Would a firewall prevent Sasser worm?

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In comp.security.misc Leythos <void@nowhere.com> wrote:
> In article <FeqdnRwGqovN1wfdRVn-ig@comcast.com>,
> arero68.IS.A.SPAMMER@hanmail.net says...
>> 4. The solutions to both these problems, are simple, but not easy. The
>> solution to the Microsoft problem is to migrate to non-Microsoft
>> software.

> What utter BS! The solution, while difficult, is to educate the users
> that operate systems without understanding them. Once the Nix systems
> and apps hit the desktop with as many installs as Windows you'll see
> weekly exploits about them too.

Bullshit is generally defined as when someone is talking without first
turning on the brain.

"utter BS" can be though of as haveing less then any real argument but
wishing to speak with LARGER vioce.


Now, do you have a valid argument ( like comparing, let's say KDE to
windows screen manager) in terms of vulnerabilyties ? Please give
one or two examples, not a pure "echo of MS FUD"

> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)

--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos wrote:
> In article <4nKmc.2338$Yc.35503@news4.e.nsc.no>, toreld@netscape.net
> says...
>> So why isn't there a configuration page in Windows where the average
>> user can do this sort of thing by pointing and clicking? Sure, there
>> will have to be some options to allow for different configurations, but
>> the idea still seems worth pursuing.
>
> There are many pages on the web, even from MS, that tell you how to
> secure your installation - you just have to look a little.

Oh, come on. The average Windows user is completely unable to do that
sort of research and you know it.

I mean instructions that a mother-in-law could follows. (But she would
not have to if Windows was properly strapped down by default.)
--
Tore

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <veLmc.2343$Yc.35576@news4.e.nsc.no>, toreld@netscape.net
says...
> Leythos wrote:
> > In article <4nKmc.2338$Yc.35503@news4.e.nsc.no>, toreld@netscape.net
> > says...
> >> So why isn't there a configuration page in Windows where the average
> >> user can do this sort of thing by pointing and clicking? Sure, there
> >> will have to be some options to allow for different configurations, but
> >> the idea still seems worth pursuing.
> >
> > There are many pages on the web, even from MS, that tell you how to
> > secure your installation - you just have to look a little.
>
> Oh, come on. The average Windows user is completely unable to do that
> sort of research and you know it.
>
> I mean instructions that a mother-in-law could follows. (But she would
> not have to if Windows was properly strapped down by default.)

The number two item on google.com for "How to secure Windows XP" was at
this link http://www.markusjansson.net/exp.html with instructions that
even a Linux user could follow


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

On Fri, 7 May 2004 09:58:32 +0200, Luke Tulkas spoketh


>
>Funny how in order to make the "system" even plausibly stable and secure
>one has to install _extra_software_. Expensive, too.
>

There are several free anti-virus solutions around (for home use)...

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Lars M. Hansen wrote:

>On Thu, 06 May 2004 12:10:53 -0400, Rowland spoketh
>
>
>
>>1. So security patches are a bad thing? In that case, don't install any!
>>
>>
>
>No, the patches are not bad, but there's a correlation between
>vulnerabilities and patches that you're missing. Usually, there's a
>patch for a vulnerability, thus by counting patches one can approximate
>the number of vulnerabilities.
>
>
>
>
I'm not missing the correlation. I'm questioning it. You haven't
controlled for all the variables here. That's my point. All patches
are not equal.

--
Spammers: arero68@hanmail.net business@99peak.com epschao@sogiant.twmail.net
gagq@gagq.com good_day@sendmailforyou.com imc911@netian.com kim@derek.nl
kingoffice@so-net.net.tw sogiant.service@msa.hinet.net succa@roofo.com yahoomelsww@yahoo.com

Check out my Java, SQL and Python samples at http://rowland.blcss.com/
For sale: Unique and energy efficient hobbit home in New Hampshire:
http://www.angelfire.com/ego/rowland/mm.index.html

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

"Lars M. Hansen" wrote:

> On Thu, 06 May 2004 10:20:40 -0400, Rowland spoketh
>
> >1. Windows has far more security problems than Linux or other Unix
> >variants. Microsoft' defenders have about half a dozen excuses for this
> >and none of them impress me.
>
> The biggest issue isn't Windows Network administrators, it's the home
> user who just got his/her computer from Dell or Gateway, and just plugs
> it in without knowing that things are not kosher. I admit (as both a MS
> and Linux proponent) that there are default settings in Windows that are
> plain and simply set wrong. Services are running that in most cases
> shouldn't be and registry settings that could prevent some exploits are
> not set correctly. The registry fix for the recent DCOM vulnerability
> takes about 10 seconds to fix (plus reboot)...

