Written April 2007
by Cliff Feldwick
So, how often do hackers attack a computer connected to the Internet? Yep, that’s the answer. An article in the University of Maryland Terp magazine noted what happened when a professor in their engineering department connected four Linex computers to a low-security connection to the Internet and recorded the results. To quote: “Our data produced quantifiable evidence that attacks are happening all the time to computers with Internet access” – yes folks, we’re shocked and amazed – and “Overwhelmingly, attacks came from relatively unsophisticated hackers using ‘dictionary scripts’, software that runs through lists of common user names and passwords attempting to break into a computer.” For Linex machines, the most common guess was “root”, followed by “admin”. The entire list of most common: root, admin, oracle, 123, test, user, 123456, password (note – DUH), guest, administrator (DUH, again), 12345, passwd, info, 1234, and test. He also noted that a common pattern was to use the user name with 123 added as the password – not advised. So for heavens sake, don’t use these, even on Windows units. And you would be amazed at the number of offices where the password is stuck to a yellow sticky-note on the side of the monitor – come on folks, why bother?
If it’s too good to be true…
Well, the hackers and crackers have been busy with Vista (the new Windows), especially with the 30 day activation period requirement; if you don’t register Vista within that time, it becomes basically numb, with enough capabilities to connect to Microsoft to register or buy a copy. Different cracks have shown up with ways to suspend the clock or otherwise negate the code. But something built in by Microsoft can (and thus undoubtedly has been) used by less scrupulous sellers to bypass the constraint.
In a bow to system administrators at large installations who would be hard pressed to get all their machines registered in 30 days, Microsoft built in a registry entry that allows you to reset this back to zero. Testing by lots of interested people revealed that this could be done up to eight times before it stopped working. Other such switches give you an extra three resets. And you just know that further investigation by these “interested parties” will someday reveal where these limitations are stored and overcome those. So, using “fixes” built in to its own operating system, you can defer registering Vista for close to a year. This is true for the more expensive business versions of Vista – it doesn’t seem to work for the Home Basic edition.
So why would you care? Because anyone familiar with these tricks can set up a new computer with a copy of Vista that will appear legitimately registered, but actually dies in a year. Attempts to register it will result in “sorry, Charlie” by Microsoft – bad numbers, used too many times already. And you’re stuck with buying a new copy.
So if you’re tempted to buy a computer with a price that couldn’t possibly include the software, but does, especially from a vendor such as a show dealer who will be gone after this weekend, better get some background. Can you get an address (and not just an e-mail)? Is it local? How many years have they been in business? And most importantly, will you get a real Windows CD – not a generic copy - with the operating system and a sticker?
So remember what I call Feldwick’s Inverse Rule: while “you get what you pay for” may not always be true, you never get what you don’t pay for.
Cliff Feldwick is president of Riverside Computer Consultants, and does troubleshooting, upgrades and networking for small companies who need an occasional guru (white robes not included). He can be reached at 410-880-0171 or at cliff@feldwick.com.