrence, by the way. I am no longer surprised by the number of people I meet who have no idea of how to do the basic maintenance on their car, or even what maintenance is required.

I know people who've had to buy new engines because they didn't know that they had to check the oil, and didn't realize that the little "oil pressure" light on the dash meant that oil pressure was low. Or that the light could fail.

Why should we (or Microsoft) expect computer users to be any more knowledgeable about computers than they are about cars?

10-1/2 hours?! (2, Insightful)

vasqzr (619165) | more than 10 years ago | (#9980375)

I seem to get a call from some family member every few weeks where their computer is unusable due to viruses/spyware/adware...

Basically what happens is I spend at least an hour or two, (but not 10-1/2), removing programs, installing programs like Adaware, Spybot, ZoneAlarm (or make them buy a NAT device) and some decent Antivirus software.

Hmm... (2, Insightful)

Anonymous Coward | more than 10 years ago | (#9980376)

What happens if you put a six year old piece of software that was never designed for always on networking on broadband?

Or an unpatched version of XP - which is now 3 years old?

What happens if you go on holidays and leave your all you doors and windows open, and you change your answering machine message to "Hi, we're out and we won't be back for ages. Help yourself to whatever you need!"?

This is all Microsoft's fault.

This reminds me.. (5, Interesting)

manavendra (688020) | more than 10 years ago | (#9980382)

..of my initial days of tinkering around with RedHat 6.x.

My old office had two RH boxes on a static IP. There was no such thing as an administrator. As a programmer, I was supposed to install all applications, configure them and also *ensure* it was up and running.

Got a call from the ISP two days later. They had shut down the machine because of complaints from other users - apparently some application from these machines were flooding the network (I never did find out what they were doing though). Got the ISP to restart them. Frantic googling and few "security guide" downloads later, I started exploring what was wrong with them (incidentally, I was *still* accessing those machines remotely - my office wouldn't pay for me to go to the site to check the machines). Turned out there were THREE rootkits installed on one of thsoe machines. Found the traces of one of the possible three attackers - was some IP space in netherlands. Later found that that range of IP addresses was actually under contention and was thought to be not allocated and probably belonged to some malicious/rogue ISPs (I haven't understood this part yet).

Not knowing much, I got them to reinstall the OS. Of the three, two rootkits appeared within 2 days. Another re-install, this time with the Linux security guide implementations for securing the box. Things were ok for about 2 weeks or so. I then had yet another attack and someone was using my box as a IRC relay host (or something) and I was still in trouble.

Finally, after some RH updates and more tweaks (and ipchains and iptables install/config), I was able to have reasonably secure machines.

Trial by fire, but I learnt a lot!

*shiver. I hate to think how it would have been, had those been '98 machines

Not uncommon (4, Interesting)

lukewarmfusion (726141) | more than 10 years ago | (#9980384)

My mother's machine was the same way. Win 98, no windows updates for nearly three years. On a cable broadband connection, no firewall. Anti-virus wasn't updated since 2000.

Between an updated McAfee, Ad-aware, and a few other spyware removal tools - I spent nearly eight hours on getting her machine back to a working condition. Once I was able to back up her data, I formatted and moved her to XP Pro.

She had enough trouble learning XP - I wouldn't dare put Linux in front of her.

Almost 20 viruses.
Over 150 spyware components, files, etc.
Three hours of Windows Updates to download over a broadband connection.

Don't clickety-click on everything on your screen. Some of those links are bad.

I have reinstalled windows many times... (-1, Redundant)

arose (644256) | more than 10 years ago | (#9980390)

But 10,5 h? Did they reinstall all the spyware right away?

Hosts File (5, Insightful)

ejdmoo (193585) | more than 10 years ago | (#9980393)

I bet he didn't check the hosts file. I bet that was null routing the liveupdate DNS records.


Once the infections were removed, LiveUpdate still could not retrieve the latest virus-targeting data. So I gave up on that and uninstalled and reinstalled the entire Norton AntiVirus program, hoping that its update system would work afterward -- but it did not. I again tried to access Microsoft's Windows Update Web site, but IE still failed to respond.

Suspecting a problem with Internet Explorer itself, I tried to repair IE using the Add/Remove Programs control panel. That didn't work either, producing an error message that indicated some file or files necessary for IE were damaged or inaccessible. Trying to restore the previous version of IE, 5.5, yielded no benefit, either.

Finally, I abandoned ship, reinstalling the entire Windows 98 operating system to repair the damage to Internet Explorer and allow Kathleen's computer to access the Internet and update the Norton AntiVirus definitions.


I always check that file. It always gets hijacked. I'd be willing to bet that was his problem.