Agreed. And we're right back to the argument that if Linux were as widely
distributed in the consumer market as Windows is, we'd see just as many
attacks and worms hitting Linux.

Ma and Pa Kettle just home from Best Buy with their shiney new Red Hat 7 PC.
They turn it on and use it cause it's so user friendly and all. They get
warned about "downloading updates" (I dunno, does Red Hat 7 even have
auto-update capabilities?), but they don't see the point in "wasting their
time doing that computer stuff". Soon they get hit with a sendmail or apache
worm and are acting as a drone for someone to attack other unsecured Red hat
7 configurations.

Linux zealots look at the above and scream "BUT LINUX IS MORE SECURE FROM THE
BEGINNING" (it isn't) or "BUT ALL YOU HAVE TO DO IS RUN UP2DATE AND IT FIXES
EVERYTHING" (true, but Ma and Pa Kettle don't care about doing that).

Well, you know what? All Windows users have to do is leave Auto-update
ENABLED (which is how it comes by default I believe, although I could be
wrong), and patches from Microsoft would either be INSTALLED AUTOMATICALLY,
or, if they prefer, they can be informed of the updates, have them downloaded
and install them at their leisure. People choose not to take advantage of
this, or they are running a pirated version and can't connect to
windowsupdate, or they are convinced Microsoft is stealing their thoughts
when they connect their PC to windowsupdate and refuse to do it.

The reason you don't see as many Linux worms is not because there are not
holes there to be exploited, but because most people running Linux are
administrators running them as servers (so they are secure) or people who
have an active interest in computers and computer related technology (so they
secure their PCs). The few remaining Linux installations run by the clueless
masses aren't worth targeting. It's much more "fun" to target millions of
Windows systems. Once Linux gains the consumer popularity desired by the
Linux community, that will change.

> >3. The majority of Linux/Unix vulnerabilities have to do with buffer
> >overflows. So do a large chunk of Windows vulnerabilities. So there
> >are two problems here: Microsoft, and buffer overflows.
>
> No, the problem is bad programming by everyone. Unless programmers
> suddenly get perfect over night, we'll end up with buggy software on all
> platforms.

Managed code in .NET will resolve some (but admittedly not all) of this. Much
of Longhorn is being written using managed code, there will be no
opportunities for buffer-overrun attacks in a system that can't have a
buffer-overrun. As well, 64-bit Windows will support some CPU's concept of
"executable code blocks", where applications can mark areas of memory that
are executable. I'm not sure how many developers will actually take advantage
of this, but it is there.

References:
<url: http://forums.gizmobytes.com/index.php?showtopic=940&st=0& /> (not the
most reliable source, but it describes the features of the AMD 64-bit CPUs)
<url:
http://download.microsoft.com/download/8/9/6/89638133-ada5-4d17-9dc3-63293f87eef5/Finnegan_AirForceDoD2004.ppt
/>

For those without PowerPoint:

Goal and customer benefit
- Reduce exposure of some buffer overruns
What we’re doing
- Leverage hardware support in 64-bit and newer 32-bit processors to only
permit execution of code in memory regions specifically marked as execute
- Reduces exploitability of buffer overruns
- Enable by default on all capable machines for Windows binaries
- Ensure application compatibility with NX for Longhorn
Application impact
- Ensure your code doesn’t execute code in a data segment
- Ensure your code runs in PAE mode with <4GB RAM
- Use VirtualAlloc with PAGE_EXECUTE to allocated memory as executable
- Test your code on 64-bit and 32-bit processors with “execution protection”

--
| Grant Wagner <gwagner@agricoreunited.com>

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Grant Wagner wrote:
> "Lars M. Hansen" wrote:
>
>> On Thu, 06 May 2004 10:20:40 -0400, Rowland spoketh
>>
>>> 1. Windows has far more security problems than Linux or other Unix
>>> variants. Microsoft' defenders have about half a dozen excuses for this
>>> and none of them impress me.
>>
>> The biggest issue isn't Windows Network administrators, it's the home
>> user who just got his/her computer from Dell or Gateway, and just plugs
>> it in without knowing that things are not kosher. I admit (as both a MS
>> and Linux proponent) that there are default settings in Windows that are
>> plain and simply set wrong. Services are running that in most cases
>> shouldn't be and registry settings that could prevent some exploits are
>> not set correctly. The registry fix for the recent DCOM vulnerability
>> takes about 10 seconds to fix (plus reboot)...
>
> Agreed. And we're right back to the argument that if Linux were as widely
> distributed in the consumer market as Windows is, we'd see just as many
> attacks and worms hitting Linux.

you mean the "theory" or "hypothesis" spread usually by interested parties
and their lackeys.

