Dan Appleman - On a security crusade

Play Dan Appleman - On a security crusade
Sign in to queue

The Discussion

  • User profile image

    I was on the phone to a freind this evening who was having computer problems. He had installed a version of MessengerPlus that had been sent to him over MSN. It seems to have installed a load of malware junk at the same time and stopped his AOL from working.
    I found it really difficult to advise what to do.
    His laptop is running XP home so I suggested system restore first, but he didn't have any restore points available.
    I went on to suggest he get rid of unwanted startup programs using msconfig and then uninstall and reinstall AOL but that didn't seem to help either.

    Something else must have been wrong as well as he was getting an error message about "rundll bridge" at startup and media player was reporting no sound device was present. When I suggested he look in device manager he said it was completely empty and did not display a device tree at all.

    While I have a fairly good idea of the processes present on a standard XP installation, It's difficult to know which startup programs are OEM included with the computer and which are potentially harmful.

    As a last resort I suggested he tried his recovery CDs but he doesn't know what he did with them.
    In the end all I could suggest was he called his OEM (Toshiba) support for more advice.

    It's really difficult to provide support over the phone when you cannot see what is going on on thier computer, makes me realise how difficult it must be for tech support professionals.

    I'd like to suggest he get SP2, but not until he has at least a fully functioning system again, also being on dialup I doubt he has the patience to wait for it to download via BITS.
    Perhaps I'll burn the network install to a CD and send him that instead.

  • User profile image

    Your are definately right! I go to High School and not one kid I know, that has their own Laptop/PC knows about security and how it works. And if you count Parents/Teachers well... Lets just say, nearly 99.9%, don't have a clue about security...

  • User profile image
    Dan Appleman, does know his stuff, I first heard of him via dotnetrocks, his webpage has useful stuff on too, (Sorry, not in my favorities on my work PC).

    Anyway can't agree more with Dan's advice, my cousin (all most a teenager) had aload of ad-ware on his PC, every since then I now Remote Support his PC once a week and ensure that his AV, Ad-ware utils are up to date, and I run a complete virus scan.

    I got him a ADSL Router and enabled it's integrated firewall. I'm going to put SP2 this week any way, just because I think the pop-up blocker implementation rocks!

    I have also made sure that his account is non-admin.

    Does anyone know of a good method of blocking url's?

    The link for XP2 doesn't seem to work...?

    All good stuff!
  • User profile image
    Hi anyone else know Dan Appleman's homepage url?
  • User profile image
    Dr. Shim
    I have always found the following to be really good for securing a PC:

    1.) Add your account to the Users or Power Users group. Remove it from the Administrator group.
    2.) Install all of the latest updates. Heck, I got the SP2 beta just to make sure I was ahead of script kiddes! Smiley
    3.) Have a virus scanner.
    4.) And always have Windows Firewall activated.

    Oh, and never install software where you do not trust the source or vendor. That includes stuff your friends send you through MSN Messenger. 

    Also keep the hell away from warez, and any kind of illegal software. They will screw you. Guranteed.
  • User profile image
    Sadly, I think there needs to be a culture change in general with Security. There already is a revolution underway in the development world. I'm talking about the users. 

    If someone is a hit with a virus / hack, and they are a Windows users, Microsoft is to blame. No, not really, but that's the perception. After all, "their friend with a Mac doesn't have this problem" (yet..). Or their friendly geek down the street / hall / whatever would recommend a different OS, since that OS is "secure by default" (whatever that means). Don't get me wrong, every OS has security flaws, but the perception by joe user out there is that if they use an Apple, they won't have this problem. (Safety in lack-of-numbers?)

    Additionally, I think Microsoft *REALLY* needs to push people as best they can to upgrade to XP. I know lots of people still running older os's. Heck, I know a .NET developer ( a good one, mind you!) who only runs Windows 95 at home.. Honest.. (I was floored, but they only code at work). XP SP 2 won't do diddly if tons of people don't use XP, yet are still vulnerable.

    What are your thoughts?

  • User profile image
    His book Always use Protection and his company Desaware.
  • User profile image
    Great thoughts on security! I wonder if high schools would welcome developers to talk to teens about computer security (right after you educate the administrators and teachers).?
  • User profile image
    Dan Appleman
    Changing a culture is a challenge - I'm only taking the first steps here and hoping those of you watching these videos and reading this will join in the effort. The Mac and Linux users are just as vulnerable to scams, but the truth is that most viruses are targeting Windows systems. XP SP2 is a great step, but there's a long way from RTM to having it installed on every home user's system (or even most). Truth is, if people just updated their existing OS with the latest patches, installed a firewall and a self-updating antivirus program, that would go a long way even without XP SP2. Here's something that would help (hope you folks at MS are listening). I'd like to see Microsoft distribute a few million CD's free at every major electronic store nationwide. The CD should include SP2 and the latest service packs/security updates for Win2K, ME and 98. Lots of people are still on dial-up and can't download this software. If AOL can plaster the country with CD's, there's no reason MS can't do it, and this is much more important. Dan
  • User profile image
    Thats a great idea. (wish I had more to post)

Add Your 2 Cents