PDA

View Full Version : Computer moron does it again


RedFred
15-05-2003, 22:49:25
Last week I decided to get rid of a bunch of useless files. Some were apparently not useless, rather they were part of my operating system.

Long story short is that I had to wipe my PC clean, reinstall windows and basically start from scratch.

Question 1: Why are files named so retardedly? If I designed an operating system I would use a standard prefix of two or three letters in each file at the start of the filename to alert users not to delete the file. E.g. w98xxx.xxx

Question 2: What additional software is helpful? I have reinstalled most basic software that came with my system, stuff like Excel and Word. A virus checker and whatnot. I was thinking of installing one of those meta search engines like Copernic. Are there better ones? What other internet utilities are useful?

Question 3: Hotmail has served me well but over the last year or two the amount of spam and the annoying 1MB per e-mail limit and 2 MB per total saved e-mails limit has become more irritating. My e-mail account with a service in India is better with 6MB allowed in the saved e-mails and twice that in folders. With minimal spam. Are there better providers of free e-mail out there?

Question 4: Is there any way of figuring out what a file does so that you can know if you can delete it or not?

Thanks for your help.

Sir Penguin
16-05-2003, 00:09:52
1) Because they don't like making their filenames longer than the old DOS 8.3 filename standard (that is, filenames are limited to 8 characters plus a 3 character extention). Also, they assume you won't be deleting stuff from your system directories without knowing what it is. :)

3) I hear www.loudmedicine.net gives pretty good service, although it doesn't have a web interface.

4) If you aren't absolutely sure where the file is from, and it's in a system directory (c:\windows\*), then it shouldn't be deleted. That's one of the reasons it's good to do a periodic reinstall of Windows every so often, just to clean out the accumulation. One thing you might do is install an uninstaller. I've never used one, but from what I understand they keep track of which packages modify and create which files.

SP

zmama
16-05-2003, 02:07:48
3) direct from Bob...."If you got no mail software you can access your @Loudmedicine.Net account via the 1&1/Puretec webmailer, a very simple webpage with the basic functions to send emails and check your account. But beware: it's in German!"


could be fun

Or give yahoo a try...it's fairly good

RedFred
17-05-2003, 20:28:57
I think I'll give the German site a miss for now thanks. My e-mail site from India is interesting enough.

I have one of those install/uninstall thingies, but it doesn't always totally work. Sometimes files and directories get left after an uninstall.

My computer geek friend tells me that the newer version of windows will not delete critical O/S files or will somehow reinstall them if you try. So maybe it is just win98 and earlier that has the incredibly bad design problem.

Darkstar
19-05-2003, 00:14:58
It is incredibly bad design is all OSes, RedFred. The problem comes from having to let users have total control of thier machine. You cannot trust those users, you know. ;)

Sir Penguin
19-05-2003, 01:39:46
Except *NIX, in which you can only screw up everything if you're logged in as root (not really a 'user' ;)).

SP

Darkstar
19-05-2003, 01:51:36
Depends on your user rights... ;) And the config of your OS. And your file and directory settings...

Sir Penguin
19-05-2003, 02:04:10
Well, if you set up your regular user accounts to use the root group, or set your umask to 000, yes. That's not default. :) If the system screws up because of that, then it's the administrator's fault, not the users'.

SP

Darkstar
20-05-2003, 07:01:52
When the admin is the user though... you often see that problem. Just pointing that out. That was my original point.

Sir Penguin
20-05-2003, 08:05:34
But the admin is not the user in *NIX (or in workstation-ish Windows, even). You don't log in as root, unless you're doing maintenance or playing with stuff to see what happens. You can delete everything as root, but then it's root's fault, not the users'.

SP

Qaj the Fuzzy Love Worm
20-05-2003, 21:56:03
I would say:

1) Files you shouldn't delete are mostly in the Windows directory. The name should clue you in as to what function those files perform. Think of the folder name as the prefix. (Of course, there's also the root files, and much of the stuff in Program Files, and other assorted places here and there. Best be safe, and keep your user data separate from the O/S to begin with, then you have to worry about deleting things you don't know the purpose of). Also, when deleting programs, try using the official uninstall function instead of just deleting stuff. With Windows, just deleting something can screw up your registry, or worse.


