There is huge amount of software designed to defend the Windows C disk from the bad guys--antivirus, antispyware, firewalls, yada yada yada. Huge amounts of time, effort, and money is spent defending the C disk. But, there are other approaches.
On his Security Now podcast (Episode 129, January 31, 2008), Steve Gibson discussed a free program from Microsoft called SteadyState that defends the C disk in a different way.
The problem that Gibson was looking to solve was that of a small-business owner, someone who needed to provide computers to employees, but didn't want them installing applications for their personal use. We all know where that trail leads, computers that get fouled up in one way or another and become a sinkhole of time, effort, and money.
Rather than protect the C disk from being changed at all, SteadyState allows changes and logs them while Windows is running. When the computer is turned off, or Windows is restarted, the C disk is returned to the initial state. Think Ground Hog Day, the movie with Bill Murray.
SteadyState runs on Windows XP, the Professional, Home, and Tablet PC editions. It only supports the NTFS file system and Microsoft claims it needs at least 4GB of free hard disk space, mostly for the log of changes made to the C disk.
The first obvious hassle is that the My Documents folder should be moved from the C disk. In fact, any folder where you want to store files permanently can't be on the C disk. To techies like Gibson and his Security Now companion, Leo Laporte, this is no big deal. The obvious solution involves making a new hard disk partition dedicated to storing data files. For non-techie computer users however, making a new partition is dangerous and difficult. Another option is to save files to a computer or storage device elsewhere on the network.
If either of these is too much for you, consider a USB flash drive. Laptop users in particular are well-served by storing their data files on a USB flash drive, one that can stay on their person at all times.
The second obvious hassle is software updates. Software installed on the C disk constantly needs to be upgraded both to new versions and releases as well as applying bug fixes. Anti-malware software is likely to have daily updates. Microsoft has a partial solution for this, but my initial impression is that it's all but useless. Every now and then SteadyState will need to be disabled so that necessary changes can be made to the installed software.
SteadyState is really two products. Besides rolling back changes to the C disk, it can also restrict access to dozens of Windows features. At first glance this seems to be nothing more than a new interface to some Group Policy features that have existed in Windows XP Professional from the get-go. What's new, is bringing this functionality to XP Home and making the interface friendlier to non-techies.
The concept of undoing file system changes is not new by any means. Certainly it will sound very familiar to users of Deep Freeze from Faronics and GoBack from Symantec. SteadyState doesn't offer nearly the number of features those products do, but it's free, and a huge step up from the Restore Points feature of Windows XP.
Both Gibson and Laporte think SteadyState is a great thing. Gibson has published screenshots of SteadyState and a transcript of the podcast.
Vista users will have their own version of SteadyState in the future, it is currently in beta. Mac and Linux users can use Deep Freeze (single copies are $45) to accomplish the same thing.
I'll have more to say about SteadyState in the future.
See a summary of all my Defensive Computing postings.
I could write a whole blog about correcting computer articles in newspapers, pointing out mistakes and omissions. Many times I have corrected and expanded on articles in the Wall Street Journal by Walter Mossberg, but I've also griped about mistakes in the other newspaper I read regularly, my hometown New York Times. Back in May, on my previous blog, my comments on an article that David Pogue wrote in the Times about data cartridges for backing up computer files prompted a surprising rebuttal from Mr. Pogue.
Beats me why major newspapers don't hire computer techies to write about computer topics. Even worse, neither newspaper has the computer nerds on staff review articles for technical mistakes. Puzzling.
With that in mind, todays topic is an article about Wi-Fi security by Joseph De Avila that appeared on page D1 of the Wall Street Journal on Wednesday January 16th. See Wi-Fi Users, Beware: Hot Spots Are Weak Spots.
The vast majority of the article is well done, but not the last paragraph. It offers the following advice from someone named John King, who "... avoids Wi-Fi at hotels in favor of high-speed connections that plug into his laptop. He says he uses Wi-Fi to check email and stock listings if that's the only means available, but only if he's sure of the signal. 'I won't go on a wireless access point that I'm not confident in,' he says."
Who can argue with the main point being made here, that wired Internet connections are safer than wireless?
I can. Or, perhaps more to the point, Steve Gibson of GRC, SpinRite and the Security Now podcast would if he were writing this blog.
Before going into the technical aspects, let's start with the people. The Wall Street Journal describes Mr. King as "... a 46-year-old engineer from Livermore, Calif., [who] works for a company that mines computers for evidence in legal cases. He travels a lot for business..." Nothing about this description makes me think Mr. King is a networking security expert.
As for Steve Gibson, I have enough of a technical background in the subject and have listened to enough of his Security Now podcasts, to confidently state that he is a networking security expert. I doubt that any of my fellow nerds would disagree.
The Important Part
The critical point here is that a wired Ethernet connection is not necessarily a safe haven from the insecurity of Wi-Fi wireless networks.
Exhibit A supporting this claim is Episode #29, Ethernet Insecurity, of Steve Gibson's Security Now podcast. (transcript, 64K audio, 16K audio). This podcast, which explains the security problems inherent in a wired Ethernet network, was a huge eye-opener to me when I first heard it.
By way of background, Ethernet is a set of hardware and software rules/standards/protocols that computers on a Local Area Network (LAN) use to communicate. Ethernet used to have competition in the marketplace, but those days are over.
While the term LAN may invoke a small network, such as that in a house or apartment, a LAN can encompass an entire building, such as a hotel. When you plug a computer into an Ethernet jack in a hotel room, you are on the same network as all the other guest rooms. And that can be dangerous.
As Steve Gibson explained in the podcast, the Ethernet protocol was designed long ago. Before the Internet. Before security was on anyone's radar screen. "Essentially, there is absolutely no security with Ethernet. The assumption always was that it would be used in a LAN setting where you knew and trusted everybody on the network. You were one big happy company..." he said.
The explanation of the vulnerabilities gets somewhat technical and includes terms such as ARP, MAC addresses, IP addresses, malicious ARP replies, NICs, man-in-the-middle attacks, ARP Poison Routing, ARP spoofing, sniffing and promiscuous mode. In simple terms, a bad guy can get in the middle of all Internet conversations (us nerds call this "traffic"). Web pages, email messages and everything else coming and going to the Internet can be intercepted and logged.
As Steve put it "... one bad person in a hotel could arrange to, without much work, literally intercept all the traffic going to and from the hotel's gateway so that all of the email conversations, all of the traffic of any sort that is being transacted by every other hotel guest, they're able to monitor and intercept."
I don't think the danger can be overstated. Wired connections to the Internet in a hotel are not, by their very nature, more secure than wireless connections.
And Ethernet is not the only weak link in the security chain. The podcast describes software that can decrypt some normally encrypted data. "And in some cases, where you have weakly authenticator protocols, like Windows Remote Desktop that really doesn't provide any kind of authentication, man-in-the-middle and complete decryption attacks are easily performed. I mean, it is really bad." said Steve Gibson.
I first listened to this podcast episode while traveling to another city where I was planning on using a wired Ethernet connection in my hotel room. The podcast scared me to the point that I installed a VPN on my laptop. VPNs, while typically used by large corporations, are available to anyone and are the best protection from this sort of thing.
If anyone you know, ever intends to use a wired Ethernet connection at a hotel, then tell them to read this posting. And get a VPN.
You don't read PC magazine for mutual fund advice, and you shouldn't read the Wall Street Journal for computer advice.
Update. February 18, 2008: For more on this see Defending against insecure hotel networks with a VPN.
See a summary of all my Defensive Computing postings.
- prev
- 1
- next
