No ads? Contribute with BitCoins: 16hQid2ddoCwHDWN9NdSnARAfdXc2Shnoa
Jun 182011

This is a series of notes on dealing with PC malware (viruses, worms and the like) gathered because I’m looking into it and published as a way of reminding myself about this stuff. Bear in mind that I’m not an expert but neither am I a complete dunce – I’m normally a Unix or Linux person but I’ve been keeping half an eye on Windows infections for years.

Some links to tools are contained within. However you should be aware that tool recommendations change over time; you will need to check how outdated this document is before following any recommendations blindly.

At present this blog entry is a work in progress … lots of testing needs to be done before being confident this is right.

Cleanup Process

This is not :-

  1. How to approach this forensically – if you’re dealing with an investigation, it’s a whole other ball game and you probably need professional assistance to avoid corrupting evidence.
  2. A technical guide as to which tools to use.

1. For The Ultra Cautious Or When Handling Real Important Data

The process of removal can be destructive, and in the worst cases you can end up cleaning the malware and ending up with a brick. So make an image of the hard disk as it is. Two basic ways this can be done :-

  1. Removing the hard disk from the infected machine, attaching to an appropriate machine (USB->SATA, USB->IDE converters are handy here), and making an image of the disk.
  2. Booting off a “rescue” CD on the infected machine, and imaging the hard disk to a network share of some kind. This is the preferred option.

This will be slow. So be it. Cleaning an infected PC is not going to be a quick job whatever you do. The best you can hope for is that there are many periods where you can leave it churning away and get on with something else.

2. Boot A Rescue CD

There are those who tell you that there is no need to boot off a known uninfected disk to clean an infected machine; their anti-malware/virus product can clean an infected machine “live”. There are others who claim that the only way to be sure is to boot off that disk and clean the machine that way. Both are wrong.

If you are paranoid (and in the presence of malware paranoia is fully justifiable), you will do both.

3. Boot Infected Machine and Clean

As suggested previously after booting off a rescue disk and cleaning, boot the infected machine and clean again.


The following is a list of rescue CD’s that have been suggested :-

  • UBD4Win. Has to be “built” with the assistance of an XP installation; somewhat tedious but it isn’t the end of the world. However it does need preparing in advance – building a rescue CD with the assistance of an infected machine isn’t the most sensible idea!
  • Knoppix. Graphical, pretty, feature packed, but seems to be lacking in anti-malware tools (for instance the only AV tool included is Clam).
  • Trinity Rescue Disk. Menu interface. Virus definitions update over the net; choice of Clam, F-Prot, Bitdefender, Vexira, AVast (need to obtain license key). Various other utilities.
  • F-Secure Rescue CD.

Some of the above are Windows based; some are Linux based. The choice of which to use should be based on results not whether they tickle your prejudices (or mine!).

The following is a list of “live” tools to be installed that have been suggested :-


Nothing to do with the main subject. Merely some notes worth mentioning.

It seems that at least some malware can detect it is running within a virtual environment. In some cases it ceases to do anything, and in others may try to “break out”. This indicates that analysing malware within a virtual environment may not give sensible results, and in some cases may be dangerous! That is not to say that using a virtual environment is no longer of any use, but you may need to take special case such as running the virtual environment under Linux and/or ESX rather than Windows. And be careful about negative results.

Oct 232010

I have not had the opportunity to fiddle with one, but if Apple wants to send me one to review I am more than willing to do that! But I do have a few thoughts on the new Macbook Air. Both the 11″ one and the 13″ one. If you want something closer to a review (although nobody has had one long enough to review it properly) you can do worse than have a look at this article.

It is amusing to see the reactions to various articles published on the new Air from the “Apple is Satan” crowd, and the “Apple can do no wrong” crowd. Both as it happens are wrong.

If you look at the raw specifications of the Air – especially the 11″ model, you will see something that looks more or less like a netbook. Which of course it cannot be because Steve Jobs thinks netbooks are snake oil and useless at that. In fact it is a little bit better than that – the CPU is a little quicker, the graphics are a little better supported with a faster chipset, and there is a touch less storage (unless you go for the really expensive 256Gbyte model!).

So it’s just a very expensive netbook then ? Well, more or less. It fills roughly the same need – most people are not going to use one of these as their main machines, but will carry them around as ultra-portables. That is the kind of mobile computer you can take anywhere but once you are at your desk it sits in the drawer whilst you use a “proper computer”.

Sure the CPU is a little light-weight, but a couple of years ago a Core2Duo CPU was fine enough to get Real Work Done, so it’s still perfectly adequate to do a bit of light word processing on the train, throw up a presentation on a screen, do a little light web browsing during a boring meeting (ps: I never do this), and of course perfectly adequate for running kermit to connect to a Cisco router whilst balanced on top of a boring blue box.

