Antivirus

Michael "TheZorch" Haney thezorch at gmail.com
Tue Jun 17 16:16:27 UTC 2008


Bart Silverstrim wrote:
> I've seen people claim they don't need it for Windows, but there's just 
> too many cases where just web browsing with your user privileges under 
> Windows architecture can cause problems. Maybe the way Vista annoys 
> users for every damn action short of sneezing requires you to click 
> through it the situation's different, but I don't trust it. 
> Unfortunately there's a number of Windows programs that can't deal with 
> the security settings, so if you don't want to deal with hassle you end 
> up running in a less secure state and so...it's a pain.
UAC is cruel and unusual punishment for Vista users.  I've never seen an 
OS like it which so thoroughly ticks off users than Windows Vista.  I 
found a workaround to get programs to starts which UAC usually throws a 
fit over.  Rocket Dock, from the makers of Window Blinds, is one of 
these programs.  Basically its a Mac OS X Dock for Windows, I use it 
when I'm running XP on my desktop and Vista on my laptop.  I won't go 
into the gory details of how I was able to get it to start at start up 
without having to approve it every time.  If I do anything on the web in 
Windows I always use Firefox, which doesn't use Active X which is the #1 
vulnerability of Internet Explorer among many others.

This next story will likely scare the hell out of some people, well the 
computer novices at least.  I was working on someone's computer one 
day.  They're XP installation brew up and nothing was working right.  I 
have no idea how they messed it up the way they did but they did.  I ran 
several tools to see if they had malware and viruses and sure enough 
they did.  This person already had their data backed up so I reinstalled 
XP wiping the disk and partition while I was at it.  After reinstalling 
the OS I configured their PPP dial up connection and connected online to 
get a copy of Zone Alarm for them and Avast 4 Home Edition anti-virus 
software.  Almost immediately after signing in to their ISP I noticed 
something was off.  The computer was strangely slow, there was a lot of 
activity on the drive.  I checked Task Manager and I saw that FTP.exe 
was running.  I though to myself "what the frack?!"  There was no 
command prompt window open yet FTP.exe a command prompt application was 
running.  Well, I did ALT+TAB and sure enough a "hidden" command prompt 
window came to the desktop.  There was no text in the window, just a 
blank screen with a blinking _ cursor in the upper left-hand corner of 
the window.  I waited since this was a fresh install and watched what it 
was doing.  When the program ended and the window closed there was more 
hard drive activity.  After about an hour of this I scanned the machine 
with malware and virus tools and found a bunch of stuff installed, 
Trojan Horses, worms, viruses ... you name it.  Needless to say I 
repartitioned the drive and reinstalled XP yet again.  I went to my 
place and a copy of Zone Alarm which I had on my drive and brought it 
back to the machine I was working on.  After XP was reinstalled I put on 
Zone Alarm first then configured the dial up connection and went 
online.  Sure enough Zone Alarm started blocking incoming High Risk 
connections.  After doing some research I discovered how this was being 
done.  A worm on a machine which was a part of a Botnet used a 
vulnerability in Windows XP to inject code into the Windows Scripting 
Host via the port normally used for Win32 Processes.  So having no 
security features whatsoever the Windows Scripting Host happily did what 
it was told to do which was open an FTP connection and download a Trojan 
Horse Downloader which would transform that machine into a Zombie, a 
part of a large Botnet.  Please note that the Windows Firewall had been 
active when this happened.

In the end Zone Alarm and Avast were installed on that machine and its 
been infection free ever since then.  I've never had to use anti-virus 
software for Linux during the time I've used the OS.  I know there is 
anti-virus software for Linux in the form of Clamwin Anti-Virus but how 
many Linux viruses and Trojans are there out there compared to viruses, 
worms and Trojan Horses for Windows?  Probably only about as many as 
there are for Mac OS X which is pretty small list.

-- 
Michael "TheZorch" Haney
thezorch at gmail.com
http://thezorch.googlepages.com/home
AIM: thezorch at gmail.com
Yahoo IM: zorchhaney
ICQ: 343230252
GoogleTalk: thezorch
Skype Name: thezorch
MSN Messeger: haneymichael at hotmail.com:





More information about the ubuntu-users mailing list