[Dshield] RE:FW:Microsoft's Super Hidden Files - sliding off topic

Jason Allen jallen at garden-city.org
Thu Oct 24 21:18:21 GMT 2002


Thank you Kenton for speaking up for the technically 'somewhat proficient'
among us, whether that was the actual intention or not. :)

I have spent many years supporting MS operating systems and have no hatred
for ANY flavor of ANY OS. Sure, some are inherently less prone to attack
than others, due primarily to  their lack of dispersal among the population
(my dos 3.2 machine with no internet hasn't had a virus yet!), but no one is
safe from attack. Absolutely no one.

You hit it on the head with the education issue. When we have Klez, and Yaha
and Bugbear that make it so darn difficult to track the origins, it becomes
painfully obvious that Joe knowing how to stop it, or Fred knowing is GREAT,
but it doesn't amount to a hill of beans. (limas) Cuz guess what, Frank
hasn't got a clue and it's his box that's sending them out. 

Global education is no small task, but is exactly what is needed. 

Cookies can be a good thing, but so can high-powered rifles.  

This forum is a wonderful thing and I scare myself with it several times a
day. Many a disturbing trend can be followed right here from the comfort of
my chair. 

What really scares me is that I know a little....I know that I can't afford
expensive intrusion detection systems, that it's a struggle to keep users
educated, that centrally managed anti-virus software isn't cheap, that any
day, someone who knows more than me (I?) can introduce something onto my
network that will compromise the integrity or confidentiality of our
information. This is a scary, scary place to be, in my mind. Perhaps it's
just paranoia, but it feels real to me. 

I would like to see more about what a lowly civil servant can do to protect
his users....what works well and doesn't cost thousands of dollars? How can
I stay ahead of the curve and at least have a few minutes warning about this
stuff before it slams into my network and costs me the respect of my users
that I have struggled for years to build up. 

I do SO appreciate all of the input and posts that I read through
religiously here. It feels like a chaotic blur sometimes, but at least it's
something. 

If anyone has any tips for helping to safeguard and monitor a network of
about 200 users with a big pipe to the Internet, I would appreciate hearing
from you. Are there any good FREE IDS available? 

Your time is appreciated. 

Fellow Servant of the People. 




-----Original Message-----
From: Kenton Smith [mailto:ksmith at chartwelltechnology.com]
Sent: Thursday, October 24, 2002 9:06 AM
To: list at dshield.org
Subject: [Dshield] RE:FW:Microsoft's Super Hidden Files - sliding off
topic


It is articles like this that really get my dander up. For at least two
reasons:
1. It's not that simple (I sometimes forget that there are a lot of
people subscribed to this list that aren't admins or security
professionals, so this beef is on their behalf). These files are not
some evil plot by Microsoft to track where you are going and how you got
there. If you go and just delete these .DAT files you do nothing to
solve the problem. What the author fails to state (as usually happens in
articles of this nature) is that these are just indexes of files that
are on your computer. The files are still there. If you really want to
get rid of the information, you have to delete the files and the .DAT
files.
2. For many people (start the flaming now) these files are beneficial.
Not all cookies are bad, and the people to which this article is
directed, are the people who utilize cookies the most. Delete the
history files? I know I find them beneficial whether I'm using Windows
or Linux. Temporary Internet files - delete that .DAT and then go back
and look at your email through Outlook Express. Things like attachments
and all sorts of other things will be gone. Microsoft hides these files
for a reason.
3. Okay, I can't stop. IE 6 has the ability to handle a lot of this
stuff. You can manage cookies, you can set how much history to keep, you
can delete your temporary files. Why doesn't the article tell people how
to use the applications instead of how to go and delete system files. I
don't have a problem with telling people how to clean up their systems,
but please tell them why they are doing it. It is this exact type of
article that causes Sys. Admins grief because users read it and delete
the files, and then come and ask why their all of their saved
information for web sites is gone.

Computer users need to be educated properly, otherwise it's going to
cause more problems than it solves. It the same exact problem with
"personal firewalls" (let's not start that debate again please). All
this information is spewing out and the people who need the software the
most have no idea what the information is saying. This article is
spewing our all sorts of information that the intended audience knows
nothing about, when he could have used the space to inform them of what
these files actually do and why you may or may not want them on your
system.

Kenton Smith

On Oct. 23, 2002 Karen wrote:

>
Does anyone on dshield use Microsoft?  Just in case, I'm forwarding this
post from a friend of mine.
 
Karen
 
P.S.  Over the last two weeks or so, I think I've gotten over a hundred
Zone Alarm alerts, most unusual for me.  Many from China, and Korea, and
some of the strangest (using Neo Trace) seem to come from off shore
(east coast) USA, and if I remember correctly they were registered to
China or Korea, too!  Weird.  
 
 
http://netsecurity.about.com/library/weekly/aa020402a.htm



_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

#####################################################################################
This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal 
- For more information please visit www.nwtechusa.com
#####################################################################################




More information about the list mailing list