Video Card Help!

[deli_conker]

And, no offense, but thats why we have massive viral epidemics in windows systems like all the worms that have made news recently. Windows updates provides updates that protect you from the exploits the virus/worm uses.

Because people don't patch/patch as often as they should.

No offense in return, but we have viral epidemics because most people see a file called "britney_spears_naked.mpeg.exe" and double click it. Or they say, "I can get all sorts of free stuff from this program called gnutella/kazaa/limewire/etc." Or they open email (that's in html format with a nice little script inside) from somebody they don't know and/or didn't solicit. Or they go to a java script enriched site while having administrator/power user permissions and get all sorts of nice "plug-ins" installed without knowing it.

In effect, most people ASK for a virus (ignorance isn't an excuse anymore).

Security is often not implemented because it is costly. The big nasty worms affect servers that an administrator should be taking care of with proper knowledge of security, not the latest magic patch that who know's what could do to a production machine. Remember, most patches come out AFTER the exploit is well known about. There's still a window of opportunity where systems are vulnerable (even with automatic updates).

So, the best protection, is to let Windows update automaticly so it can grab patches soon as their ready.

No. The best protection is abstinence. You don't want a virus? Then don't connect to an external network. You take a chance by doing so. Use a public PC at the library for your web research and email.

If something comes out that will affect my machine, I patch it. Why would I want my pc to determine what should be installed on it? I suppose most people simply forget to update or get lazy about it and they need automation. I don't. And I'm selective about what gets installed. Like I said earlier, I run a very clean operating system. The only program running in the background aside from what is needed to run the OS is a firewall. I don't duct tape 30+ hotfixes to the OS just because they exist.

In my opinion, the best way to avoid a virus is by learning how to write one. I know that isn't practical for most people to do, but getting to that point means you have enough of an understanding of how software interacts with the OS to "know better" when it comes to downloading who-knows-what from who-knows-where.

I'm thinking about writing a firewall. I still have a lot to learn, but I'll feel a lot "safer" knowing what is protecting my machine.

 

[William]

The virus and worms I'm refering to are independant.

They scan the net and look for unpatched computers in which to infect, so they can have yet another node to replicate and attack from.


THey exploit holes in the OS, Holes that Windows Update patches. These are not trojans that people get from downloading files, These are worms that self-replicate and look for unpatched OS's to attack.


Patching Windows is the most effective means to stop these attacks.


Like the last round of worms we had. It wouldn't have even gotten a raised threat alert IF People would just patch their computer when updates became avalible. If everyone on the net had the most recent patches of the time, It wouldn't have even made the news.

 

[Clown Monarch]

No. The best protection is abstinence. You don't want a virus? Then don't connect to an external network. You take a chance by doing so. Use a public PC at the library for your web research and email.

Straying from the subject slightly, but this is a sad commentary however true it may be. My last system was so corrupted with viruses and adware/spyware that by the end it was nearly unusable. The internet is probably the greatest communications advancement in the history of man since the printing press and we sit by and allow it to be destroyed by smut and viagra peddlers. Unthinkable.

I remember when my machine was down maybe a year or two ago when that 16 year old kid spread a modified virus. I think I spent 6-8 hours fixing my computer. I think I figured that the aggregate cost, in man hours, of repairing the damage that kid caused was equivalent to the time it took to build the Hoover Dam - three times over (and that's just in the U.S.). He'll face nary a consequence for his actions. This kid can destroy wonders of the world and face fewer consequences than if he were caught with expired tags on his car.

I'm wondering when the government is going to get serious about spam, viruses, adware, and spyware?

 

[deli_conker]

They scan the net and look for unpatched computers in which to infect, so they can have yet another node to replicate and attack from.


THey exploit holes in the OS, Holes that Windows Update patches. These are not trojans that people get from downloading files, These are worms that self-replicate and look for unpatched OS's to attack.

The only way a "foreign" entity will access your pc, is if you have a service with an open port running. A home user doesn't have to worry about turning on his pc and having an unsolicited virus taking over. It doesn't work that way.

You have to have a program running on your pc that accepts unsolicited outside connections. Your browser (unmodified) doesn't do that. In fact, it makes unsolicited outside connections to other pc's that are running software accepting connections with the intent of serving up web pages.

