Security Basics mailing list archives

Re: Windows 98 box is 'owned'

From: GuidoZ <uberguidoz () gmail com>
Date: Fri, 1 Oct 2004 20:06:09 -0700

Awesome points and advise Ansgar. One of your lasty emails also echoed
what I had sent in. Great minds think alike. =D

Well, in most cases. I still strongly believe in a personal firewall,
as well as a hardware router or firewall. A router will do nothing to
stop outgoing connections. Granted, having all the ports filtered will
certainly provide protection beyond nothing at all, if they leave the
default password/settings on the router, it's not much better then
nothing at all. (Though I believe Linksys, Dlink, and Netgear now at
least disable remote management and upgrades by default.)

A personal software firewall should be installed on any home computer
with Internet access, especially those on broadband. (As I pointed out
in another discussion on this list, even Microsoft finally realized
this and included a personal firewall; the Windows Firewall; in XP
SP2.)

Besides that I'm behind what Ansgar said. =)

--
Peace. ~G


On Fri, 1 Oct 2004 02:43:29 +0200, Ansgar -59cobalt- Wiechers
<bugtraq () planetcobalt net> wrote:

On 2004-09-30 Darren Kirby wrote:

After following the link provided by Bob Bermingham:

Sounds like the box is "owned", but not in the way you suspect. From
your description, it looks like she is infected with Netsky.P:

http://antivirus.about.com/cs/allabout/a/netskyp.htm


I can confirm this is indeed the Netsky.P virus. The filenames listed
are EXACTLY the ones on this box. From reading the description it
would seem this is very old virus...so she (my mom) is running a very
old unpatched windows 98?


A box can't be patched against Netsky et al. since they exploit a
layer-8 vulnerability. Tell her to use Mozilla or Opera instead of
IE/OE and to not open suspicious attachments (read as: attachments she
didn't ask for).

Please let me reiterate at this point that I
am really ignorant of windows...but I have heard that Microsoft has
ended support for this old OS.


Yes.

Is there still a patch available?


Again: there is no such thing like a patch against Netsky et al.

[...]

RandyW posted:

Without constant monitoring though, the PC WILL become infected
again, it's just a matter of time.


This is discouraging, as I don't have the time (nor knowledge) to
monitor this computer all the time. Perhaps it is time to say screw it
and install Slackware with a nice KDE desktop for her, because at
least I would know how to help with her problems, and it seems a lot
easier than:

1) reinstall OS


Maybe switch to Windows 2000/XP or Linux.

2) install firewall, AV, etc...


For Windows 98: just AV. For Windows 2000/XP I suggest to disable the
services that are not needed [1] and probably use a hardware router
rather than using a PFW.

Make sure file and printer sharing is not installed. Also have the AV
software update its signature files automatically (I suggest to update
on a daily basis).

Have her use Mozilla or Opera.

3) patch OS in 5 minute window available (as mentioned by Kelly Martin)


What "5 minute window"? If Kelly was referring to Blaster, Sasser and
their like: there is no such window. It may take hours til infection or
just a couple seconds.

AFAIK Windows 98 is not vulnerable, especially if no file and printer
sharing is installed. If you decide to install Windows 2000/XP use a PFW
or (better) a hardware router to block incoming connection attempts
until the patches are installed. On Windows 2000/XP you should also set
up Automatic Updates to download *and* install hotfixes in the
background.

4) educate Mom on use of AV, anti-spyware, good web practices (don't
open attachments, click on pop-ups etc...)


Yes. However, you will most likely experience a lot less trouble if you
install Mozilla or Opera and have her use one of them instead of IE/OE.
In that case limit IE to WindowsUpdate.

5) monitor until eventually another virus finds its way in.
6) Lather/rinse/repeat.


Yep.

Sorry if I sound affected here, but being a unix guy I do not see how
this makes windows an 'easier' desktop to use.


Unfortunately Windows is easy to use, but not easy to secure :(

BTW: did I already mention that she should use Mozilla or Opera instead
of IE/OE? ;)

[1] http://www.ntsvcfg.de/ntsvcfg_eng.html



Regards
Ansgar Wiechers
--
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin

Current thread:

Re: Windows 98 box is 'owned'; Re:, (continued)
- - - Re: Windows 98 box is 'owned'; Re: xyberpix (Oct 08)
    - Re: Windows 98 box is 'owned'; Re: GuidoZ (Oct 12)
    - Re: Windows 98 box is 'owned'; Re: Ansgar -59cobalt- Wiechers (Oct 08)
    - Re: Windows 98 box is 'owned'; Re: GuidoZ (Oct 12)
    - Re: Windows 98 box is 'owned'; Re: Ansgar -59cobalt- Wiechers (Oct 13)
    - Re: Windows 98 box is 'owned'; Re: GuidoZ (Oct 15)
- Re: Windows 98 box is 'owned' John R. Morris (Sep 30)
- Re: Windows 98 box is 'owned' Ansgar -59cobalt- Wiechers (Oct 01)
- Re: Windows 98 box is 'owned' GuidoZ (Oct 01)
- Re: Windows 98 box is 'owned' Ansgar -59cobalt- Wiechers (Oct 01)
  - Re: Windows 98 box is 'owned' GuidoZ (Oct 04)
- Re: Windows 98 box is 'owned' Paul Kurczaba (Oct 01)
  - Re: Windows 98 box is 'owned' GuidoZ (Oct 04)
- RE: Windows 98 box is 'owned' Ferruh Mavituna (Oct 04)
- RE: Windows 98 box is 'owned' Randy Williams (Oct 04)
  - RE: Windows 98 box is 'owned' xyberpix (Oct 07)
    - Re: Windows 98 box is 'owned' GuidoZ (Oct 08)
- Re: Windows 98 box is 'owned' Darren Kirby (Oct 04)
  - Re: Windows 98 box is 'owned' dante hicks (Oct 05)
    - Re: Windows 98 box is 'owned' Darren Kirby (Oct 06)
  - Re: Windows 98 box is 'owned' GuidoZ (Oct 05)

(Thread continues...)