Only end-users get pwn3d ------------------------ Written by Israel Torres Wednesday, 28 December 2005 It is very likely that every time you take a breath someone just got owned (0wn3d, pwn3d) - it is also likely the next breath could be you. The Internet is booming with zombies and bots and automated pieces of software that do their thing the minute you click on it for some reason or another. End-users blindly blame the authors of these nuisances because they do not know how things work. You and I could easily blame such infestation of Microsoft ownage on the user (because they refuse to read the manual), but I would like to expand the blame to the developers developing the legitimate software the end-users install on their systems. In my experience from all sides of "the system" I have come to an understanding that there are two very simple measures that are often ignored to make the Internet a safer place for everyone. No, I'm not talking about commercial antivirus scanners, spyware scanners, or even software firewalls. In fact I am sure they get a laugh every time they sell their products because their success is based from ignorance of the people they are selling their products to. The fact is they don't want you to know the information I am about to reveal because the more people that act upon this, the less people may decide to renew their subscriptions! Sure having an AV is nice as an assurance that everything is running well but they are expensive and hog a lot of the limited resources your machine may have. Unnecessary privileges How many times have you tried to install a piece of Windows software without being an administrator? Unfortunately for some of you this may seem like a rhetorical question - it isn't. The most common reason users get infected with something is because they are running with administrator privileges. Microsoft should at least actively advise users that they shouldn't use the administrator account once the machine has been configured. They most likely don't because they don't want to bother with support calls because people can't install the copy of Tetris they downloaded off the Internet. Developers on the other hand often require their users to be running with administrative privileges to make it easier for their development plan to be tested against. This is a very bad practice and should be stopped at all costs. If you are installing an application such as a game or spreadsheet program there is no reason why you elevated privileges to do so. What you should do is create a restricted user for your every day account and give the Administrator account a really long mixed case alphanumeric password then tuck it away somewhere where it won't easily be found. If a program insists on being installed with Administrator privileges investigate as to why (and make sure it makes sense). It most likely isn't stated in the manual or release notes - call them up and demand to know why otherwise return their product for an alternative that does not. NTFS The second place winner for getting owned is using volumes that allow any process to run willy-nilly around the file system - reading and writing whatever its master has programmed it to do. Again developers somehow find the need to spew files everywhere instead of keeping them in their own program files directory. Usually because the development team doesn't bother to research how to find their paths correctly to run the application they've written. So then kludge upon kludge clogs the file system by installing files that shouldn't be there, and often left behind and accessible by others. For example it doesn't make sense to save private data into the Windows temp directory - yet it is done. This allows another program to come by scoop it up and extrapolate the information from it at will To enable tighter control on your computer it would also be a great idea to be using NTFS volumes instead of FATx volumes. If your volumes aren't already NTFS you can use the Windows convert tool to get the conversion done. Drop to a command prompt and type convert /? For more information on the usage (see image below) Convert to NTFS [mini_fig1.gif] Ownage takes place because these simple measures are not enabled by default, and end-users skip over these two extra steps in a rush to surf the 'net. Next thing they know they clicked on a picture of Paris Hilton and their cable modem lights haven't stopped blinking since! Just using these two measures to tighten your system up could REALLY help in stopping the serious havoc (spam, trojans, viruses) there is out there right now! Spread this information to everyone you know and you will see the Internet will become a better place. Stop being an end-user and become a smart-user today! Keeping it 'rael, Israel Torres