2) Install whatever is most useful to you. I wouldn't install a lot of the stuff I know some members of my family find useful. The only caveat to that is be careful what you install, as it could harbor nasty surprises if you're totally clueless (the number of people here that install bonzai Buddy or Gator... *shudder*)


3) I'm also on a quest for good free email. Right now I get email with my ISP, and that suits me fine, but it's not free. I recently abandoned my web-based email provider since they were jerks, and fled to Yahoo! (which serves but isn't great).


4) There's no general rule to find out what a file is for or what it does. Try looking for the file name on Google - someone somewhere is bound to have documented it. That, of course, doesn't take into account similarly named files for different programs (like, config.txt or whatever else could be generic). Look a tthe directory it's in - if it's in "Microsoft Office" under "C:\Program Files" you've probably got a good idea of what piece of software it's for.

OldWarrior_42
21-05-2003, 04:34:02
Some useful programs you may want to install... Virus program.. which you have. Duh by me.

Firewall program.. I use ZoneAlarm Pro

Pop up or ad blocker and searches for spy programs... I use SpyBot, Search and Destroy.

Maybe an instant messaging program if you use one

And a good uninstall program if you don't have Windows XP or Windows 2000. Anything from 98 or before hasn't got that efficient of an uninstaller, but I find that my XP uninstaller works quite well.

Can't think of too many other useful programs right off the bat, but if I think of any I'll just type 'em in and you can decide.

Maybe a good file recovery program as well, in case you decide to delete more shit that is needed. :D

Darkstar
21-05-2003, 05:45:16
SP, I've found that 3 out of 4 games in Windows requires you to have ADMIN privs. Pretty stupid, but they wouldn't run correctly unless that was so.

Lots of Windows apps presume your account has Admin privs.

And I know lots of LINUX geeks that have Adminned their regular account or just use root as their normal account.

Sir Penguin
21-05-2003, 05:59:19
There's no reason for games to require admin priviledges. I'm not arguing with you, I'm just saying, that's a stupid thing for them to do. Also, unless Microsoft did an incredibly stupid thing, only the admin apps in Windows need admin status. Any other way of doing a multi-user system would be absolutely ridiculous and the epitome of foolishness.

Maybe just under the epitome of foolishness, after your Linux geeks who use root as their normal account or have given their regular account admin access. Nobody who is at all wise does that. The most anybody should ever do is give their own regular account access to a 'wheel' group or something, so that only that account and root can run certain utilities executable by said group (things like su, ping, maybe netstat, etc.). I am by no means a security expert, but if those people are doing that on production machines, I'd have a talk with their bosses. I'm wiser, and I come cheaper. (I'm wiser because I did that when I started using Linux, and ran `rpm -e rpm` (remove the rpm package) just to see what would happen :))

SP

Darkstar
21-05-2003, 06:27:44
Are you kidding? I know some of our security guys have all the letters of the alphabet mapped out as aliases, with s = "SU -root", with password.

And windows is a funny beast. There are several apps that require admin privs, because they make use of shared libraries (some published and provided in Windows) that REQUIRE admin access because they write temp files into admin only temp directories.

Several DirectX libraries require you to have admin privs for them to be able to work, because they access admin secured hardware.

It's Microsoft. Designed initially for an environment where you are always 'Admin'. Think about it. Highly insecure? Who cares! The model was for a personal computer used by idiots and wantabee geekoids. Real people would use real computers, after all. Not some cheap, still a hobbyist, machine and cheap third party OS.

A walk through computer history should be very entertaining and educational for you, SP.

Sir Penguin
21-05-2003, 06:58:04
I'm not interested in a walkthrough of computer history, I'm interested in admins not being complete fuckwits, and not handing their networks over to the DDoS kids. I mean, I have an alias rmall01='yes "yes" | rm -rf ./ * .*' for dealing with source trees (under a regular user account), but su with passwords in? That's just fucked up. Those people should be gassed.

