samba - Oct 2017 - XP auto enrollment error; TEMP profile

On 09/30/2017 12:58 AM, Rowland Penny via samba wrote:
> I understand that you have to use XP, but you don't have to use NTLM,
> haven't you heard of 'wanacry' ?
> Go here and read it:http://www.imss.caltech.edu/node/396
WannaCry did not infect XP or for that matter, Windows Nein,
oops, Ten.  Doesn't mean it couldn't if altered to do so:

      Reference: 
https://www.computerworld.com/article/3196673/malware/faq-are-you-in-danger-from-the-wannacrypt-ransomware.html

      Why didn’t WannaCry infect Windows XP or 10 computers?

      Because the responsible for Friday’s attacks used code
      from several sources, and researchers have determined
      that the code used didn't include functions for Windows
      XP or Windows 10. (Britain’s National Health Service
      has said its WinXP PCs were not infected by WannaCry,
      despite initial reports that they were.)

M$ has since issued patches for XP.

M$'s patches/updates can be miserable and cause all kinds
of havoc.  It is a judgment call on when and how to install
M$'s patches/updates.  It is best to make sure you have a good 
anti-virus updated and running.  Your AV is where most
of your protection comes from, not M$ with its miserable
track record for security.  And use a "real" firewall.

This patch is a good.

Am 02.10.2017 um 06:35 schrieb ToddAndMargo via samba:
> M$'s patches/updates can be miserable and cause all kinds
> of havoc.  It is a judgment call on when and how to install
> M$'s patches/updates.  It is best to make sure you have a good 
> anti-virus updated and running.  Your AV is where most
> of your protection comes from, not M$ with its miserable
> track record for security.  And use a "real" firewall
sorry, but everybody in the security business when he is not developer 
of snakeoil aka anti-virus will tell you the exactly opposite

there is nothing like a "good anti-virus" which will protect you from
new treats, new incarnations slip through signatures before new signatures are
published and nothing to protect you from targeted attacks

also i wouldn't make a bet that windows XP has the highest priority in
testing and composing new signatures

sorry but to say it clear: to think a anti-virus can replace a solid operating
system is a naive and dangerous attitude

with some luck malware was not tested on XP and won't run by luck because of
the too small usrbase these days but when that is your security strategy you
better install win98 because XP is not old enough and too similar to win7

On 10/01/2017 10:03 PM, Reindl Harald (mobile) via samba
wrote:
> 
> Am 02.10.2017 um 06:35 schrieb ToddAndMargo via samba:
>> M$'s patches/updates can be miserable and cause all kinds
>> of havoc.  It is a judgment call on when and how to install
>> M$'s patches/updates.  It is best to make sure you have a good
>> anti-virus updated and running.  Your AV is where most
>> of your protection comes from, not M$ with its miserable
>> track record for security.  And use a "real" firewall
> 
> sorry, but everybody in the security business when he is not developer
> of snakeoil aka anti-virus will tell you the exactly opposite
Hi Reindl,

And those in the business of hawking FUD (Fear Uncertainty
and Doubt).  The more knowledgeable sources actually have
discussion on the particulars.
> there is nothing like a "good anti-virus" which will protect you
from new treats, new incarnations slip through signatures before new signatures
are published and nothing to protect you from targeted attacks
> 
Absolutely true.  Nothing can protect you from a zero day attack.
With the best anti viruses you are one hour away from protection.
With the worst, you are up to a week.  Av-comparatives is a good
place to research such.
> also i wouldn't make a bet that windows XP has the highest priority in
testing and composing new signatures
> 
If they are supporting XP, it is all the same process.  No difference.
> sorry but to say it clear: to think a anti-virus can replace a solid
operating system is a naive and dangerous attitude
> 
Uhhh,   Why do you not look at infections rates instead of
marketing FUD.  WannaCry did not even touch XP.

Not looking at this from an infection rate standpoint and,
instead, believing what the marketing weasels at M$ tell
you is far more dangerous in my technical opinion.
> with some luck malware was not tested on XP and won't run by luck
because of the too small usrbase these days but when that is your security
strategy you better install win98 because XP is not old enough and too similar
to win7
> 
Security through obscurity.  Also bear in mind that M$ makes it
easy for the bad guys (WannaCry for example).

That XP is so insecure is a lot of FUD.  Again, look at the
infection rates if you want to know what that truth is and
not marketing FUD.

Here is a good (older) article:

https://www.csoonline.com/article/2128503/data-protection/windows-7-malware-infection-rate-climbs--xp-s-falls.html

If security is your issue, start by not using Windows.

-T