[gentoo-user] Re: Boot Gentoo to clean windows
On Saturday 29 March 2008, Stroller wrote: Thanks! I'll look into PING. The documentation on PING's homepage seems a little scanty, but I'm sure a Google will be a bit more forthcoming. It's very easy to use, I found a pdf somewhere that described it in few pages. There are a couple of reasons I appreciate copying on a file-by-file basis - I don't know if PING would allow me the same flexibility. Sure it won't. You provide plenty of examples... While reading them I remembered dar kdar but it seems the latter is no more actively mantained. And anyway not a solution for windows users if you want to let them to take a bit of care of themselves. An option is to shrink the old disk to a secondary partition and leave it on the same disk, but again having another partition isn't the best for end users: it's easier to claim back space without specializer tools if everything's is just a folder away. Ciao Francesco -- Linux Version 2.6.24-gentoo-r3, Compiled #1 PREEMPT Thu Feb 28 22:23:31 CET 2008 One 2.2GHz AMD Athlon 64 Processor, 2GB RAM, 4408.90 Bogomips Total aemaeth -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: Boot Gentoo to clean windows
On Saturday 29 March 2008, 19:53, Stroller wrote: One of my biggest bugbears against reinstalling is drivers. Dell Sony are wonderful! You just enter the tag or model number on their website and the correct drivers are listed. Advent - and here, in the UK, other brands of computer which are only available exclusively from PC World - can be a royal PITA, and once every month or two I encounter a machine for which it takes HOURS to find the correct drivers for all devices. Ok, this is going /way/ OT already, however, speaking of windows driver recovery, drivergrabber and drivermax (just google a bit to find them) have helped me *a lot* in the past, especially with old or esoteric hardare. Hope this helps. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: Boot Gentoo to clean windows
On 28 Mar 2008, at 19:13, Francesco Talamona wrote: On Friday 28 March 2008, Stroller wrote: I deal with h0sed Windows installations for my customers all the time. I regularly boot a Knoppix CD and copy the whole C: drive to a portable disk so that I have a complete backup. I find it reassuring to use Linux for this purpose because I feel confident that cp or rsync will copy _every file on the drive_ without just silently ignoring those marked with the hidden flag, or bitching about permissions. I prefer to save the entire partition with PING (Partimage Is Not Ghost) or equivalent tools to avoid gotchas with charsets. rsync and cp are excellent, but you have to mount the partition with the right options not to loose coherence in file naming. Thanks! I'll look into PING. The documentation on PING's homepage seems a little scanty, but I'm sure a Google will be a bit more forthcoming. There are a couple of reasons I appreciate copying on a file-by-file basis - I don't know if PING would allow me the same flexibility. Firstly, if I undertake a full format-and-install of XP, I like to copy back _every file_ from the old system back into a folder called C:\Old Stuff (and place a shortcut to this on the user's desktop). I find this more reassuring than, say, copying just My Documents because occasionally programs save their data somewhere stupid. For instance, I recently discovered that the software for a Canon camera - which offers to automagically import one's photos when the camera is plugged in - stores the pictures in Program Files/Canon/PhotoEx/ Library. When I return the PC to the customer I open Old Stuff, find the old My Documents and copy the contents into their new My Documents. I then right-click on the Old Stuff desktop shortcut and choose search - I find their internet Favourites folder, and show them how one would find (for example) a file called letter, so that anything I've missed they can (hopefully) find for themselves. In the case of the family photos in the Canon folder, I was very glad to have the whole original contents of the drive available!! I was able to subsequently copy them to My Photos and tell the software to use this as its library, but it might have been inconvenient had I used a tool that backed up the partition as a single image - I don't think I'd have been able to recover single files from that once back onsite at the customer's house and booted into XP? I tend to take this copy-every-file-on-the-system approach so that if ever there is a problem with a file missing from backup I can put my hand on my heart and say, if it was on your PC before, then you still have a copy of it. I tend to delete only temp, temporary internet files, recycled, recycler