A regular user doesn't need to run a program that will store admin information on disk, or even in RAM. I don't care if it's Microsoft or whoever, regular users on a multi-user machine don't need to have anything to do with root, except ask him/her for stuff. I guess Microsoft has an easy job if they're really trying to focus on improving security. It doesn't matter how well you know the RSA algorithm, or how slickly you fix a user configuration error, if you set the root password to 'password' and alias su to 'yes "password" | su - ' then you should be kicked into tech support until you retire.

SP

zmama
21-05-2003, 14:19:35
A way around the admin problem for games in XP. No, I'm not saying it's swell ;)

If you're in a user rights account, right click on the game icon, select ->run as, select admin-> enter password. That way you can just run that program as admin.

Sir Penguin
21-05-2003, 18:55:37
Originally posted by Sir Penguin
It doesn't matter how well you know the RSA algorithm, or how slickly you fix a user configuration error, if you set the root password to 'password' and alias su to 'yes "password" | su - ' then you should be kicked into tech support until you retire.

And then gassed.

SP

Qaj the Fuzzy Love Worm
21-05-2003, 22:03:11
Department policy here is to lock down a machine to give only a single user restricted access in Windows 2000. No other network logins have access, except IT staff (and IT support staff, such as myself) who are admins. My policy, I'm proud to say.

Occasionally, we get a request to install software on a machine, and I'll be damned if some of it doesn't REQUIRE admin access just to run. It's the stupidest thing ever. And, IIRC, it's Microsoft software! So much for security.

And, like anything in this place, if one person has something, EVERYONE wants it.

(Another policy I implemented was switching the department over to a 90-day password change thing, since IT was about to move email over to Internet access. Unfortunately, it seems you can change your password right back to what it was before you were forced to chage it if you do it manually. It's stupid! MS security blows.)

Darkstar
22-05-2003, 23:34:22
Qaj, that's because the manual doesn't do a history.

Here at MSFC, our password utilities keep a history of your past 20 passwords. And there are still users that go through and manually reset their password to get back their password.

Second most favored cheesy security tactic is to use the same password, with a number at the end, and just increment the number until they are high enough to go back to 01.

SP, tech support? No way. Idiocy like that works best in marketting. ;)

Sean
24-05-2003, 13:51:21
I’ve never been convinced about enforced password changes. Surely that just means people have to write them down or something because they keep changing?

Sir Penguin
24-05-2003, 20:42:03
A good password can be memorised fairly quickly (like, within a week, or within a day for people who are good at memorisation), and if somebody keeps the same password for years anybody who knows the password will be able to access their account for years. The important part is to develop good passwords, which I suspect most people don't.

SP

MDA
27-05-2003, 19:31:11
Originally posted by zmama
A way around the admin problem for games in XP. No, I'm not saying it's swell ;)

If you're in a user rights account, right click on the game icon, select ->run as, select admin-> enter password. That way you can just run that program as admin.

Doing things that way, you're also protected from Gator installations and other nonsense that can only get you when you're logged in as an admin.

you're right, though, its not swell

Policy at work for me is you get NO installation rights, but can log on as a user to nearly any computer you like. Eventually some idiot(s) will realize he can set up his own outlook on six different computers and the admins will get pissed.

I get really miffed when I can't even patch existing software on my machine, or upgrade flash, etc. On the other hand, many of the other people that share my user level status would do serious harm if they had any more access than that, so I put up with the inconvenience. The admins have to run around to everyone that needs new software installed, but that's better than fixing a stupid user's mistake that affects everyone. Easy enough to endure when you consider the possible alternatives.

If you ask nicely, they'll let you have full control over your own box, but don't go asking them for help if anything goes wrong with it.


