Compromised windows PCS

Discussion in 'NZ Computing' started by thingy, Aug 21, 2006.

  1. thingy

    thingy Guest

    Some in here commented om Steve's rebuild of an infected PC as
    un-needed...or un-warranted method of fixing infections.

    "The lesson here is once you get infected, you are completely under the
    control of the botmaster. He can put whatever he wants on your machine,
    and there's no way to be 100 percent sure that the machine is clean,"
    Stewart said in an interview with eWEEK.

    http://www.eweek.com/article2/0,1895,2004893,00.asp

    So,

    1) As far as I can read from this (and indeed many other articles) once
    you have a "well" infected machine, about the only practical option is
    too wipe it...actually when it comes down to it it looks the only option.

    2) Users expect to have their machine back as it was before being
    infected....fat chance....If the machine can be got back to the way it
    was, then the question has to be asked, how long for....if the user is
    in-capable of looking after a windows machine, the it is not going to
    last long.

    So, unless a user accepts regular re-installs possibly on a monthly
    basis is an acceptable cost, installing a OS that does not suffer from
    Windows drawbacks is perfectly acceptable.

    I would liken it to buying a dog of a car...at what point do you decide
    it is sensible to sell it and get a new car?

    After three gearbox rebuilds? each time you get a huge bill and the
    garage tells you it is a fundamental design flaw....? do you wait that
    long? bet you dont....

    regards

    Thing
     
    thingy, Aug 21, 2006
    #1
    1. Advertising

  2. thingy

    Nova Guest

    thingy wrote:
    > Some in here commented om Steve's rebuild of an infected PC as
    > un-needed...or un-warranted method of fixing infections.
    >
    > "The lesson here is once you get infected, you are completely under the
    > control of the botmaster. He can put whatever he wants on your machine,
    > and there's no way to be 100 percent sure that the machine is clean,"
    > Stewart said in an interview with eWEEK.
    >
    > http://www.eweek.com/article2/0,1895,2004893,00.asp
    >
    > So,
    >
    > 1) As far as I can read from this (and indeed many other articles) once
    > you have a "well" infected machine, about the only practical option is
    > too wipe it...actually when it comes down to it it looks the only option.
    >
    > 2) Users expect to have their machine back as it was before being
    > infected....fat chance....If the machine can be got back to the way it
    > was, then the question has to be asked, how long for....if the user is
    > in-capable of looking after a windows machine, the it is not going to
    > last long.
    >
    > So, unless a user accepts regular re-installs possibly on a monthly
    > basis is an acceptable cost, installing a OS that does not suffer from
    > Windows drawbacks is perfectly acceptable.
    >
    > I would liken it to buying a dog of a car...at what point do you decide
    > it is sensible to sell it and get a new car?
    >
    > After three gearbox rebuilds? each time you get a huge bill and the
    > garage tells you it is a fundamental design flaw....? do you wait that
    > long? bet you dont....
    >
    > regards
    >
    > Thing
    >


    Well for point 1 that can be said about any OS that is compromised. If
    *nix is compromised the person can put whatever they want on the machine
    also, they can even recompile the kernel to hide vulnerabilities and
    add them right into the kernel etc. So point 1 applies to all OS's

    However it is fair to say it would seem some OS's are easier to
    compromise than others :)
     
    Nova, Aug 21, 2006
    #2
    1. Advertising

  3. thingy

    MaHogany Guest

    On Mon, 21 Aug 2006 12:48:03 +1200, thingy wrote:

    > After three gearbox rebuilds? each time you get a huge bill and the
    > garage tells you it is a fundamental design flaw....? do you wait that
    > long? bet you dont....


    Agreed.

    But if you're a devoted user of M$ Windows, or a
    follow-the-trend-in-the-name-of-compatibility corporation then you simply
    accept that ongoing cost and hassle and keep on paying, and paying and
    paying AND paying.


    Ma Hogany

    --
    Q: How do I make Windows(TM) go faster?
    A: Throw it harder...
     
    MaHogany, Aug 21, 2006
    #3
  4. thingy

    Steve Guest

    On Mon, 21 Aug 2006 13:32:55 +1200, Nova wrote:
    >
    > Well for point 1 that can be said about any OS that is compromised. If
    > *nix is compromised the person can put whatever they want on the machine
    > also, they can even recompile the kernel to hide vulnerabilities and
    > add them right into the kernel etc. So point 1 applies to all OS's

    Only if a compiler is installed, the source is loaded and nobody notices
    something has happened in the meantime.
     
    Steve, Aug 21, 2006
    #4
  5. thingy

    juicyjuice Guest

    "MaHogany" <> wrote in message
    news:p...

