Nobody's Perfect
-
Since I just rebuilt my server from the ground up I figured that it might be safer to install all the available updates from MS before I spend the time installing all the apps. Past experience indicates that somewhere in the process an update would destroy the PC again, so it would be a waste of time to install all that stuff now. In order to minimize complexity, and hopefully the risk of running into a conflict that will crash the machine again, I updated incrementally, a few updates at a time. It has been interesting. For one thing, after downloading all the files, and during the install phase, Update tries repeatedly to phone home. There's a share out there named w2ksp5 on the update site, so apparently there's another service pack in the works. Hmmm... For another, while installing one of the critical patches - no way to tell which one - a file infected with the W32.Nachi.A Trojan was included as an exercise for the student. AV software caught it and stopped it from being installed in system32\dllhost.exe. I guess no one is immune...:laugh: Oh well, only 15 updates to go - back to the grind.:sigh: Some people think of it as a six-pack; I consider it more of a support group.
-
Since I just rebuilt my server from the ground up I figured that it might be safer to install all the available updates from MS before I spend the time installing all the apps. Past experience indicates that somewhere in the process an update would destroy the PC again, so it would be a waste of time to install all that stuff now. In order to minimize complexity, and hopefully the risk of running into a conflict that will crash the machine again, I updated incrementally, a few updates at a time. It has been interesting. For one thing, after downloading all the files, and during the install phase, Update tries repeatedly to phone home. There's a share out there named w2ksp5 on the update site, so apparently there's another service pack in the works. Hmmm... For another, while installing one of the critical patches - no way to tell which one - a file infected with the W32.Nachi.A Trojan was included as an exercise for the student. AV software caught it and stopped it from being installed in system32\dllhost.exe. I guess no one is immune...:laugh: Oh well, only 15 updates to go - back to the grind.:sigh: Some people think of it as a six-pack; I consider it more of a support group.
funny...I'm doing something similar here right now (installing a "trampoline" server to assist in migrating the domain to 2K3 server). since all of our machines are "live" on the net, the sequence we have to do here is: 1) install the base OS (first phase) on the new machine 2) disconnect the WAN (leaving the LAN running), and install the network on the new machine 3) get a copy of the software firewall from the LAN 4) install and configure the software firewall 5) reconnect the WAN 6) run updates on the new machine until we succumb to fatigue if we don't do it this way, the machine will have been probed and infected by some random internet worm in the thirty seconds or so between installing the network support and beginning the update process.
-
funny...I'm doing something similar here right now (installing a "trampoline" server to assist in migrating the domain to 2K3 server). since all of our machines are "live" on the net, the sequence we have to do here is: 1) install the base OS (first phase) on the new machine 2) disconnect the WAN (leaving the LAN running), and install the network on the new machine 3) get a copy of the software firewall from the LAN 4) install and configure the software firewall 5) reconnect the WAN 6) run updates on the new machine until we succumb to fatigue if we don't do it this way, the machine will have been probed and infected by some random internet worm in the thirty seconds or so between installing the network support and beginning the update process.
umuhk wrote: the machine will have been probed and infected by some random internet worm in the thirty seconds Yup, sounds familiar. That's why my order of installation was - base OS - hardware drivers - onhand Service Packs - AV software - Firewall - Configure networking and WAN connection - Windows Update. Next I have to figure out why DEVLDR refuses to shut down, and IIRC, that's a problem created by Creative Labs. Once I've solved that, I'll start adding apps. [EDIT] I just tried using Creative's web support. After filling in the forms and submitting my question, I received: "Error in opening GlueText XML file bOpen = False" Lovely...:doh: [/EDIT] Some people think of it as a six-pack; I consider it more of a support group.
-
funny...I'm doing something similar here right now (installing a "trampoline" server to assist in migrating the domain to 2K3 server). since all of our machines are "live" on the net, the sequence we have to do here is: 1) install the base OS (first phase) on the new machine 2) disconnect the WAN (leaving the LAN running), and install the network on the new machine 3) get a copy of the software firewall from the LAN 4) install and configure the software firewall 5) reconnect the WAN 6) run updates on the new machine until we succumb to fatigue if we don't do it this way, the machine will have been probed and infected by some random internet worm in the thirty seconds or so between installing the network support and beginning the update process.
umuhk wrote: 1) install the base OS (first phase) on the new machine 2) disconnect the WAN (leaving the LAN running), and install the network on the new machine 3) get a copy of the software firewall from the LAN 4) install and configure the software firewall 5) reconnect the WAN 6) run updates on the new machine until we succumb to fatigue And people find Linux too difficult to install and use... :sigh: Due to technical difficulties my previous signature, "I see dumb people" will be off until further notice. Too many people were thinking I was talking about them... :sigh:
-
Since I just rebuilt my server from the ground up I figured that it might be safer to install all the available updates from MS before I spend the time installing all the apps. Past experience indicates that somewhere in the process an update would destroy the PC again, so it would be a waste of time to install all that stuff now. In order to minimize complexity, and hopefully the risk of running into a conflict that will crash the machine again, I updated incrementally, a few updates at a time. It has been interesting. For one thing, after downloading all the files, and during the install phase, Update tries repeatedly to phone home. There's a share out there named w2ksp5 on the update site, so apparently there's another service pack in the works. Hmmm... For another, while installing one of the critical patches - no way to tell which one - a file infected with the W32.Nachi.A Trojan was included as an exercise for the student. AV software caught it and stopped it from being installed in system32\dllhost.exe. I guess no one is immune...:laugh: Oh well, only 15 updates to go - back to the grind.:sigh: Some people think of it as a six-pack; I consider it more of a support group.
