0Wn3d In 17 Minutes

[Und3ertak3r]

I no longer have the time to apply any critical updates.. I would supply them with a cd and say .. "patch b4 internet..or pay for repairs.. "
Now it is "here is CD with sp2.. install b4 installing anything else.. "

Anyone who is not connecting pc to internet in first few days of possesion. the line is.. "See me B4 you connect to internet. You may need to get a cd with some very important updates B4 you connect"
BTW : the CD is not free.. the equation is simple.. the updates are free.. but $15 for my time is involved to d/l them and make the cd, .. or they read a piece of paper with instructions.. Turn on Firewall, Windows update, install critical updates done.. I sell a lot of CD's , those i don't sell the Cd to.. well most of them have come back to PAY $65 to have what ever of the RPC-DCOM or LSASS related Virii removed.. SP2 won't change much.. just the numbers on the paper..

cheers

[fyrewall]

I put an unpatched XP machine on the net 2 days ago and it had the blaster virus within 10 minutes ... geez it was annoying heh

[tonybradley]

Your late tony! I post that 4 days ago here ( http://www.antionline.com/showthrea...2104#post782104 ). I thnk it's same but I enjoy more discution on the subjet!

My apologies. I did do a search first and I thought it was odd nobody had posted since it was a Security Focus article and all. But, I did my search on "twenty minutes" because the search engine wouldn't allow "20 minutes" because 20 is too short or something.

One problem is that users don't know anything about patches or patching though. The fact is that there are patches that some users may not need or that may cause problems and be superseded with other patches, etc. Even if the machines came with WindowsUpdate as the default home page the fact is that you couldn't download and apply the necessary patches and updates inside of the 20, or 17 minute window as the case may be.

An alternative would be for vendors or retail outlets to offer it as a service. For instance Best Buy could say we'll sell you this Sony Vaio xyz whiz bang computer system for $1500. If you would like, for just $50 more we'll apply the appropriate patches and updates to bring it current, blah, blah, blah. They could then offer some sort of assurance or guarantee like free support, etc. if the machine still becomes infected or compromised within X number of days- or at least if it gets infected or compromised within X number of days by something that was a known issue at the time the purchase was made.

It seems similar to what Undertaker was talking about, but his customers have to know enough to find him and buy the CD before connecting to the Internet. If Best Buy and Dell started offering this little service it would probably help significantly.

[thehorse13]

What I would like to see happen is when any user connects to the internet for the very first time on a new computer internet explorer should automatically go to the windows update site and begin downloading any updates that have been released instead of going to the msn home page.

This is a really good idea, however, it seems to me it would fail because it would take *much* longer to download and install patches than 17 minutes. You'd be outta luck before you tried to do the right thing.

There really is no simple solution to this problem. At least not present day. My policy is to have all the patches on CD and have them installed *before* the CAT5 cable even gets near the NIC.

--TH13

[DeadAddict]

It was just a idea that just came to me and I agree with all of you on the fact that the best thing to do is have the updates on a cd and have them installed before connecting to the internet. I do know that there are alot of people who won't pay for the shipping to get the cd.

[devpon]

I have read all of the posts with some good ideas. If Microsoft is concerned about Windows security, why not supply the cds to vendors who sell computers with Windows installed? If you buy a comp. from Best Buy, you will be supplied with the latest patches and updates on those cds. Add an instruction sheet with the cds and hopefully the salesperson can point out what is involved in not installing patches and updates? This might be counter to what Best Buy or any other company might want to do, they are there to make money? Installing sofware and cleaning systems that are infected.
Would this not be an easy fix?

[Relyt]

If it could work it's a great idea. But many folks have different download capabilities and of course the method Horse mentioned is the safest.

But if you're in the business, you could always add a nagging logon screen to every computer you sold; "Get the CD with the patches before going online or I'll reach through the screen and ......." (add any other appropriate words to get their attention) and of course provide the link.

Including the Undertaker and his sickle just might send the right message

cheers

[tonybradley]

This might be counter to what Best Buy or any other company might want to do, they are there to make money? Installing sofware and cleaning systems that are infected.

I respectfully disagree. Yes, they make money off of fixing / cleaning computers, but selling "secure" computers that had some sort of limited warranty or guarantee would be a big draw in my opinion.

Initially, at least until other retailers catch on and start doing the same thing, it would set them apart. Users would say "I can buy XYZ computer from Joe Retailer for $1500 or I can get the same setup, but patched and updated and certified secure for X number of days for $1550". I think users would pay for that peace of mind regardless of how temporary or "smoke and mirrors" that peace of mind may be.

If I were a retailer I would be doing this. I wouldn't want to sell someone a computer only to have it be dysfunctional and broken 17 minutes after they turn it on. I wouldn't even offer it as an add-on option. I would simply patch and update all systems I sold and incorporate the extra $50 into the price as a cost of doing business. But, I would still sell the fact that my machines are patched and updated and "certified" secure for X number of days against any threats or vulnerabilities known to exist as of the date of purchase.

[devpon]

I respectfully disagree. Yes, they make money off of fixing / cleaning computers, but selling "secure" computers that had some sort of limited warranty or guarantee would be a big draw in my opinion.

tonybradley, I was just throwing that out there. I do not know how these companies actually operate. I agree with what you are saying and that does look like a good selling point.

[Relyt]

tonybradley

You would more than likely get the return buyer many times over and he would bring the computer in to be updated and cleaned as well. I was in Buffalo NY a couple of months ago and visited the local Comp USA Store. The service line was surprising long and I overheard some of the complaints. Viruses, hijackers, etc., were the culprits. Folks were more than eager to pay $75.00 to have them clean them up and provide exactly what you are proposing. I don't remember what the warranty time frame was, but obviously more than a couple of weeks would have been too long. Word of mouth could be some strong advertising as well.