Most of the compromises made in the specification are to get the size and weight of the laptop down to increase portability – that’s what a laptop is for after all! If you want power, go back to your desktop.

There is a fair amount of criticism around the cost of the Air being as it is very much more expensive than most netbooks. So ? Apple is hardly known for tackling the low end of the market where margins are small, so it is hardly surprising that things have not changed here. And of course this machine has a better specification than any netbook, whilst retaining the characteristic that Apple thinks is important in a netbook – portability.

Of course Apple is hardly perfect. Why must the battery and the SSD be fixed ? And why is there no possibility of swapping out the memory ? Whilst making these devices swappable may well make the laptop just a bit bigger and a bit heavier, it won’t be enough to ruin the portability, and will be a lot greener.

There is of course the usual criticism of Apple that their UK prices are over inflated compared to their US prices. To do a fair comparison, lets take a look :-

Cheapest Air on the US Apple Store $999
Cheapest Air on the UK Apple Store £849
US price in pounds where exchange rate is according to Wolfram Alpha £636.89
Plus UK “sales tax” (VAT) at 20% (to start in January 2011) £764.27
Penalty to UK purchasers for buying Apple £85

So why are we paying that extra £85 ?

We all know that laptop batteries fade over time to eventually give such a short running time to make the laptop unusable as a portable device. And of course circumstances change so you may suddenly need more than 64Gbytes of storage to get your work done on the move – or you just have to run a virtual machine because work has come up with the Ultimate Application that only runs under Windows, so you need a touch more memory.

Or heck, perhaps you just want to give your laptop a midlife upgrade to make it a bit quicker.

Apple want us all to throw away our old products and buy new ones – very capitalistic, but not very green.

And for all those pro-Apple and anti-Apple people out there who get so wound up by product announcements by Apple, please grow up and get a life! It’s a laptop; not a revolutionary change in the way that humanity exists.

Dec 052008

I recently encountered a dead blog entitled “Linux Haters” and instantly thought up writing about tedious fan-boys that think that the operating system they like is the best and everyone should use it. I’ve no time for people like that as they tend to annoy rather than educate. I’ve no problem with people who prefer to use Windows, Linux, Solaris or OSX; it is their choice. Of course in the case of Windows, I do have to wonder why 🙂

But one of the links on that blog led to a place that (amongst other things) ranted about how FOSS projects always have dumb names, and that these projects need a big dose of marketing intelligence. He went on to whinge about the word-games often embedded into the project name.

First of all, he misunderstands how many open source projects start – with a geek or a group of geeks deciding they want something different. Either a new package or a variation on an existing one. There are no marketing types in sight, and the geeks involved probably have no great expectation that they are coming up with the next big thing – they are just having fun and hoping to come up with something useful for themselves. So what if they have a bit of fun playing word games to come up with a name for their project ? Not only do many such projects end up disappearing without a trace, but as marketing types have fun playing with words, why can’t geeks ?

Perhaps the names they come up with are not as punchy as a name thought up by a marketing department, but weirdness does have its own value in this area. A name such as Amarok does tend to stick in the mind more than Music Player 52. And over time, formally weird names such as google and yahoo do tend to become more normal if they are attached to popular projects.

Secondly he specifically criticises names invented by geeks for being recursive acronyms … but does that matter ? He specifically names GIMP which is admittedly particularly guilty being a recursive acronym with no termination. But most users won’t care … once they learn that GIMP does images (and most distributions will tell you so in the menu), they are not going to care that the name is an infinitely recursive acronym … they will just get on and use it.

Thirdly he overlooks the fact that some of the names may in fact have “sensible” names but are in fact sensible names in non-English languages.

Finally he tails off into a moderately incoherant rant with more insults than proper facts.

Perhaps “funny” names do put people off, but perhaps not. Most people are in fact more concerned with compatibility (they use Word because everyone else does) or features.

And of course there are more than a few commercial software packages whose name is not entirely sensible … does Photoshop have anything to do with setting up a shop to sell photos? What does Trent do ? Or Cedar ?

Apr 282007

This is intended to be quite a long piece and may be saved before it is fully completed. Some of the content will be more general ramblings on Linux in general rather than specific to Ubuntu 7.04

I recently installed Ubuntu 7.04 (not without a few problems that most people are unlikely to encounter) and thought it worth rambling through a few thoughts that occurred to me. Most of the ideas are related to how Ubuntu would come across to less experienced users although to be frank I find it difficult to put myself in their shoes. One point to make fairly early is that Linux distributions have conflicting goals … they need to appeal to the less experienced user without putting off the ones who have been running Linux for years, compiling their own kernels and generally getting used to the deeper levels of Linux. One idea here is to have two “sides” to every configuration screen … one for the easy options and one for the advanced options. This does not necessarily need to be implemented as a GUI window that can be turned over, although that is not a bad idea.