and system volume information directories, plus the old hiberfile (spelling?) pagefile. Ideally, when a Windows reinstall is required, I suppose I would prefer to preserve completely the original hard-drive, and to do the new reinstall on a brand new hard-disk. However disks are not yet quite cheap enough that one could normally justify the additional expense to a domestic customer, and besides, it would rather seem like a waste to consume a perfectly good hard-drive as a backup that is unlikely ever to be referenced. I also find discrete-file copying useful when a computer needs a repair-install of XP, but the PC OEM has configured it with some stupid partitioning scheme (probably packaged with a System Restore partition) that is unrecognised by a Microsoft installation CD. In this case one may be able to back up all the files on the disk, delete the partition table, create a new single primary NTFS partition, copy the files back, (edit the boot.ini, if necessary) and then repair install over the top (which also creates the master boot record). There are times when an unbootable system may be recovered to a perfectly usable state, complete with all the users' files settings intact (and consequently, with little disruption for the user). `ntfsclone` might well allow me to do this same thing - as might PING? - however I haven't yet explored its possibilities - I wonder about how (well) an ntfscloned secondary-partition might be restored as a primary, for example. I have experienced file-copy failures using `rsync` and `cp`, and this was quite disconcerting until I discovered the cause likely to be the charset-related problem you mention. I now redirect stderr to a file when copying review this afterwards - I don't know whether I'm fortunate with the charset used in the UK, but so far I might typically find that only 1 or 3 files from Temporary Internet Files fail (amongst the thousands on a Windows hard-drive), so it has not (yet) been a problem here. Stroller. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: Boot Gentoo to clean windows
On 28 Mar 2008, at 16:43, 7v5w7go9ub0o wrote: Stroller wrote: snip important, informative stuff Be aware that sometimes Windows isn't cleanly fixable. Although I try to avoid it until I've exhausted avenues for a clean repair, sometimes the best thing to do is simply to back-up reinstall. Think this is a great write up. The last paragraph seems most important - given today's professionally-authored compromises, the best thing to do may be presume that you've been rooted with redundancy, and simply be prepared to quickly rebuild the box from scratch. Especially if you use the computer for business or other sensitive matters. Certainly. I have a number of machines which use roaming-profiles on a Windows domain, mail stored on an IMAP server, and I would have no hesitation in reinstalling if I thought it necessary. So arguably, one should use the second OS (Linux or Windows) as a diagnostic tool to determine if it's compromised or not, and except for something simple (e.g. an infection vector caught before activation by an AntiTrojan scanner in a browser cache, mail letter, etc.), one should simply rebuild the box. I take your point on board - it depends upon how paranoid you want to be over the particular PC and its use. I don't mean paranoid in a negative way, here, of course. So to the above, I'd add a have a rebuild strategy i.e. copies of data (not executables), addresses, passwords, etc. that can be quickly returned to a rebuilt OS. Windows benefits greatly from rebuilding - a rebuilt box will seem quicker and faster than ever before, and won't have lingering relics from earlier maintenance levels. Yes, this is great if you can. Unfortunately many of the most-hosed Windows PCs tend to come from home users who have no backup regimen in place. How can one be sure that _all_ data is restored? Many times my customers - those that use Outlook or Outlook Express - have no idea of their email password or wireless-network key, having had the remember box ticked since they set the machine up 2 years ago. I would attribute most of the breakage I see not to sophisticated viruses, but to poorly-written sponsorware. to adware removers that may delete files arbitrarily, to Windows bugs and to filesystem corruption (for instance: because the user likes to switch their PC off at the wall-socket, and was too impatient when it was shutting down!). Oftentimes, a Windows reinstall gives as much performance improvement as buying a new PC would do, and many users are very glad to get a new machine that is so clean and fresh (this is characterised by the reduced number of icons on the desktop - from 30+ to about 5!). But