I posted what I posted upon only having seen andrewas' link. I've now read your links too. I wasn't going to leave windows anyway. I've managed to securise it as much as possible for myself and as far as I can see nothing I don't want is getting past my protections.

<span style="color: lightblue">Find me an article, not funded by M$, that says Windows is better without question.

Find me an article, not funded by open source... wait... there's no funding in open-source... hmm... Something wrong here, they don't have any legal links, as they're not a company... Meaning all articles about Linux vs Windows that are free are subject to be under the influence of open-source, therefor biased to Linux... Unless they're an indepentend magazine, or a site like tom's Hardware, but for software... Hmm... I've just been to one, mind you it's Croatian, and it has some nice things about Linux, but also about Windows as well. And if I put my heart to it, I think I'm bound to find a few on english as well... but Frankly honey.. I don't give a damn.
This is one of the oldest debates known to man! It will never end, it will never find a conclusion. Why? Microsoft is too powerfull to kill, and open-source is too distributed to be fogotten. And if there is somehow going to be an end, it's not going to be on a forum that's main focus is roleplaying games. Guys, I really do respect the crusades and all, and I do believe that Microsoft has some issues it has to take care of, but this is like "My dad is better than your dad!"

And for the Mac gang... here's a pro-MAC article that smacks around both Linux AND Windows.

http://www.mi2g.com/cgi/mi2g/framese...ess/051104.php

Pretty interesting article actually.

Lemmon I find/you find/he finds/she finds... ANYONE can find an article saying just about anything they want on the internet.

As I've said all along, I'm glad Linux (and the Mac too for that matter) is out there providing a viable alternative to Windows (A company I'm not overly fond of... very predatory). Just flagging the crusaders who have an agenda to point out every flaw in windows while ignoring the warts in their OS of love.

My standard disclaimer - Don't trust the prophets, do the research and come to your own conclusions.

For me (a person who doesn't have to pay out of pocket for my OS decisions) Windows is my general use OS, Linux is a toy, and hopefully soon I'll have a Mac to play with.

If I was personally paying for my software I'd be using Linux, although on the one system I'd really LIKE to use linux on I can't for lack of drivers (Dual Opteron workstation, of course there are 64 bit Windows drivers missing too) and I'd have to pay for the OS (SuSe 64-bit Enterprise... could not find any free distributions).

The slapper worm back in 2002 showed just how solid linux systems are.</font>[/QUOTE]<span style="color: lightblue">One worm. Three years ago. Nothing prior, nothing since. Compare to... how many for Windows?
</font>[/QUOTE]All I know are the virus and worms that I've been infected with.
Windows: 0
Linux: 1
I've been running windows as a home OS for 8 years, I ran Apache on Linux for 6 months and was compromised.

<span style="color: lightblue">Remote buffer overruns are more than sloppy coding. They need bad design for them to be able to be executed remotely, relying only on a computer to be logged in.

<span style="color: lightblue">OK, now, why are there stupid users? Mainly because when something goes wrong, Windows says "Something went bang! Go tell Microsoft".
Linux gives you some idea of what went wrong, and possible ways to fix it yourself. Linux teaches you to be able to fix simple problems, Windows encourages stupid users.

<span style="color: lightblue">If that were true, you would need to start a web browser as root since they bind to port 80. FTP clients, mail clients, GAIM and its kin. They all connect to ports, inbound and outbound, and yet they can be started by anyone who can access the executable. I run aMSN, Thunderbird, Firefox, xChat, ncFTP, and GAIM regularly as me. Check your facts.</font>[/QUOTE]I don't know how you're system is setup, but if it is anything like 99.99% of the systems out there it will use a process that goes something like this:
Start some program with root privliges, the program binds the port(s), listens, and then calls setuid() and setgid() and friends to drop root privliges. At this point it should still be able to call accept() on the ports, but it will not still have root privliges. However everytime you start aMSN, Thunderbird, Firefox, xChat, et al. you are opening a hole that could in theory allow someone who has compromised that porgram to do all sorts of nasty things. I suspect that you're undergoing the same thing that you accuse windows users of doing, ignoring things because they are happening outside of plain sight.

Like I origionally said, security is all smoke and mirrors. The holes in Linux security are harder to get to, and difficult to exploite, but there are still holes, and I feel it is only a matter of time before someone comes up with a way to get at them.

<span style="color: lightblue">How about, it is designed specifically to allow other people to connect directly to your computer? That makes it an admin level function. And this is Windows mistake - it not only allows anyone to start something like Apache, it has other servers running by default which most people should not need to care or know about. And yet, if they don't disable them, it can cause major problems. Ever wondered why things like trojan droppers can exist?</font>[/QUOTE]If you're going to only allow admins to connect to the outside world then you've effectively isolated your computer from the net. It's a heck of a lot more then Apache that suffers from this problem, anything that uses a port below 1024 will need to be started as root. An awful lot can happen between the time that a program starts, and the time that it binds to a port.

I just got a new PC and upgraded from W98 to XP w/SP2. Under 98 I never had a virus or suffered from an attack and only had one case of spyware due to user error

So how does a fellow like me who's programing expirience is Basic ( circa 1985) and Scripting for NWN plug these reported holes in Windows XP?


Does the firewall with my router and the software firewall I use do the job, in addition to being overly cautious about email attachments and using spyware killers like adaware and SBS&D, ect.?