> Ma and Pa Kettle just home from Best Buy with their shiney new Red Hat 7
PC.
> They turn it on and use it cause it's so user friendly and all. They get
> warned about "downloading updates" (I dunno, does Red Hat 7 even have
> auto-update capabilities?), but they don't see the point in "wasting their
> time doing that computer stuff". Soon they get hit with a sendmail or
apache
> worm and are acting as a drone for someone to attack other unsecured Red
hat
> 7 configurations.

the kettles run a mail server and a web site on their machine? how would
they even do this with xp home?

> Linux zealots look at the above and scream "BUT LINUX IS MORE SECURE FROM
THE
> BEGINNING" (it isn't) or "BUT ALL YOU HAVE TO DO IS RUN UP2DATE AND IT
FIXES
> EVERYTHING" (true, but Ma and Pa Kettle don't care about doing that).

at least ma and pa kettle do not log in as root on a linux box, and as a
consequence their potential for seriously wrecking the system is a bit more
under control.

> Well, you know what? All Windows users have to do is leave Auto-update
> ENABLED (which is how it comes by default I believe, although I could be
> wrong), and patches from Microsoft would either be INSTALLED
AUTOMATICALLY,

well, that is if you do not mind redmond rebooting your box while you are
out to lunch, or grab a coffee. i, for one, do. mind, that is.

> or, if they prefer, they can be informed of the updates, have them
downloaded
> and install them at their leisure. People choose not to take advantage of
> this, or they are running a pirated version and can't connect to
> windowsupdate, or they are convinced Microsoft is stealing their thoughts
> when they connect their PC to windowsupdate and refuse to do it.

or perhaps they have some long-running computation going on or some editing
session, or are otherwise generally opposed to spontaneous reboots by their
machines---the occasional bluescreens and lock-ups are bad enough without
the borg-base having to trigger reboots via the net.

> The reason you don't see as many Linux worms is not because there are not
> holes there to be exploited, but because most people running Linux are
> administrators running them as servers (so they are secure) or people who
> have an active interest in computers and computer related technology (so
they
> secure their PCs). The few remaining Linux installations run by the
clueless
> masses aren't worth targeting. It's much more "fun" to target millions of
> Windows systems. Once Linux gains the consumer popularity desired by the
> Linux community, that will change.

let's wait until that happens. so far, what we see is loads of windows boxes
going belly-up all over the place, professionally maintained and otherwise.

[snip]
> Managed code in .NET will resolve some (but admittedly not all) of this.
Much
> of Longhorn is being written using managed code, there will be no
> opportunities for buffer-overrun attacks in a system that can't have a
> buffer-overrun.

i'll believe it when i see it. there have been too many announcements of
future security improvements by microsoft that it seems that some
reservation is in order.

-- j

[snip]

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

On 7 May 2004 10:24:47 -0400, John Brock spoketh

>
>Thanks for the answer. If I may try to boil it down, it looks like
>you are saying that NAT is a perfectly good firewall for a home
>user who has no reason to think he will ever be the target of a
>DoS attack (which is to say most home users) and has no desire ever
>to allow outside computers to initiate connections to his machine.
>Is that right?

Yes and no. A NAT router provides adequate protection for home users.
These devices are designed to block inbound connections while allowing
all outbound connections. Most such routers also allows you to host
servers (forwarding traffic on certain ports to a defined internal
host), and some allows for blocking some outbound ports.

SPI simply means that the router does a closer inspection of the packets
to ensure that they are what is really expected.

>
>Or let me put it another way: If I am using a NAT router and I go
>to a security site like grc.com and use its ShieldsUP! facility I
>should see nothing but closed ports, which means that while it's
>possible for a hacker to disrupt my Internet connection with a DoS
>attack it is *not* possible for him to break into my machine. Yes?

Yes, all your ports should show up as closed. This makes it difficult
for outsiders to get into you network, however, there are supposed to be
ways to fool NAT and get in anyways. But, that's a lot of work to be
doing to get into a home users' computer.

>You are saying that what an SPI firewall does is allow you to expand
>on this basic protection, allow certain incoming connections, and
>perhaps filter outgoing connections in various ways. Right?

SPI does a closer inspection of incoming packets to ensure that they
match the reply packets that are expected. Doesn't have anything to do
with allowing traffic or filtering outbound. For instance, when Linksys
introduced SPI for their BEFSR11 and 41, that broke port forwarding, so
those hosting servers couldn't enable SPI...

