Slashdot Mirror
Windows Rootkit Wars Escalate
An anonymous reader writes "The rootkit wars have started to escalate with a rootkit named Rustock which is able to remain hidden from all the popular anti-rootkit tools. It uses some new techniques including not only putting itself in a ADS (NTFS alternate data stream) which isn't seen by normal file system enumeration tools, but even blocks ADS aware tools from seeing the stream. Works in Vista, too! Analysis in both Symantec and F-Secure blogs."
from a machine with a rootkid installed... 0wned!
Cue the Mac OS-X / *Nix / *BSD zealotry.
My humor is probably your flamebait
Breaking into a computer should be considered as serious as breaking into one's home. Enough of the "kids will be kids" stuff, and lets have our government go after the zombie masters as the scum that they are: invaders into our lives and our stuff.
Mod down people who tell people how to mod in their sigs
I don't hate sony because they installed rootkits on some peoples computers, I hate them because of that incident the word rootkit became popular.
Was this designed simply an easy way to hide (system?) files in the filesystem
or was it for something different entirely? I remember there being a "chmod +/-h"
in old (perhaps even current, I no longer use it) versions of HP-UX that would hide
files , is this something similar?
rootkit v. counter rootkit
counter counter rootkit v. counter rootkit
counter counter counter rootkit v. counter counter rootkit
An endless cycle of patch, pray, patch, pray, reinstall awaits us.
X|K|Ubuntu, anyone?
So which CD's does this one come on? When can I expect a class action suit to get me a few free downloads from it?
Since F-Secure detects it, does that imply it's not popular?
If only Windows was closed source, then writing such tools would be difficult. Oh, wait...
>>lets have our government go after the zombie masters as the scum that they are: invaders into our lives and our stuff.
Good luck with that. The US government can't even persue terrorists who kill American citizens without inviting substantial criticism. If they can't arrest cold-blooded killers you think they're going to be able to round up computer geeks?
Maybe the UN can take care of this. (trying to supress a chuckle)
http://www.heysoft.de/nt/ntfs-ads.htm
There's a lot that can be done with it.
This Russian-created rootkit is smart enough to recognize known anti-rootkit tools and hide from them.
:P
Does this mean that in Soviet Russia, rootkits detect y... Bah, nevermind. Too easy.
Slashdot: come for the pedantry, stay for the condescension.
People, please, stay sensible. First of all, a rootkit has to GET into a system. How it hides, how it vanishes, how it hooks certain parts of the system and how it defeats anti-rootkit tools is moot if it doesn't even GET that far.
Whatever a program may want to do, first of all it has to be started. Now, there are currently no unpatched remote exploits or program-runs-crap-by-itself bugs I'm aware of. In other words: You have to start it!
And that's what it comes down to. Keep your system updated! Don't click on every moronic spammail you get! Don't run everything you download from an unrelyable source without at least checking what it is!
My prediction would be that you can eliminate about 95% of the most dangerous worms, trojans and spybots currently in the wild if we could just get people to abstain from running every single piece of junk they stumble upon. The best protection against infection is still a working brain.
There is no technical solution for a social problem. I say it time and again. If it's been true ever, it is in the area of malware. Antimalware tools are akin to safety belts and airbags. You have them, and you use them, but that doesn't mean you drive 150 on an icy road, just 'cause, hey, you got safety belts and an airbag, what damage could happen, eh?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I think it's somewhat disingenuous to specifically note this rootkit works in Vista. It implies that the security work done in Vista has somehow failed.
Vista has numerous improvements security wise, and almost all of them have to do with prevent a machine from becoming infected to begin with.
, UAC, Windows Defender, the improved software firewall, IE 7+ sandboxing/broker, etc... these are all meant to make it a lot harder for malware to get on the machine to begin with.
As the old security adage goes, if untrusted software is run on your machine, it's not your machine anymore.
If it wasn't so sad, it would be funny.
tell me how, please. The things you know about him/her/them/whatever:
A DNS-Server in San Jose.
A host in Kiew.
Code generated in Russia.
Distributed by spambots from around the world.
Now, where do you start looking? Have you ever tried getting some help from authorities in Russia? If not, it's a worthy adventure. At the very least, it gives you enough material to write a very interesting book.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Since F-Secure detects it since June 21st, does it imply this is old news?
or did they make sure it could install?
* Winners compare their achievements to their goals, losers compare theirs to that of others.
