Run Fast, Run Naked - An alternative approach to internet security

GoGov ^ | July 2, 2005 | GoGov

[Larry Lucido]

Run Fast, Run Naked

I just tried that. Unfortunately, I found out I can't run faster than the police anymore. I should be back in 7 to 10 days.

[snowsislander]

Knoppix

Yup.

Puppy is also pretty impressive -- using diet libc was a real win, I think.

[operation clinton cleanup]

I have DSL and my computer is connected 24/7/365 and has been online for close to three years straight. $0.00 down, $0.00 per month.

WOW! How do you get a free DSL connection!?

[MediaMole]

To a certain degree, this is what I do, but running without any protection seems like a pointless endeavor. Why shouldn't a user take advantage of computer security? Trojans, spyware and viruses will rapidly degrade any unprotected system.

I'm running this Linux box behind a hardware firewall and have no problems with streaming audio and video. The Windows box with more important stuff also has a software firewall (primarily to control outgoing data), anti-virus and encryption for sensitive data, but it isn't slow. Most of the slowdown people encounter is related to Windows inefficiencies. Strip down unneeded startup programs and services and even Windows will get faster. Shut off all those "helper apps" that are installed with printer drivers, quicktime, Media Player, itunes and the like. Take a look at all the running processes in Task Manager and you will understand why Windows slows down so much over time.

Reinstalling Windows every so often will certainly speed up the computer, but if you are going to do that regularly, set up the hard drive with two partitions -- one for the system and one for the data. That way, when you reinstall windows on your C: drive, all your data is safe on the D: drive on the second partition.

If you reinstall windows, make sure you have the downloaded version of Service Pack 2 to install before you connect your computer to the net or you may have less than 5 minutes before your system is compromised.

[Riley]

Not unworkable- but it will need some geek savvy to set it up.

You set up the naked Internet machine once. Tweak all the configurations, patch it current, install all of the software you want on it. Then, before you 'go live' with it, you use Ghost to make a copy of the contents of the hard drive. Make the copy in the drive of the other machine on the LAN. Get a boot disk or two made that connect you to the other machine, and have the Ghost client on them.

When you need to reimage the machine, you pop the boot disk in the floppy drive, it mounts the NIC and maps a path across the network to where the Ghost drive image is stored.

You have it reimage the naked net unit- and it is totally redone just as it was before in about twenty to thirty minutes- with all of your configurations intact. Just reboot the naked unit, and you're off again with a fresh machine.

Personally, I prefer to lumber around heavily armored, but that's just me.

[cooldog]

The author of this piece is a moron (or a maroon, depending on how long one's been a Freeper). More than half the risk of the trojans and virii and other comprimises is that they turn your machine into zombie, cranking out virus or spam emails by the tens of thousands, or that they use your machine as a part of a network for distributed denial-of-service attacks.

This is a case of a little knowledge (and a ready pen) being a very dangerous thing.

[SandwicheGuy]

Even more simply, just run from a livecd such as Knoppix or Puppy on the throwaway machine.

Thanks for the link. I was fascinated by Puppy. Knoppix is great but you can see where this is headed. I'm going to put Puppy on a pen drive... This is going to be fun!

[jwh_Denver]

heavily armored - I agree. I ghosted my C drive about a month ago and didn't have a pop up blocker working and I was absolutely bombarded with them. Run fast, run naked at first seems to be a decent idea but at least with my experience, I'd be ghosting every other day. Besides, most of the things I do on this computer are business related. I don't want to be switching back and forth all the time.

[snarkpup]

I use an old PC for all my internet access. The only issue I have run into is that many DSL providers assume that none of their customers are doing this and therefore they do not support old operating systems (like Win 95). I had to shop a bit to find a provider that fully supported traditional protocols.

[snowsislander]

I'm going to put Puppy on a pen drive... This is going to be fun!

For keeping a distribution lightweight and with plenty of functionality, Puppy is hard to beat.

[ThePythonicCow]

There are two separate kinds of problem here.

There are the popups, spyware, viruses and spam that you see, or can see easily if you run a program to look for it. These are motivated by either juvenile messing around, or the desire to sell you something (or at least to get your money under the pretense of selling you something).

That stuff is pretty easy - so long as you have cleaned it up enough that it doesn't annoy you, you're done. It's like the dirt that collects on your car. How much dirt you will tolerate, versus how much time or money you will spend cleaning depends on personal preference.

The other stuff does its best not to let you see it. It is either trying to steal data, such as with a key logger that might catch a password to your bank, or it is trying to steal your PC, to use as a bot for attacking other computers on the internet. That stuff is motivated by serious greed, or a serious desire to commit acts of terrorism against the internet. It is getting increasingly good at staying hidden.

If you have a PC that is connected to an always up DSL line, then it is a prime candidate for being hijacked as a remotely controlled bot, without your knowledge.