My wife just told me that there was a short class offered in intelligent ways to choose passwords as part of her new employee orientation at the FDA. She was surprised at how fast they told her someone can break a purely alphabetical password (as compared to an alphanumeric). Less than a minute, I think, but I don't remember the exact time.

zmama
27-05-2003, 19:49:34
MDA, here's a link to a story with a link to a password cracking program. Fun to play with ;)

Password cracker (http://www.techtv.com/screensavers/answerstips/story/0,24330,3425923,00.html)

MDA
27-05-2003, 21:07:50
policy required that passwords exceed 8 characters, mix cases, and include numbers or symbols...

L0phtCrack obtained 18% of the passwords in 10 minutes

90% of the passwords were recovered within 48 hours on a Pentium II/300

The Administrator and most Domain Admin passwords were cracked

Kind of scary, very cool.

Darkstar
27-05-2003, 21:31:33
Originally posted by Sean
I’ve never been convinced about enforced password changes. Surely that just means people have to write them down or something because they keep changing?

Sean, security and usage studies are showing that effectively, noone will change their passwords unless they are forced to.

Darkstar
27-05-2003, 21:32:41
SP, most people do not make or use 'strong' passwords, especially if they are not forced to.

Sean
27-05-2003, 21:36:41
Originally posted by Darkstar
Sean, security and usage studies are showing that effectively, noone will change their passwords unless they are forced to.
Hmm, perhaps I wasn’t clear enough.

I’m asking whether having regular changes are a good idea in the first place, because if they keep changing then they become jumbled together in people’s memory, and so they resort to writing them down.

Darkstar
27-05-2003, 21:41:18
Ah. Yes.

Forcing changes means that they refresh their passwords. Having a password written down at your workstation, for instance, requires people to have physical access to your workstation to find your password. Easy for your co-workers to do, but maybe not so easy for the average joe off the streets to get to (depending on your work security arrangements).

And I'd love for people to try using the passwords they find around my work area. None of them are for me. Most don't include the name of the one machine they are good for. ;)

Qaj the Fuzzy Love Worm
27-05-2003, 22:02:48
I don't much care (apart from the obvious reservations, toned down a lot) about people writing passwords down. Mostly it's to prevent easy, casual access to email from anyone out on the Internet.

Most of the people here use 5 letter or shorter passwords, alpha only. I'm guessing they'd be laughably easy to crack. Others use birthdays (duh) and names of family members (duh).

Most employees here have the same computer literacy as a piece of cheese. Case in point: our MIS manager was recently taught, by me, how to cut and paste in a Windows environment (which she'd been using for at least 4 years, probably longer). She also laments the rise of relational databases, since those multi-value databases were just the bees knees. Hmmm.

Sir Penguin
27-05-2003, 22:39:33
Originally posted by Darkstar
SP, most people do not make or use 'strong' passwords, especially if they are not forced to.

No shit! :eek:

SP

Darkstar
27-05-2003, 22:55:20
Time for some little penguin to go take his nap. ;)

Qaj... Sounds like your people would be incredibly easy to Social Engineer their IDs and passwords out of as well. Just a hunch...

Sir Penguin
27-05-2003, 23:44:17
Here are some numbers:

number of 8-char strings, all lowercase letters: 2 x 10^11
number of 8-char strings, mixed case: 5 x 10^13
number of 8-char strings, alphanumeric set: 2 x 10^14
number of 8-char strings from standard ASCII (except the first 32): 7 x 10^15
number of 8-char strings from entire ASCII set (except the first 32): 6 x 10^18 (greater chance of guessing this than of guessing a 64-bit number)
number of words in the English language: order of 10^6, many of which are more than 8 chars long, or antiquated, or idiomatic to other regions
minimum recommended encryption for buying stuff over the internet: 128 bits (3 x 10^38 different possibilities)
normal encryption for an RSA public key: 2048 bits (more than 10^616 different possibilities)
number of ASCII chars which can fit into 128 bits: 16
number of arrangements of standard ASCII characters (n.i. first 32) in 128 bits: 5 x 10^31

SP

Qaj the Fuzzy Love Worm
28-05-2003, 00:03:18
Darkstar - it is. You just ask them. They're only too happy to tell you. And you don't even need to give them a free pen!