    > Agreed.
    >
    > But if you're a devoted user of M$ Windows, or a
    > follow-the-trend-in-the-name-of-compatibility corporation then you simply
    > accept that ongoing cost and hassle and keep on paying, and paying and
    > paying AND paying.
    >
    >
    > Ma Hogany
    >
    > --


    Or they could invest the money in some courses teaching them how to use and
    secure their windows pc better :)
    Then trips to a techie might be less often.
     
    juicyjuice, Aug 21, 2006
    #5
  6. thingy

    MaHogany Guest

    On Mon, 21 Aug 2006 19:45:59 +1200, juicyjuice wrote:

    > Or they could invest the money in some courses teaching them how to use and
    > secure their windows pc better :)
    > Then trips to a techie might be less often.


    .... until another flaw is exploited that again causes massive network
    congestion, and the only solution is turn off the PC until it can be
    reformatted and everything re-installed from scratch; and that affects
    Windows Servers AND desktops and looses billions of dollars worth of
    productivity - again!


    Ma Hogany

    --
    Q: How do I make Windows(TM) go faster?
    A: Throw it harder...
     
    MaHogany, Aug 21, 2006
    #6
  7. thingy

    E. Scrooge Guest

    "MaHogany" <> wrote in message
    news:p...
    > On Mon, 21 Aug 2006 12:48:03 +1200, thingy wrote:
    >
    >> After three gearbox rebuilds? each time you get a huge bill and the
    >> garage tells you it is a fundamental design flaw....? do you wait that
    >> long? bet you dont....

    >
    > Agreed.
    >
    > But if you're a devoted user of M$ Windows, or a
    > follow-the-trend-in-the-name-of-compatibility corporation then you simply
    > accept that ongoing cost and hassle and keep on paying, and paying and
    > paying AND paying.
    >
    >
    > Ma Hogany


    last year I only paid 7 million. This year I hope to pay at least 10
    million. Once I've paid over 10 million I get a Bill Gates Tee shirt and a
    gold disc copy of Windows 95 - personally autographed by Bill of course.

    You should learn to pay up too - you'll feel a lot better for it.

    E. Scrooge
     
    E. Scrooge, Aug 21, 2006
    #7
  8. thingy

    Nova Guest

    Steve wrote:
    > On Mon, 21 Aug 2006 13:32:55 +1200, Nova wrote:
    >> Well for point 1 that can be said about any OS that is compromised. If
    >> *nix is compromised the person can put whatever they want on the machine
    >> also, they can even recompile the kernel to hide vulnerabilities and
    >> add them right into the kernel etc. So point 1 applies to all OS's


    > Only if a compiler is installed, the source is loaded


    No if the system is compromised they can do _whatever_ they want.
    They can put new source on it, they can put a compiler on it etc etc.
    any OS compromised means you don't know what they have done to it.

    and nobody notices
    > something has happened in the meantime.
    >


    which happens a lot in the real world...
     
    Nova, Aug 21, 2006
    #8
  9. thingy

    MaHogany Guest

    On Mon, 21 Aug 2006 21:45:56 +1200, Nova wrote:

    >> Only if a compiler is installed, the source is loaded

    >
    > No if the system is compromised they can do _whatever_ they want.
    > They can put new source on it, they can put a compiler on it etc etc.
    > any OS compromised means you don't know what they have done to it.


    True - agreed.

    That is why the only real solution when rescuing an infected Windows box
    is to format and reinstall.


    > and nobody notices
    >> something has happened in the meantime.

    >
    > which happens a lot in the real world.


    Yup - agreed.

    For example, if an application is re-niced so that is runs with a lower
    priority than regular programs on a computer, the regular users on that
    box would have no idea at all that something else is chewing up most of
    the processor power.

    Vigilence on the part of the admin is the best way to keep in control of a
    computer.

    Of course on some systems keeping the viruses and worms out is like trying
    to push a glacier back up the valley it's coming down.


    Ma Hogany

    --
    Q: How do I make Windows(TM) go faster?
    A: Throw it harder...
     
    MaHogany, Aug 21, 2006
    #9
  10. Re: Compromised Dimdows PCs

    In message <>, thingy wrote:

    > So, unless a user accepts regular re-installs possibly on a monthly
    > basis is an acceptable cost, installing a OS that does not suffer from
    > Windows drawbacks is perfectly acceptable.


    But doing a reinstall will wipe all the updated patches you've applied, yes?
    So you have to download and re-apply them again. And during that half hour
    or more that it takes to download the patches, you're vulnerable to
    re-infection, right?

    So you must patch and patch and patch, and expect to reboot regularly. And
    if you're trying to do something that requires maintaining context for some
    length of time, as Guy Kewney rather foolishly did
    <http://www.theregister.co.uk/2006/08/21/bill_gates_invoice/>, well, forget
    it.
     
