July 2005 Archives

Lesson 1: just Windows XP (including SP2), with no additional software installed takes up 3.37 GB on my hard drive (according to the properties of the C: drive). I had only assigned a 5 GB slot on my disk, which I guess is not enough if I also want to install some additional software, like the driver software for my video camera, palm pilot, web cam or digital camera, or Neverwinter Nights.

I'll try to somehow reduce the amount of space used, although I already 'Clean disk'-ed. I must be getting old; I do remember vividly how I paid a lot of money to get a 40 MB hard drive way back when. I guess 640 KB will be enough,...

Update (21:15) The other lesson I learned: the VMWare Snapshot Manager does not like to run out of disk space while optimizing a snapshot tree. I hosed my installation of XP with it, since it keeps on telling me that the "virtual filesystem needs repair". Unfortunately, no clue as to how to repair it, or where to get the tool to do it. I guess I'll do a new install tomorrow: for today, I have had enough.

Update (08:00, July 26) I was told that Windows XP keeps a full uninstall record of all service packs and security patches that it applies. While this is undeniably a good thing to have turned on by default, I would have expected a question or a configuration setting somewhere that I can use to remove this uninstall stuff.

Hmm. reading back the previous paragraph, I realised something. I write: "of all [...] patches that it applies". And that is true! Windows installs and applies patches (yes, I know, I do click on OK), while on other systems, installing patches is something that a system administrator does. May I have hit on something there?

Update (11:00, July 26) Well, I successfully removed a load of stuff that does not seem to affect the operations of Windows. Before I was able to do it, I had to click Tools > Folder Options > View > Show Hidden files and folders. Then, I clicked to C:\WINDOWS and removed all hidden directories that started with $ and I removed all files in C:\WINDOWS\ServicePackFiles\i386. Doing that reduced the installation back to 1.93 GB.

The Internet Storm Center keeps a running counter which measures the average survival time of an unpatched Windows system. They do this by keeping track of the average time between attacks.

Today, the sensor reads 93 minutes. Not even a half year ago, this sensor was at 15 minutes. Is the Net getting safer? Did we finally get the message across that users need to patch their system? Let's hope so! From our own mini honeynet at Tilburg University, it seems like the only thing still going on is the MySQL worm and the Oracle LOCK vulnerability.

The Computer Security Institute published their 2005 FBI/CSI Computer Crime and Security Survey (just submit empty form to download).

Some of the key findings are

• Virus attacks continue as the source of the greatest financial losses


• Unauthorized use of computer systems has increased slightly, however the financial losses as a result of it are decreasing


• Web site incidents have increased dramatically


• The percentage of organizations reporting computer intrusions to law enforcement has continued its multi-year decline

Although the results are very interesting, it is important to realize that the survey has been carried out in a strictly US setting. While the survey was sent to a large group of companies, which undoubtedly contain multi-national or global corporations, I wonder of the results would be different in a European context.

As everybody who knows me can attest to, I am not very good at using Microsoft Windows. The main reason is not because I think Windows is a bad product (really!), and also not because I do not like the non-free aspect of it. The most important reason is just that I do not understand the OS. Whenever I look for certain things, I always get lost in the forest of menu's, right-clicks, Advanced tabs and so on.

Anyway, I decided to give it a go again and installed Microsoft Windows XP in a VMWare virtual machine on my Debian GNU/Linux laptop (yes, I do have licenses for both VMWare as well as for Windows XP). The installation was completely painless and everything went fine the first time I tried. After I installed XP (and took a snapshot of the installation), I decided to run Windows Update a few times (and a few times more). A number of reboots later (yay VM!) I think that I am completely up-to-date (no pun intended), and I am ready to start.

The main reason why I am so confused is, that even if I am not doing anything, I see the CPU load spike to 100%, while apparently nothing is going on. Ctrl-alt-del brought up the task manager, and the only thing I see there is "System idle processes" at the top. Maybe it is my Unix background, but shouldn't an idle system be, well, idle?

Oh yes, I forgot. The reason that I am going to give Windows another try is that I have always had the gnawing feeling that I should understand more about the system. It will be hard to stop thinking in terms of piped command-line tools (awk, grep, sed, cut, tr, etc.) and instead think in terms of GUI-driven programming. But, I will try to keep an open mind, and report back on my experiences.

On The Furrygoat Experience, I read that Steve loves having a remote desktop on his Windows machines. While enabling remote desktop provides good flexibility in the ability to work from anywhere, any place, I feel that I must point out the following:

Microsoft Security Advisory (904797)
Vulnerability in Remote Desktop Protocol (RDP) Could Lead to Denial of Service
Published: July 16, 2005

Microsoft is investigating new public reports of a vulnerability in Remote Desktop Services.
[....]
Our initial investigation has revealed that a denial of service vulnerability exists that could allow an attacker to send a specially crafted Remote Desktop Protocol (RDP) request to an affected system.
[....]

The Internet Storm Center also discussed this vulnerability in their July 16th diary. Even worse, on July 14th, they wrote:

The vulnerability in due to a flaw in the remote desktop assistant. This service is NOT FIREWALLED in XP SP2's default firewall configuration.

Lesson 1: just Windows XP (including SP2), with no additional software installed takes up 3.37 GB on my hard drive (according to the properties of the C: drive). I had only assigned a 5 GB slot on my disk, which I guess is not enough if I also want to install some additional software, like the driver software for my video camera, palm pilot, web cam or digital camera, or Neverwinter Nights.

I'll try to somehow reduce the amount of space used, although I already 'Clean disk'-ed. I must be getting old; I do remember vividly how I paid a lot of money to get a 40 MB hard drive way back when. I guess 640 KB will be enough,...

Update (21:15) The other lesson I learned: the VMWare Snapshot Manager does not like to run out of disk space while optimizing a snapshot tree. I hosed my installation of XP with it, since it keeps on telling me that the "virtual filesystem needs repair". Unfortunately, no clue as to how to repair it, or where to get the tool to do it. I guess I'll do a new install tomorrow: for today, I have had enough.

Update (08:00, July 26) I was told that Windows XP keeps a full uninstall record of all service packs and security patches that it applies. While this is undeniably a good thing to have turned on by default, I would have expected a question or a configuration setting somewhere that I can use to remove this uninstall stuff.

Hmm. reading back the previous paragraph, I realised something. I write: "of all [...] patches that it applies". And that is true! Windows installs and applies patches (yes, I know, I do click on OK), while on other systems, installing patches is something that a system administrator does. May I have hit on something there?

Lesson 1: just Windows XP (including SP2), with no additional software installed takes up 3.37 GB on my hard drive (according to the properties of the C: drive). I had only assigned a 5 GB slot on my disk, which I guess is not enough if I also want to install some additional software, like the driver software for my video camera, palm pilot, web cam or digital camera, or Neverwinter Nights.

I'll try to somehow reduce the amount of space used, although I already 'Clean disk'-ed. I must be getting old; I do remember vividly how I paid a lot of money to get a 850 MB hard drive way back when. I guess 640 KB will be enough,...

Update (21:15) THe other lesson I learned: the VMWare Snapshot Manager does not like to run out of disk space while optimizing a snapshot tree. I hosed my installation of XP with it, since it keeps on telling me that the "virtual filesystem needs repair". Unfortunately, no clue as to how to repair it, or where to get the tool to do it. I guess I'll do a new install tomorrow: for today, I have had enough.

Hoppie took this picture last Saturday, when the Red Arrows were doing their airshow on Gilze-Rijen Air Force Base. Very, very cool.

See also my blog entry of last Friday.