this has to be compromised against disruption to the user's environment - they may be very familiar with the way everything's set up, and all their favourite software is installed. With a not-booting- but-otherwise-fairly-clean PC this may tip the balance. Unfortunately one often cannot tell whether reinstall or repair is the best solution until one has already made a good attempt at repairing the system!! And you often don't discover which software - amongst all the crud of different p2p, photo programs and whatnot - that users depend on, until you after return the machine and they complain my icon is missing (with usually only a very generic description of what the icon does). One of my biggest bugbears against reinstalling is drivers. Dell Sony are wonderful! You just enter the tag or model number on their website and the correct drivers are listed. Advent - and here, in the UK, other brands of computer which are only available exclusively from PC World - can be a royal PITA, and once every month or two I encounter a machine for which it takes HOURS to find the correct drivers for all devices. Stroller. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: Boot Gentoo to clean windows
On 28/03/2008, 7v5w7go9ub0o [EMAIL PROTECTED] wrote: Florian Philipp wrote: snip FWIW, AntiVir, Bitdefender, and F-Prot run quite well on Linux, and each has BOTH Linux and Windows Trojan and virus signatures. So you can install these and scan your windows box, and then scan your Linux box/downloads for malware (e.g. openoffice files, media files, etc.). Add Dazuko, and you can get real-time scanning of your Linux box while downloading/compiling software. This is getting OT but I still want to ask: Is it really necessary to run an anti-virus on linux? I just want to hear some opinions on that topic because I thought security fixes for your software are the way to go for fighting virae on linux. Anti-Virus on Linux. No. (presuming that you don't run as root, and have lots of unprivileged users for individual applications.) Anti-Malware on Linux. Yes. (Malware gets to the box via spoofed or hacked software distribution or creation sites; bad links or poisoned DNS caches; or via (e.g.) browser memory attacks - at plugins or exploits) The oldtimers will tell you that safe hex and perhaps integrity monitoring (e.g. Samhain or tripwire) are all that's needed. But desktop Linux with Browsing, IM, etc. is changing that, IMHO. The three packages above have Linux Trojan and Rootkit signatures, as well as Windows malware sigs. Easy enough to run an occasional scan of the Linux box (or Windows partition); and to scan each Linux download before reading, compiling, or passing on. (Dazuko additionally allows realtime scans of compilation read/writes). IMHO, Linux and MAC are the next frontier for malware, and -SADLY- AntiMalware signature and heuristic techniques are one thing we can learn about from Windows :-( http://news.yahoo.com/s/pcworld/20080327/tc_pcworld/143901 What worries me is the reference to Safari . . . (khtml rendering engine?) What is an appropriate anti-malware for Linux, other than safe-hex? -- Regards, Mick -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Boot Gentoo to clean windows
Mick wrote: On 28/03/2008, 7v5w7go9ub0o [EMAIL PROTECTED] wrote: Anti-Virus on Linux. No. (presuming that you don't run as root, and have lots of unprivileged users for individual applications.) Anti-Malware on Linux. Yes. (Malware gets to the box via spoofed or hacked software distribution or creation sites; bad links or poisoned DNS caches; or via (e.g.) browser memory attacks - at plugins or exploits) The oldtimers will tell you that safe hex and perhaps integrity monitoring (e.g. Samhain or tripwire) are all that's needed. But desktop Linux with Browsing, IM, etc. is changing that, IMHO. The three packages above have Linux Trojan and Rootkit signatures, as well as Windows malware sigs. Easy enough to run an occasional scan of the Linux box (or Windows partition); and to scan each Linux download before reading, compiling, or passing on. (Dazuko additionally allows realtime scans of compilation read/writes). IMHO, Linux and MAC are the next frontier for malware, and -SADLY- AntiMalware signature and heuristic techniques are one thing we can learn about from Windows :-( http://news.yahoo.com/s/pcworld/20080327/tc_pcworld/143901 What worries me is the reference to Safari . . . (khtml rendering engine?) What is an appropriate anti-malware for Linux, other than safe-hex? As a monitor (a.k.a. real-time access), I've had good experience with AntiVir and Dazuko. AntiVir has lots of Linux signatures and heuristics, and Dazuko/Antivir has both caught bugs in downloads, and