    Lawrence D'Oliveiro, Aug 21, 2006
    #10
  11. thingy

    MaHogany Guest

    Re: Compromised Dimdows PCs

    On Mon, 21 Aug 2006 23:53:55 +1200, Lawrence D'Oliveiro wrote:

    > But doing a reinstall will wipe all the updated patches you've applied, yes?
    > So you have to download and re-apply them again. And during that half hour
    > or more that it takes to download the patches, you're vulnerable to
    > re-infection, right?


    Solution:

    Burn all the patches onto CDs when you get them.

    That way you can install them wtihout connecting to the Internet.


    Ma Hogany

    --
    Q: How do I make Windows(TM) go faster?
    A: Throw it harder...
     
    MaHogany, Aug 21, 2006
    #11
  12. thingy

    steve Guest

    thingy wrote:

    ......

    > So, unless a user accepts regular re-installs possibly on a monthly
    > basis is an acceptable cost, installing a OS that does not suffer from
    > Windows drawbacks is perfectly acceptable.


    This was essentially my point: for people who can't or won't learn what
    is required to keep WinXP 'safe'.....Linux or Mac is not just a good
    solutions, they may be the only solutions....and Linux is cheaper and
    will run on their existing PCs.
     
    steve, Aug 21, 2006
    #12
  13. thingy

    steve Guest

    Re: Compromised Dimdows PCs

    Lawrence D'Oliveiro wrote:
    > In message <>, thingy wrote:
    >
    > > So, unless a user accepts regular re-installs possibly on a monthly
    > > basis is an acceptable cost, installing a OS that does not suffer from
    > > Windows drawbacks is perfectly acceptable.

    >
    > But doing a reinstall will wipe all the updated patches you've applied, yes?
    > So you have to download and re-apply them again. And during that half hour
    > or more that it takes to download the patches, you're vulnerable to
    > re-infection, right?


    Oh no......you just just get the latest CD / DVD / semi-trailer of
    aggregated patches BEFORE you go online.

    Mail order or from a friend.....as you can't use the Net (unless you
    boot from some non-MS OS).
     
    steve, Aug 21, 2006
    #13
  14. Re: Compromised Dimdows PCs

    In message <>, MaHogany wrote:

    > On Mon, 21 Aug 2006 23:53:55 +1200, Lawrence D'Oliveiro wrote:
    >
    >> But doing a reinstall will wipe all the updated patches you've applied,
    >> yes? So you have to download and re-apply them again. And during that
    >> half hour or more that it takes to download the patches, you're
    >> vulnerable to re-infection, right?

    >
    > Solution:
    >
    > Burn all the patches onto CDs when you get them.


    What about the last few patches you got before doing the next reinstall? How
    can you trust those?
     
    Lawrence D'Oliveiro, Aug 22, 2006
    #14
  15. thingy

    Allistar Guest

    MaHogany wrote:

    > On Mon, 21 Aug 2006 21:45:56 +1200, Nova wrote:
    >
    >>> Only if a compiler is installed, the source is loaded

    >>
    >> No if the system is compromised they can do _whatever_ they want.
    >> They can put new source on it, they can put a compiler on it etc etc.
    >> any OS compromised means you don't know what they have done to it.

    >
    > True - agreed.
    >
    > That is why the only real solution when rescuing an infected Windows box
    > is to format and reinstall.
    >
    >
    >> and nobody notices
    >>> something has happened in the meantime.

    >>
    >> which happens a lot in the real world.

    >
    > Yup - agreed.
    >
    > For example, if an application is re-niced so that is runs with a lower
    > priority than regular programs on a computer, the regular users on that
    > box would have no idea at all that something else is chewing up most of
    > the processor power.


    Nonsense. If a rogue process starting gobbling up excess CPU cycles,
    regardless of how "nice" it was, I would notice pretty much straight away
    (assuming I sitting in front of my PC). I may not notice if it only gobbles
    an additional 1 or 2% though.

    > Vigilence on the part of the admin is the best way to keep in control of a
    > computer.
    >
    > Of course on some systems keeping the viruses and worms out is like trying
    > to push a glacier back up the valley it's coming down.
    >
    >
    > Ma Hogany


    Allistar.
     
    Allistar, Aug 22, 2006
    #15
  16. thingy

    juicyjuice Guest

    "MaHogany" <> wrote in message
    news:p...
    > On Mon, 21 Aug 2006 19:45:59 +1200, juicyjuice wrote:
    >
    >> Or they could invest the money in some courses teaching them how to use
    >> and
    >> secure their windows pc better :)
    >> Then trips to a techie might be less often.

