Register to post in forums, or Log in to your existing account
 

Post new topic  Reply to topic     Home » Forums » Zugg's Blog Goto page 1, 2, 3  Next
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA

PostPosted: Sat Mar 20, 2004 6:47 am   

OT RANT! (Warning: it's not pretty)
 
Well, since this was caused by Microsoft inept integration of Internet Explorer and Outlook, maybe this isn't Off Topic after all.

I need to get ZuggMail written as SOON as possible! I cannot STAND using Microsoft software ANYMORE!

Yes, if you saw the post in the General zMUD Forum you'll know that Chiara was hit with this "Bagle" email virus tonight. Because some IDIOT at Microsoft added more crap to Internet Explorer to allow it to execute objects remotely and because some other IDIOT (or maybe the same idiot) decided to integrate IE with Email without realizing how many security holes it has, we are now reformatting Chiara's disk and reinstalling Windows.

This virus is a LOT more virulent than indicated by people so far. I don't know why everyone isn't screaming about this. It didn't just delete some system files on Chiara's computer making it hard to detect or get rid of. It literally went through and trashed Windows completely. When booting from the Windows XP CDRom and trying to do a reinstall, it doesn't even detect that Windows is running at all. I had to insert our Win2000 disk just so it would let me run the upgrade CD. Then it cannot detect any version of Windows and forces a partition reformat in order to install.

So, basically, Chiara's hard disk is gone. I'm actually not reformatting it yet. I'm installing Windows XP in a new disk as a fresh installation. Then I'll mount her old disk and see if there is anything left to recover. But since "Bagle" can infect EXE files, I don't think there is much hope at this point.

So, now I have the "pleasure" of spending the next week rebuilding Chiara's computer from scratch. We already have plans to be gone tomorrow and I have other SCA work I have to get done next week, so this is a really bad time for this to happen. I don't know how long she is going to be off the air.

I HOPE that this virus attacks the computer of every member of CONGRESS. I HOPE this virus attacks as many computers within MICROSOFT as possible. I HOPE his virus causes SO MUCH DAMAGE that people in governments around the world will FINALLY realize how much of a threat these viruses are and how much MICROSOFT is to blame for it as much as anyone else. There is NO REASON why these kind of holes and backdoors should exist.

You don't see this kind of crap happening with Netscape/AOL/Mozilla. Why, because it's OPEN SOURCE. Given the timing of this virus with the legal issues currently going on between Microsoft and the European Union, I hope they finally see the truth of how Microsoft's business practices have hurt us all. We need the Windows and IE source opened up to inspection.

It's never going to happen of course. Some kids in some foriegn country are just going to laugh their a**es off at how much trouble they caused with their latest virus. I'd LOVE to see a world-wide effort made at hunting down these kind of people and making an example of them, but it's probably pointless. They are probably working from some country that has different laws where it's impossible to control anything.

I'm making a prediction though. Given the rapid advance of these viruses in just the last MONTH, things are getting totally out of control, and nobody seems to be noticing. This has the power to destroy the Internet as we know it. Governments are going to end up being forced to lock down the Internet or split it up into a more secure network in order to combat this. And it's going to end up being done as a gut-reaction to something like one of these virus threats. It's going to end up ruining everything and killing everything that is good about the Internet. All because some hacker IDIOTS thought it was fun. Or who knows...maybe they aren't some kids. Maybe the terrorists have finally gotten smart and realized how vulnerable we are with this crappy software we are all running.

Yes, I'm *really* pissed tonight. That incident back in January that messed up IE on my system is nothing compared to this. While we take great precautions with our development system and source code, we don't pay much attention to Chiara's computer. After all, it just needs to be able to answer email. So, we don't back it up very often.

And you know, this really forces you to look at your disaster recovery plans. Even though it's true that her system isn't critical, she is going to lose a lot of personal email because of this. Nothing earth-shattering, but a real pain. It's going to take me days and days to reinstall all of her software like MS Office, etc. Fortunately, we put her documents on the file server, so they should be safe. But who knows how much damage has been done.