FSecure's posting says that they released a version of their antirootkit software that can defeat this. Date June 21
Symantec says that FSecure's product can't remove this. Date June 29.
Any reason for this discrepency? You'd think they'd continue to moniter what other companies are doing to combat the problem and 8 days would be enough for them to find out about the new release.
Well.. maybe. Or Maybe not. But Definitely not sort of.
To be useful to its creators, a rootkit has to do something. That something usually involves communication on the internet. So, could you find a rootkit by looking for tcp addresses by text searching the whole hard drive? Could you thwart it by detecting an attempt to communicate with certain addresses?
x86 versions only.
Would be interesting to know if there will be or are 64-bit versions of rootkits.
"Rootkit Wars" ??
This isn't a war. This is merely an advance in the sophistication of one rootkit. This happens all the time.
Why is this being called a "war" now?
Maybe because if they called it what it is - "Another Lame Virus Advancement" - nobody would click the link and look at their ads.
What a joke.
By the way, does anyone else find it funny that Symantec and F-Secure have "blogs" now? WTF? Why not just go the whole 9 and create a MySpace profile too?
smattawichu
Did the writers of the rootkit consider that...
a ler.html
"The reason that there is no longer a command-line version is that malware authors have started targetting RootkitRevealer's scan by using its executable name. We've therefore updated RootkitRevealer to execute its scan from a randomly named copy of itself that runs as a Windows service. This type of execution is not conducive to a command-line interface. Note that you can use command-line options to execute an automatic scan with results logged to a file, which is the equivalent of the command-line version's behavior." http://www.sysinternals.com/Utilities/RootkitReve
Ooops... 1 step ahead of the hackers yet again.
Does a VM offer immunity to rootkits?
If the VM'd instance is subverted, does the underlying OS become exposed?
Thanks,
-Alajando
Don't rootkits need to hook into the kernel in some way, and the "some way" in Vista is via signed binaries? Overriding kernel hooks seem to imply that yes, signed binaries are needed as well...
Also, would it be able to hide from a tool like SysInternal's rootkit detector which compares API return values for the registry and filesystem with an actual analysis of the registry files themselves, and a scan of the raw blocks on the disk? (Understands NTFS and FAT, and the registry hive format).
Theese things are like the neighbor that just walks in the house, takes a piss, grabs a beer out of the fridge, asks you if you're watching teh game after sitting on the couch next to you.
If they'd put some fucking beer in there now & then it wouldn't be so damn aggrevating.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
NTFS alternate data stream? It's a good thing I still use Windows 95 that doesn't have any of those fancy shmancy features that can be exploited like that.
If you're (like me) one of the, umm, fortunate souls who get to clean up rootkit-infested machines regularly, there's a tool you should know about: LADS, for "list alternative data streams"
It can be found buried in this FAQ about the NTFS ADS feature: http://www.heysoft.de/nt/ntfs-ads.htm
I haven't tried it yet, but it looks like it should work from a win32 bootdisk (like BARTPE). So you should be able to boot from a clean win32 environment and scan the computer's hard disk to find any files with ADSs. Fortunately, use of this feature within NTFS is not widespread, so malware should stand out pretty obviously.
Have fun!
-R
not easy as long as ADS exists.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Microsoft has been less than forthcoming about ADS, it's function and it's mechanism. ADS has been used in the past to hack into web servers and now appears to be useful for rooting any system with NTFS.
Is ADS a Microsoft backdoor?
does it show in DOS ?
Long ago, in the days of MS-DOS, there was a program that was excellent at detecting unknown MS-DOS viruses. Called Integrity Master, for maximum security one ran it from a bootable floppy, scanned files on the hard disk, and stored the file with the scanned signatures on a floppy. It wasn't SHA or MD5 hashes, but at the time it was solid security.
Then, one periodically (once or twice a week, as paranoia sees fit) ran the utility on their machine. If stuff in the MS-DOS directory was changed, it was immediately apparant. Integrity Master also was able to scan for some known viruses as well in addition to keeping a log of changed files.
We need a utility like that for Windows XP and Vista. A bootable CD or DVD that not just can understand NTFS (and NTFS's file compression), but has the necessary software to mount hard disks which are encrypted with BitLocker, PGP, SafeBoot, PointSec, WinMagic, DriveCrypt Plus Pack. The utility should also allow for username/password entry so EFS-protected files can be checked too.
