Did you bother to visit those links that I provided or use the search function?

If you did, you would see that this topic has been asked and answered in the past.

I did go trough that links and haveb't noticed it. Sorry i'll look again. Tnx

Listen, I'm not big on holding hands, but I will be nice and do it this time.

Start Here and Read the Thread:

http://forum.defcon.org/showthread.php?t=1847

People like Astcell and 0versight actually give some good information in there.

If you need ruther information use the SEARCH function.

This is the last time I will indulge you with hand holding.

Tnx.. Very nice of you..

Why would there be limited opportunities in Slovenia? I was in Croatia and Bosnia in 1997 doing sysadmin work and I could still be there today if I wanted. Take a year of computer school then search out Verizon or Brown & Root, both of whom are always hiring in the areas. I would have stayed but my girlfriend back in the states would have killed me. :>

spyware..

depreschn, i dont know if anyone answered your question on spyware..You mite want to check some of these links out for your xp system;

http://www.lavasoftusa.com/software/adaware/

http://www.spybot-search.com/

Havn't tried this, but found it through my travels
http://www.spykiller.com/index4.asp?ref=2400
I hope this was some help
Goodluck

well i always have nessus on my box, and always update the plugins and scan on a regular basis , i run freeebsd tho not linux, as far as mail and anti virus solutions, we have all that filtered out with spam assasin, and we filter out virii

hope that helps.

Redhat 8.0 as server? do you have custom/modified kernel? did you do all the basic checks for some misconfigurations within redhat itself? First 2 things I would do if you not have done so already... find / -type f -perm -04000 -ls and get the list of SUID files and find / -type f -perm -02000 -ls to get the list of SGID files...if you're new to *nix, the list may appear foreign but in the stock release of 8.0 there are world writable files that shouldn't be. An old but good example is the issue with S99local, which is having /etc/rc.d/rc3.d/S99local as a world-writeable startup script... extremely dangerous, and you're giving away root with minimal difficulty. When the system is started, its executed with root and attackers could create a SUID shell the next time the system is restarted. With a small string I wont post here for obvious reasons, it very well could create a SUID shell in /tmp, in addition it'll make /home/public world writeable, thus attackers can overwrite any file in the directory with the mv command. 2 minutes to game over for one of the most overlooked holes if you're not careful.

Qu|rk

Everyone seems to have their own opinion to your broad and general question, but I'll just chip my 2 cents in...

The first thing you want to do when you are concerned about your security, is to disable all your services, and then go back and turn on the things you need to perform whatever functions that computer is to perform and then update and patch everything that is running to the latest build.

Useful tools like pkg_update or windowsupdate are useful for keeping your core system current, however this will never protect you against tomorrow's exploits.

I cannot emphasize enough how important it is to understand completely how your firewall works before deploying it and assuming your safety. Compromising a "firewalled" system is a cinch if the system is too promiscious with permissive rules. A firewall is intended to be strict, keep it that way. Remembering to keep every user workstations out of your DMZ. I've seen many kiddies who can't figure out how to get the Instant Messenger or DCC to work on IRC and instead of working out the correct firewall rules, instead place their own workstation in their DMZ.

In summary, disable services, keep your system up to date, behind your firewall, and pull the belt as tight as you can. You don't want your pants falling off your ass like another dumb wigger.

Windowsupdate? I'd have to say.... no... especially if you are foolish enough to tell it to always trust microsoft content(Major security risk, trusting a software company with rogue coders that hate their job, and don't know how to bug hunt or use Purify). If you've read the things about Microsoft update in depth, they can send you anything, force you to install it, and if it happens to wipe out your drive... surprise, it's not their fault nor will it stand up in a court of law. If you want patches, I would recommend manual update from their site, going only after what you need which is still more than likely questionable at best - but it's Microsoft...

Quirk-

I think you are referring to Automatic Update. Windows Update is the one where you "manually" go to their site and choose the updates/patches you want.

Yes, I tend to do that when doing tequila shots and posting - I'm currently going over anything I posted on last night and making sure that things are ok, and I didn't make an ass of myself further.


Quirk-

Corrections aside, just 2 quick points to make.

I'm sure Microsoft doesn't allow their programmers whimsical access to publishing.

Every software development company has an indemnification of damages in their EULA.

OK, fair point. But what happens when someone eventually understands the mechanism by which Windows Update does operate, and exploits that to push malicious code down to n thousand machines? Granted, this is a speculative scenario, but not wildly so.

Am I remembering incorrectly, or didn't windows update get nailed by Code Red because they hadn't patched it?

I don't think you are wildly speculating at all, since by that same token, any patch bearing website could be owned and you could DL trojaned patches/updates.