I need to go start looking at the other systems on the network to be sure that nothing else has gotten infected. If it gets on our file server or email server, then we are in real trouble.

But right now I'm too ANGRY to even think straight. I want some BLOOD and I want it now. I'm SICK of this crap.
Reply with quote
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA

PostPosted: Sat Mar 20, 2004 7:45 am   
 
Apparently this is a new one. None of the virus companies are reporting anything like the problem we are having. This is definitely the Bagle virus. It prevented me from running SpyBot or MSCONFIG or even disabled Ctrl-Alt-Del so I couldn't run the task manager. When the computer was rebooted we got a different sort of login screen that I haven't seen before. I'm thinking it might have been a program to grab the password and send it somewhere. Then, when it logged in the first time, the hard disk light started flashing madly making the system sluggist. The FSecure site claims that it's looking through the disk for files to infect and for other email addresses. But when we rebooted and tried to reinstall Windows, it could not detect Windows on the hard disk anymore and the system no longer boots.

It looks to me like this is a new variant of Bagle that deletes or trashes files. That's a LOT more harmful than anyone is reporting.

Unfortunately, I wasn't able to install Windows to her Linux drive. I had forgotten that this drive had hardware problems in the past and when Windows tries to format the drive, it just hangs.

So, tomorrow I must go buy a new hard disk.

So, here is the NEXT problem (like I needed any more). Chiara's computer BIOS is fairly old and does not support drives larger than 32 GB. Well guess what??? I can't find anyone who sells a hard disk that small anymore!! Don't they realize that SOME OF US still use older computers! I've looked at Best Buy and Circuit City and the smallest they carry is 40GB. I know that's too big because that's the size I tried to install the last time I updated her system to Windows XP and it wouldn't work no matter what I tried (not even with the software that comes with the hard disk).

So, it looks like I'm screwed now. Unless anyone has a good idea, I'm going to end up having to order a hard disk via the Internet and have it FedExed on Monday, which is going to cost me even more time and money.

Geez, what else can go wrong tonight??
Reply with quote
Rainchild
Wizard


Joined: 10 Oct 2000
Posts: 1551
Location: Australia

PostPosted: Sat Mar 20, 2004 7:50 am   
 
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.m@mm.html ... Look under technical details if you want to see what all it does. By the looks of it, it doesn't attack remote computers on the network like those older viruses like nimda, but if you were using a mapped drive then it might have tried infecting that.

I don't think it destructively overwrites the exe's, rather trojans onto them, so it may be that you can disinfect the exe's on the old drive later on.

I'm glad I use mailwasher to sanitise my mail before loading it into outlook, because it caught a couple that were sent to me earlier today.

*sigh* viruses are so annoying
Reply with quote
IceChild
Magician


Joined: 11 Oct 2000
Posts: 419
Location: Post Falls, ID, USA

PostPosted: Sat Mar 20, 2004 8:13 am   
 
And it's reasons like this that I'm amazingly happy that I don't use Outlook or OE. Not that many things get thru my K9 profile right now (bayesian filters rule), but even when something does, it gets ignored by my email client which is a very good thing indeed.

To Zugg, you have my sympathies, no one should ever have to deal with that type of crap. It's cases like this however that are my flagships in the battle to get people to keep their systems up to date. Chaira's case shall be added to my stack of "crap that happens when people trust in Microsoft to keep their system secure".

As for the Open Source thing, god can we only hope. If Windows & IE (specifically IE) were made open source, could you imagine the amount of people who would be willing to write patches to fix it? We had a vulnerability in a recent Firefox nightly, and within HOURS, a patch was submitted. HOURS, not MONTHS or even DAYS. That I believe is the true power of the Open Source community over anything Microsoft claims to support, the fact that there is always someone out there who's got some time off and is working on the project. It's for that very reason that I definately support Firefox and it's efforts as a very effective IE replacement, and why I am anxiously awaiting the release of Zuggmail, because the more communities that are security concious that I utilize in my daily computing, the safer I am, and the cleaner the internet is.
Reply with quote
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA

PostPosted: Sat Mar 20, 2004 8:43 am   
 
RainChild, the Symantec site is horribly out of date. They are not even reporting the Bagle.Q variation that doesn't use a file attachment. The stuff on the Symantec site is still just talking about the initial variations that sent stuff in .ZIP and .RAR attachments.