What in reality and in lay-terms should I be worried about?

Regards the down load of SP2. Just ask Microsoft for a free copy of SP2 and they will send. Three days after asking a nice shiny CD arrived from Hong Kong :D (and I am sure that the CD has been given away free with PC mags before now.)

off topic.... It was funny to see a product from Microsoft telling you to distribute to everyone you know, instead of the usual copy this and we will shoot you [img]tongue.gif[/img]

I am about to install SP2 tomorrow, any tips on which (if any) options to choose while installing it would be nice.

And on a side note I find the articles you post Lenoncook intresting. Much better than the spam that some posters get away with.

<span style="color: lightblue">Read the article I posted, and look at Spinrite's tools information and tools. Disable all the services that are listed as 'should be disabled' on the first article. Run a good firewall (Zonealarm, Kerio, etc), run a good antivirus (I recommend avast!). Don't be fooled into thinking that a firewal l is a replacement for your antivirus: they are complimentary. Don't use IE, don't use Outlook, don't use {Note|Word}pad, don't use the windows firewall. Get Service Pack 1 definately, consider Service Pack 2, armed with all the articles you can find about it. Run under a limited account where possible, logging in as admin only when you need to. Use one or two anti-spyware apps, update and run once/day to start with, slow down if (and only if) they regularly come up clean. Don't bother with anti-spyware resident things (things that stick in memory) unless you need to. Pay attention to what your tools tell you. Investigate anything suspicious you find on your machine. Consider using Open Office rather than MS Office. Don't blindly delete any problems, try to understand where they came from and future-proof yourself against the same happening again. Go through Add/Remove Windows Components and remove anything you don't or rarely use. Consider alternative file managers, consider alternative shells. Check for updates to your software regularly. Never let anything download or install software without your explicitly telling it to. This includes Windows itself. If any of your tools stops doing the job it's meant to, consider replacing it, or investigate what could be causing it. And never assume that you are completely safe.

[ 01-09-2005, 09:48 PM: Message edited by: LennonCook ]

<span style="color: lightblue">You seem to forget that there is a difference between "worms one has been infected with over 8 years" and "worms that have been caught". ;) But also, your experiences do not necesarily reflect the actuality.


<span style="color: lightblue">So, when I open an xTerm logged in as me, and type 'firefox &' as me, it somehow has root privaledges?
When I jump to a virt term, and log in as me, then 'ncftp wherever', it is starting with root privaledges even though it is not bieng run as root?
Sorry, no.

<span style="color: lightblue">Yes, there will always be holes. But the th ing with Linux is that it actually seems to fix them as they are discovered. I don't argue that Linux has fewer security flaws than Windows, but rather that it is more secure, and that it takes real steps to ensure that. Service Pack 2, for the most part, seems to simply remind you to put a firewall up. It doesn't close off any of the webservers which are active by default - which, as you point out yourself, in Linux require root access to instantiate, it doesn't make you less vulnerable to attack. It just... tells you to put up a firewall. Which is kindof useless when you realise that most of the people who will know about SP2 (ie, people who do a fair amount of stuff on their computer, or who have security-concious technicians lookin gafter them) will most likely already have a firewall anyway.

<span style="color: lightblue">It isn't a matter of only allowing admins to connect to the outside world, it's a matter of allowing other systems to connect directly to you. As I pointed out above, it is illoigcal to assume that a program which i start in console as me is somehow started with privaledges I don't have. Because if they can do it, why can't I start apache as me? Why does apt-get exit with the question 'are you root'?
Certain things do require admin access. Openeing a service that, simply because of what it is rather than how well it has been designed, could potentially be used to take control of your system has to be among them.

<span style="color: lightblue">But, how likely is it that something will exploit that? Which is easier to exploit: "These people probably have this service running that will let me get in there, because it's on and always running on that system" , or "These people might be starting a service that they might not have, and I for a few seconds it has full root privaledge"?

A serious hacker will still get in to a Linux system, yes, but they aren't the most dangerous threat to the average user. The viruses, the worms, the trojans... that isn't the hallmark of someone who wants information. That isn't the behavior of someone who wants specific information from a specific machine. It represents someone who just wants to revel in the damage they can do.
The way to stop this is to
1) Limit the number of ways they can get in, and
2) Limit the amount of damage they can do if they achieve this.
(spyware is, ofcourse, a different beast)

Linux, by virtue of enforcing its multi-user privaledge system, is almost immune in this regard to everything except user error (error to the extent of doing everything as root). Windows, on the other hand, seems to be a script kiddy's dream: easy to get at, plenty of room for damage, and a large user base to boot. And Microsoft don't seem to be doing a thing about it, except reminding the user that they aren't safe.

Thanks! I already use many of the safegaurds and practices you have offered on our win 98 machines although Spinrite's tools are new to me. Before my new PC goes on the net I will certainly be checking those out and digging into windows to turnoff all the unneeded stuff.

I'm definitely going to check out Openoffice. Gotta love free stuff that is as good and versatile as the pay stuff! :D

We already use Avast, which is also free, quite excellent, and hasn't pulled any of NAV's stupid tricks that caused hours of work installing and reinstalling just for simple protection. Plus Norton actually tried to charge my wife to re-download software we had already paid for in order to jump through the re-install hoops! That's when I finally persuaded her to give it up for Avast.