blocked suspicious scripts in my browser cache when visiting bad sites. As a scanner, I tend to scan my box from a second maintenance OS on another partition hoping to avoid stealthing by any RootKits on the primary partition. Scanning includes Samhain, equery md5 checks, the three Anti-Malware products mentioned earlier, Rootkithunter, and Checkrootkit. I'll run this occasionally overnight. Interesting that this year's exploit was a safe browser Safari, on a safe 'nix/BSD OS MAC. And last year's exploit winner, QuickTime, can also appear on multiple OS's. Both of these were likely online attacks; via streaming in the case of quicktime. Seems to me that WAN-connected applications should be sequestered from the rest of the system in the same way that a server sequesters WAN-connected processes - i.e. put them each in their own chroot jail. In addition to individual chroot jails, I run my mail client and browser in RamDisk - so that any changes to them (other than bookmarks and mail) are discarded at shutdown Using Hardened Sources (GRSecurity) with both memory protection and access control, one gets a particularly resilient, hardened chroot jail (i.e. OpenBSD theory :-) ) and a kernel that restricts where the browser user/application can go, and what it can do. hth -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Boot Gentoo to clean windows
Stroller wrote: snip important, informative stuff Be aware that sometimes Windows isn't cleanly fixable. Although I try to avoid it until I've exhausted avenues for a clean repair, sometimes the best thing to do is simply to back-up reinstall. Think this is a great write up. The last paragraph seems most important - given today's professionally-authored compromises, the best thing to do may be presume that you've been rooted with redundancy, and simply be prepared to quickly rebuild the box from scratch. Especially if you use the computer for business or other sensitive matters. So arguably, one should use the second OS (Linux or Windows) as a diagnostic tool to determine if it's compromised or not, and except for something simple (e.g. an infection vector caught before activation by an AntiTrojan scanner in a browser cache, mail letter, etc.), one should simply rebuild the box. So to the above, I'd add a have a rebuild strategy i.e. copies of data (not executables), addresses, passwords, etc. that can be quickly returned to a rebuilt OS. Windows benefits greatly from rebuilding - a rebuilt box will seem quicker and faster than ever before, and won't have lingering relics from earlier maintenance levels. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: Boot Gentoo to clean windows
On Friday 28 March 2008, 7v5w7go9ub0o wrote: IMHO, Linux and MAC are the next frontier for malware, and -SADLY- AntiMalware signature and heuristic techniques are one thing we can learn about from Windows :-( True, but with one *huge* difference: If something like ActiveX were to be unleashed on Linux, it will be fixed very quickly even if that requires an ABI change. We tend not to pull the backwards compatibility card, so obvious holes from that don't hang around for long -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Boot Gentoo to clean windows
On Friday 28 March 2008, Stroller wrote: I deal with h0sed Windows installations for my customers all the time. I regularly boot a Knoppix CD and copy the whole C: drive to a portable disk so that I have a complete backup. I find it reassuring to use Linux for this purpose because I feel confident that cp or rsync will copy _every file on the drive_ without just silently ignoring those marked with the hidden flag, or bitching about permissions. I prefer to save the entire partition with PING (Partimage Is Not Ghost) or equivalent tools to avoid gotchas with charsets. rsync and cp are excellent, but you have to mount the partition with the right options not to loose coherence in file naming. Everything else in your post is no more no less what I do to rescue all those boxes people bring to me :-) Starting from the uninstall of bloated antivirus! Great post Francesco -- Linux Version 2.6.24-gentoo-r3, Compiled #1 PREEMPT Thu Feb 28 22:23:31 CET 2008 One 2.2GHz AMD Athlon 64 Processor, 2GB RAM, 4408.81 Bogomips Total aemaeth -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: Boot Gentoo to clean windows