The www.fsecure.com site is MUCH more up to date. Take a look at that and you'll see that there is a real virus war going on right now. I firmly believe that we were hit by a new variation that does more damage. I'll know more tomorrow when I get a new disk and see what is still left on the old disk. But I believe it was actually deleting files this time, not just infecting them.

I don't think the fact that it's Friday night is any coincidence. Because of the HUGE amount of spam we get, we are often one of the first people to see new virus variations. I think this was launched tonight to hit over the weekend. Friday is a common day to release new variations. I've sent email to fsecure's team and I'll see what they say. It will be interesting to keep tabs on that site to see if they get any other reports.

IceChild, I COMPLETELY AGREE WITH YOU! I cannot wait until I can switch to ZuggMail and get away from all of this. I must admit that it's going to provide some powerful marketing stories to encourage people to get rid of their Microsoft crap.

What's really bad is that I *had* installed the SP1. But I hadn't kept up with the other updates. Since I CAN'T TRUST Microsoft to automatically update my system because they might screw it up, it's up to me to remember to check for new patches now and then. I think the relevent patch came out in October, so is *has* been a while. But if someone like me had not installed the patch, just imagine the percentage of the general population that hasn't installed it. This could be really bad.

And I definitely agree on the importance of some kind of open review of system software. So instead of helping to fix the problems, here we are with Microsoft working on a NEW version of Windows. Just what we need...a new version with even more problems. I wish they'd stop writing new versions of Windows and just fix what we have. Of course, then they couldn't gouge us and charge us for upgrades. Someone needs to step in and fix this...the US Government caved in their legal action...let's hope the Europeans are up for the fight and can do something about them.

If I didn't rely upon Windows software for paying my bills, I'd switch to linux or Mac in an instant. Instead, all I can do is devote my life to providing people an alternative to using the Microsoft stuff. I mean, how hard can it be to write an email client that DOESN'T RUN SCRIPTS and DOESN'T CALL INTERNET EXPLORER and just displays HTML the way it was meant without all of the behind the scenes issues that cause these security problems. I'm still a bit concerned that Firefox is also complex enough to have these issues, but at least since it's open it will be more obvious and as you say, provide faster fixes.
Reply with quote
Rorso
Wizard


Joined: 14 Oct 2000
Posts: 1368

PostPosted: Sat Mar 20, 2004 12:03 pm   
 
quote:
We need the Windows and IE source opened up to inspection.

If Microsoft made Outlook Open Source you wouldn't be making an email client. Actually competition in the email market would then be very low.

In either case. Scripts aren't the only way to run something on someone's computer. Buffer overflows are bad as well and can cause similar behaviour.

So far I have updated with all updates for Windows and I haven't had any issues yet. There'll always be someone having fun attempting to destroy other people's computers. Screaming isn't a solution though as we might soon all regret that.

Stuff like Palladium will always be scary and question people's rights and privacy. What is interesting is this .NET craze. It is much like Java and in theory a fully managed application should be possible to run on any OS with the correct runtime if I understand it correctly. To take things further a requirement could be put to only allow signed applications to be run on the Microsoft OS.

What people need to learn is to update their operating systems. Microsoft is probably laughing at you knowing that they'll easily be able to get Palladium into reality now.
Reply with quote
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA

PostPosted: Sat Mar 20, 2004 6:59 pm   
 
Rorso, I'm not talking about Outlook here. The problem is Windows and Internet Explorer. Internet Explorer is already FREE, therefore there is no reason not to make it open source. Windows itself needs to at least be opened up to inspection by Internet Security experts.