>
>I bought my BEFSX41 firewall/router because I had gotten the
>impression from various reading that a NAT router, while helpful,
>fell short of complete protection from outside break-ins. I don't
>resent spending the extra money, but it looks like you are telling
>me that I was mistaken, and that for my purposes NAT alone would
>have been sufficient. The thing is, I may be helping another home
>user get set up for broadband soon, and if a NAT router is all she
>needs then there is little point in making things more expensive
>and complicated by getting a full firewall/router. But I don't
>want to leave this person open to infection either, so I want to
>make sure I understand the issue fully. Can you point me to any
>helpful web sites which go into the issue of NAT as firewall in
>more detail?

My recommendation is that you get anti-virus software and a router of
some kind. A NAT router is relatively cheap, and it does keep the junk
on the outside from getting to the inside. Anti-virus software for home
use can be had from a few vendors for free.

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <c7g4m8$2e8s$5@nyheter.ipsec.se>, phn@icke-reklam.ipsec.nu
says...
> Now, do you have a valid argument ( like comparing, let's say KDE to
> windows screen manager) in terms of vulnerabilyties ? Please give
> one or two examples, not a pure "echo of MS FUD"

Sure, here's an example - give your neighbor, the one that doesn't know
anything about computers, a RH9 CD set and see if they end up with a
secure system with no help from you.

As with both platforms you have to do the updates, which both OS's
prompt you for, and both platforms need some form of AV software - which
is free for both platforms from their party sources.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <409BA4B5.651A029F@agricoreunited.com>,
Grant Wagner <gwagner@agricoreunited.com> wrote:
:Managed code in .NET will resolve some (but admittedly not all) of this. Much
😱f Longhorn is being written using managed code, there will be no
😱pportunities for buffer-overrun attacks in a system that can't have a
:buffer-overrun.

If I remember correctly, Java "can't have a buffer-overrun". There's been
a number of Java exploits, though.
--
"[...] it's all part of one's right to be publicly stupid." -- Dave Smey

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b05439a1ca0787a98a4ee@news-server.columbus.rr.com...
> In article <2g0tftF26gsaU1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
> says...
> >
> > "Leythos" <void@nowhere.com> wrote in message
> > news:MPG.1b04a93b5456976398a4e9@news-server.columbus.rr.com...
> > > In article <290rm1xgsj.ln2@innovative.iinet.net.au>,
> > > bernie@innovative.iinet.net.au says...
> > > > Leythos <void@nowhere.com> writes:
> > > >
> > > > >When I can give my mother-inlaw a CD with Linux and Star Office
and
> > have
> > > > >her install it from scratch in one evening I'll be happy, till
then
> > > > >she's on XP prof with Office 2003 and sitting behind a Linksys
> > router
> > > > >with Norton AV 2004 running.
> > > >
> > > > You must *really* hate your mother-in-law.
> > >
> > > Nope, I actually like her - the thing is that I understand her
> > > limitations and what software she wants to run - there is little
> > chance
> > > that Quick Books will come out for the Linux Platform. She has a
NAT
> > > router, broadband, NAV 2004, and uses IE in HIGH-Security mode and
> > > Outlook 2003 for email. She's never been compromised and shows no
> > signs
> > > of having any trouble using the system.
> >
> > Except what you listed above is more than a system. System is
Windoze
> > <whatever>. NAV 2004 is not a part of it. There is no measure for
how
> > fast she'd get into trouble using the "system" alone.
>
> I specifically mentioned NAV 2004 in my first post

And?

> - read back through
> the thread. Actually, a SYSTEM is made up of many parts, an Operating
> System is just part of what Windows offers in the package. Your don't
> consider email, browser, FTP client, etc.. an OS do you - those are
> packages that come with the OS to make the OS easier to use.

OK. Have it your way. Now, tell me this. Why doesn't M$ include some
sort of antivirus software in their "distribution"? That would make it
really easy to use. Otherwise one automaticaly has to spend some extra
dallaz on top of the Windoze price in order to be able to use it at
all!.
BTW: what are the prices these days?

> You should address what I posted and not try to take this off-track.
The
> system, Windows XP, Office 2003, and NAV 2004 are SIMPLE for her to
> install, see my other post about what she would have to do/learn to
> install Mandrake 10 and Open Office as suggested by another poster.

What would she have to learn? From my experience, nothing more than what
she already knows if she installed Windoze + M$Office.

