file sharing

If I set the entire drive as shared, do I have to do the
individual folders?
(Home network)

On Sat, 12 Jun 2004 21:59:46 -0700, "barb"
wrote:

If I set the entire drive as shared, do I have to do the
individual folders?
(Home network)

Not familiar with Home Network but if you select C:\ it should do
everything on that drive. Test it after sharing it by right clicking
and checking some sub folders.

Regards,

Bill Watt
Computer Help and Information http://home.epix.net/~bwatt/

No. Subfolders of the shared folder (eg, the root folder) are shared
automatically.
--
Jeff Richards
MS MVP (DTS)
"barb" wrote in message
...
If I set the entire drive as shared, do I have to do the
individual folders?
(Home network)

On Sat, 12 Jun 2004 21:59:46 -0700, "barb"

If I set the entire drive as shared, do I have to do the
individual folders?
(Home network)

DO NOT full-share the whole drive !!!

When you share a directory ("folder"), everything within that
directory is shared in the same way. It's not necessary to explicitly
share anything within a directory that is already shared, unless the
parent is read-shared and you want something within that subtree to be
full-shared ("read-shared" means can be read but not changed,
"full-shared" means can be changed, deleted, new things created).

If you full-share the whole C: drive, you expose several places where
malware can drop itself so as to be launched automatically when the
system is booted up; for some examples...
- C:\Autoexec.bat
- C:\Windows\Win.ini
- C:\Windows\System.ini
- C:\Windows\Wininit.ini
- C:\Windows\WinStart.bat
- C:\Windows\Start Menu\Programs\StartUp
- C:\Windows\AllUsers\Start Menu\Programs\StartUp
- C:\Windows\Profiles\etc...
- C:\Documents and Settings\Usename\..\StartUp (XP)

Many malware hop across PCs on a LAN via the above exposure,
especially when the share is called "C".

If you are really dumb, you'd leave File and Print Sharing bound to
TCP/IP on your Internet connection, thus allowing any infected
computer anywhere on the Internet to attack you directly. An example
of a malware that does this is OpaServ, some variants of which can
overwrite your entire hard drive with trash.

So the general advice is:
- do NOT bind File and Print Sharing to the Internet connection
- share as little as possible
- read-share unless you really need to full-share

Unfortunately, XP lacks this basic clue - by design, it full-shares
the whole of all hard drive volumes via hidden admin shares. Duuuumb.



-------------------- ----- ---- --- -- - - - -
Tip Of The Day:
To disable the 'Tip of the Day' feature...
-------------------- ----- ---- --- -- - - - -

How do you disable full file sharing in XP? I do not want my computer to
share and it will soon be dual-boot with 98SE and XP Professional.

"cquirke (MVP Win9x)" wrote in message
...
On Sat, 12 Jun 2004 21:59:46 -0700, "barb"

If I set the entire drive as shared, do I have to do the
individual folders?
(Home network)

DO NOT full-share the whole drive !!!

When you share a directory ("folder"), everything within that
directory is shared in the same way. It's not necessary to explicitly
share anything within a directory that is already shared, unless the
parent is read-shared and you want something within that subtree to be
full-shared ("read-shared" means can be read but not changed,
"full-shared" means can be changed, deleted, new things created).

If you full-share the whole C: drive, you expose several places where
malware can drop itself so as to be launched automatically when the
system is booted up; for some examples...
- C:\Autoexec.bat
- C:\Windows\Win.ini
- C:\Windows\System.ini
- C:\Windows\Wininit.ini
- C:\Windows\WinStart.bat
- C:\Windows\Start Menu\Programs\StartUp
- C:\Windows\AllUsers\Start Menu\Programs\StartUp
- C:\Windows\Profiles\etc...
- C:\Documents and Settings\Usename\..\StartUp (XP)

Many malware hop across PCs on a LAN via the above exposure,
especially when the share is called "C".

If you are really dumb, you'd leave File and Print Sharing bound to
TCP/IP on your Internet connection, thus allowing any infected
computer anywhere on the Internet to attack you directly. An example
of a malware that does this is OpaServ, some variants of which can
overwrite your entire hard drive with trash.

So the general advice is:
- do NOT bind File and Print Sharing to the Internet connection
- share as little as possible
- read-share unless you really need to full-share

Unfortunately, XP lacks this basic clue - by design, it full-shares
the whole of all hard drive volumes via hidden admin shares. Duuuumb.



