Antivirus
Michael "TheZorch" Haney
thezorch at gmail.com
Tue Jun 17 16:16:27 UTC 2008
Bart Silverstrim wrote:
> I've seen people claim they don't need it for Windows, but there's just
> too many cases where just web browsing with your user privileges under
> Windows architecture can cause problems. Maybe the way Vista annoys
> users for every damn action short of sneezing requires you to click
> through it the situation's different, but I don't trust it.
> Unfortunately there's a number of Windows programs that can't deal with
> the security settings, so if you don't want to deal with hassle you end
> up running in a less secure state and so...it's a pain.
UAC is cruel and unusual punishment for Vista users. I've never seen an
OS like it which so thoroughly ticks off users than Windows Vista. I
found a workaround to get programs to starts which UAC usually throws a
fit over. Rocket Dock, from the makers of Window Blinds, is one of
these programs. Basically its a Mac OS X Dock for Windows, I use it
when I'm running XP on my desktop and Vista on my laptop. I won't go
into the gory details of how I was able to get it to start at start up
without having to approve it every time. If I do anything on the web in
Windows I always use Firefox, which doesn't use Active X which is the #1
vulnerability of Internet Explorer among many others.
This next story will likely scare the hell out of some people, well the
computer novices at least. I was working on someone's computer one
day. They're XP installation brew up and nothing was working right. I
have no idea how they messed it up the way they did but they did. I ran
several tools to see if they had malware and viruses and sure enough
they did. This person already had their data backed up so I reinstalled
XP wiping the disk and partition while I was at it. After reinstalling
the OS I configured their PPP dial up connection and connected online to
get a copy of Zone Alarm for them and Avast 4 Home Edition anti-virus
software. Almost immediately after signing in to their ISP I noticed
something was off. The computer was strangely slow, there was a lot of
activity on the drive. I checked Task Manager and I saw that FTP.exe
was running. I though to myself "what the frack?!" There was no
command prompt window open yet FTP.exe a command prompt application was
running. Well, I did ALT+TAB and sure enough a "hidden" command prompt
window came to the desktop. There was no text in the window, just a
blank screen with a blinking _ cursor in the upper left-hand corner of
the window. I waited since this was a fresh install and watched what it
was doing. When the program ended and the window closed there was more
hard drive activity. After about an hour of this I scanned the machine
with malware and virus tools and found a bunch of stuff installed,
Trojan Horses, worms, viruses ... you name it. Needless to say I
repartitioned the drive and reinstalled XP yet again. I went to my
place and a copy of Zone Alarm which I had on my drive and brought it
back to the machine I was working on. After XP was reinstalled I put on
Zone Alarm first then configured the dial up connection and went
online. Sure enough Zone Alarm started blocking incoming High Risk
connections. After doing some research I discovered how this was being
done. A worm on a machine which was a part of a Botnet used a
vulnerability in Windows XP to inject code into the Windows Scripting
Host via the port normally used for Win32 Processes. So having no
security features whatsoever the Windows Scripting Host happily did what
it was told to do which was open an FTP connection and download a Trojan
Horse Downloader which would transform that machine into a Zombie, a
part of a large Botnet. Please note that the Windows Firewall had been
active when this happened.
In the end Zone Alarm and Avast were installed on that machine and its
been infection free ever since then. I've never had to use anti-virus
software for Linux during the time I've used the OS. I know there is
anti-virus software for Linux in the form of Clamwin Anti-Virus but how
many Linux viruses and Trojans are there out there compared to viruses,
worms and Trojan Horses for Windows? Probably only about as many as
there are for Mac OS X which is pretty small list.
--
Michael "TheZorch" Haney
thezorch at gmail.com
http://thezorch.googlepages.com/home
AIM: thezorch at gmail.com
Yahoo IM: zorchhaney
ICQ: 343230252
GoogleTalk: thezorch
Skype Name: thezorch
MSN Messeger: haneymichael at hotmail.com:
More information about the ubuntu-users
mailing list