Re: What after XP?
- From: Johnny B Good <jcs.computersbutt@xxxxxxxxxxxxxxxx>
- Date: Wed, 21 Oct 2009 02:07:20 +0100
The message <VA.0000001d.0111d1b7@xxxxxxxxxx>
from Daniel James <daniel@xxxxxxxxxx> contains these words:
In article <31303030373730364ADDBEFD31@xxxxxxxxxxxxxxxx>, Johnny B Good
wrote:
When I set it up, I partitioned the then 160 GB SATA drives into an
8GB FAT32 boot partition, a 20GB FAT32 programs one and a 121GB NTFS
data one on the first drive with a 20GB FAT32 extended dos partition
[1] on the second drive with the remaining 129GB as an NTFS volume.
The trouble with that is that if you use FAT for the OS and apps
partitions you immediately kiss goodbye to almost all of the protection
that the OS might be able to offer against having your OS trashed or
subverted by malware.
Do you use linux at all? Do you run it as root all the time?
No?
Then for goodness sake put your OS and apps on a filesystem that knows
about privileged vs restricted users and file access control!
Cheers,
Daniel.
The point, at the time, was that I wanted to use an _unsophisticated_
FS for the mission critical stuff on what was intended to be (and still
remains) a _single_ user PERSONAL Computer.
Although NTFS has the necessary features for UAC, sadly, the OS, being
a microsoft product, isn't secure enough for the benefit to operate in
the users' favour rather than to the favour of malware exploits. Please
remember that this is microsoft we're dealing with, a company that's
almost totally clueless when it comes to implementing usable security
strategies.
I felt that, on balance, a simple FS such as FAT32 would give me a
fighting chance against any malware intruders that thought they could
hide behind "DoNotShow" registry entries or compromised OS components or
even in ADS.
Going back 5 years, you have to remember that Linux still didn't have
read/write support for NTFS and I wasn't aware of a UBCD4Win being
around at that time. It seemed only prudent to accept the fact it wasn't
so much "If" as "When" my PC would be hit by somesuch 'clever' exploit
and I'd be in a much better position to be able to boot from a boot disk
(floppy or CD) with an OS lacking the necessary sophistication required
to support such exploits in the luxury they'd become accustomed to in
the winNT environment in order to excise any such malware files.
Don't forget that it wasn't really practical to run most windows
software under a restricted account. You needed to run with admin
priviledges if you didn't want your installed apps to choke and you were
forced to rely on AV software to keep the bad stuff out anyway[1].
Of course NTFS comes into its own when using the box as a secured file
server behind a corporate strength firewall tended by experienced IT
staff where the ink on their MSCEs has had a chance to fade. For a home
PC the security benefits to the user are somewhat double edged.
Quite frankly I wasn't prepared to struggle with MS's idea of secure
computing in order to persuade the security features of NTFS to work for
me instead of for the benefit of malware. I just felt that using FAT32
over NTFS was not adding to the risk in any significant way. After all,
the risk is almost entirely within the OS itself rather than the FS
being employed.
Regarding Linux, sad to say, I still need to consult the "Linux For
Dummies" book as a reference, even after dabbling with it over the past
6 or 7 years. I regularly use a Knoppix Live CD to deal with problems on
winXP boxes (thankfully, version 5 does now support read/write for NTFS
;-).
I did run a Debian based file server box when I finally decided to let
go of Netware 3.12 about 6 or 7 years ago but even this got usurped by
an open BSD based OS in the form of FreeNAS a year or two after.
I'm planning on eventually upgrading to a 4 core system over the next
year so I can run some flavour of linux as a VM host to whatever minimum
version level of windows is sufficient to run any windows based apps I
can't find linux equivilents of.
The only safe way to use ms windows OSen is to relegate them to a
disposable application and only run mission critical apps in the Linux
host itself. I certainly don't intend to 'upgrade' win2k to any later ms
OS. Once MS have finally rendered win2k totally unviable for current
software products, I'll be upgrading to Linux, Well, that's the plan ;)
[1] None of the AV software available today is worth a damn. It all
(that is, all 41 AV engines used by virustotal) fails to provide
protection where it really counts which is to say they give no
protection against zero day threats, not just for a day or two, or even
a week or two but more like a month or three.
With such a wide window of opportunity for an ever increasing number of
new zero day threats per week, the protection offered by SpyBot S&D is
proving much more effective than ever before to the point that you might
as well give up with an always active AV solution and go for something
like Clamwin and rely on your wits as to when and how you run an AV
scan. After all is said and done, home computer security is more a state
of mind than it is a question of how much money (and your PC's
resources) you throw at the problem.
--
Regards, John.
Please remove the "ohggcyht" before replying.
The address has been munged to reject Spam-bots.
.
- Follow-Ups:
- Re: What after XP?
- From: Daniel James
- Re: What after XP?
- References:
- Re: What after XP?
- From: Johnny B Good
- Re: What after XP?
- From: Daniel James
- Re: What after XP?
- Prev by Date: Re: What after XP?
- Next by Date: Re: Don't you just hate those militant Scouse posties?
- Previous by thread: Re: What after XP?
- Next by thread: Re: What after XP?
- Index(es):
Relevant Pages
|