And yes, I should have updated Windows. But where was all of the press about the dangers of this particular patch? In my opinion, anything that allows someone to do this WITHOUT opening an attachment is a HUGE danger. We should have gotten some more important warning or press release about the severity of this problem. Otherwise, it's "just another patch" and the feeling of being safe because we don't open email attachments was deluding us.

And sorry, but screaming DOES help. Perhaps by screaming I can convince other people to update their systems so that this doesn't happen to them. If more people were screaming about this stuff, then perhaps more people would take notice of how out of hand this situation is.

Have you been to the FSecure.com site? Have you looked at their live weblog describing the virus war that is going on right now? Have you seen that nearly two dozen variants of 3 different viruses are having a war? This is not something to ignore or treat lightly.

And I won't even get into .NET.
Reply with quote
Rorso
Wizard


Joined: 14 Oct 2000
Posts: 1368

PostPosted: Sat Mar 20, 2004 7:27 pm   
 
quote:
Originally posted by Zugg

Rorso, I'm not talking about Outlook here. The problem is Windows and Internet Explorer. Internet Explorer is already FREE, therefore there is no reason not to make it open source. Windows itself needs to at least be opened up to inspection by Internet Security experts.


Outlook Express is also free and is included with Internet Explorer. It is a poor email client but with support of open source authors it could get better.

quote:

And yes, I should have updated Windows. But where was all of the press about the dangers of this particular patch? In my opinion, anything that allows someone to do this WITHOUT opening an attachment is a HUGE danger. We should have gotten some more important warning or press release about the severity of this problem. Otherwise, it's "just another patch" and the feeling of being safe because we don't open email attachments was deluding us.


I think it is a huge ethical issue they continue to debate. Should they make patches at all? I think I read somewhere that many exploits are discovered because people study the patches. So that is a reason why Microsoft wouldn't want to announce too loudly the issues the patches fix.

quote:

And sorry, but screaming DOES help. Perhaps by screaming I can convince other people to update their systems so that this doesn't happen to them. If more people were screaming about this stuff, then perhaps more people would take notice of how out of hand this situation is.


Many users don't know what Windows is. A lot of users barely know what the internet is. Yet they use it.

quote:

Have you been to the FSecure.com site? Have you looked at their live weblog describing the virus war that is going on right now? Have you seen that nearly two dozen variants of 3 different viruses are having a war? This is not something to ignore or treat lightly.


I looked at that now Smile. Computer viruses are very bad.

I think we might see less computer viruses in the future though. As I understand it Microsoft is now going to include an antivirus engine in XP2 of Windows XP. One could discuss if they are going to get into yet an anti trust case because of that. Still it shows that they do care.

quote:

And I won't even get into .NET.


My point with .NET was "safe computing". We could perhaps get rid of the computer virus issue once and for all by only allowing signed code to be run. Then again that isn't desirable because it would stop programming as we know it.

Over all I think the computer virus issues are smaller today than they were 8-10 years ago. Most of them come by email - isn't that a bit odd? My guess is that the reason for that is that antivirus programs have evolved since then.

I want to quote one of the old Antivirus Programs I used to have. Sadly I have since long lost it but it was something like this: "If you believe your computer has a computer virus the first step is to not get panic!".

But panic is often impossible to stop. I have friends who have lost atleast a years work due to computer issues. Luckily it is often possible to restore parts of the data. You might want to look at 'System Restore' in Windows XP. It takes backup of more than one might first think.
Reply with quote
IceChild
Magician


Joined: 11 Oct 2000
Posts: 419
Location: Post Falls, ID, USA

PostPosted: Sat Mar 20, 2004 11:49 pm   
 
Just a quick note, most virii anymore know about the system restore, and infest it as well. So that most likely won't help, course, that's just said from my experience in dealing with virii issues and Windows XP.
Reply with quote
Haloed
Newbie


Joined: 21 Mar 2004
Posts: 1
Location: Canada

PostPosted: Sun Mar 21, 2004 4:17 am   
 
quote:

I think we might see less computer viruses in the future though. As I understand it Microsoft is now going to include an antivirus engine in XP2 of Windows XP. One could discuss if they are going to get into yet an anti trust case because of that. Still it shows that they do care.