Let's say you go to aquariumadvice.com, the server software (in this case, Apache/2.0.51 (Fedora) on one of serverbeach's servers) accepts the unsolicited outside connection and sends the home page back to you. Since the server side software accepts your browser connection, you can browse the site.

Having that opening (on the server) also makes it vulnerable to other outside access attempts. They may be benign, they may be malicious, who knows. The fact is that it is open.

Let's say you decide to use peer to peer software to download some mp3's. First off, a lot of the p2p stuff installs other things besides the client software. If you read the license at the start of the install, it will often mention other software might be installed in conjunction to the original program. This other software when running can easily decide to open a port on your pc. After it does that, guess what? You're open!!! Hell, it might even broadcast to other pc's the fact that you are open and can potential accept those pesky unsolicited outside connections. Did somebody say spyware? But where did you get it? Oh yeah, YOU installed it.

Infected emails sent from the information gleaned from somebody's address book follow the same pattern. Somebody catches a virus by running the program that triggers it. The program looks for pst or wab files on the host machine. It finds the email addresses contained within and sends several spoofed emails via a remote server with an attachment that contains the original virus. Rinse and repeat. The virus didn't run until the end user told it run.

You'll notice that most virii affect servers and not home pc's. Why is that? Well, who here is running SQL server to give access to a datbase from their home machine? IIS? Anybody? Didn't think so. Those are the machines that the so called self-replicating worms attack. They look for a computer running software that has an open port. When they find one, they access it (unsolicited) and do their dirty to it.

There are holes in certain programs which do need to be patched. Sending a virus in a picture is one of them. The user opens it using the latest media player (instead of a simple picture viewer). Since the media player is trying to do everything (video, audio, pictures, cd burning, etc.) it's more complex and not 100% tested at release time and thus more prone to having holes in it (security wise). The player doesn't calculate the size of the picture before moving it to a static buffer and because the size is not correct it causes a buffer overflow and allows arbitrary code to be executed (either opening up a hole or perusing your address book etc.). It's the same old story, just a different application being exploited. But still, you are the one that opened the picture.

Imagine the computer virus to be like a vampire; it cannot enter your house unless you invite it in.

Straying from the subject slightly, but this is a sad commentary however true it may be. My last system was so corrupted with viruses and adware/spyware that by the end it was nearly unusable.

I was talking to my boss about this over lunch today. His conclusion is that about 90% of virii are more of a "social engineering" than masterful programming. Like the example I gave earlier with the "britney_spears_naked.mpeg.exe"; it's trying to trick the user into running the program, that's the hard (and unfortunately, easy) part.

 

[Clown Monarch]

At some point someone installed a virus on my machine that blocked the Windows Update site. I couldn't update XP and every parasitic loser drug my system into the dirt like jackals on a wounded water buffalo.

I remember every popup I see and make it a point NOT to ever patronize that business under any circumstances. Popups are mostly trash I would never bother with, but I remember seeing a Burger King popup. Too bad, I used to like Burger King.

 

[deli_conker]

At some point someone installed a virus on my machine that blocked the Windows Update site.

This is usually done with java script on a web site and isn't a virus or spyware by itself. It usually modifies your browser's home page first off (easy). Then it pushes a toolbar or equally annoying "utility" (read: spyware/adware) as a plug-in onto your pc (easy). Within the installation process, it alters the registry. An example of one I had to deal with at work lately...

If the user trys to go to google or yahoo, it redirects them to yupsearch.com.
It's a pretty common way of mucking up somebody's system. I still think learning how your OS works is the best way to prevent bad stuff happening to your system...

 

[Clown Monarch]

Where do I find that list you showed there, Deli?

 

[BillyZ]

The only way a "foreign" entity will access your pc, is if you have a service with an open port running. A home user doesn't have to worry about turning on his pc and having an unsolicited virus taking over. It doesn't work that way.

I hate to be so blunt, but you are just simply wrong.
http://news.com.com/2100-7349_3-5313402.html

Monarch, that list is the windows system registry. Be very careful when changing that. If you're not sure of what you're doing, I wouldn't modify it manually. That said, start>run>regedit... be careful


William and Deli, you both make valid points. lets not stray too far off topic.


