Date: Fri, 19 Aug 2005 23:47:27 -0500 From: Nikolas Britton <nikolas.britton@gmail.com> To: Jerahmy Pocott <quakenet1@optusnet.com.au> Cc: freebsd-questions@freebsd.org Subject: Re: Long Uptime Message-ID: <ef10de9a05081921471cb66c3c@mail.gmail.com> In-Reply-To: <D204103E-3CE8-44BE-8439-48FF0643CE66@optusnet.com.au> References: <6ECB363F-1ACE-40E8-AE86-73C7C010CC11@optusnet.com.au> <D204103E-3CE8-44BE-8439-48FF0643CE66@optusnet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/19/05, Jerahmy Pocott <quakenet1@optusnet.com.au> wrote: > On 20/08/2005, at 11:34 AM, Nikolas Britton wrote: >=20 > > > > You can keep a windows 2000 system secure without patching!: > > > > * Uninstall Outlook Express and IE ( http://www.litepc.com/ ), Install > > Firefox and Thunderbird. > > * Install Perl, Uninstall WSH. > > * Hardware (m0n0wall) and software (stealth mode, deny all (Kerio, > > ZoneAlarm, etc.)) firewalls. > > * Virus scanner. > > * Remove MS JVM, install Sun's. > > * MS Office replaced with OpenOffice (Don't install Outlook!!!). > > * Subscribe to CERT advisories list. > > > > I had a running average of 30-40 days between reboots, I think the > > highest was 90+ days, on my main do everything and anything desktop PC > > (it runs FreeBSD, 6-STABLE, now). > > >=20 > Many updates are for core things that require reboots though.. As a > desktop > you can get away with it.. As a server I don't think I would take the > risk.. >=20 I'd have to sorta disagree with you, I think it breaks down more like this: 90% Outlook / Outlook Express, Internet Exploder, WSH (.vbs, .js etc.) etc. and their subsystems like the MS-HTML engine, ActiveX. 10% Others (core), like the RPC problem or what ever this new one is. You can forcefully remove everything in the 90% category with software like 2000/XPlite. On a properly firewalled windows system the main entry point for any type of exploit is outlook or IE. Unless theirs an RPC exploit like the one a wail back I don't patch are systems. Here is what I do when I deploy a new box: 1. Install SP4. 2. Windows update (if I remember to do it). 3. Install 2000Lite and Remove IE, outlook, and all that crap. 4. Install Firefox and Sun's JVM. (use Horde's IMP for email, Kronolith etc. for groupware) 6. Install firewall and anti-virus software. 7. OpenOffice 2 I spend MORE time fixing the crap that MS breaks (NO I DON'T WANT TO REINSTALL INTERNET EXPLODEDER YOU FSCKING AHOLES!!!, LEAVE MY PROGRAMS ALONE!!!) with their hotfixes and getting Adobe's Photoshop CS1/2 to work (10GB temp files using it's file browser, 30% CPU usage and 1GB ram with the program doing nothing in the background that I just started!!! WTF!) and getting PageMaker (POFS!!!) to work then I do with patching and all the crap. I don't have problems so I don't do it, and it's been that way for years. I'm forcing them (yes I have the control and authority to do it) to Mac and OS-X (or Linux when Adobe gets their fucking shit together and ports Photoshop, dammit! I hate lock in!!!, (Gimp is crap btw so don't even...) when they EOL Win2K completely. Win2K is the only Microsoft product we use do to my methodical planning and very strong anti-Microsoft policy. Every critial piece of software we run is cross platform. I'm going to switch careers, or go postal, if I have to keep dealing with the fuck tards at MS. sorry this turned into a MS, and Adobe, rant but it did had I had to blow off some steam. It's like I'm Sisyphus and MS is the rock... MS is like a cockroach. hmmm Maybe if I remove the firewalls,SP4, etc. I can blame it all on MS and get them to change to Mac's faster. I'll have to add that to my black opts. list. Anyways.=20 Anyone here ever think of putting together BSDLinux, FreeBSD with a Linux kernel? I'll have to start a thread over on chat or something.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ef10de9a05081921471cb66c3c>