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <2g1i0hF33edtU1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
says...
> OK. Have it your way. Now, tell me this. Why doesn't M$ include some
> sort of antivirus software in their "distribution"? That would make it
> really easy to use. Otherwise one automaticaly has to spend some extra
> dallaz on top of the Windoze price in order to be able to use it at
> all!.

While I don't use them myself, there are a number of FREE AV products
with updates available - same as for Nix.

> BTW: what are the prices these days?

Norton AV 2004 can be purchased for about $40 or $20 if you do the
update path.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b0542687e826ca198a4ed@news-server.columbus.rr.com...
> In article <2g0tt8F2urajU1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
> says...
> >
> > "Lars M. Hansen" <badnews@hansenonline.net> wrote in message
> > news:9eql9013plilkadni2e7tkeircae8jguvn@4ax.com...
> > > On Thu, 6 May 2004 18:26:10 -0700, "Jörn W. Janneck" <jwjanneck at
> > yahoo
> > > dot com> spoketh
> > >
> > > >
> > > >other than having paid for xp prof, office, outlook, nav, and, of
> > course,
> > > >quickbooks. that's a lotta girlscout cookies...
> > > >
> > >
> > > Funny how it suddenly was about cost ...
> >
> > Funny how in order to make the "system" even plausibly stable and
secure
> > one has to install _extra_software_. Expensive, too.
>
> Funny how the person suggesting Mandrake and Open Office didn't
include
> any AV software for it.

I don't think it's funny. For the time being one doesn't need av
software using Linux. As a desktop machine. What's really funny is this:
there are a lot of Linux server machines running av software on top of
their mail servers because Windoze using crowd produces millions of
virus-infected messages. Now that's funny. Wake me up when M$ produced
software runs filters for Linux viruses. Until then...

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

In comp.security.misc David W.E. Roberts <nospam@talk21.com> wrote:
>
> <newstome@comcast.net> wrote in message
> news:y6Fmc.35825$_41.3254321@attbi_s02...
> <snip>
>> If the capability is there from your ISP, then you'd really have to
>> ask if the ISP would want to turn on NAT by default. Think about it:
>> how many people hook up to the net and want to run a peer-to-peer
>> program? I think I saw a survey recently that said something like 30%
>> of users have used Kazaa or a variant at some point. Guess what? It
>> won't work behind a NAT, without configuring the NAT specifically to
>> deal with this.... How many calls to customer service would that be?
>
> Hmmm......Kazaa isn't really P2P as it goes through a server.
> So it does work through a NAT router (at lest through mine which isn't
> currently uPNP).

My understanding is that Kazaa is just a variant of Gnutella, which is
a true P2P system. The "servers" in Kazaa are just to make the
initial P2P connections -- file transfers are still P2P. Gnutella
will work if one of the people involves is behind a NAT (or a firewall
that blocks incoming connections), but not if both are. You have to
have one of the parties open a connection to the other, which has to
accept it.

With all that said, I've never used Kazaa -- although I know the
Gnutella protocol very well.

> This is the basis of security using NAT - by default nobody can call in on
> ANY port.

Yes, but that's also the weakness if you want to do anything other
than use other people's servers....

--

That's News To Me!
newstome@comcast.net

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

"John Brock" <jbrock@panix.com> wrote in message
news:c7g67f$mu5$1@panix2.panix.com...

Briefly:

(1) NAT is good (I would say essential) - for entry level users this is all
you should need. NAT will not allow any incoming calls whatever.
Lalalalala I can't hear you 🙂
Bad people go elsewhere.
NAT is not a firewall - it is a brick wall.

(2) A firewall (or limited subset of this) is needed if you want to do more
than just send emails and surf the net.
This will allow some incoming calls, but provide some controls.
This allows you to route incoming calls to a machine of your choice, and
also allows you to use P2P tools such as gaming and video conferencing.
It can impose various controls on who surfs where and when.
Each supplier has different features.
If it doesn't cost much more, buy it (you may need the features later).

(3) A SPI firewall is more sophisticated and can protect you against DoS
attacks.
Again, if it doesn't cost much more, buy it.



To put this all in context, as far as I can tell at the moment (in the UK)
most recent modem/routers seem to have SPI firewalls. These are usually wll
under the £100 UKP mark (including an 802.11g gateway), some nearer the £50
UKP mark (without wireless). So there is not much saving in buying a NAT
only router (unless you like buying 2nd hand kit on eBay).

Like washing machines, you can buy one with 128 different ways to wash, and
only ever use one. Still, if you have that special need the programmes are
there 🙂

Also like washing machines, reliability and good support is worth more than
features..

Did I say briefly? Hah!

