[Dshield] 0wnlng Windows machines

Tony Earnshaw tonni at hetnet.nl
Sun Feb 25 22:46:59 GMT 2007

Stasiniewicz, Adam wrote, on 25. feb 2007 19:41:

> The major reason you see Windows computers is simply because they are the most abused.  While most Novell, Linux, Unix, etc systems are maintained by IT staff who ensure they are properly functioning, most Windows computers are used by clueless consumers.  What often happens is these clueless consumers will buy their computer from Best-Buy or wherever and it will have the latest patches on it.  They might even have a friends/relative/etc look at the computer once or twice a year to "clean it up".  During those times, the folks will usually install the latest patches and AV.  But in the space between, the clueless consumer will not patch their computer or update their AV (since again, they are clueless).  They will open virus infected emails and install the latest crap on their machine.  For this reason, about 80% of all spam comes from computers infected with spam viruses.  The remaining 20% comes from hijacked netblocks and foreign countries with weak cyber laws.
> As for 2003 the main reason you are seeing it lower is because of the limitations of your tool.  Your tool can't tell the different between the client versions of Windows and the server versions.  So, if you could, you would most likely see that 2000 server also has a very low rejection rate.  But because 2003 has no direct client version, you are only see stats for a server OS.  And going back to my first point about Novell, Unix, and Linux, 2003 servers tend to be professionally managed by IT folks, who are much better at keeping junk off those machines.
> Does that answer your question?

Thanks, Adam, it most certainly does.

"Alan" wrote to me off list, stating that his Windows IE7 browser had a 
certificate problem with our URL: Has anybody else the same problem with 
that? We run Apache 2.0.52 with locally generated openssl non-root 
public, private and CA certs. Our pupils, teachers and staff with 
Windows have no problems accessing webmail on the same server (but they 
don't know about this url); perhaps I've entered the wrong Order and 
Allow values? I did check it out from my own remote site with Firefox 
2.0 and it works fine for me. I do have "SSLRequire 
%{SSL_CIPHER_USEKEYSIZE} >= 128" for this url, perhaps IE7 can't swallow 
that? Hmmm ... yet another reason for finding Firefox 2.0 a really fine 
browser ...


Tony Earnshaw
Email: tonni at hetnet dot nl

More information about the list mailing list