Microsoft doesn't care, they just need to keep the ignorant masses happy (they prefer to call them "the mass market"). As long as they're making money I don't think they care at all.

quote:
Over all I think the computer virus issues are smaller today than they were 8-10 years ago. Most of them come by email - isn't that a bit odd? My guess is that the reason for that is that antivirus programs have evolved since then.


HAHAHA! Its gotten way worse then it was 8-10 years ago. Back then most viruses came on floppy disks and spread through smaller networks so it was alot easier to avoid them and the internet wasn't as popular then as it is today. There was also a whole lot less viruses then. An email virus can spread thousands of times faster by email than by floppy disks or small networks.

Right now all we can do is just keep updating windows and our anti-virus programs and firewalls until microsoft either opens up a dictionary and learns about a word called "security" and impelments it or they make IE and Outlook/OE open source. Maybe, just maybe they'll even make windows open source but heaven forbid anyone see all the secret code. People would start fixing the problems, oh no! Poor microsoft wouldn't be able to keep charging people for buggy and insecure software when people could just get it for free!

The thing is that they already can do that. Its called linux, unix and bsd.

Microsoft also pays large computer companys to promote and "recommend" microsoft products.
Microsoft is making people pay for software that is bug ridden and insecure. Its funny how they named the OS "Windows". From the looks of it those windows are wide open.

I think I'm done ranting for now. [|)]
Reply with quote
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA

PostPosted: Sun Mar 21, 2004 8:45 am   
 
This issue has been debated *many* times in the past. 15 years ago DEC had to decide whether to issue patches and how much information about security holes in VMS to release. They *did* release patches and they talked fairly opening about issues in order to get them fixed. Same think with Sun and SunOS. Same thing with HP and HP-UX. Same thing with Silicon Graphics. Every big company has had to deal with the problem, and in every case they decided to release patches. Because they all realize that if you *don't* release patches to fix problems, hackers will STILL find holes, and without patches you annoy your customers and then you don't have any customers any more. CERT was in business a long time reporting various sendmail flaws and other security problems. This has been going on for a long time. But Windows has a much larger market share that any of these previous systems, so the problem is now much more widespread than it ever was, and is affecting less computer-literate home users.

Back when I did VMS and Unix sysadmin, checking the latest CERT advisories and installing patches was a *daily* occurence. All sysadmins knew that part of their job was to keep the latest patches installed. That's because it was our job. Today, home users are not nearly as good at keeping their system up to date, and since Microsoft has proven to us in the past that you CANNOT trust them to properly *automatically* install updates, we end up in the current situation where a vast number of systems are left open for attack.

And sorry, but I don't believe for a second that .NET is "safe" computing. It's going to be as full of bugs and holes as any Microsoft software. If you take their word for it being safe, you are deluding yourself.

And Haloed is right, the situation is orders of magnitude worse than a couple of years ago. Just look at the history of virus attacks to prove that. Each of these new viruses released over the last 6 months has set new record upon new record of number of infected systems and speed of spread. They are building upon one and other and each hacker is trying to "one-up" the other hackers. If they start doing damage in these viruses instead of just trash-talking to each other, it's going to get VERY serious VERY fast. And this is how quick and rash decisions are often made.

But Haloed, you and I are on the same track here. Actually, the name "Windows" is VERY appropriate. I've used this example before in a discussion with friends on why it is "bad" to be a hacker or virus writer. Their argument is that the virus writers are just pointing out the vunerabilities so that they can be fixed, making systems more secure. That's bull though, and here is the analogy with Windows:

We all live in houses that have glass windows (mostly). We all KNOW that these glass windows are fundamentally insecure. Anyone can take a brick and throw it through your window and gain full access to your house. Maybe a security system will go off, but that still doesn't stop them from throwing the brick through the window. So, they catch someone doing this and the kid says "but I didn't take anything...I just bashed their window to let them know their house was insecure so they could improve it". Yeah right...the kid still goes to jail for bashing your window.