The latest research on this suggests you've got an average of 12 minutes on the internet with a naked PC before being hijacked. Are you really going to reimage every 12 minutes? I doubt it.

---

From http://www.channelregister.co.uk/2005/07/01/sophos_1h05_malware_report/ :

---

By John Leyden 1 Jul 2005 10:54

Malware authors up the ante

Malware authors have increased both the volume and sophistication of their attacks over the last six months. In the first half of 2005 anti-virus firm Sophos detected and protected against 7,944 new viruses - up 59 per cent from the first six months of 2004. The number of keylogging Trojans has tripled in the first six months of 2005 compared to the first half of 2004.

More computer viruses and worms mean an unprotected Windows PC (without either firewall or antivirus protection) stands a 50 per cent chance of infection by a worm after just 12 minutes online. Graham Cluley, senior technology consultant at Sophos, conceded that Windows PCs no longer ship in this unprotected state. Nonetheless the finding illustrates the need to apply basic defences (consumers can find free products aplenty if they choose to look).

The longstanding Zafi-D worm, which poses as a Christmas card greeting, made up more than a quarter of all viruses reported to Sophos so far this year. Runner up was the long-running NetSky-P worm with the bilingual Sober-N worm, which poses as offers for free tickets to the 2006 World Cup in Germany, in third place.

"The threats are consolidating - it's becoming more blurred as to whether something is a spam, a spyware, a phish or a virus problem. Businesses must ensure they are protected against all of these threats," Cluley added. ®

---

Please don't run naked systems on the internet. Even if you don't see a problem, and even if you are not doing anything on that PC that you don't mind having recorded by keyloggers owned by nasty people, your PC becomes a bot that will be used to attack the rest of us, and used in Distributed Denial of Service (DDOS) attacks that have taken down major sites, and big chunks of the internet.

Please at least run behind a hardware firewall. You can usually find one for $20 to $30 at newegg.com by searching for "firewall", and sorting by "lowest price". Todays special:

---

LINKSYS BEFW11S4 Wireless Routers View Pic

LINKSYS BEFW11S4 IEEE 802.11b, 802.3, 802.3u Wireless Router - Retail Antenna: Two Detachable Antennas Frequency Band: 2.4GHz LEDs: Power WAN :Diag, Act, Link LAN :100, Full/Col, Link/Act Power, WLAN Link, WLAN Act Network Protocols: CSMA/CD Ports: 1x10/100M WAN; 4x10/100M LAN Security: - Advanced Security Management Functions for Port Filtering, MAC Address, Filtering, and DMZ Hosting - Capable of up to 128-Bit WEP Encryption - Supports Enhanced Security Using NAT Firewall, ZoneAlarm Pro*, and PC-cillin* Software Temperature: 0 to 40°C VPN support: IPSec and PPTP Pass-Through Wireless Adapter included: No WPA: No Model #: BEFW11S4 Item #: N82E16833124002 **This item is warranted through the product manufacturer only.  In Stock $1.99 FedEx Saver Shipping $30.00 Mail in Rebate [37 reviews] Move To Wish List

Unit Price: $47.99 Mail in rebate: -$30.00 $17.99

---

Also, if you are running Windows, please either install Windows XP Service Pack 2 (SP2), or else, after installing Windows, go _first_ directly to the Windows Update site, available off a pull-down from one of the Internet Explorer menus, and install all the patches, before going to any other website.

---

The above, plus re-imaging every month from the clean installation you had after updating the Windows patches, would be much safer for the rest of us than a naked system. The best imaging software for Windows users seems to be Symantec’s Norton Ghost 9.0

[ThePythonicCow]

Yup - a maroon.

[operation clinton cleanup]

Do you know of a file sharing site I can download Ghost from???

Just kidding!

[chariotdriver]

Actually I have been doing this for awhile on the main machine even with all the other safeguards in place.

Some might think it overkill for reformat and re image, but I have a system down for it (to make it quick) and I FEEL BETTER when I do all the tasks.

[Caesar Soze]

If you had nothing of value in your car, your car was a low cost clunker that no one would want, would you leave your doors locked? Of course not. No one is going to try and get in it. With a computer on the internet it is essentially the same. If you don't have anything anyone could want, what is the point of locking it up?

Do you have disk space? RAM? Bandwidth? CPU time? Then you have something of value on your computer, and there's people out there who will take it if you let them. Ignore the rest of this article.

[ThePythonicCow]

no!

[general_re]

This is a very bad idea.

[chariotdriver]

Meant to be replying to the other posters, not the article. I would not run any system 'naked' as they call it. It will become a bot for hackers etc.

At home I have link-sys hardware router with NAT, then Zone Alarm, and with Norton AV and a few ad-ware things.

[Asphalt]

Interesting idea. Without a pop-up blocker, however, you will have seventy windows open withen the first twenty seconds

[Asphalt]

that works