I installed using the “alternate” installation CD and did not bother with the “user-friendly” partitioning options, so I can’t say much about the normal installation CD or the partitioning experience. However it is worth noting that partitioning is a somewhat tricky concept to someone new to Linux who has not necessarily done much in the way of partitioning under Windows. Also selecting different filesystem types (ext2, reiserfs, xfs, jfs, etc.) is not something that the average user will be comfortable with.

Mind you Linux installation is not exactly difficult. Those who claim it is, are frequently overlooking just how difficult XP is to install. Either they are already used to it, or have never installed it in the past! Of course installing Linux is trickier than running the Windows that was installed in the factory on the average PC.

Incidentally, whilst I understand that setting up complex partitions and filesystems is inevitably going to take a while, my configuration took as long to setup as the rest of the installation! This is somewhat extreme!

So the ordinary user has managed to work their way through the installation routine and has rebooted the system. They are now faced with a blank screen with just a ‘username’ prompt in the middle. It would be nice here to have a one-off prompt in a seperate window here to explain that the user needs to login with the username and password they created during the installation and a brief explanation of why logging in is a wise mechanism

So the user logs in and is presented with a fairly typical GNOME screen which is quite blank. It would be quite nice to start a “What To Do Now” screen here. The GNOME help feature is quite useful when started, but it should be started for new users. However advanced users may prefer to “turn it over” to get a more complex default index with content that applies more to them. This could be nothing more than a single item on the help screen titled “Advanced Users” to give instructions on how to do it (something like dpk-reconfigure yelp advanced-view) … a command line command here is appropriate to indicate a barrier that should be climbed before it is appropriate to “turn this page over”.

One other thing on a series of documents explaining Linux to new users. It could explain some of the typically installed applications … which ones to use to do what, and where to find them in the menus. It could also explain the reason for the funny names … that many of the applications are created by programmers and named by them, and not to let their sometimes peculiar sense of humour be offputting.

Traditionally Ubuntu has avoided including proprietry codecs for common multimedia formats such as MP3. This is for genuinely legitimate reasons and I am not suggesting this changes, but the help screens should have a number of entries relating to this. “Playing Proprietry Encoded Music And Videos” should point to a help screen saying why these formats are not included by default and simple instructions in installing them. “Why Can’t I Play MP3s” and “Why Can’t I Play DVDs” should give a short explanation and point to the instructions on installing them. By all means make the point that priorietry formats are evil, but be helpful too.

Oh! And don’t lie in help screens. At one point Ubuntu claims that their package manager is the only way to install software. This is obviously not true to advanced users and could eventually be seen as not true to ordinary users too. Just say that it is strongly recommended to install software using the package manager as an obvious mistruth makes one wonder what else is wrong.

Ubuntu comes with a fairly easy way of enabling “desktop effect” with an appropriate warning about their stability. However it only enables compwiz and I wanted to have a quick look at beryl. This was acomplished fairly easily, and I suddenly had access to a great deal more desktop effects. Some very interesting eyecandy it was too, some of which I can see could be quite useful.

However the preferences screen was a little swamped with different configuration options. Whilst beryl is most definitely in an early phase of development, it would be wise to look at this. Not that all of the options should be removed, but going back to a phrase I used earlier, “turning over” the options screen to keep the advanced options hidden from most users should be considered. It also needs far more explanation of what all the options are. Perhaps a button to “grow” a simple explanation into a longer more detailed explanation.

What if things go wrong and the new user needs assistence ? Well there are two parts to this … problems during the installation that results in a system that cannot be booted, and problems that crop up after installation.

For the second, there needs to be a section in the help screens on obtaining assistence. This should assistence in obtaining information about the broken system (perhaps Linux needs a tool like “Sun Explorer” which generates a compressed archive containing the output of many different diagnostic commands such as fdisk -l, cat /proc/cpuinfo, etc). Also explaining how best to phrase support requests … anyone who has done technical support knows the problems that can come about because of badly expressed problem issues.

Ubuntu helpfully has pointers to sources for free online support, and to commercially available support. However it would be useful pointing out the basic difference between the two … free support can be of as high a quality as commercial support, but you cannot be certain of getting a response. Whereas commercial support has the downside that it costs money.

Finally (well … if you are lucky 🙂 ), Ubuntu comes with a fine graphical package manager called Synaptic; whilst as a crusty old Unix veteran I prefer the command-line equivalent, it does do a pretty good job. However a new user looking at Synaptic could be a little overwhelmed by the number of packages that are available. Synaptic has a series of ways of viewing the package repositories which can be helpful in finding what you want; why not add an additional default view (with a prominent button saying “See the rest”) that has just one (well perhaps up to five) “best of breed” package listed for each application.

A new user is less likely to be overwhelmed when installing software if they visit the package manager and see “3D Modeler” -> “Blender” instead of the current situation where “Blender” itself consists of half a dozen packages that they need to hunt through several hundred applications to find.

WP Facebook Auto Publish Powered By :

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.