Analysis of Dexter Malware Uncovers Mystery Man, and Links To Zeus

chicksdaddy writes "The newly discovered Dexter malware is one of the few examples of a malicious program that targets point of sale terminals, but also communicates, botnet-like, with a command and control infrastructure. According to an analysis by Seculert, the custom malware has infected 'hundreds POS systems' including those operated by 'big-name retailers, hotels, restaurants and even private parking providers.' Now a detailed analysis by Verizon's RISK team suggests that Dexter may be a creation of a group responsible for the ubiquitous Zeus banking Trojan. By analyzing early variants of Dexter discovered in the wild, Verizon determined that the IP addresses used for Dexter's command and control were also used to host Zeus-related domains and several domains for Vobfus, also known as 'the porn worm,' which has been used to deliver the Zeus malware. Verizon also produced some tantalizing clues as to the identity of one individual who may be a part of the crew responsible for the malware. The RISK team linked the domain registration for a Dexter C&C server to an unusual online handle, 'hgfrfv,' that was used to post a number of suggestive help requests ('need help with decrypting a table encrypted with EncryptByKey') in online technical forums, where a live.com e-mail address was also provided. The account name was also linked to a shell account on the outsourcing web site freelancer.com, which lists 'hgfrfv' as an individual residing in the Russian Federation."

POS Termials

You can keep your own systems safe, and even use one-off CC#'s for online purchases, but you can't verify that retailers' POS equipment is clean (you'll probably be tossed out of the store just for asking). When in public use cash. Lets just hope you can trust the ATM's that you use.

Re:POS Termials

Where I live, having cash with you would be even more risky! I'll take my chances.

Re:POS Termials

Where I live you'd be called a terrorist for using cash. After all everyone knows it is a bit harder to track.

Re:POS Termials

[grumpy_old_grandpa]

> Lets just hope you can trust the ATM's that you use.

No, you cannot. I've lost count of how many times my cards have been skimmed and defrauded in various ways. Luckily, I have not taken any loss myself, but it is still a hassle to report, renew the cards, etc.

If you are really paranoid about these things, you'll have to use cash as you said, but go inside the bank to withdraw your money. On a regular basis, that's probably even more hassle, and also puts you at risk of being mugged.

As always, security is a trade-off and compromise between a whole set of different attack vectors vs. convenience and ease of use of the security measures. There is no way to make it perfect, and we will just have to continue updating the security systems and practises as new threads emerge. Also, the same solutions will not fit all; each will have to judge for himself what is the best combination of security vs. convenience.

Re:POS Termials

[ickleberry]

They're called POS terminals for a reason ;)

Re:POS Termials

[ArchieBunker]

I remember the days when POS terminals were a glorified calculator. Making them out of cheap PCs did not make anything better.

Re:POS Termials

I have an old XP Celeron, that damn thing is definitely a POS.

Re:POS Termials

[tlhIngan]

You can keep your own systems safe, and even use one-off CC#'s for online purchases, but you can't verify that retailers' POS equipment is clean (you'll probably be tossed out of the store just for asking). When in public use cash. Lets just hope you can trust the ATM's that you use.

So... the big problem is that someone will capture your credit card number?

I don't know, but I don't think that's exactly a good hack - after all, you're legally protected if someone uses your credit card without your authorization. Either you spot a strange transaction and call your bank (and they reverse it and send you a new number), or you get a call about some flagged transaction. Either way, you're not out any money at all.

And these days, most places take the chip, so the POS terminal can't even get at the number (it's usually even a separate pad with minimal communications so even if the terminal is hacked, it can't get at the actual number).

Of course, given how everyone argues about how crappy credit cards are ... I guess enjoy it until you're forced to use debit cards only that don't necessarily have those protections...

Question: How do get my employer aware?

So I work at a large grocery store. How do I get my IT department up to date on this issue?. We have been compromised in the past and I have been noticing some strange things showing up on my terminals.

Re:Question: How do get my employer aware?

[allaunjsilverfox2]

So I work at a large grocery store. How do I get my IT department up to date on this issue?. We have been compromised in the past and I have been noticing some strange things showing up on my terminals.

If your IT department isn't already on top of it, you have much bigger problems.

Re:Question: How do get my employer aware?

Start by telling them that you're seeing "strange things showing up" on the terminals.

But please be prepared to describe it in more detail than, "strange things", if at all possible. Few things are less useful than, "Hey man my shit is all fucked up. Can you fix it? Derp hurr derp."

Re:Question: How do get my employer aware?

So I work at a large grocery store. How do I get my IT department up to date on this issue?. We have been compromised in the past and I have been noticing some strange things showing up on my terminals.

If your IT department isn't already on top of it, you have much bigger problems.

give me all your cash muuuahhahahahaaaa!

Look for the Windows start button

Just look for the Windows icon in the bottom let corner of any of the running terminals. When they're using these POS POS machines, it's invariably the Windows ones that are the problem. They're typically Windows Embedded, but nobody ever turned off all the parts because of the dependencies.

So you'll see it's just a cheap PC, running an old version of Windows, connected across the stores crappy unsecure Wifi which probably talks to the software vendor across the open internet.