On Wed, 2008-03-26 at 22:13 -0400, 7v5w7go9ub0o wrote: Mikie wrote: Does anyone know of a product (hopefully free) that can clean a Windows PC while booted on Gentoo? I guess I need a good malware tool that runs on Linux and cleans NTFS volumes. Thanks. FWIW, AntiVir, Bitdefender, and F-Prot run quite well on Linux, and each has BOTH Linux and Windows Trojan and virus signatures. So you can install these and scan your windows box, and then scan your Linux box/downloads for malware (e.g. openoffice files, media files, etc.). Add Dazuko, and you can get real-time scanning of your Linux box while downloading/compiling software. This is getting OT but I still want to ask: Is it really necessary to run an anti-virus on linux? I just want to hear some opinions on that topic because I thought security fixes for your software are the way to go for fighting virae on linux. signature.asc Description: This is a digitally signed message part
Re: [gentoo-user] Re: Boot Gentoo to clean windows
Am Donnerstag, 27. März 2008 schrieb Florian Philipp: Is it really necessary to run an anti-virus on linux? I just want to hear some opinions on that topic because I thought security fixes for your software are the way to go for fighting virae on linux. The main purpose is to remove virae from _Windows_ drives. You boot from a Linux LiveCD, like german c't magazin's Knoppicillin, mount your NTFS partition(s) and clean them. HTH... Dirk signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Re: Boot Gentoo to clean windows
On Thu, 27 Mar 2008 19:18:57 +0100 Dirk Heinrichs [EMAIL PROTECTED] wrote: Am Donnerstag, 27. März 2008 schrieb Florian Philipp: Is it really necessary to run an anti-virus on linux? I just want to hear some opinions on that topic because I thought security fixes for your software are the way to go for fighting virae on linux. The main purpose is to remove virae from _Windows_ drives. You boot from a Linux LiveCD, like german c't magazin's Knoppicillin, mount your NTFS partition(s) and clean them. Or to catch remove a virus before it reaches the Windows machines - say with a Linux file or email server on a network w/ Windows machines. Conway S. Smith -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: Boot Gentoo to clean windows
Florian Philipp wrote: This is getting OT but I still want to ask: Is it really necessary to run an anti-virus on linux? I just want to hear some opinions on that topic because I thought security fixes for your software are the way to go for fighting virae on linux. I have not ran a anti-virus here for years and no problems so far. I don't think Linux has this problem except for the rootkit thing. It seems Linux is just pretty much immune to this sort of thing. Dale :-) :-) -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: Boot Gentoo to clean windows
On Thursday 27 March 2008, Dale wrote: Florian Philipp wrote: This is getting OT but I still want to ask: Is it really necessary to run an anti-virus on linux? I just want to hear some opinions on that topic because I thought security fixes for your software are the way to go for fighting virae on linux. I have not ran a anti-virus here for years and no problems so far. I don't think Linux has this problem except for the rootkit thing. It seems Linux is just pretty much immune to this sort of thing. Not really immune as such, just well protected. It's very hard to gain remote access as a user and then find an exploit to elevate to root priviledges. The devastation wrought on the internet by zombie windows machines is by and large not really possible on Linux to anything like the same degree - if an attacker dupes a user into running some malware it tends to run as the user which limits what the malware can do i.e. no ports open below 1024 etc etc. BUT some points to keep in mind: 1. Linux us still small fry in the desktop market, and not really a target for malware scumbags. Why should they? It's much harder to do especially when Redmond's finest code in the wild is such juicy low hanging fruit. This is bound to change, just a matter of time 2. There are some Linuxes out there that run everything as root. Xandros, I'm especially looking at you here. Apparently the Xandros devs like the way Redmond does things, right down to the brain dead design decisions sigh human stupidity is apparently boundless 3. If an attacker gains access to your machine, he can trash your personal stuff just for spite. This is catastrophic to the average user even though it leaves the rest of the internet just as it was -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: Boot Gentoo to clean windows
