[Dshield] Where should one start?

John Dalton dubuque_1 at msn.com
Sat Mar 20 18:35:26 GMT 2004

    Just to drop a line on two comments. As a tech Bench at a major
electronics big box retailer, two things bother me. First was the remark
about just pushing the computers out the door without any concern. Our
standard is that every machine that goes out our doors has been setup (free)
so that all the initial installations are running, i.e. Symantec is at least
running or McAfee is is. We offer the service (for pay) to do a
customization that tweaks some parameters, and most importantly installs 17
patches and fixes. Generally charging $25 for this service. I also
personally make sure script blocking, email protection, and automatic
updates are set for the Symantec suite of products at least, and all this
before it leaves store.We do mention and emphatically remind the customer
should they not avail themselves of this service, that it is very important
that they do the windows updates and antivirus updates immediately upon
hooking up to their ISP's. BTW we do this with a automated program some
other stores techs have designed over the past year or so on their own. As
well if the customer comes in with severe slowness problems, it is almost
always spyware, and we install ad-aware or spybot or both to clean, and
suggest the customer keep it up to date and send a donation if possible to
the one that survives on them I have seen as many as 1500 spyware hits on
one machine, and it took 3 passes to clean.
    I guess my point is there are retailers out there who are concerned
about what they are sending out there as far as prepared computers. And
would hope other retailers would at least try to send protected machines
out. I have seen customers who come back within a day or two who were
infected almost immediately upon hooking to their ISP's and was able to
build a personal list of which ISP's blocked blaster and which did not, at
least on local pools.
    One final thing, we do not work on commission at this chain, so many
times the main emphasis is that when you get the machine home, that
everything works, and you do  not have to do anything to protect yourself
beyond common don't open unknown programs/emails for the next year.This
includes suggesting buying the antivirus subscription with one year of
service at time of purchase, since most systems have a trial 60 day setup on

----- Original Message ----- 
From: "Doug White" <doug at clickdoug.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Friday, March 19, 2004 7:54 PM
Subject: Re: [Dshield] Where should one start?

> : If you want to get down to root causes, blame the computer salesman and
> : companies they work for. Lets face it, todays machines sit on shelves in
> : stores and warehouses on the average of 3 to 4 months at a time. Most
> : machines are XP (Xtra Protection and Xtra Patches required), and do not
> : a functioning and up to date virus protection upon boot up. It should be
> : requirement that before the computer ever leaves the store that updates
> : virus protections are brought up to date as part of the service that the
> : re-seller is responsible for. With the Governments push to have a
> : in every home and every school, they forget that these computers need to
> : secured before that happens. Unfortunately there many novices buying
> : computers who do not know how to set up security properly, and salesman
> : not inform their potential sales, that there are patches to be updated,
> : virus protection to be installed and updated, and the proper setup of
> : security i.e a firewall to be installed. Most have never heard of
ad -aware
> : programs until they have a problem, but by then trojans and other things
> : have been released from their machines. Sales people are only after one
> : thing, Commissions, and they can care less about the state of a machine
> : that's been on their shelves for a long period of time. They also cover
> : Microsoft and any anti-virus makers behinds by allowing these machines
to go
> : out the door without these updates or protection installed.
> :
> That all may be well and good, however, there are still a ton of
experienced IT
> folks that set up new machines from the original CDs and immediately
connect to
> the internet to download whatever patches are out there.  During this
period of
> time, the machine invariably will pickup an infection.
> Once it is discovered, the IT person will wipe the system and do it all
> again, exactly the same way, resulting in more risk.
> Bottom like, while the Joe-User may be clueless, you must of course
include the
> experienced people who are not following best practices as well.
> ======================================
> Stop spam on your domain, Anti-spam solutions
> http://www.clickdoug.com/mailfilter.cfm
> For hosting solutions http://www.clickdoug.com
> ======================================
> If you woke up breathing, congratulations! You have been given another

More information about the list mailing list