Question? What is between your machine and the WAN? In my case I have a DSL line and a linksys router between the machine and the outside evil world. I have not picked up strays in the 8-12 setups I have done over the past few years with this setup. 1) Install base os. 2) Install latest service pack (downloaded from MSDN subscriber site) 3) Install security updates 4) Install firewall and antivirus 5) run full system scan. I do not mind getting old. It beats all the other options that can think of.
-
Question? What is between your machine and the WAN? In my case I have a DSL line and a linksys router between the machine and the outside evil world. I have not picked up strays in the 8-12 setups I have done over the past few years with this setup. 1) Install base os. 2) Install latest service pack (downloaded from MSDN subscriber site) 3) Install security updates 4) Install firewall and antivirus 5) run full system scan. I do not mind getting old. It beats all the other options that can think of.
Michael A. Barnhart wrote: What is between your machine and the WAN? I have a software firewall, Sygate Personal Firewall Pro, running. I prefer to set it up before activating the connection to the outside world, as a hardware firewall isn't a possibility without having a spare PC set up as a gateway and a firewall device between it and the real PC. That's not financially feasible, though it would be better security. The Sygate product has been very effective, though. I tried ZoneAlarm for a couple of years, but over time it began to interfere at random intervals with legitimate operations. Sygate PFP has been far more reliable in that respect, though it is more difficult to use - ZoneAlarm has very clear instructions for setting up custom configurations, which this one lacks. Some people think of it as a six-pack; I consider it more of a support group.
-
funny...I'm doing something similar here right now (installing a "trampoline" server to assist in migrating the domain to 2K3 server). since all of our machines are "live" on the net, the sequence we have to do here is: 1) install the base OS (first phase) on the new machine 2) disconnect the WAN (leaving the LAN running), and install the network on the new machine 3) get a copy of the software firewall from the LAN 4) install and configure the software firewall 5) reconnect the WAN 6) run updates on the new machine until we succumb to fatigue if we don't do it this way, the machine will have been probed and infected by some random internet worm in the thirty seconds or so between installing the network support and beginning the update process.
I have to do the same thing whenever I get around to it (no rush), except that our startup can't afford a temp server. I've been planning on doing something similar with one of our test lab desktops. We need money... :sigh: Glad to see that my upgrade plan coincides with one that's working. I know a little more than average about server administration, but my career is in software architecture and design. Again, another "perk" of working for a startup. :sigh:
Microsoft MVP, Visual C# My Articles
-
Michael A. Barnhart wrote: What is between your machine and the WAN? I have a software firewall, Sygate Personal Firewall Pro, running. I prefer to set it up before activating the connection to the outside world, as a hardware firewall isn't a possibility without having a spare PC set up as a gateway and a firewall device between it and the real PC. That's not financially feasible, though it would be better security. The Sygate product has been very effective, though. I tried ZoneAlarm for a couple of years, but over time it began to interfere at random intervals with legitimate operations. Sygate PFP has been far more reliable in that respect, though it is more difficult to use - ZoneAlarm has very clear instructions for setting up custom configurations, which this one lacks. Some people think of it as a six-pack; I consider it more of a support group.
Roger Wright wrote: I tried ZoneAlarm for a couple of years, but over time it began to interfere at random intervals with legitimate operations. I concur with that. Maybe I should relook are Sygate's product. Let me re-ask my question. What is your WAN connection? I understand about the cost of the second machine. I have an old AMD 450 that I may experiment with (or let it go to salvage.) I will not get to all of my experiments for some time :) . If I get board I may experiment with my spare cable/dsl router. It is a Seimens unit and I think it can be installed into a local network (i.e. be a small hardware firewall only.) That is again what I have done so some protection even when installing the original OS. I do not mind getting old. It beats all the other options that can think of.
-
Michael A. Barnhart wrote: What is between your machine and the WAN? I have a software firewall, Sygate Personal Firewall Pro, running. I prefer to set it up before activating the connection to the outside world, as a hardware firewall isn't a possibility without having a spare PC set up as a gateway and a firewall device between it and the real PC. That's not financially feasible, though it would be better security. The Sygate product has been very effective, though. I tried ZoneAlarm for a couple of years, but over time it began to interfere at random intervals with legitimate operations. Sygate PFP has been far more reliable in that respect, though it is more difficult to use - ZoneAlarm has very clear instructions for setting up custom configurations, which this one lacks. Some people think of it as a six-pack; I consider it more of a support group.
Hey Roger, Just for the record, I am coming from my test machine that is connected to a seimens 4 port router that is configured to provide a subnet with different ip numbers than my homes net. The router is connected to my home network through a linksys router to my dsl modem. It works fine. I do not mind getting old. It beats all the other options that can think of.
-
funny...I'm doing something similar here right now (installing a "trampoline" server to assist in migrating the domain to 2K3 server). since all of our machines are "live" on the net, the sequence we have to do here is: 1) install the base OS (first phase) on the new machine 2) disconnect the WAN (leaving the LAN running), and install the network on the new machine 3) get a copy of the software firewall from the LAN 4) install and configure the software firewall 5) reconnect the WAN 6) run updates on the new machine until we succumb to fatigue if we don't do it this way, the machine will have been probed and infected by some random internet worm in the thirty seconds or so between installing the network support and beginning the update process.
Did that this week. We had a test machine in the lab get infected. Ironically, it was infected from a supposedly clean machine on a private network connection. Anyway, this test machine needed a good scrubbing anyway, so I reinstalled XP. Between the time I walked over to the I.S. guy's cube and got it registered on the domain and got back to the lab, Symantec had already detected a worm infection. Fortunately, after running the 'Sasser' removal tool and doing the Windows-Update-till-you-puke routine, we're back to a clean, up-to-date machine.
Software Zen:
delete this;