-------------------- ----- ---- --- -- - - - -
Tip Of The Day:
To disable the 'Tip of the Day' feature...
-------------------- ----- ---- --- -- - - - -

Some information here.
How To Enable or Disable Simple File Sharing in Windows XP
http://compnetworking.about.com/cs/w...t/winxpsfs.htm
Disable unprotected File Sharing on Windows XP Home
http://www.wellesley.edu/Computing/F...winxphome.html
How to set up File Sharing in Windows XP Pro
http://www.wellesley.edu/Computing/F...acstaffxp.html

Regards,

Bill Watt
Computer Help and Information http://home.epix.net/~bwatt/
__________________________________________________

On Sun, 13 Jun 2004 17:46:03 -0700, "ArtWilder"
wrote:

How do you disable full file sharing in XP? I do not want my computer to
share and it will soon be dual-boot with 98SE and XP Professional.

"cquirke (MVP Win9x)" wrote in message
.. .
On Sat, 12 Jun 2004 21:59:46 -0700, "barb"

If I set the entire drive as shared, do I have to do the
individual folders?
(Home network)

DO NOT full-share the whole drive !!!

When you share a directory ("folder"), everything within that
directory is shared in the same way. It's not necessary to explicitly
share anything within a directory that is already shared, unless the
parent is read-shared and you want something within that subtree to be
full-shared ("read-shared" means can be read but not changed,
"full-shared" means can be changed, deleted, new things created).

If you full-share the whole C: drive, you expose several places where
malware can drop itself so as to be launched automatically when the
system is booted up; for some examples...
- C:\Autoexec.bat
- C:\Windows\Win.ini
- C:\Windows\System.ini
- C:\Windows\Wininit.ini
- C:\Windows\WinStart.bat
- C:\Windows\Start Menu\Programs\StartUp
- C:\Windows\AllUsers\Start Menu\Programs\StartUp
- C:\Windows\Profiles\etc...
- C:\Documents and Settings\Usename\..\StartUp (XP)

Many malware hop across PCs on a LAN via the above exposure,
especially when the share is called "C".

If you are really dumb, you'd leave File and Print Sharing bound to
TCP/IP on your Internet connection, thus allowing any infected
computer anywhere on the Internet to attack you directly. An example
of a malware that does this is OpaServ, some variants of which can
overwrite your entire hard drive with trash.

So the general advice is:
- do NOT bind File and Print Sharing to the Internet connection
- share as little as possible
- read-share unless you really need to full-share

Unfortunately, XP lacks this basic clue - by design, it full-shares
the whole of all hard drive volumes via hidden admin shares. Duuuumb.



-------------------- ----- ---- --- -- - - - -
Tip Of The Day:
To disable the 'Tip of the Day' feature...
-------------------- ----- ---- --- -- - - - -

Thanks, Bill. I appreciate the information.

"Bill Watt" wrote in message
...

Some information here.
How To Enable or Disable Simple File Sharing in Windows XP
http://compnetworking.about.com/cs/w...t/winxpsfs.htm
Disable unprotected File Sharing on Windows XP Home
http://www.wellesley.edu/Computing/F...winxphome.html
How to set up File Sharing in Windows XP Pro
http://www.wellesley.edu/Computing/F...acstaffxp.html

Regards,

Bill Watt
Computer Help and Information http://home.epix.net/~bwatt/
__________________________________________________

On Sun, 13 Jun 2004 17:46:03 -0700, "ArtWilder"
wrote:

How do you disable full file sharing in XP? I do not want my computer to
share and it will soon be dual-boot with 98SE and XP Professional.

"cquirke (MVP Win9x)" wrote in message
.. .
On Sat, 12 Jun 2004 21:59:46 -0700, "barb"

If I set the entire drive as shared, do I have to do the
individual folders?
(Home network)

DO NOT full-share the whole drive !!!

When you share a directory ("folder"), everything within that
directory is shared in the same way. It's not necessary to explicitly
share anything within a directory that is already shared, unless the
parent is read-shared and you want something within that subtree to be
full-shared ("read-shared" means can be read but not changed,
"full-shared" means can be changed, deleted, new things created).

If you full-share the whole C: drive, you expose several places where
malware can drop itself so as to be launched automatically when the
system is booted up; for some examples...
- C:\Autoexec.bat
- C:\Windows\Win.ini
- C:\Windows\System.ini
- C:\Windows\Wininit.ini
- C:\Windows\WinStart.bat
- C:\Windows\Start Menu\Programs\StartUp
- C:\Windows\AllUsers\Start Menu\Programs\StartUp
- C:\Windows\Profiles\etc...
- C:\Documents and Settings\Usename\..\StartUp (XP)

Many malware hop across PCs on a LAN via the above exposure,
especially when the share is called "C".