Cheers
Dave R

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b053dd8750410c998a4eb@news-server.columbus.rr.com...
> In article <c7f3h1$mf01@cliff.xsj.xilinx.com>, "Jörn W. Janneck"
> <jwjanneck at yahoo dot com> says...
> > so you think shifting the topic should be a privilege reserved to
windows
> > advocates? a redmond-patent, perhaps? ;-) or have we already figured
out why
> > that mother-in-law suddenly needs quickbooks so badly when just a
moment ago
> > installing os+office was the standard for happiness?
>
> As I said in a previous post, it's not about shifting, it's about ease
> of install - in order for her to get the BETA copy of Mandrake 10 she
> would have to find an FTP site (hard to do if your computer isn't
> running),

Yes, that could present a problem.
I wonder how M$ folks work around that problem. How in heaven's name can
I visit www.microsoft.com if my computer isn't running? Did M$ invent
something revolutionary since I last checked?

May I suggest the following:
Judging from your previous posts she (your mother in law) obviously had
Windoze running sometime in the past. I also presume that she has a
legaly bought copy of some Windoze installation. If her computer isn't
working, she should install Windoze again (she knows how to that,
doesn't she?). Now all she has to do is visit Mandrake site, DL their
distribution and she's ready to rock. If she, on the other hand, has a
slow line and can't afford to wait until DL completes, then she should
go to some computer store and buy the distro on CD. She could also make
some calls and borow the CD from someone who already has it (and make a
copy for later use). Did I miss something?

> download it, burn the ISO to CD, and run from there.
>
> With a common OS, such as Red Hat or Windows, she can purchase it just
> about anywhere.

What's "anywhere" these days? You mean local store? Or... internet
perhaps? She has a credit card, doesn't she? Mandrake distro CD is just
a few clicks ("allow a couple of days for delivery") away.

> Problem is that she's not going to be able to secure
> install RH unless she's behind a router

Behind a router? Everybody's behind a router, man! ;-)

> any more than Windows. On top of
> the security issue, she only knows one person that knows Linux, and
she
> has friends, family, co-workers that have Windows systems and MS
Office
> - kind of makes sense to stick with something that works for so many
and
> has such a large support base - at least for someone like her.

Now that's another issue.
Moreover, in a few years she, her friends, family & co-workers just
might find themselves wondering why that overwhelming majority of
Windoze users has suddenly disappeared. ;-)

> Cost is not really an issue

Can somebody forward this to Bill Gates, please?

> - by the time you look at the cost of
> finding, burning, installing, learning a new OS, learning Open Office,
> you've paid for the cost of Windows and MS Office.

So cost _is_ an issue after all? Which is it?

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <2g1kc9F3agcoU1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
says...
>
> "Leythos" <void@nowhere.com> wrote in message
[snip]
> > Cost is not really an issue
>
> Can somebody forward this to Bill Gates, please?
>
> > - by the time you look at the cost of
> > finding, burning, installing, learning a new OS, learning Open Office,
> > you've paid for the cost of Windows and MS Office.
>
> So cost _is_ an issue after all? Which is it?

What I was trying to relate is that the time/cost of both is about the
same, there is not much of a difference when you consider all the sides
and time involved. That's why cost is not an issue in choosing either
platform (OS is only free if you don't value your time).


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b0542265a2390d698a4ec@news-server.columbus.rr.com...
> In article <c7f3h1$mf01@cliff.xsj.xilinx.com>, "Jörn W. Janneck"
> <jwjanneck at yahoo dot com> says...
> > since, surely, nobody in their right mind wants to spend that amount
of
> > money for something that they could replace for free, now would
they. (on
> > amazon: xp pro 179 to 269 + office 124 to 419 + outlook 86 + nav 59
+
> > quickbooks 139 to 289 = 587 to 1122, and that's USD) but i am sure
that
> > there is some feature in, what was it, quickbooks, that is not in
gnucash,
> > and that just happens to be absolutely essential to this
"mother-in-law."
> > and if it's just the ability to read quickbook files.
>
> Well, lets take a look at this - since we're talking about people that
> are doing it on their own, we're talking about people that must know
> enough to purchase OEM copies instead of retail. Heck, if they know
> enough to find/download/install Mandrake and Open Office and then find
> GNUCash and install/import they know enough to get OEM.
>
> Windows XP Prof OEM: $140

Wait a second! If you stick OEM price in the total then you should also
add hardware costs.

> Office 2003 SBE (Access, Word, Excel, Publisher, Outlook) $241
> Total cost $381

You forgot (at least) the following:
Go to the store (+ wait in line & negotiate for a price 🙂), buy
Windoze & Office: ? hours.
While at that same store, also buy NAV 2004: $???.
Install the whole shebang: ? (or perhaps even ??) hours.
Live update NAV 2004: ?? minutes?
Learn new features: ?? hours, maybe even ? days.