This utility should use a CD or DVD to boot from, mount hard drive volumes, run checks for alternate data streams, system and nonsystem files, and finally the registry, perhaps including the encrypted parts like the SAM. It should not just save hashes of files, but perhaps have some ability to check file signatures as well (like sfc.exe and sigverif.exe do), so an update to Windows via a legitimate way doesn't set off a lot of false positives. Of course, the "manifest" file storing the file hashes on the file system would be stored on a removable USB drive, so the OS on the hard drive never has the ability to touch it.
Because this checking is done offline, a rootkit would be a lot harder to hide (unless it uses a method that the integrity scanner wasn't programmed to detect, like perhaps pointing to unallocated disk space for executable code, or hiding in an EFS-protected file.)
Of course, offline checking isn't perfect, because the machine being scanned has to be totally downed for a good amount of time which can't be done in a 24/7 environment.
There are some hurdles though. Trying to reduce the amount of false positives is one, for example. A novice user presented with a notice that a lot of files were changed likely wouldn't know what was a bad change, and what was normal for system functioning. After that, its decoding files and registry keys. Finally, if a known rootkit database was used, keeping track of how rootkits encrypt their payload, and delivering timely program updates.
Hey Hey! Hate the game! Not the playa'! 'Sama 'n Sony got serious game.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
i still use FAT32, you insensitive clod!
Back in grad school, someone accidentally erased every user file on our group's Mac. Including my thesis! Unerasing was a nightmare (our mac "guru" wasn't much help). We got the data back, but none of it had the correct data fork associated with it. Everything got treated as an ascii text file.
I spit on your grave, OS7!
The world is made by those who show up for the job.
Microsoft Private Folder 1.0 uses rootkit-like techniques to hide encrypted files from the Win32 API. I wrote a little about it in
my blog a few days ago.
Sorry to say it bluntly, but I do remember. It's over. It's patched. Currently, there are no unpatched bugs (at least none that I'm aware of) that let you deliver malware straight to a connected computer.
So what that means is that there are unpatched holes, and since we don't know where they are you don't know a likley attack vector that such a rootkit might try and be deployed by.
Don't connect to the net without a firewall? Heck, given you can't know anything you are doing over the network is not an attack vector you might as well just shut down the network connection altogether.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I think this is the equivalent situation. When you chroot, it changes the root of the file system, "/", but IIRC it doesn't change any open directory handles. In particular, it doesn't change the current working directory. So you should always follow a chroot with "cd /" or equivalent. If you have other open directories, you also have to deal with those.
.." and they're out of your jail.
Otherwise, a hacker could just "cd
[Yoda]
Begun, the Rootkit Wars have...
[/Yoda]
In *most* instances, you can use the built-in "Run As" feature to fun games/etc that need special permissions.
But the real solution is to complain to your software vendors.
I have a legitimate question. What site can you visit to get the rootkit or discuss information about it?, When I was in university I usually went to neworder.box.sk to all my hacker/cracker needs, also the russian password crackers sites and crackstore to name a few.
There was also fravia and other nice pages where you cold get that information but now I am not "on the song" anymore, can anyone enlighten me please?
Ubuntu is an African word meaning 'I can't configure Debian'
My personnal experience this far with Linux is that most of the time, you won't need full root access, if :
- your access rights are correctly set (as in using the GUID "video" to grand access to devices used for graphic acceleration. Most modern distro have this done auto-magically by the setup or have the plug-n-play daemon assign correct rights to newly plugged devices)
- there are small piece of code that are used to communicate between priviledged acces and un privilidged access (in other words : once upon a time, you needed to have SETUID on SVGALib to have nice graphics in games under Linux. Nowadays, SDL communicates with drivers and architectures like DRI, which take car to pass messages to a more priviledged part which, in turn, will take care of the sensitive steps. (In other words : Old applications - use special extension and map framebuffer themeselfs, if enough access rights. New (unpriviledged) applications - ask the X Server (with modern extension) which itselfs has the right to access hardware to map what is needed.
That means that, with a correctly setup system, I never needed to SUDO before playing anything with mplayer, xine, vlc or whatever else.
I almost never run application as something different as my user account.
In fact, even installing update is being slowly replaced with a less priviledged process in recent distro (instead of asking the users to star a process as root and installing updates himself under this identity, newer distro have a separate demon that runs with the minimal necessary privileges and the user only has a small application that passes messages to the update daemon to make the system install patches).
On the other hand, Windows, with its "admin-by-default" accounts hasn't done anything to prevent misbehavioured software. I can understand that Windows 3.x and Windows 9x, with all their DOS tradition behind them had to be "admin-by-default". But since Microsoft moved to a new architecture, why don't they change the default user profile behaviour ? Old APPs are run thrue an emulated API, newer application break if they can't run in a non-priviledged environnement.
Old usage needed admin rights. That's normal. What's not normal is that Microsoft perpatuated the bad habbit in newer versions of Windows.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
My boss was telling me how he'd spent all morning with the IT manager removing a trojan off of his Windows machine.
..."
I looked up from my iBook and FC5 workstation, looked him in the eye with a face full of innocence, and asked, "What's a 'Trojan?'"
"Well, see, it's like... a 'trojan' is like the Trojan horse; it's a program that comes into your system and
wink
"...why I oughtta slug you!"
It's a good thing the guy's a consummate professional, because I probably deserve to be writing this from the hospital.
This is just nitpicking, but from my understanding a rootkit consists of tools implemented _once the system is comprimised_ to maintain root status and hide the comprimisation.
I always thought the means to gain access through vulnerabilities were called 'exploits.'
It makes you wonder about development cycles when people are producing malware for software that's not even been released yet. Is this a negative-day vulnerability? (and how does one quantify it when MS isn't yet saying when Vista's going to hit the market?)
Nostalgia's not what it used to be.
Go to the command prompt.
echo Text! > text.txt:ADS
Do a DIR and you'll see the size of text.txt is 0 bytes.
The string "Text!" has ended up in an ADS stream called "ADS".
1) Malware installs itself in a 'good oddball location' (you'll see why a bit later)
2) Malware runs (on startup) and monitors the running processes as close to real time as possible
3) Malware has built in it the CRCs (likely MD5s) of known AV filescanners
THE RACE IS ON!!!
The malware has to find the AV filescanner, CRC/MD5 it and if identified, kill the AV process (if able to) and delete/muckup the AV filescanner at its leisure(?) BEFORE the AV scanner can find it, kill it, and delete it in return.
The only way around that would be to update/release the AV scanner faster than the malware authors can 'do their thing'. I don't think using some sort of 'runtime opcode munging' to change the EXE CRC at runtime will help as a mass-release software title (if possible).
Nope, to stop this kind of malware calls for 'personalized' AV with CRCs unique to the machine it is installed on before the software is obtained to install in the first place. Provided the OS maker(s) is trustworthy, such AV software should be the first program obtained and installed on the computer after the operating system.
Part of this also depends on where the attacker can upload/download files to or from. If he can upload a new file in a location that automatically runs (say a crontab entry on a 'nix system), or he can download your password info, then you're still in trouble.
I've heard a few stories of sites being compromised because a script incorrectly allowed a variable that wasn't tainted as a filename.
Works in Vista, too!
I know this cannot be true since Microsoft Says Vista Most Secure OS Ever.
Mod funny, you dumbshits!
http://www.eecs.umich.edu/virtual/papers/king06.pd f
Belief is the currency of delusion.
I don't know how or when it changed, but the orthodox approach to virus scanning used to be that you booted a known clean (very likely read-only) system in order to diagnose the possibly-compromised system.
Every time I hear about how some malware uses a rootkit to "hide", I know it simply means that people are using compromised systems to diagnose themselves. That approach is fundamentally flawed. No one should be surprised that it doesn't work, and it shouldn't be news that it doesn't work. We shouldn't be seeing this article on Slashdot in any category other than the humor section.
But we do see it, because it is news (to somebody?) because this unreliable approach to scanning is mainstream. How the hell did that happen?
It happened because the AV companies are selling their products as something that Windows users install rather than boot. But we know and they know that can't work. It's snakeoil and I think selling it is despicable.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
welcome our first widely known Vista exploit!
Lets fire up your windows update gentlemen! You didnt really believe the buzz this time round?
This is my Trace Bustah, Bustah... Bustah!!!
Thank you The Big HitNihilism means nothing to the dancing peasants
TCP/IP addresses are often hex-encoded in compiled code, so doing a text search for xxx.xxx.xxx.xxx probably wouldn't be useful anyway...
>Oh, by the way -- if there were an undetectable rootkit on OS X, how would one go about finding it?
Yes, I know your being flip.
The answer is by partitioning off "bad boot blocks" that are above the OS boot code and inserting load commands for network protocols that over-ride your soon to be loaded preferences, "Playmems" in Graphics card memory space, font worlds.
That's all you get for now
Anonymous Coward
It looked wrong even as I wrote it. now I remember.
The world is made by those who show up for the job.
As long as MS brings up and touts security, particulalry in the context of proprietary software, the comment is valid, even if humorous.
I'm not sure what your point is... because it seems to me you're just giving me a good example of good programming. You just need to emphasize other parts of the text : ...when available... ...That's why we don't use the kernel's filesystem driver at all...
For the last one you would need a larger excerpt with other video output methods.
RTC : allows Real-Time synchronisation. Used when available because Linux isn't a realtime OS. Would be pointless on, say, QNX. Usage of "virtualized functionnality" like standard timers works fine for almost everybody, you usually don't need hacks accessing hardware directly.
DVD : You don't get any benefit running as root because they aren't using kernel's filesystem driver. "Greping" for root in mplayer doc isn't an excuse to not read and understand what's written... There's probably a reason why you need to run as root to get the same functionnality directly from linux kernel, but I'm to lazy to search the thread talking about it at lkml.
It wouldn't be portable anyway.
DGA : Thanks, I didn't know about that -vo method. My unofficial debian mplayer package is compiled with 31 output methods, some work under X, some in a xterm, some on a console, some with files, some with particular hardware (like Matrox video cards). DGA works under X, but as mplayer doc states, you need root access. Why not use -vo xv then ? It works flawlessly on my Radeon card. It doesn't work on an older Mach64, in that case I need -vo x11 (-vo dga doesn't work either with that card).
All limitions you're citing are because of attempts to talk directly to hardware, and each time you have other options that are working as well.
Bad programming would have assumed that you were root and disallowing to run if RTC wouldn't have been available, for exemple.
So ?
I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
And it's free! http://www.sysinternals.com/Utilities/RootkitRevea ler.html
How is it even found to be loaded in the first place?
Works in Vista, too!
Maybe Vista needs that new file system after all. Too many places to hide stuff in the current NTFS. FAT32 anyone?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I always hear about these new awesome r0x0r your s0x rootkits. That rootkit called HackDefender I believe it was that was all over the news wouldn't even install properly under a limited account..
Blame the user, not the software.
Communication with the rootkit author does not necessarily need to be a straightforward matter. I have seen concepts of a rootkit sending data by querying DNS servers controlled by the author and piecing data together by taking the first character from the domain being looked up.
dns -> google.com
dns -> overture.com
dns -> dnsstuff.com
A password of god was just transmitted.
A very crafty kit would build up this list by first by watching legitimate traffic on the network, so viewing raw traffic would not throw up any immediate red flags. Data can be hidden in many places. Just my 2 cents.
"Konnichiwa", said the boneless horror.
I think the practice of booting from a known clean system ended with Windows NT. In the DOS and Windows 9x days, it was easy to make your own boot floppy, copy a virus scanner onto it, and stash it away in case of emergencies. Also, back then, rebooting was an everyday occurrence anyway.
With Windows NT and its successors, it became cumbersome to make an emergency boot disk -- you needed the original install CD to write to several floppies, and the emergency boot process took an eternity. The virus scanner would have to be burned onto a CD (not everyone had a CD burner) or written to a memory stick (which some BIOSes don't know how to boot from). Of course, the virus scanner could be distributed on pressed CDs, but there would still be a problem with keeping the virus definitions up to date.
So basically, the practice of clean-booting died for the same reasons that the floppy did.
There is no OS that is 100% secure. Security is important, but if your expectation is for complete security, you will live a dissapointed life. The weak link in most computer networks is human. If it was programmed by humans, there will be a flaw that can be exploited. If there isn't a flaw in the programming, social engineering works fine to discover passwords that get you past the security
Maybe not 100% secure, but there are commercial OS's that are orders of magnitude more secure than Windows. Why do people like you continue to post statements that make it sound like the current situation with Windows is the best we can hope for and we should not expect MS to improve the security of their OS?
"An endless cycle of patch, pray, patch, pray, reinstall awaits us."
Patch available here for current & future rootkits: http://www.apple.com/macosx/
"Mac users pummelled by angry infectees. See the aftermath, tonight at 10:00."
You can all complain about the security issues and how evil it is all you want but you have to admire the technology and the thought that goes into advanced viruses/trojans/worms/rootkits. This particular one is polymorphic and stealthed. Those are two traits that can be very difficult to implement into a program of any type. The original write obviously put alot of effort into creating this program, testing it on different configurations and then releasing it.
.com infector that was 800bytes or so long. I never released it into the wild, so why did i write you ask? I wrote it because i could, because i wanted to see if i could and when i'd finished i'd learned a hell of alot about x86 assembly. My point is, that we shouldn't all think rootkits/viruses are inheretly evil, they are like guns, they guns don't kill people, people do.
/me dons flame proof armour!
Yes i admire it for it's traits and i think they should teach virus writing etc in University, the algorithms for self-replication, stealth and polymorphism are very cool, and no self respecting programmer should NOT know how they work and at least how to implement them at a basic level.
This reminds me of weapons of war like cruise missles, their only purpose is to destroy things, but the technology they implement to do it is pretty freaking awesome!
And yes before you ask i once did write a virus. It was a DOS
Imagine if you will a virus that spreads like wildwire, but this virus was an anti-virus program that used peer-to-peer networking to download updates and eradicated all other virus/anti-virus programs out there. In the end you have one virus and it kills everything bad for you? Remind you of anything? Yep, the human body. We have benifical viruses/bacteria in our body. They are allowed to replicate and infect others so i believe the stigmata against these technological wonders needs to stop.
PS. I have nothing for disdain for script kiddies and those who use automated virus generators, if you are going to infect someones computer and disrupt their work, at least have enough balls to write it yourself.
I don't need to test my programs.. I have an error correcting modem.
Short answer: yes.
/bin/login dumped core when it couldn't send the captured passwords back home.
Anecdotal evidence: I once set up a Linux machine behind a firewall, couldn't get to the Internet, but it could be seen from the Internet. Turns out there wasn't any requirement for it to see the Internet, so I checked "done" and moved on. This was a one-off deal.
Got a call a month later: "login isn't working". Of course the machine was for dozens of desktop machines that logged in to run custom Universe scripts, so no one could do his/her work. So I go out there and notice that the network cables have been rearranged to go around the firewall. And there were quite a few email messages spooled up and going nowhere.
Asked about the cable. "Oh. I tried that because I couldn't get to the Internet."
"From this machine?"
"Yeah."
"Why did you want to get to the Internet from the Universe server?"
"I wanted to surf the net while I was waiting for this other install thing that I was doing to finish."
OK, so the machine is naked on the Internet, and login's broken. It takes the password, then another login prompt. Found a rootkit. Reinstalled the O/S, restored Universe from backups, put the machine back behind the firewall.
Oh, the spooled-up email messages? Email to the rootkit installer. Even if the machine was pwned, s/he never found out. After poking around for a while, I discovered that it was a poorly implemented rootkit, e.g., the replacement for
Further, even if the elaborate cloaking schemes are followed, there must be communication back to the new pwner of the machine.
"Press to test."
(click)
"Release to detonate."
What I find troubling is how blaze Windoze users are about it all. They get upset that their machine won't work once it is totally bogged down with spyware, but they don't care about the fact that some asshats were monitoring their every move on their machines for many weeks/months/years even.
Oh well, what the hell...
... in capitalist America, even Duke Nukem Forever ships before Vista.
Sean
I was pretty much with you until #5. Don't boot from read/write media? What exactly do you want me to boot from? Telling people not to boot from their hard disk is pretty radical. And even my Deb CD is really a CD-R - which is, you know, writeable.
#6 is even more out there. Unplug from the network? Being as how you're posting to Slashdot, obviously you're not taking your own advice. What am I missing here?
I think you need to get your tinfoil hat adjusted.
Sean
If you have to use Windows, Rootkits are another reason to zero the hard drive regularly. But if you don't have to, another reason to buy a mac or UPGRADE to Linux.
\
..you run XP from a FAT32 partition? (But might have NTFS partitions)
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Tangent, yes. But...
/linux noob
//working on that
///Farker
At my previous position BartPE was a godsend. If you do physical Windows support, and you aren't aware of this, I strongly urge you to take a peek: http://www.nu2.nu/pebuilder/
Think Win98 boot floppy on crack. Boots off CD/DVD, does PnP, has network support, the ability to add virus scanners & other nifty tools.
There are Linux boot CDs that do more/less/theSame, but if you're like me and (/gasp) not familiar with Linux then this can be a powerful tool.
The first idea that pops into my head, is that users should use Windows under copyright (which allows Fair Use) instead of licensing it. Then they can legally make a clean boot disk.
But I guess the idea of using software under copyright is controversial, and some people still want to license Windows. Ok, whatever. One thing these users could maybe do, is run Windows under virtualization (which MS has recently started to license for "free") and then scan the guest system from a well-protected host OS.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.