The virus writers should be treated the same way. Just because there are parts of Windows that are insecure doesn't mean it's ok to throw bricks through our operating system. Just like installing a security system in our house, we install virus checkers in Windows to look for bricks coming through. The problem is that right now we have no agreed method for catching these idiots and putting them in jail. So, there are no consequences for hackers...they know they can get away with it and not get caught, so they keep doing it.

I'm waiting for this latest set of virus writers to slip up and get caught so we can make an example of them.

Anyway, so "Windows" is a perfectly appropriate name for an operating system that seems to be inherently secure.
Reply with quote
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA

PostPosted: Sun Mar 21, 2004 8:50 am   
 
Btw, while I was out of the house today, I tracked down a 20GB hard drive at CompUSA. It's the only place to find a hard drive smaller than the 32GB limit on Chiara's computer. So, tomorrow I get to spend the day installing WinXP from scratch again. Last time I did this on her system it took several days of cursing to get stable drivers for stuff like the video card. Unfortunately, since those drivers were stored on her system disk, which is trashed, I have to start from scratch. Hopefully I'll remember some of the problems so that it won't take as long this time to find the correct files...but it's not going to be very fun I bet.

Still no sign on FSecure that anyone else has had this severe reaction to this virus. There *is* a new virus that attacks systems with BlackIce, and we used to run that here, but not on Chiara's computer. They must be pretty busy at FSecure, however, since they haven't responded to my report yet and asked for any files from Chiara's system. Wierd. I know we didn't imagine this...Windows *DID* report that a system file had been overwritten before we did anything to the system, and that doesn't fit the profile of the latest Bagle virus at all, even though the rest of the description seems to match. So, I still think there is a variation of Bagle lurking out there that just hasn't been reported by enough people yet. Perhaps on Monday we'll learn more.

Also, I don't know about the rest of the country, but this week is Spring Break here in Colorado Springs, which would also be interesting timing for a new virus since it might not be detected in places for a whole week while school is out.
Reply with quote
Kjata
GURU


Joined: 10 Oct 2000
Posts: 4379
Location: USA

PostPosted: Sun Mar 21, 2004 1:09 pm   
 
Here's an interesting read on the upcoming SP2 for Windows XP.
Reply with quote
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA

PostPosted: Sun Mar 21, 2004 8:25 pm   
 
Thanks for posting that Kjata! It's a very interesting article. I hope they can implement these improvements without causing more trouble than they fix. If they don't get it right this time (i.e. if too many existing applications cause problems or errors), then SP2 will get a bad rap and users won't install it. Hopefully they will have done enough testing to make it work painlessly so that everyone will use it.

The email attachment section was interesting and something that I'll plan to support in ZuggMail for those people using WinXP Sp2.
Reply with quote
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA

PostPosted: Sun Mar 21, 2004 9:37 pm   
 
I got WinXP installed on a new disk on Chiara's computer. Still doing updates and installing software. Will probably take the rest of the day to get it working well again, assuming no driver problems.

I was able to take my first look at her old system disk that was trashed. Fortunately all of her documents and email are still intact. I confirmed that she DID get hit with one of the "Bagle" viruses. I found the DIRECTS.EXE file that is part of the Bagle.S variation. Lots of the EXE files on the disk are also infected so I'll need to run FSecure to clean up everything.

There are several system files missing, but otherwise I'm not sure why WindowsXP could not detect the previous version of Windows on this disk. The /WINDOWS directory is still there, and it looks like 99% of the files are there. Does anyone know how Windows determines if there is a previous version installed when doing an upgrade? However it detects this, that seems to be what the virus trashed.