Do the math again.

> Open Source:
> Time to find Mandrake 10 Beta 15 minutes
> Time to download - 2 streams 4 hours each - 8 hours total 3 ISO images
> Burn to CD - 4 minutes each
> Wipe computer you just downloaded from - 15 minutes
> Install Mandrake 10 - Guessing 1 hours for first time?
> Install Open Office - Guessing 15 minutes first time?
> Get Travan 40 tape drive working - 2 hours
> Restore backup of data - nope, used Tapeware for backup
> Find Tapeware for nix - download it
> Figure out how to install it - 30 minutes
> Restore backup of data - Yea, (no time since it would be the same on a
> Windows box)
> Find GNUCash - 15 minutes
> Install GNUCash - 15 minutes
> Restore QuickBooks backup file - not sure if we could
> Relearn office tasks - about 30 minutes over the week.
>
> TOTAL TIME 14 hours, 6 hours if we don't count downloads
>
> Pay rate $25/hr * 14 hours = $350 base cost
> Pay rate $25/hr * 6 hours = $150 base cost
>
> So, if we account for all of her time to download and setup Mandrake
10
> and Open Office it's about a wash, even if we don't count the time she
> takes to be around to monitor the FTP, Mandrake/Office solution is
only
> half as cheap as the MS solution.
>
> In reality, the Mandrake / Open Office solution is going to cost her
> much more in relearning time over the next 6 to 8 months as she learns
> more about it and tries to do the same things she did on Windows base.
>
> Once you look at the cost, it's not much difference, it's about
comfort
> and ease of use, and for someone that already knows the Windows base
> it's not worth the effort.
>
>
>
> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <2g1lghF3i664U1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
says...
> You forgot (at least) the following:
> Go to the store (+ wait in line & negotiate for a price 🙂), buy
> Windoze & Office: ? hours.
> While at that same store, also buy NAV 2004: $???.
> Install the whole shebang: ? (or perhaps even ??) hours.
> Live update NAV 2004: ?? minutes?
> Learn new features: ?? hours, maybe even ? days.
>
> Do the math again.

Most people pass by a computer store during their daily outings, so I
didn't consider the time as being valid - but I will give 30 minutes on
it. No line, no negotiation.

Someone mentioned that I forgot the price of the hardware since I was
using OEM prices - you are correct, add $40 for a 20GB drive to cover
the license restrictions.

I didn't count any of the NAV updates or cost since both platforms have
FREE AV products and BOTH require updates. I was only trying to show the
differences.

The $25/hr was about what a typical office worker gets paid AT the level
of my mother-inlaw, not what a IT person gets paid, so the figure
stands. +/- about $50.

So, again, the cost of either platform is actually insignificant since
they are about the same. The learning curve is much higher to move to
ANY new platform, but we won't put a price on that.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b053cbd9b19ef9098a4ea@news-server.columbus.rr.com...
> In article <c7eojl$kp41@cliff.xsj.xilinx.com>, "Jörn W. Janneck"
> <jwjanneck at yahoo dot com> says...
> > Leythos wrote:
> > > In article <290rm1xgsj.ln2@innovative.iinet.net.au>,
> > > bernie@innovative.iinet.net.au says...
> > >> Leythos <void@nowhere.com> writes:
> > >>
> > >>> When I can give my mother-inlaw a CD with Linux and Star Office
and have
> > >>> her install it from scratch in one evening I'll be happy, till
then
> > >>> she's on XP prof with Office 2003 and sitting behind a Linksys
router
> > >>> with Norton AV 2004 running.
> > >>
> > >> You must *really* hate your mother-in-law.
> > >
> > > Nope, I actually like her - the thing is that I understand her
> > > limitations and what software she wants to run - there is little
chance
> > > that Quick Books will come out for the Linux Platform.
> >
> > well, that did not take long for the requirements to shift. so i
guess this
> > means you are not, in fact, happy that your mother-in-law could
indeed
> > install linux and an office suite from scratch in an evening.
>
> Nope, it didn't shift, it was still about her installing Linux and
> getting it running. I know for a fact that she can install XP on her
new
> P4 (yea, cheap, but it works) without any problems and get Office and
> such running. I have enough licenses so it doesn't cost her anything.