    >
    > ... until another flaw is exploited that again causes massive network
    > congestion, and the only solution is turn off the PC until it can be
    > reformatted and everything re-installed from scratch; and that affects
    > Windows Servers AND desktops and looses billions of dollars worth of
    > productivity - again!
    >
    >
    > Ma Hogany
    >


    If the exploit makes it onto the pc in the first place. This initially (in
    nearly all cases) still needs to be downloaded or duped into being
    downloaded by a user on 1 of the pcs on the lan.
     
    juicyjuice, Aug 22, 2006
    #16
  17. thingy

    MaHogany Guest

    On Tue, 22 Aug 2006 20:15:23 +1200, Allistar wrote:

    >> For example, if an application is re-niced so that is runs with a lower
    >> priority than regular programs on a computer, the regular users on that
    >> box would have no idea at all that something else is chewing up most of
    >> the processor power.

    >
    > Nonsense. If a rogue process starting gobbling up excess CPU cycles,
    > regardless of how "nice" it was, I would notice pretty much straight away
    > (assuming I sitting in front of my PC). I may not notice if it only gobbles
    > an additional 1 or 2% though.


    For weeks I was running the SETI number crunching software.

    The CPU of my desktop box was almost constantly running at 100%.

    But because the SETI process was re-niced to be running at a very low
    priority it deferred for everything else and only had CPU time when
    nothing else did.

    It was as if the SETI process was not running at all.


    Ma Hogany

    --
    Q: How do I make Windows(TM) go faster?
    A: Throw it harder...
     
    MaHogany, Aug 22, 2006
    #17
  18. thingy

    MaHogany Guest

    Re: Compromised Dimdows PCs

    On Tue, 22 Aug 2006 20:01:59 +1200, Lawrence D'Oliveiro wrote:

    >> Burn all the patches onto CDs when you get them.

    >
    > What about the last few patches you got before doing the next reinstall? How
    > can you trust those?


    You don't.

    You reinstall from M$'s website.


    Ma Hogany

    --
    Q: How do I make Windows(TM) go faster?
    A: Throw it harder...
     
    MaHogany, Aug 22, 2006
    #18
  19. thingy

    Allistar Guest

    MaHogany wrote:

    > On Tue, 22 Aug 2006 20:15:23 +1200, Allistar wrote:
    >
    >>> For example, if an application is re-niced so that is runs with a lower
    >>> priority than regular programs on a computer, the regular users on that
    >>> box would have no idea at all that something else is chewing up most of
    >>> the processor power.

    >>
    >> Nonsense. If a rogue process starting gobbling up excess CPU cycles,
    >> regardless of how "nice" it was, I would notice pretty much straight away
    >> (assuming I sitting in front of my PC). I may not notice if it only
    >> gobbles an additional 1 or 2% though.

    >
    > For weeks I was running the SETI number crunching software.
    >
    > The CPU of my desktop box was almost constantly running at 100%.
    >
    > But because the SETI process was re-niced to be running at a very low
    > priority it deferred for everything else and only had CPU time when
    > nothing else did.
    >
    > It was as if the SETI process was not running at all.


    I do understand what the niceness of a process is. I'm saying that if my CPU
    were running at 100%, I'd know about it because I have a CPU/RAM usage
    monitor always visible (using SuperKaramba). A rogue CPU gobbling process,
    regardless of niceness, would not go unnoticed.

    > Ma Hogany


    Allistar.
     
    Allistar, Aug 22, 2006
    #19
  20. thingy

    MaHogany Guest

    On Wed, 23 Aug 2006 09:32:49 +1200, Allistar wrote:

    >> But because the SETI process was re-niced to be running at a very low
    >> priority it deferred for everything else and only had CPU time when
    >> nothing else did.
    >>
    >> It was as if the SETI process was not running at all.

    >
    > I do understand what the niceness of a process is. I'm saying that if my CPU
    > were running at 100%, I'd know about it because I have a CPU/RAM usage
    > monitor always visible (using SuperKaramba). A rogue CPU gobbling process,
    > regardless of niceness, would not go unnoticed.


    What you're saying is that you're monitoring for CPU/memory usage and so
    you would notice when your PC was being used optimally.

    My point was that even if a CPU was being pinged at 100%, if the process
    that was chewing most of that CPU time was a low priority process, then
    everything else wouldn't notice that the box was being pinged at 100% -
    because the OS would prioritise accordingly.


    Ma Hogany

    --
    Q: How do I make Windows(TM) go faster?
    A: Throw it harder...
     
    MaHogany, Aug 23, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. shahidsheikh....com
    Replies:
    5
    Views:
    3,743
    farmerc
    Sep 21, 2007
  2. Jene Keller
    Replies:
    4
    Views:
    544
  3. Andy

    Car PCs, mini PCs run Linux and windowsXP

    Andy, Jan 27, 2006, in forum: Computer Information
    Replies:
    0
    Views:
    473
  4. steve
    Replies:
    74
    Views:
    1,132
    Dave - Dave.net.nz
    Aug 24, 2004
  5. Andy
    Replies:
    0
    Views:
    612
Loading...

Share This Page