Reply
Wed 11 May, 2005 05:26 am
...for cruising the Net.
This is SERIOUS folks!!
Problem: If you connect to the Internet, all sorts of vile malware and viruses and worms will invade and turn you top-dollar machine into so-much shiny crap!
Answer: It's like a car that you have to only use in bad conditions. The 'winter' car in the USA or the 'beach' car in Sydney's beaches - the crap job that is immune to the effects of snow and slush or sun and salt.
Right?
So.... concept:
I outlay $50 for a Pentium 'box' and monitor.
I remove everything but the basics to get it up and running.
I write-protect the C: drive, so nothing can be secretly hidden on it.
I then RUN ALL THE OTHER FEATURES (connection software and Internet Explorer) FROM A DISC OR A CD-ROM!!
That means all the software is ROM. There is nowhere for the bad stuff to stick - in theory when I shut down the PC everything should go to e-Hell!
I could save stuff to a disc or remote drive and check it for baddies at my leisure.
BUT - in theory only! Any thoughts??
I don't think you'll get a windows OS to run from a CD. Another idea might be the HP thin clients. You can configure them to have just an Internet Explorer. Everything runs off of flash; if you have a problem just tell it to reset to factory.
Here are the product specs:
http://h18004.www1.hp.com/products/thinclients/index_t5000.html
I noticed that there's a Linux version available....
One thing that helps, Boss, is never to use that box for e-mail. Much of the malicious program (virus) stuff out there is programmed first to find your address book so as to propigate itself, and then to shut down your system. I have no "inbox," no address book, no e-mail addresses on my hard drive. On more than one occassion, i have gotten a virus because some idjit got whacked, and i got an e-mail. Not all malicious programs need you to open the e-mail to get onto your hard drive. But i've been able to identify and eradicate everyone of them, because they hang up in the part of their program which looks for an address book, but can't find one. The first time it happened i was perplexed about problems i was having on boot-up, but then a suspicion arose. I went to Symantec's web site, and sure enough, i had the CW worm. But it could not execute its program, because it couldn't find an address book. I installed CW shredder, and ran it--end of problem.
I like your idea, though, i've often thought that i should have one "real" computer, and one junker just for going online.
Consider a linux box. It may take a little while to configure and set up but the new linux installs are getting pretty good at being automatic.
If the only thing you are doing is surfing then it will be pretty much virus free. (as long as you use a restricted log in and not "root") Don't play around and turn on anything else like Apache or SSH and it will be safer than anything else out there. Suse linux does a CD launched version if you are determined to do it that way.
Keep in mind, what you are proposing means you will have no history and no favorites in your browser since you can't write to disk. You will have to type in addresses for all your trips on the web.
On a windows box, go with Mozilla Firefox. You still need to keep IE6 for those times when you can't access certain websites but they are rare. Most malware, spyware look for running instances of IE6 before they even launch.
2 other things to consider. 1. "Go Back" or similar software to return your drive to its pristine condition. You can do it everytime you turn on to eliminate anything you picked up. 2. A clean disk copy from the beginning that you can "ghost" or any other program back unto a wiped drive anytime you have problems.
Thanks guys - it is a problem that has really been holding me back from getting on-line @ home. I fugure that the money I spend on e-cafes could easily get me a machine and pay for access - it's just that I don't want to spend half my time cleaning up some-one else's crap!
I figure the PC at work can handle most of my other computing needs (we gots colour printers!) and if there is something big and one-off there's always Kinkos.
For email and stuff I just use log-on accounts - I could access them from anywhere. I also use a 'Linkagogo' account to save all my bookmarks and stuff. Used to have a few on-line storage accounts, but these days just keep everything in a portable drive around my neck.
I know that malware is going to try to find a spot to hide on the C:/ - can it just be 'write-protected'? I mean that nothing can go on it without permission. Or would it just be easier to format and just reload everything?
I think your approach there is sorta like hunting rats with a large-bore muzzle-loading cannon - it'll work, but there are easier, more efficient ways to get the desired result. Properly configured, fully updated Windows systems, running the latest, fully updated, properly configured native proprietary browser, email client, chat client, and media player, particularly as regards Windows XP SP2, with properly configured, fully updated 3rd-party security and privacy software, coupled with smart browsing, chat, and email habbits, afford plenty of protection. While nothing is foolproof, simply not being foolish will shield you from far and away the bulk of webnasties. Going just a few steps further, and consciously maintaining prudent computer practice, will put your machine out of reach of all but the rarest, most exceptional cyber inconveniences - from which exceptional rarities there really is no "sure fire" protection.
Quote:I think your approach there is sorta like hunting rats with a large-bore muzzle-loading cannon
Wabbits. We use that for wabbits..... 'extreme prejudice' is the concept.
Look into "Protected mode" perhaps on google. You can enter protected mode by tapping the F8 during start up.
Also sometimes it is easer to reload the operating system than chase down all the possible problems.
Thanks guys, I am going to go ahead with this as long as I can keep the cost of staying on-line down to a reasonable figure. I'll be moving in the next week so I hope to start the process in action very soon. I'll let you all know how it works out.