I'm not sure what program is run at login-time to ask the user for their name/password. We had noticed a different login screen after the virus attacked and I'd like to track down that part of the virus and send it to FSecure. If anyone knows what program is used to control login prompts, let me know.
Reply with quote
Rainchild
Wizard


Joined: 10 Oct 2000
Posts: 1551
Location: Australia

PostPosted: Sun Mar 21, 2004 10:58 pm   
 
Could be related to the boot sector of the HDD, and/or c:boot.ini being missing. You might be able to get her old system back running if you use the recovery console commands like fixboot / bootcfg, though you'll want to get rid of the infestation before you do that obviously :)

Regarding the login prompt, are you getting a windows 2k control alt delete style login now rather than the pretty click-an-icon prompt? The win2k style is what you get when fast user switching is disabled, so it might be that the virus deleted the fast user switching dlls or registry keys.

As always be careful when doin' stuff with recovery console.. maybe copy off the important stuff before trying to fix it.
Reply with quote
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA

PostPosted: Sun Mar 21, 2004 11:56 pm   
 
Ahh, yes, that's the kind of login I'm getting alright. A normal dialog box with the username/password field and a graphic above it that says WinXP, instead of the full screen "pretty" icon login.

So yes, it's possible that it disabled fast user switching since it does a lot of work to disable a bunch of system stuff that you might use to disable the virus. It definitely does a bunch of stuff in the regsitry.

The BOOT.INI file looks intact and ok. The virus detector found about 300 infected files on the disk that I'm disinfecting so that one of them doesn't accidentally get executed at some point.

Because of the uncertainly of the registry, I'm going to stick with the new system now. At least this fixes the disk space problem Chiara was having with the old 2GB system partition...now she has a 20GB system drive! I've got her email back up and running along with Office. All patches are installed. I re-ran the WinXP-Antispy program to get rid of the MSN Messager popups like I did on my system, and got her MyIE2 installed as well.

I was able to browse the old system disk and determine the version of the NVidia drivers that I was using. I actually tried the latest NVidia drivers from Guru3d.com, but they cause blue-screens after being used a while on her GeForce2 card. The drivers that seem very stable for this card are 23.11 from back in Nov-31-2001. I was able to find that old set of drivers on Guru3D and have it installed now. Hopefully it will be stable. (Thank goodness for that site...it's always been a lifesaver!)

Doing a full virus scan of all her disks now just to be sure I didn't miss anything. So, Chiara should be back on the air later tonight.
Reply with quote
Caled
Sorcerer


Joined: 21 Oct 2000
Posts: 821
Location: Australia

PostPosted: Mon Mar 22, 2004 12:16 pm   
 
There's a neat little program called mydrivers, that makes reinstalls particularly easy, when you have a difficult hardware setup. Shareware.
http://www.zhangduo.com/

By the way - is f-secure the virus software you use, and if so, do you like it? I hate norton, but I've had problems with soe of the others...pccillin, avg and nod32, where they could not deal with a couple of virusses. (Lovsan.E for example.. each of those three diagnosed it as something different, and even the one that got it correct could not remove it). I've been looking for something decent ever since that episode - and I refuse to pay for norton because they don't stay up-to-date enough.
Reply with quote
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA

PostPosted: Mon Mar 22, 2004 8:08 pm   
 
FSecure is *wonderful*! I cannot say enough good things about it. I've used both Norton/Symantec and McAfee in the past (along with some freebies). The problem I've always had with both Symantec and McAfee is that they want to charge a *subscription* fee in order to keep getting updates. I consider that extortion. And it's the main reason that a lot of people's computers do not have up-to-date virus checking.

FSecure isn't as greedy. You get a full 30-day free trial. After than you pay a single price and then you get all of the virus definition file updates for free after that.

The only time they might charge again is if they release a completely new virus engine. Then they might charge a small amount for that major software upgrade.

The FSecure.com site is *consistently* far ahead of both Symantec and McAfee. They have a live weblog team that provides daily reports. When they detect a new virus, details are posted within hours. And for the major virus attacks, they actually provide FREE tools for cleaning up the virus so you don't even necessarily need to be one of their customers to benefit from them.

