If an installation of Windows gets messed up such that it won't boot,
automatic recovery can be done using the original installation disk.
However, after this automatic recovery, many old files are re-installed.
What if these files are vulnerable to security issues such as buffer
overflows, etc.? After doing a recovery in this way, Windows Update will
still think all the security patches are properly installed, despite
rolling back many files to older versions.
"Whoever" <nobody@devnull.none> wrote in message
news:Pine.LNX.4.63.0508022127260.31055@localhost.l ocaldomain...
> If an installation of Windows gets messed up such that it won't boot,
> automatic recovery can be done using the original installation disk.
>
> However, after this automatic recovery, many old files are re-installed.
> What if these files are vulnerable to security issues such as buffer
> overflows, etc.? After doing a recovery in this way, Windows Update will
> still think all the security patches are properly installed, despite
> rolling back many files to older versions.
>
> Is this a big hole? If so, what is the solution?
###########################################
Some people say that Windows is a hole in itself. Assuming that is true,
hopefully your network is behind a router running NAT along with any other
firewall rulesets you think are needed. That way, you won't have to depend
on MS for your security.
donnie.
Donnie wrote:
> "Whoever" <nobody@devnull.none> wrote in message
> news:Pine.LNX.4.63.0508022127260.31055@localhost.l ocaldomain...
>
>>If an installation of Windows gets messed up such that it won't boot,
>>automatic recovery can be done using the original installation disk.
>>
>>However, after this automatic recovery, many old files are re-installed.
>>What if these files are vulnerable to security issues such as buffer
>>overflows, etc.? After doing a recovery in this way, Windows Update will
>>still think all the security patches are properly installed, despite
>>rolling back many files to older versions.
>>
>>Is this a big hole? If so, what is the solution?
>
> ###########################################
> Some people say that Windows is a hole in itself. Assuming that is true,
> hopefully your network is behind a router running NAT along with any other
> firewall rulesets you think are needed. That way, you won't have to depend
> on MS for your security.
> donnie.
>
>
Running NAT or not you should patch associated software as required. If
you don't, and are touching remote potentially compromised hosts, you
are buzzard meat irrespective of NAT.
If the initial writer has the original build on the system that he is
attempting to do a partial restore, it will fail miserably if the
recovery build is pre SP2 and SP2 had been loaded on the system before
it failed. In this case his best option is SYDSO (SORRY YOU DIE START
OVER). Partial recovery should not be attempted and will not be
successful. If he is doing the rebuild option as it sounds like he will
be, though he may not realize it yet, the system is vulnerable until he
gets patches installed. In this case it is good to repartition (if
nothing else divide partition then repartition to current settings),
reformat the drive and start clean.
I do not recommend loading the system with all the crud a commercial
vendor thought you might want as most of the software most folks don't
use, takes up space, and much of it has its own security issues.
Hopefully "whoever" made an OS disk when they could (a number of mfgs do
not supply original OS disk but allow the user to build one(of course at
this point in time it is too late to build it). If not get an OS disk
from someone, and use your old software key to install it.
At a minimum he needs a firewall that is secured before he even goes to
get the updates. Current survival time for an unfirewalled system is 22
minutes according to SANS. Inbound ports below 1024 (old guy was right)
should be blocked before the system goes online to down load security
patches and software updates.
Once the system is up to date, firewalled, antivirused, Firefox set as
default browser with Java applets disabled, Sun Java loaded, Spybot host
list and immunizations installed, services reduced to only what is
required, using any mail product other than outlook express (Thunderbird
is not a bad product but there are many fine products), then he will be
reasonably secure until he downloads that "free" game somewhere he just
has to have and compromises the system. Hopefully before this time he
has already made a complete backup of his base system so recovery will
take a few minutes instead of hours.
From what I gathered, though there are too many unknowns provided, I
suspect "whoever" is going to rebuild the system the hard way only
because he didn't know he couldn't go back beyond the sp2 install date
using partial recovery method. MS neglected to tell folks this very well.
"Winged" <Winged@nofollow.com> wrote in message
news:d5326$42f17d39$18d6d91e$6271@KNOLOGY.NET...
> If the initial writer has the original build on the system that he is
> attempting to do a partial restore, it will fail miserably if the
> recovery build is pre SP2 and SP2 had been loaded on the system before
> it failed.
What if the recovery build has SP2 slipstreamed in?
--
Jim
"Be right back... Godot"
Jim Nugent wrote:
> "Winged" <Winged@nofollow.com> wrote in message
> news:d5326$42f17d39$18d6d91e$6271@KNOLOGY.NET...
>
>
>>If the initial writer has the original build on the system that he is
>>attempting to do a partial restore, it will fail miserably if the
>>recovery build is pre SP2 and SP2 had been loaded on the system before
>>it failed.
>
>
> What if the recovery build has SP2 slipstreamed in?
If the recovery was built with SP2, it works. But I have not "seen" one
work successfully otherwise if one rolls back past SP2 application date.
It may be possible, I have only seen failure after the fact (some of
the folks were sophisticated users) and ff I am rolling back I am
re-imaging the system and never rollback that far. I am usually called
in after the user has a system failure. It might be possible, I just
have never seen it work in practice. Someone else's mileage may vary,
objects are closer than they appear.
Jim Nugent wrote:
> "Winged" <Winged@nofollow.com> wrote in message
> news:d5326$42f17d39$18d6d91e$6271@KNOLOGY.NET...
>
>
>>If the initial writer has the original build on the system that he is
>>attempting to do a partial restore, it will fail miserably if the
>>recovery build is pre SP2 and SP2 had been loaded on the system before
>>it failed.
>
>
> What if the recovery build has SP2 slipstreamed in?
If the recovery was built with SP2, it works. But I have not "seen" one
work successfully otherwise if one rolls back past SP2 application date.
It may be possible, I have only seen failure after the fact (some of
the folks were sophisticated users) and ff I am rolling back I am
re-imaging the system and never rollback that far. I am usually called
in after the user has a system failure. It might be possible, I just
have never seen it work in practice. Someone else's mileage may vary,
objects are closer than they appear.
> Jim Nugent wrote:
>> "Winged" <Winged@nofollow.com> wrote in message
>> news:d5326$42f17d39$18d6d91e$6271@KNOLOGY.NET...
>>
>>
>> > If the initial writer has the original build on the system that he is
>> > attempting to do a partial restore, it will fail miserably if the
>> > recovery build is pre SP2 and SP2 had been loaded on the system before
>> > it failed.
In my latest case, I was trying to recover a system that had been updated
to W2K SP4 using the W2K SP2 install disk. This process did not lead to a
bootable system. Re-installation was the only recourse.
Earlier, I had recovered NT4 SP6a systems using older NT4 disks and I
assume the same security concern arises.
However, the success or failure of the recovery is not really the issue,
rather, that there is a glaring hole in MS' security through the use of
the recovery procedure. I was just trying to establish if I had overlooked
something.
Windows security after recovery? 
Linear Mode