So there _is_ a free meal after all! ;-)

> > > She has a NAT
> > > router, broadband, NAV 2004, and uses IE in HIGH-Security mode and
> > > Outlook 2003 for email. She's never been compromised and shows no
signs
> > > of having any trouble using the system.
> >
> > other than having paid for xp prof, office, outlook, nav, and, of
course,
> > quickbooks. that's a lotta girlscout cookies...
>
> I think what she would find harder is going down to the local Best Buy
> store, finding Mandrake 10 (which is still in beta) or anything but
Red
> Hat, and then finding Open Office or Star Office

Yeah, that would be really hard, because Open Office is usualy on the
distro CD and Star Office on some of them. A click (or keypress) away.

> - you see, without her
> computer she would not be able to download them, and without a
CD-Burner
> she would not be able to move the ISO images to a CD to install it
> anyway. On top of those, she has the support of her friends, family,
and
> co-workers that are all running Windows XP and MS Office.
>
> As for being secure, she's behind a router,

You mean firewall?

> so she has nothing to fear
> as she installs, gets the Windows Updates, Office Updates, NAV
Updates,
> and then checks her email (in that order).

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <2g1mmsF3hhn6U1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
says...
> > As for being secure, she's behind a router,
>
> You mean firewall?

No, I typed what I mean - a router. A router with NAT is NOT a firewall.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b0545b35bea29df98a4f1@news-server.columbus.rr.com...
> In article <4nKmc.2338$Yc.35503@news4.e.nsc.no>, toreld@netscape.net
> says...
> > So why isn't there a configuration page in Windows where the average
> > user can do this sort of thing by pointing and clicking? Sure,
there
> > will have to be some options to allow for different configurations,
but
> > the idea still seems worth pursuing.
>
> There are many pages on the web, even from MS, that tell you how to
> secure your installation - you just have to look a little.

Ah! A little: ?? hours, maybe ?? days. Add that to the "total" in some
of your previous posts. ;-)

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <2g1mveF3kr2sU1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
says...
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b0545b35bea29df98a4f1@news-server.columbus.rr.com...
> > In article <4nKmc.2338$Yc.35503@news4.e.nsc.no>, toreld@netscape.net
> > says...
> > > So why isn't there a configuration page in Windows where the average
> > > user can do this sort of thing by pointing and clicking? Sure,
> there
> > > will have to be some options to allow for different configurations,
> but
> > > the idea still seems worth pursuing.
> >
> > There are many pages on the web, even from MS, that tell you how to
> > secure your installation - you just have to look a little.
>
> Ah! A little: ?? hours, maybe ?? days. Add that to the "total" in some
> of your previous posts. ;-)

Nope, I posted a link that I found in Google, it was the #2 link - was
very clear and easy to follow - did you miss that link?

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b056fcd4a9d1df698a4ff@news-server.columbus.rr.com...
> In article <2g1lghF3i664U1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
> says...
> > You forgot (at least) the following:
> > Go to the store (+ wait in line & negotiate for a price 🙂), buy
> > Windoze & Office: ? hours.
> > While at that same store, also buy NAV 2004: $???.
> > Install the whole shebang: ? (or perhaps even ??) hours.
> > Live update NAV 2004: ?? minutes?
> > Learn new features: ?? hours, maybe even ? days.
> >
> > Do the math again.
>
> Most people

Most people have CD burners today. And a line faster than your mother in
law's two streams.

> pass by a computer store during their daily outings, so I
> didn't consider the time as being valid - but I will give 30 minutes
on
> it. No line, no negotiation.
>
> Someone mentioned that I forgot the price of the hardware since I was
> using OEM prices - you are correct, add $40 for a 20GB drive to cover
> the license restrictions.
>
> I didn't count any of the NAV updates or cost since both platforms
have
> FREE AV products and BOTH require updates. I was only trying to show
the
> differences.

But you did say that your MiL actually had NAV 2004.

> The $25/hr was about what a typical office worker gets paid AT the
level
> of my mother-inlaw, not what a IT person gets paid, so the figure
> stands. +/- about $50.
>
> So, again, the cost of either platform is actually insignificant since
> they are about the same. The learning curve is much higher to move to
> ANY new platform, but we won't put a price on that.

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <2g1ngdF3hcgbU1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
says...
> Most people have CD burners today. And a line faster than your mother in
> law's two streams.

I have a 3mbps business class line that provides me with more than
enough speed, but when I selected the Mandrake 10 ISO images the FTP
site, about the only one that worked with the ISO's, limits the total
connections to 2 - and that was at 40KB/Sec. It's not my connection,
it's the limitations placed on the servers at the EDU where the distro
is stored.

I agree about the CD burners part, but most people that have them barely
know how to use them and most have no idea what an ISO image is.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)