Linux r00lZ (0, Flamebait)

duffbeer703 (177751) | more than 10 years ago | (#9980413)

The Linux fanboyism on this site is sickening.

Try sticking an unpatched Red Hat 6 box from 1998/9 on the public internet and see how many minutes it takes to be totally rooted.

Then you can put "R3dh/\7 s\_/X04z" in your sig.

OSX 10.1 (0)

artlu (265391) | more than 10 years ago | (#9980414)

I wonder what would happen if OSX 10.1 was left wide open. Anyone still run this OS and can comment?

GroupShares Inc. [groupshares.com]

Bull (1, Informative)

Jozer99 (693146) | more than 10 years ago | (#9980417)

I run a computer repair service for home users. I routinely see 98 and Me machines that have been on broadband with no protection (hardware or software firewall) for months. I do not know what kind of surgery these people performed to fix these machines, but short of taking a microscope and tweezers and flipping all of the bits on the hard drive over, there is no way it could take 8-10 hours. When I encounter a machine like this, the operating system is composed of more infected files than non-infected files (ok more Non-Microsoft infected files than Microsoft infected files in the case of Me). Virus scanning is usually impossible due to system stability, and getting rid of the viruses does nothing because there are so many it takes most of the system files with it. I usually just tell people to back up as much as possible, boot with my trusty DOS boot disk (try doing that with a USB drive on older computers), reformat and reinstall. The whole process takes maybe 4 hours on a 400 Mhz machine, not 10.

The real way to protect windows on a broadband (2, Funny)

foidulus (743482) | more than 10 years ago | (#9980418)

connection: Cover your ethernet chord with a prophalctic(sp?). Of course, you block out all the interesting stuff on the internet along with the bad stuff, but that is the price one must pay to sleep with a dirty whore!

Naive (0, Redundant)

Anonymous Coward | more than 10 years ago | (#9980421)

I think this article spotlights how unfair it is to blame the naive for having infected machines and passing along worms, trojans and such, as Microsoft tends to do more and more these days. I have heard it hear as well, but the fact is Microsoft has created a generation or three of point-and-click drones who expect everything to work out of the box. Microsoft blames security issues on their customer base for not patching (which would be counter to resonable business practice for anything but a monopoly), but most Mircosoft patches are akin to shutting the barn door after the horses are out. I would say let Bill fix the problems he has created, but where would he start?

Nuke it from orbit. Only way to be sure. (2, Informative)

frankie (91710) | more than 10 years ago | (#9980436)

Sheesh, here at the office, if IT is called to disinfect a PC, we'll spend maybe an hour to twiddle with SpyBot, RegEdit, etc. If it isn't clean by then, we fdisk the beast, reinstall from master image, firewall, windows update. Way less than 10 hours.

Needs an `OBVIOUS` tag (4, Interesting)

Wingchild (212447) | more than 10 years ago | (#9980440)

A few years back a buddy of mine came over to my apartment and plugged into my hub. I wasn't using a router at the time, just a hub with a WAN port for broadband. (I know it sounds terrible, but I keep my system configured according to DISA's security guidelines; sometimes I feel like testing it against real-world attacks. Bit of a masochistic streak.) I was running a locked-down Win2k box; he brought an unsecured Win98 system -- with it's C drive shared. To EVERYONE.

Things were going pretty well, and we left the systems on overnight. When we signed back on in the morning, my machine was fine; his machine had been compromised -- in grand style. We found the following:

- two separate users were connected to it.
- Cygwin, which my friend had managed to break and wasn't operational, had been either repaired or reinstalled.
- gcc was added.
- eight (!) separate viruses were on the system; two had been compiled with the local gcc, from the look of it.
- those viruses were being sent out around the net.

The main data on the system was not compromised and while there was a minor virus infection, for the most part things were not touched. I should say, "things were not touched that we could detect" -- they could have taken a full copy of his HD for all I know, not that anything important was on there (it was just a gaming box).

He probably wouldn't have noticed the attack itself except that his processor wasn't all that hot and he was on a 10M/sec network card; between the heavy compiling and the constant sending of virii system performance had dropped noticably.

The fix?

Unplug from the internet, make sure no data on the box is needed, and format it back to the stone age. It isn't like reinstalls take a long time. (Backups are your friends. :) )

Nuke 'em from orbit... (0)

Anonymous Coward | more than 10 years ago | (#9980449)

Why the heck didn't the supposed 'Computer Expert' nuke the machine and reinstall. In my experience when things are this pooched; backup what you can to CD/USB HDD/Flash and then fdisk and reinstall. It's the only way to be sure.

