|
Posted by Whoever on August 2, 2005, 9:31 pm
If you were Registered and logged in, you could reply and use other advanced thread options
If an installation of Windows gets messed up such that it won't boot,
automatic recovery can be done using the original installation disk.
However, after this automatic recovery, many old files are re-installed.
What if these files are vulnerable to security issues such as buffer
overflows, etc.? After doing a recovery in this way, Windows Update will
still think all the security patches are properly installed, despite
rolling back many files to older versions.
Is this a big hole? If so, what is the solution?
|
|
Posted by Donnie on August 3, 2005, 11:33 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> If an installation of Windows gets messed up such that it won't boot,
> automatic recovery can be done using the original installation disk.
>
> However, after this automatic recovery, many old files are re-installed.
> What if these files are vulnerable to security issues such as buffer
> overflows, etc.? After doing a recovery in this way, Windows Update will
> still think all the security patches are properly installed, despite
> rolling back many files to older versions.
>
> Is this a big hole? If so, what is the solution?
###########################################
Some people say that Windows is a hole in itself. Assuming that is true,
hopefully your network is behind a router running NAT along with any other
firewall rulesets you think are needed. That way, you won't have to depend
on MS for your security.
donnie.
|
|
Posted by Winged on August 3, 2005, 9:26 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>
>>If an installation of Windows gets messed up such that it won't boot,
>>automatic recovery can be done using the original installation disk.
>>
>>However, after this automatic recovery, many old files are re-installed.
>>What if these files are vulnerable to security issues such as buffer
>>overflows, etc.? After doing a recovery in this way, Windows Update will
>>still think all the security patches are properly installed, despite
>>rolling back many files to older versions.
>>
>>Is this a big hole? If so, what is the solution?
>
> ###########################################
> Some people say that Windows is a hole in itself. Assuming that is true,
> hopefully your network is behind a router running NAT along with any other
> firewall rulesets you think are needed. That way, you won't have to depend
> on MS for your security.
> donnie.
>
>
Running NAT or not you should patch associated software as required. If
you don't, and are touching remote potentially compromised hosts, you
are buzzard meat irrespective of NAT.
If the initial writer has the original build on the system that he is
attempting to do a partial restore, it will fail miserably if the
recovery build is pre SP2 and SP2 had been loaded on the system before
it failed. In this case his best option is SYDSO (SORRY YOU DIE START
OVER). Partial recovery should not be attempted and will not be
successful. If he is doing the rebuild option as it sounds like he will
be, though he may not realize it yet, the system is vulnerable until he
gets patches installed. In this case it is good to repartition (if
nothing else divide partition then repartition to current settings),
reformat the drive and start clean.
I do not recommend loading the system with all the crud a commercial
vendor thought you might want as most of the software most folks don't
use, takes up space, and much of it has its own security issues.
Hopefully "whoever" made an OS disk when they could (a number of mfgs do
not supply original OS disk but allow the user to build one(of course at
this point in time it is too late to build it). If not get an OS disk
from someone, and use your old software key to install it.
At a minimum he needs a firewall that is secured before he even goes to
get the updates. Current survival time for an unfirewalled system is 22
minutes according to SANS. Inbound ports below 1024 (old guy was right)
should be blocked before the system goes online to down load security
patches and software updates.
Once the system is up to date, firewalled, antivirused, Firefox set as
default browser with Java applets disabled, Sun Java loaded, Spybot host
list and immunizations installed, services reduced to only what is
required, using any mail product other than outlook express (Thunderbird
is not a bad product but there are many fine products), then he will be
reasonably secure until he downloads that "free" game somewhere he just
has to have and compromises the system. Hopefully before this time he
has already made a complete backup of his base system so recovery will
take a few minutes instead of hours.
From what I gathered, though there are too many unknowns provided, I
suspect "whoever" is going to rebuild the system the hard way only
because he didn't know he couldn't go back beyond the sp2 install date
using partial recovery method. MS neglected to tell folks this very well.
Winged
|
|
Posted by Jim Nugent on August 5, 2005, 1:53 am
If you were Registered and logged in, you could reply and use other advanced thread options
> If the initial writer has the original build on the system that he is
> attempting to do a partial restore, it will fail miserably if the
> recovery build is pre SP2 and SP2 had been loaded on the system before
> it failed.
What if the recovery build has SP2 slipstreamed in?
--
Jim
"Be right back... Godot"
|
|
Posted by Winged on August 4, 2005, 9:42 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>
>
>>If the initial writer has the original build on the system that he is
>>attempting to do a partial restore, it will fail miserably if the
>>recovery build is pre SP2 and SP2 had been loaded on the system before
>>it failed.
>
>
> What if the recovery build has SP2 slipstreamed in?
If the recovery was built with SP2, it works. But I have not "seen" one
work successfully otherwise if one rolls back past SP2 application date.
It may be possible, I have only seen failure after the fact (some of
the folks were sophisticated users) and ff I am rolling back I am
re-imaging the system and never rollback that far. I am usually called
in after the user has a system failure. It might be possible, I just
have never seen it work in practice. Someone else's mileage may vary,
objects are closer than they appear.
Winged
|
| Similar Threads | Posted | | RAM and data recovery | June 13, 2005, 12:14 pm |
| Re: Microsoft Says Recovery from Malware Becoming Impossible | May 28, 2006, 9:27 pm |
| hard disk recovery software | June 19, 2008, 11:11 pm |
| Windows xp security | March 1, 2006, 7:23 am |
| Windows security | August 10, 2007, 12:13 pm |
| OpenSSH Windows Security | August 2, 2006, 4:26 pm |
| Windows XP Security Center | April 19, 2007, 5:41 am |
| Security Update for Windows XP (KB912919) | January 5, 2006, 9:17 pm |
| Last minute security rollout for Windows 2000... | June 29, 2005, 1:09 am |
| New IP based security hole in Windows 2000 (yet again) | August 4, 2005, 10:01 pm |
|
XML site map