How's that video card working for you Monarch?

 

[Clown Monarch]

I actually just bought one today (carefully steering back to the topic).


A Radeon 9600 256mb card. There was a huge price difference between manufacturers, so I went with the cheaper one (because Cheap is my middle name). It's "Sapphire ATI". There were lots of good reviews so I decided to try it.

 

[BillyZ]

What did you pay? and... let me know how it performs. I'm looking to update the video card my desktop and will likely do something very similar. And an ATI 9600-9800 is what I've been leaning towards. My machine is also an oldy but a goody. Good enough it will do well with a video update... but old enough I don't want to spend big bucks! hehe

 

[Clown Monarch]

On newegg.com it cost $108 with shipping.

 

[BillyZ]

Nice! I know what I'm doing when I get home tonight! Shhh don't tell the wife!

 

[Clown Monarch]

Here's the one I got:

http://www.newegg.com/app/ViewProductDesc.asp?description=14-102-410&depa=1

 

[deli_conker]

I hate to be so blunt, but you are just simply wrong.

No I'm not. That article does nothing but say "so and so said this...". It's like a cautionary tale..."If you tell lies, Lockjaw the Ogre will pull you from your bed at night and nail your jaw shut with a rusty nail using his head for a hammer." It is an exercise in erring on the side of caution. You never know how an end user is going to mess up a pc (yeah, they say they don't look at porn sites and don't try to download movies). So you scare them with "what ifs" or disallow them from a connection. I have to do that to people where I work. The only way that it (the article) could be true is if they had an opening somewhere. Such as the (old) default of enabling file and print sharing. There has to be an open door for somebody to do something. Nothing is just going to walk in.

You may have missed this from before...

Like I said earlier, I run a very clean operating system. The only program running in the background aside from what is needed to run the OS is a firewall.

With no open ports there is no way in. Cut down the number of protocols you're using (TCP/IP should be good for most) and install a firewall. After that, make sure you know what you're telling your computer to do when you open an attachment, visit a web site you probably shouldn't be visiting, etc.

Monarch, that list is the windows system registry. Be very careful when changing that. If you're not sure of what you're doing, I wouldn't modify it manually. That said, start>run>regedit... be careful

Very true. If you mess it up too bad, you'll end up having to reinstall your OS. You'd be much better off by checking out MSCONFIG as mentioned earlier and then maybe looking through the services under computer management.

I run windows 2000 sp4. No other patches. And no virii or spyware to date (2 year old installation). I have a firewall and am behind a NATting router. I may set up another 2k box this weekend with no patches at all, in front of the router, no firewall and see if anything touches it. We'll test the 20 minute theory...

Back on topic...

The 9600 has 2 different versions, XT and SE. SE is the crap one. If that's what you got, take it back and tell them you got the wrong one. When I was researching video cards, I found that the 9600 XT and 9800 are almost identical in performance (I can't verify this as I don't have both). I went with the 9600 XT 128Mb and have had no issues whatsoever. Very nice card and not overly expensive compared to other more expensive ones.

 

[shawmutt]

I have the ATI 9800pro, and I just replaced it today with the Nvidia 6600GT. Hands down, 6600GT wins that match, on HL2, CS:S, and WoW. Awesome card--I was an ATI freak but now I'm a Nvidia man.

 

[deli_conker]

I have the ATI 9800pro, and I just replaced it today with the Nvidia 6600GT. Hands down, 6600GT wins that match, on HL2, CS:S, and WoW. Awesome card--I was an ATI freak but now I'm a Nvidia man.

I went from a GeForce4 to the 9600 XT; huge difference. I've always liked NVidia because they write Linux drivers for their hardware.

 

[BillyZ]

No I'm not. That article does nothing but say "so and so said this...". It's like a cautionary tale..."If you tell lies, Lockjaw the Ogre will pull you from your bed at night and nail your jaw shut with a rusty nail using his head for a hammer." It is an exercise in erring on the side of caution. ... There has to be an open door for somebody to do something. Nothing is just going to walk in.