Also, their technical details on what the viruses do and how to clean them up are very detailed. With their information you can usually find a way to clean up the virus manually without even using their tools or software.

I had a chance a couple of years ago to work with them from a Developer perspective...they released a version that detected any software using eLicense as a virus. They released an update within a couple days of being contacted by myself and eLicense. Unlike McAfee who took months to resolve the same issue in their software.

So, I'm a huge fan of FSecure. They are really trying to *help* and not just take advantage of people.
Reply with quote
IceChild
Magician


Joined: 11 Oct 2000
Posts: 419
Location: Post Falls, ID, USA

PostPosted: Mon Mar 22, 2004 10:17 pm   
 
Just to let you know, from the way it looks on their website, they've already changed their pricing policy. As per their FSecure2004 program:

quote:
Purchase price includes 1 year program license including program updates and email support.
Renewal price is EUR 37.1 / $39.85 (+ VAT)


Looks as though all virus software now a days is doing the whole extortion bit everywhere.... Kinda sad.
Reply with quote
Rainchild
Wizard


Joined: 10 Oct 2000
Posts: 1551
Location: Australia

PostPosted: Mon Mar 22, 2004 10:46 pm   
 
Bring on zAntivirus.
Reply with quote
Rorso
Wizard


Joined: 14 Oct 2000
Posts: 1368

PostPosted: Tue Mar 23, 2004 12:26 am   
 
quote:
Originally posted by Rainchild

Bring on zAntivirus.


Is that even possible? Would anyone be able to create a new scanner these days? Where would they get samples of old viruses from?
Reply with quote
Rainchild
Wizard


Joined: 10 Oct 2000
Posts: 1551
Location: Australia

PostPosted: Tue Mar 23, 2004 3:28 am   
 
Hehe, how about www.v1ruzarchive.l33th4x0r.com? ;)

There's gotta be an archive somewhere of all the viruses, I mean people collect stamps, coins, mcdonalds toys, ... someone's gotta be a sick enough puppy to collect viruses.
Reply with quote
slicertool
Magician


Joined: 09 Oct 2003
Posts: 459
Location: USA

PostPosted: Tue Mar 23, 2004 10:32 am   
 
quote:
Originally posted by Rorso

quote:
We need the Windows and IE source opened up to inspection.

...a requirement could be put to only allow signed applications to be run on the Microsoft OS.


Scary to say, but there are people out there that can write software and falsely sign it so that it appears to be digitally signed by whomever they want it to be, so this solution will have issues coming into reality as well.
Reply with quote
Zugg
MASTER


Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA

PostPosted: Tue Mar 23, 2004 10:30 pm   
 
zAntiVirus...uh, no. I have no interest in dealing with this market. The continual stuff being done by hackers would just annoy me. It's a *huge* support job to stay on top of what the virus makers are doing.

I hadn't seen the price change notice. I'm not sure when it went into effect, but I'm not being charged and I haven't seen anything in the Update function where it could charge me. Maybe it's only for the new version or something.

It's sad to see. I suppose I can understand the business side of it since it takes *so* much continual manpower to keep the updates going and respond quickly to new threats. But as I've said, if they charge the customer for this, that just discourages the customer from running up-to-date versions, and makes it easier for viruses to infect more systems.

It's a problem I don't see a solution to. Although reading the news this morning I saw an article about the guy in Romania who copied the Blaster virus who could get a huge prison sentence for that. Apparently Romania is *really* cracking down on hacker and virus activities within their country. If more countries start adopting a stronger policy about this so that the consequences are severe, then maybe more people will be less likely to throw bricks through our virtual windows.
Reply with quote
Display posts from previous:   
Post new topic   Reply to topic     Home » Forums » Zugg's Blog All times are GMT
Goto page 1, 2, 3  Next
Page 1 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
© 2009 Zugg Software. Hosted on Wolfpaw.net