If you are really dumb, you'd leave File and Print Sharing bound to
TCP/IP on your Internet connection, thus allowing any infected
computer anywhere on the Internet to attack you directly. An example
of a malware that does this is OpaServ, some variants of which can
overwrite your entire hard drive with trash.

So the general advice is:
- do NOT bind File and Print Sharing to the Internet connection
- share as little as possible
- read-share unless you really need to full-share

Unfortunately, XP lacks this basic clue - by design, it full-shares
the whole of all hard drive volumes via hidden admin shares. Duuuumb.



-------------------- ----- ---- --- -- - - - -
Tip Of The Day:
To disable the 'Tip of the Day' feature...
-------------------- ----- ---- --- -- - - - -

On Sun, 13 Jun 2004 17:46:03 -0700, "ArtWilder"

How do you disable full file sharing in XP? I do not want my computer to
share and it will soon be dual-boot with 98SE and XP Professional.

It's not that you need to disable full sharing, system-wide.


1) Be selective about what you bind File and Print Sharing (F&PS) to

Most systems using Dial-Up Networking will have two network adapters;
one beither the LAN card that communicates with the other PCs on the
LAN, and the other being the "Dial Up Adapter" that communicates with
the ISDN or modem that connects to the Internet.

These two network "adapters" should be treated differently.

On the LAN card to your other PCs, you'd have the firewall off and
you'd bind F&PS, to facilitate your LAN.

On the Dial Up Adapter, you'd keep F&PS *OFF* and you'd turn on the
firewall to protect the system from Internet attacks.


Things are trickier where you use one Internet connection point from
other PCs on the LAN, because now each of those PCs is using the same
network adapter to access both LAN (where you want F&PS) and the
Internet (where you DO NOT want F&PS, and want the firewall).

If you use a router, then that gives some protection by hiding the IP
addresses of your LAN's PCs from the Internet (the addresses these PCs
will use are not accessible from the 'net).

But if you use Internet Connection Sharing (ICS), your risk is higher,
because you have an infectable PC doing the "routing". If the PC
that's connected to the Internet is attacked and infected, it will
then attack or infect the PCs on your LAN because it can "see" their
private IP addresses. They can't firewall against you, and are
exposed because F&PS is accessible to the infected ICS host.

This is why combining an ADSL USB "modem" with ICS is a Very Bad Idea.
I think even Telkom has enough clue to suggest using a router instead.


2) be selective on what and how you share

F&PS is a service, but what is actually shared is up to you when you
set particular drives or folders as shared. If you share nothing at
all, then there should be no risk exposure; sometimes that is
appropriate, e.g. where you only want to share printers.

Otherwise the best idea is to share as little as possible, e.g. a
single non-system subtree through which files can be exchanged. You
know that location is shared, so you know anything unexpectedly found
there is suspect, in that it could have been dropped by an infected PC
on your LAN. That makes it a lot easier to manage.

When you share a directory, you can choose to do so as full access or
read-only access. Where possible, prefer read-only.

For example, let's say you want to impliment a holographic data backup
and storage model. You set up a Task on each PC to archive the data
set and store that archive in a particular location. The next Task
would then transfer these backup archives between PCs on the LAN, so
that as long as *one* PC survives, you'd have backups from all PCs.

You could full-share a location and "push" your backups from other PCs
to that location. But if you did, a hunter-killer payload running on
any PC on the LAN would be able to find and destroy your backups.

Better is to read-share the location holding the backups, and "pull"
your backups from these to each PC. Because the sharing is read-only,
a hunter-killer payload running on one PC would be able to find and
destroy backups on that PC only - much safer!


3) Re-consider Microsoft's duhfault shares

By default, Microsoft full-shares *all* HD volumes in their entirety,
using hidden but *known* share names!

This flies in the face of the clue discussed above. It's like having
an "ignite petrol tank" button next to the petrol cap, and saying
that's OK because you rubbed the label off the button so that no-one
would know which button to press to blow up the car.

I suggest you find and apply the steps needed to disable these
wretched "admin shares" as standard practice.



-------------------- ----- ---- --- -- - - - -
No, perfection is not an entrance requirement.
We'll settle for integrity and humility
-------------------- ----- ---- --- -- - - - -