Weeks to fix a computer... (3, Insightful)

NoMercy (105420) | more than 10 years ago | (#9980458)

There are quicker methods.

Drive C: contains a valid NTFS partion, are you sure you wish to format (y/N) y.

10.5 hours (1)

tod_miller (792541) | more than 10 years ago | (#9980460)

To be fair they should use XP in these tests. It knows how to break itself, and has a whole new exploitability. But - and this is quite shocking - sometimes it can fix itself!

After being very devious, and listening to music and idly browsing the web (about 2 days after XP was released) my friends XP stopped rebooting.

Luckily the recovery system worked, and my friend was able to get XP running again!

This sounds like one of those stories where 'friend' is like me, talking about myself in third person, but honestly, it is this friend I have, who used XP...

friend (frnd)
n.
1. A person whom one knows, likes, and trusts.
2. A person whom one knows; an acquaintance.

Acronym Definition
XP Experience (Microsoft Windows XP)

Something sounds fishy (3, Interesting)

darkjedi521 (744526) | more than 10 years ago | (#9980475)

I've put unpatched '98 installs and unpatched XP installs side by side on my school's network. Guess which one got nailed with viruses?

The XP box, which caught Sasser, and probably a few other nasties, but I didn't bother looking, and just nuked the box.

The purpose of the exercise was to make a CD containing all the updates as of April, 2004 that a clean 98, 2000, or XP install required to be usable.

She was right on the cusp of greatness (5, Insightful)

jgorkos (453376) | more than 10 years ago | (#9980487)

From the article:
"What a revelation: Four programs -- one a firewall and three to combat spyware -- I downloaded FREE worked better than one I paid through the nose for. Why would anyone create these terrific programs for free? Often, as in the case of ZoneAlarm, they hope people will like the product so much they will buy an upgrade or, in the case of the spyware, pay to subscribe for upgrades."

She was right in the middle of the trees, and couldn't see the forest... yes, free software, even WINDOWS free software, works better and does what it says it does.

Talk about leading horses to water...

What an embarassment to our profession (0)

Anonymous Coward | more than 10 years ago | (#9980496)

to take 10.5 hours on ANY windows 98 problem is just ridiculous. If you're not tegging anywher after an hour on ANY client machine, RELOAD THE OS. It's just a better investment of time.

THe only time it's worth doing something like this is if it's an application SERVER, a DOMAIN CONTROLLER, something that can't just be REBUILT.

Honestly, I would NEVER EVER pay 10 hours for anything on a client machine. Isn't this tech TECH enough to realize that : $800 will get them a decent BRANDY NEW BOX from Dell with Windows XP Home?

Sheeeesh....another winner that heard the radio ad 2 years ago making them believe they can "be an MCSE in less than 6 months and make 50k per year!"

I'm not sure who is more at fault here, the person that paid for 10 hours of service, or the person that provided the service and actually thought they did a good job!

Neatly illustrated (4, Interesting)

maximilln (654768) | more than 10 years ago | (#9980499)

I finally decided to install Apache. I had been running an ftpd for a long time to transfer files between home/work/family/friends but so many of them began asking for me to appeal to the least common denominator that I finally did the apt-get install apache. Honestly speaking it was the easiest fileserver I've ever set up. Granted I didn't look into authentication or restricting access yet. I simply wanted to install it and offer files. In terms of basic functionality apache was much easier to achieve liftoff than ftpd or samba.

Here's the rub that fits with this article: Apache was not up and running for more than 2 hours before I had 3 IP addresses, two of them on my own ISPs /24, poking around for overflow vulnerabilities by sending SEARCH and GET requests with more than 8190 bytes.

Why can't these script kiddies be stopped? It is obvious what the intent was.

Type of person (3, Funny)

oasis3582 (698323) | more than 10 years ago | (#9980509)

The user here was probably the type of person that would love to see pics from MyParty! (.zip file attached)

10 1/2 hours? Has he never heard of the regedit? (1)

smooth wombat (796938) | more than 10 years ago | (#9980511)

I'm not sure how bad this womans system was but reading both stories makes me wonder if Glenn has ever heard of regedit. Where I work I have had to remove several pieces of spyware/malware from users machines (though not part of my formal job description) and to date not one piece of cruft has been able to hide from me.

I use the very simple process of going to Add/Remove and finding out what junk has been installed. I then write their names down and use Add/Remove to start the process. I then delete any and all folders for this crap. Finally I go into the registry and delete any reference to these programs. Reboot the machine and check my work.

So far I have a 100% success rate. Now if only the morons here would stop installing this crap. That and if the powers-that-be would switch to Firebird or Mozilla. *sigh* This is what one gets for working for a government entity.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?