- Joined
- Jul 26, 2005
- Messages
- 47
- Reaction score
- 0
This post is a bit lengthy and I already assume 50% of you havn't gotten to this word 'here', in the very first sentence, before clicking back. BUT! There is hope. The real 'content' of this entire post is a section called "How-to Evolve into a Gimp-Surfer" . CTRL+F and search for that string if you'd rather not read the bulk of what is below 
A brief intro to Gimp surfing (How-To negate almost all hostile internet attacks and remain God):
Well, I've lost the write-up I created for muckshifter, which was some-what a response to his recent article, entitled "Protecting yourself against Adware and Spyware"
(located here)
https://www.pcreview.co.uk/articles/Windows/Protection_against_Adware_and_Spyware/
But, this theory is so important to me, that I'll re-create it a 3rd time (yep, I had written 3/4ths a novel to Muck and as my finger passed over the ESC key, reaching for my smokes, my lifes work, well.. at least the last 2 1/2 hours of it, was lost here
- Just what is this... "Gimp Surfing"
Gimp Surfing is just a name that I've given to the Windows verion of a method that's long been used in the Unix/Linux scene, but was not made readily available to windows users until recently. I'm a proud Gimp surfer, and I hope, after this write-up, you will be too
The Issue:
Since the dawn of Windows logon and security, not one person has ever wanted anything less then quick admin access to their own PC. But the way that Microsoft approached security is almost bass-ackwards, when looked at by the logical eye. All the software companies out there only add fuel to the fire, both by infecting you, and charging you to remove such infections (only to re-infect you once more). This isn't some big scheme to undo you and only you. It's just a big scam to keep creating 'new , wonderful technology' that is hard to keep up with.
That aside, lets continue
The Theory:
So we all want to be Gods (admins) of our own machines, but each time you run a program, you're running it with an admin account. If that program has *ANY* way to communicate with the outside world (in or out, server or client), then it will eventually get hacked. Such things as Torrent Clients, Web Browsers, Mail Clients, and even game clients/servers are just a *few* of the things we all run as admins. This is why people have started getting software firewalls, and active virus scanners. Because they don't feel safe, leaving their PC running for 2+ weeks, while they're away on vacation.
All these scanners would be great if...
- They didn't take so many resources
- They didn't conflict with eachother
- They didn't remove programs which are Flag Ships to their own company...
(http://www.bbspot.com/News/2005/01/microsoft_antispyware.html)
- They didn't act like nannys cleaning up after a bunch of 3 year olds... and acted more like teachers and advisors.
So the age-old theory on a unix box, to solve this very issue, was to launch servers/clients, using a separate set of credentials. This makes perfect sense! Let's look at 2 different examples:
Example 1:
On a unix machine, I decide to create a web server. This will open up port 80 "to the world" (as I'll naturally use the default HTTP port). All a web server does, is 'deliver' requested data to a client of some sort. If you've ever used the telnet application, you might know that you can actually connect and interact with nearly *any* server type program, reguardless the port it's on. (i.e. telnet www.google.com 80). This means that things other then your average web client (like IE or firefox) will be accessing my gaping hole to internet land. If someone can successfully connect and send something to my server that will cause an over-flow (something that shouldn't happen, but is a result of humans trying to code), then that person now has an Administrator account shell, to my system.
Hmph.. That is, unless I run the web server application using a different user, that only has specific access to the files/locations it *needs* to function. If I were to create such a gimp user and someone did gain shell access, they'd be severely gimped themselves. Yeah, they can compromise my web server now, but at least they can't take me out where it hurts. I could even go as far as creating separate users for each 'server' I run, i.e. Gimp_FTP, Gimp_WWW, but usually, admins will group several applications into a logical 'group' and use 1 username for that group.
Example 2:
Ok, so we all now know that 'servers' are easily hacked, simply because they do all but call you on your home phone, asking to be hacked, what with their static IP's and 'standard' port numbers (not to mention the fact that most server apps broadcast their software name/version upon connection). But what about the clients? I mean, it can't be as bad, can it? As you've seen with all the recent explosions of spyware/adware, it can actually be worse. This example details my revelation, or shall I say, transfer of knowledge in "Gimp Surfing".
I have a job that takes me away from my house 8-10 hours a day and a girlfriend that loves those damn IQ tests. When she first started using my PC, I'd come home just waiting to see what new game, err, spyware she'd managed to come across that day. You see, I'm a Network Manager, so I actually like seeing the style (or lack there of) that these spyware/adware creators have obtained. It did, however, impose on my usual Everquest time and the active scanners I would run when I left weren't doing the trick. Eventually, something would get in and I'd have to jump in and take it out.
The OS that I run today, is actually a living, breating, entity itself. It has been upgraded from Win 3.1 > 95 > 98 > 98SE > 2000 > XP. In all that time, I've never had to re-install and each new PC I get, inherits this being as it's new OS. With the type of spyware out there these days, it was becoming obviously apparant that I'd have to divise a way to save one of my oldest friends (yes, I mean the OS
I've often heard the suggestion that we should just create a gimp account, and use *that* account "as much as possible". But we all know that's nothing more then a hinderance. 2 profiles and would have to logoff/logon to install software or minor updates? ha!
RunAs - Not 'just' a Network Junkies Tool:
If you drop out to a DOS shell and type runas (2k/XP), You'll see some output as to the use of this extremely useful tool. It was mostly created so that a network admin could sit down at a real gimp's PC, and preform admin functions without having to logoff, or interrupt the PC in any major way, also functioning as a remote admin gateway. It's real usefulness, however, is the exact opposite of that. It can be used to run local programs, as a gimp user.