Alan McKinnon wrote: On Thursday 27 March 2008, Dale wrote: Florian Philipp wrote: This is getting OT but I still want to ask: Is it really necessary to run an anti-virus on linux? I just want to hear some opinions on that topic because I thought security fixes for your software are the way to go for fighting virae on linux. I have not ran a anti-virus here for years and no problems so far. I don't think Linux has this problem except for the rootkit thing. It seems Linux is just pretty much immune to this sort of thing. Not really immune as such, just well protected. It's very hard to gain remote access as a user and then find an exploit to elevate to root priviledges. The devastation wrought on the internet by zombie windows machines is by and large not really possible on Linux to anything like the same degree - if an attacker dupes a user into running some malware it tends to run as the user which limits what the malware can do i.e. no ports open below 1024 etc etc. BUT some points to keep in mind: 1. Linux us still small fry in the desktop market, and not really a target for malware scumbags. Why should they? It's much harder to do especially when Redmond's finest code in the wild is such juicy low hanging fruit. This is bound to change, just a matter of time 2. There are some Linuxes out there that run everything as root. Xandros, I'm especially looking at you here. Apparently the Xandros devs like the way Redmond does things, right down to the brain dead design decisions sigh human stupidity is apparently boundless 3. If an attacker gains access to your machine, he can trash your personal stuff just for spite. This is catastrophic to the average user even though it leaves the rest of the internet just as it was True, but I did say 'pretty much'. Nothing is completely immune. A old Commodore Vic-20 can be hacked if you can connect it to the net. Although it is not fast enough to do much harm. LOL I also agree that as Linux grows, so will the people trying to hack them. As long as there are people using Linux that don't keep there box fairly secure, it will happen. I don't think it will be as easy as the finest Redmond software but they will try. If nothings else, they will try common passwords and there will always be some idiot with their password set to love, sex, god and other easy to guess ones. I like my password tho. It's numbers and letters and has no meaning whatsoever. Not even a birth date in it. I was not aware of #2. Sounds like a bunch of Redmond whatabees. o_O Dale :-) :-) :-) -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Boot Gentoo to clean windows
Florian Philipp wrote: snip FWIW, AntiVir, Bitdefender, and F-Prot run quite well on Linux, and each has BOTH Linux and Windows Trojan and virus signatures. So you can install these and scan your windows box, and then scan your Linux box/downloads for malware (e.g. openoffice files, media files, etc.). Add Dazuko, and you can get real-time scanning of your Linux box while downloading/compiling software. This is getting OT but I still want to ask: Is it really necessary to run an anti-virus on linux? I just want to hear some opinions on that topic because I thought security fixes for your software are the way to go for fighting virae on linux. Anti-Virus on Linux. No. (presuming that you don't run as root, and have lots of unprivileged users for individual applications.) Anti-Malware on Linux. Yes. (Malware gets to the box via spoofed or hacked software distribution or creation sites; bad links or poisoned DNS caches; or via (e.g.) browser memory attacks - at plugins or exploits) The oldtimers will tell you that safe hex and perhaps integrity monitoring (e.g. Samhain or tripwire) are all that's needed. But desktop Linux with Browsing, IM, etc. is changing that, IMHO. The three packages above have Linux Trojan and Rootkit signatures, as well as Windows malware sigs. Easy enough to run an occasional scan of the Linux box (or Windows partition); and to scan each Linux download before reading, compiling, or passing on. (Dazuko additionally allows realtime scans of compilation read/writes). IMHO, Linux and MAC are the next frontier for malware, and -SADLY- AntiMalware signature and heuristic techniques are one thing we can learn about from Windows :-( -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Boot Gentoo to clean windows
Mikie wrote: Does anyone know of a product (hopefully free) that can clean a Windows PC while booted on Gentoo? I guess I need a good malware tool that runs on Linux and cleans NTFS volumes. Thanks. FWIW, AntiVir, Bitdefender, and F-Prot run quite well on Linux, and each has BOTH Linux and Windows Trojan and virus signatures. So you can install these and scan your windows box, and then scan your Linux box/downloads for malware (e.g. openoffice files, media files, etc.). Add Dazuko, and you can get real-time scanning of your Linux box while downloading/compiling software. (AntiVir and Bitdefender each usually score high on the antivirus/antiTrojan tests run for Windows bugs. Bitdefender and F-Prot are ebuilds; AntiVir is available as a Linux source hth -- gentoo-user@lists.gentoo.org mailing list