You consider isc.sans.org a "so and so"?

I really don't want to keep going back to this, but you're misleading others that may be reading this thread. You and I are behind firewalls and are aware of what "best practices" are, but you have to remember 90% of the world's user base is not. People either without the time, interest or patience to learn what needs to be done to properly secure their machines are vulnerable. I don't have the time to dig up all the information but this Microsoft Security Bulletin (MS03-026) explains one of the leading issues in an UNPATCHED windows installation. NOTE that it says it affects Win 95/98/2000/XP and 2003! This is not a "so and so said this" this is straight from the horses mouth. Read the midigating factors carefully. It lists what ports the vulnerability comes through (and that they are open by DEFAULT). It says if your exposed to the internet you are at risk. Don't be mislead by the statement, "Windows Internet Connection Firewall (ICF) block those ports by default." because ICF itself is NOT installed/enabled by default in unpatched 95/98/XP/2000(I don't have experience with 2003 but I'm assuming it's included). I have been "at this" for over ten years. My statements are not a "so and so's third cousin's wife's brother..." this has happened to me personally. Installing windows 2000 on a machine shortly before that article came out, the first piece of software installed after the operating system was antivirus. During installation it flagged that the machine was already infected. This is first hand experience.

You said you had an old box to install windows 2000 on. I say you do exactly that. No patches or service packs. After you install it, run "netstat -an" and see what's listed as "listening" by default. That will be the first thing to prove ports are open by default. Leave it unpatched and outside your firewall/router and as long as it has a valid IP and internet connection... you will see trouble. Now note... that article is almost a year old, the "20 minutes" may not be valid as those virii may have passed their prime. But i'm sure if you left it up and open you'll get hit with something before very long.



Monarch: ARG! my mother board will only take a 4x AGP card... So I can't get the $100 plan! I'm deffintely shopping around though... I will probably order something today!

 

[Clown Monarch]

Monarch: ARG! my mother board will only take a 4x AGP card... So I can't get the $100 plan! I'm deffintely shopping around though... I will probably order something today!

But that card says it works for 8x/4x? At least I hope that's what it means. Doh, I'm getting the feeling I'm gonna be sending this thing back...

 

[BillyZ]

Yea I just cought that too... the text description says it's 8x. but product specs say 4x/8x... I emailed support@newegg.com asking for a clarificaiton. We'll see if they reply. I'm hoping they say the product specs are right... my credit card is IN HAND!

 

[deli_conker]

After you install it, run "netstat -an" and see what's listed as "listening" by default. That will be the first thing to prove ports are open by default.

I had said that already, but used the word "opening" instead of port.

The only way that it (the article) could be true is if they had an opening somewhere. Such as the (old) default of enabling file and print sharing. There has to be an open door for somebody to do something.

My point is that if you are behind a firewall or have otherwise closed all ports, then NOTHING can just enter your pc. Unless you ask it to, that is.

My statements are not a "so and so's third cousin's wife's brother..." this has happened to me personally. Installing windows 2000 on a machine shortly before that article came out, the first piece of software installed after the operating system was antivirus. During installation it flagged that the machine was already infected. This is first hand experience.

Why would you install an OS (from disk) while connected to a network? Other issues come into play on this one that aren't even related to virii and scumware.

The 2000 box was up and running as of 8:09 pm EST and as of 6:30 am is still clear of any "foreign" presence. I have no way of testing "probes" as there is no software installed on the machine to check for such things. I may do some random grabs with ethereal from another machine on the network just to take a peek every now and then. But so far, no problems. And that's with file and print sharing enabled (by default)!!!

But that card says it works for 8x/4x? At least I hope that's what it means. Doh, I'm getting the feeling I'm gonna be sending this thing back...

It should work. Even if it only says 8x on the package. It's called backwards compatibility. The only issues you may run into deal with voltage. The 1x-2x-4x agp cards run at 1.5V while the 8x runs at .8V. Most 8x video cards have no problem with this and will run just fine (albeit at the 4x bus speed). If you want to make the best of your card, you'll want a faster slot (ie new motherboard).

My 9600 XT is an 8x card and is running just fine in my intel board with a 4x slot.