A brief intro to Gimp surfing (How-To negate almost all hostile internet attacks and remain God):
Well, I've lost the write-up I created for muckshifter, which was some-what a response to his recent article, entitled "Protecting yourself against Adware and Spyware"
(located here)
https://www.pcreview.co.uk/articles/Windows/Protection_against_Adware_and_Spyware/
But, this theory is so important to me, that I'll re-create it a 3rd time (yep, I had written 3/4ths a novel to Muck and as my finger passed over the ESC key, reaching for my smokes, my lifes work, well.. at least the last 2 1/2 hours of it, was lost here
- Just what is this... "Gimp Surfing"
Gimp Surfing is just a name that I've given to the Windows verion of a method that's long been used in the Unix/Linux scene, but was not made readily available to windows users until recently. I'm a proud Gimp surfer, and I hope, after this write-up, you will be too
The Issue:
Since the dawn of Windows logon and security, not one person has ever wanted anything less then quick admin access to their own PC. But the way that Microsoft approached security is almost bass-ackwards, when looked at by the logical eye. All the software companies out there only add fuel to the fire, both by infecting you, and charging you to remove such infections (only to re-infect you once more). This isn't some big scheme to undo you and only you. It's just a big scam to keep creating 'new , wonderful technology' that is hard to keep up with.
That aside, lets continue
The Theory:
So we all want to be Gods (admins) of our own machines, but each time you run a program, you're running it with an admin account. If that program has *ANY* way to communicate with the outside world (in or out, server or client), then it will eventually get hacked. Such things as Torrent Clients, Web Browsers, Mail Clients, and even game clients/servers are just a *few* of the things we all run as admins. This is why people have started getting software firewalls, and active virus scanners. Because they don't feel safe, leaving their PC running for 2+ weeks, while they're away on vacation.
All these scanners would be great if...
- They didn't take so many resources
- They didn't conflict with eachother
- They didn't remove programs which are Flag Ships to their own company...
(http://www.bbspot.com/News/2005/01/microsoft_antispyware.html)
- They didn't act like nannys cleaning up after a bunch of 3 year olds... and acted more like teachers and advisors.
So the age-old theory on a unix box, to solve this very issue, was to launch servers/clients, using a separate set of credentials. This makes perfect sense! Let's look at 2 different examples:
Example 1:
On a unix machine, I decide to create a web server. This will open up port 80 "to the world" (as I'll naturally use the default HTTP port). All a web server does, is 'deliver' requested data to a client of some sort. If you've ever used the telnet application, you might know that you can actually connect and interact with nearly *any* server type program, reguardless the port it's on. (i.e. telnet www.google.com 80). This means that things other then your average web client (like IE or firefox) will be accessing my gaping hole to internet land. If someone can successfully connect and send something to my server that will cause an over-flow (something that shouldn't happen, but is a result of humans trying to code), then that person now has an Administrator account shell, to my system.
Hmph.. That is, unless I run the web server application using a different user, that only has specific access to the files/locations it *needs* to function. If I were to create such a gimp user and someone did gain shell access, they'd be severely gimped themselves. Yeah, they can compromise my web server now, but at least they can't take me out where it hurts. I could even go as far as creating separate users for each 'server' I run, i.e. Gimp_FTP, Gimp_WWW, but usually, admins will group several applications into a logical 'group' and use 1 username for that group.
Example 2:
Ok, so we all now know that 'servers' are easily hacked, simply because they do all but call you on your home phone, asking to be hacked, what with their static IP's and 'standard' port numbers (not to mention the fact that most server apps broadcast their software name/version upon connection). But what about the clients? I mean, it can't be as bad, can it? As you've seen with all the recent explosions of spyware/adware, it can actually be worse. This example details my revelation, or shall I say, transfer of knowledge in "Gimp Surfing".
I have a job that takes me away from my house 8-10 hours a day and a girlfriend that loves those damn IQ tests. When she first started using my PC, I'd come home just waiting to see what new game, err, spyware she'd managed to come across that day. You see, I'm a Network Manager, so I actually like seeing the style (or lack there of) that these spyware/adware creators have obtained. It did, however, impose on my usual Everquest time and the active scanners I would run when I left weren't doing the trick. Eventually, something would get in and I'd have to jump in and take it out.
The OS that I run today, is actually a living, breating, entity itself. It has been upgraded from Win 3.1 > 95 > 98 > 98SE > 2000 > XP. In all that time, I've never had to re-install and each new PC I get, inherits this being as it's new OS. With the type of spyware out there these days, it was becoming obviously apparant that I'd have to divise a way to save one of my oldest friends (yes, I mean the OS
I've often heard the suggestion that we should just create a gimp account, and use *that* account "as much as possible". But we all know that's nothing more then a hinderance. 2 profiles and would have to logoff/logon to install software or minor updates? ha!
RunAs - Not 'just' a Network Junkies Tool:
If you drop out to a DOS shell and type runas (2k/XP), You'll see some output as to the use of this extremely useful tool. It was mostly created so that a network admin could sit down at a real gimp's PC, and preform admin functions without having to logoff, or interrupt the PC in any major way, also functioning as a remote admin gateway. It's real usefulness, however, is the exact opposite of that. It can be used to run local programs, as a gimp user.
Last edited: