[Dshield] Where should one start?

Doug White doug at clickdoug.com
Sat Mar 20 19:21:41 GMT 2004

Good comments John  but I was just responding to the one who made the remarks.
My part of the message starts with "That may be"
During the home visits that I do, I run into many of the points you make, and
usually try to give the customer Security 101, but I realize this falls on deaf
ears, because the customer is usually just interested in what they want to do,
and few are aware that just because they are in their home behind locked doors
they are not safe, not at least in the computing world. I find the vast majority
completely clueless about ports, firewalls, and anti-virus scanners, even though
it came bundled with the system.   I frequently hear the comment; "Oh I disabled
that, because it made my machine run slow."  or words to that effect.
At least the users of Windows XP will get somewhat a come-uppance when they
install the soon to be released Service Pack 2, because there is a whole new
ballgame about computer security which will default to "enabled" as soon as that
service pack is installed.   Even Microsoft mentions that it may break some
applications and require them to be re-written by the respective authors.
It implements a new idea called "dynamic port configuration" and more.   For
those in the business, it might be a good idea to do some looking at its new
features on TechNet. I am currently looking at RC-1 of this service pack, and it
is 223 MB in size. Practically a complete new installation


Stop spam on your domain, Anti-spam solutions
For hosting solutions http://www.clickdoug.com
If you woke up breathing, congratulations! You have been given another chance!

: Doug,
:     Just to drop a line on two comments. As a tech Bench at a major
: electronics big box retailer, two things bother me. First was the remark
: about just pushing the computers out the door without any concern. Our
: standard is that every machine that goes out our doors has been setup (free)
: so that all the initial installations are running, i.e. Symantec is at least
: running or McAfee is is. We offer the service (for pay) to do a
: customization that tweaks some parameters, and most importantly installs 17
: patches and fixes. Generally charging $25 for this service. I also
: personally make sure script blocking, email protection, and automatic
: updates are set for the Symantec suite of products at least, and all this
: before it leaves store.We do mention and emphatically remind the customer
: should they not avail themselves of this service, that it is very important
: that they do the windows updates and antivirus updates immediately upon
: hooking up to their ISP's. BTW we do this with a automated program some
: other stores techs have designed over the past year or so on their own. As
: well if the customer comes in with severe slowness problems, it is almost
: always spyware, and we install ad-aware or spybot or both to clean, and
: suggest the customer keep it up to date and send a donation if possible to
: the one that survives on them I have seen as many as 1500 spyware hits on
: one machine, and it took 3 passes to clean.
:     I guess my point is there are retailers out there who are concerned
: about what they are sending out there as far as prepared computers. And
: would hope other retailers would at least try to send protected machines
: out. I have seen customers who come back within a day or two who were
: infected almost immediately upon hooking to their ISP's and was able to
: build a personal list of which ISP's blocked blaster and which did not, at
: least on local pools.
:     One final thing, we do not work on commission at this chain, so many
: times the main emphasis is that when you get the machine home, that
: everything works, and you do  not have to do anything to protect yourself
: beyond common don't open unknown programs/emails for the next year.This
: includes suggesting buying the antivirus subscription with one year of
: service at time of purchase, since most systems have a trial 60 day setup on
: them.
: ----- Original Message ----- 
: From: "Doug White" <doug at clickdoug.com>
: To: "General DShield Discussion List" <list at dshield.org>
: Sent: Friday, March 19, 2004 7:54 PM
: Subject: Re: [Dshield] Where should one start?
: >
: >
: > : If you want to get down to root causes, blame the computer salesman and
: the
: > : companies they work for. Lets face it, todays machines sit on shelves in
: > : stores and warehouses on the average of 3 to 4 months at a time. Most
: window
: > : machines are XP (Xtra Protection and Xtra Patches required), and do not
: have
: > : a functioning and up to date virus protection upon boot up. It should be
: a
: > : requirement that before the computer ever leaves the store that updates
: and
: > : virus protections are brought up to date as part of the service that the
: > : re-seller is responsible for. With the Governments push to have a
: computer
: > : in every home and every school, they forget that these computers need to
: be
: > : secured before that happens. Unfortunately there many novices buying
: > : computers who do not know how to set up security properly, and salesman
: do
: > : not inform their potential sales, that there are patches to be updated,
: > : virus protection to be installed and updated, and the proper setup of
: > : security i.e a firewall to be installed. Most have never heard of
: ad -aware
: > : programs until they have a problem, but by then trojans and other things
: > : have been released from their machines. Sales people are only after one
: > : thing, Commissions, and they can care less about the state of a machine
: > : that's been on their shelves for a long period of time. They also cover
: > : Microsoft and any anti-virus makers behinds by allowing these machines
: to go
: > : out the door without these updates or protection installed.
: > :
: >
: >
: > That all may be well and good, however, there are still a ton of
: experienced IT
: > folks that set up new machines from the original CDs and immediately
: connect to
: > the internet to download whatever patches are out there.  During this
: period of
: > time, the machine invariably will pickup an infection.
: >
: > Once it is discovered, the IT person will wipe the system and do it all
: over
: > again, exactly the same way, resulting in more risk.
: >
: > Bottom like, while the Joe-User may be clueless, you must of course
: include the
: > experienced people who are not following best practices as well.
: >
: > ======================================
: > Stop spam on your domain, Anti-spam solutions
: > http://www.clickdoug.com/mailfilter.cfm
: > For hosting solutions http://www.clickdoug.com
: > ======================================
: > If you woke up breathing, congratulations! You have been given another
: chance!
: >
: >
: >
: >
: >
: _______________________________________________
: list mailing list
: list at dshield.org
: To change your subscription options (or unsubscribe), see:

More information about the list mailing list