So, if you see the Windows logo on the terminal, just pay cash or leave the store, but don't hand your CC over.

Oh, and the same goes for ATMs, the insecure ones are things like Diebolds, and I wish I could find the video of one that crashed, and so somebody started up media player on it and had it play a tune.

http://thetartan.org/2004/3/22/scitech/brokenatmturnedintojukebox

At some point, the manufacturers have to held liable for the incompetence products they put out.

Re:Look for the Windows start button

[dotancohen]

Just look for the Windows icon in the bottom let corner of any of the running terminals. When they're using these POS POS machines, it's invariably the Windows ones that are the problem.

In the recent Barnes & Noble POS attack, the actual hardware was compromised. No word on what OS was behind it, though.

Re:Look for the Windows start button

So you are blaming apple for the pos attack. how dare you infer.
1. Your apple has already been compromised, same with cpm, and machine language, to atta cks by the russian programmers, olgigarchs, or mob . Who have been assisted by the very good chinesse programmers, with help from the anti apple, anti windoow, and such. But the banks, allowed this to happen. They get paid by the Respective countries to "siphon" off the monies, monies to them are the green god, not your carbon sink trees.

Re:Look for the Windows start button

[machine321]

So you'll see it's just a cheap PC, running an old version of Windows, connected across the stores crappy unsecure Wifi which probably talks to the software vendor across the open internet.

That is absolutely not possible. They're PCI certified!

Re:Look for the Windows start button

[gman003]

Meh. Call me when they're PCI Express certified.

Re:Look for the Windows start button

[Darundal]

Tons of POS software goes fullscreen on launch. Looking for a Windows logo won't help you most of the time.

Re:Look for the Windows start button

PCI compliance is such a scam. The 3rd companies just do a port scan against the outside IP to make sure nothing is open. The rest is a survey you fill out that asks all kinds of questions that may or may not have anything to do with whether or not you've taken appropriate precautions.

Someone is paying for that service, one way or another, and it's often mandatory. And yet it can promise nothing in the way of security.

Come to think of it... I should have started one of those BS companies.

Lcreation?

What's that?

Re:Lcreation?

[VortexCortex]

Lcreation what's that?

It's a hold over from that horrible Hungarian Notation that Win32 coders are famously stuck with (hint: Win32 is still used on 64bit systems, 32 apparently means "not 16 bit").
Careful not to confuse the L prefix here with Long; In this context it means Local.

...Dexter may be a local creation of a group responsible...

When will they ever learn?!

[erroneus]

Using Windows for anything that requires security is just stupid!

Putting a Windows server on the internet is a generally accepted "bad idea." Putting a Windows machine onto the internet without being crippled with anti-ware and a multitude of filters is a "bad idea" which invariably still leads to compromises because anti-ware and filters will never be enough.

And someone wants to put Windows into ATMs and POS machines?! And people BUY them?!

"I don't want to live on this planet any more."

Re:When will they ever learn?!

[drinkypoo]

And someone wants to put Windows into ATMs and POS machines?! And people BUY them?!

AFAIK Diebold is the largest US ATM manufacturer ATM and they use Windows and, IIRC, used to use OS/2 so you can count on them picking the wrong OS next time, too.

Re:When will they ever learn?!

OS/2 had been a very popular and solid base for ATM and banking systems for over a decade before those systems migrated over to Windows.... Diebold may suck but using OS/2 back then was probably their best decision ever.

Re:When will they ever learn?!

[erroneus]

Quite familiar with Diebold ATMs. I spent a few of years in the ATM industry where I learned all kinds of things I was better off not knowing.

The short here is that business people are invariably interested in rapid development and deployment. Those tools are most available under Windows. "Rapid development." Really? And rapid deployment too? Sounds like they would rather not bother with testing and QA.

And using the internet as transport? Back in the day, they used POTS... some still do. (yeah... dialtone generators and devices that answer "yes" to every transaction... one of the first tools I was exposed to when "troubleshooting" an ATM.) It's beyond stupid. But that's the thing. Business does not understand technology and so they love to imagine that since THEY can't understand it, neither can those 'stupid criminals' so they're safe right? One of the biggest problems is these geniuses trust brand names more than people. Another is that they simply do not know what they do not know. You can try to tell them, but they just read it as an attack or an insult.

Re:When will they ever learn?!

^^^This^^^

I wish AC's had mod points... :)

Re:When will they ever learn?!

Replying to yourself by ac posts, erroneus? Please. Give us a break.

Re:When will they ever learn?!

[drinkypoo]

OS/2 had been a very popular and solid base for ATM and banking systems for over a decade before those systems migrated over to Windows.... Diebold may suck but using OS/2 back then was probably their best decision ever.

It would have been better to stick with DOS, because DOS is still here, and where is OS/2 now? Precisely where anyone could have predicted it would be. When it didn't succeed broadly by 2.1 you had to know it was going to fart around and eventually go away.

wow...

"The RISK team linked the domain registration for a Dexter C&C server to an unusual online handle, 'hgfrfv,' that was used to post a number of suggestive help requests ('need help with decrypting a table encrypted with EncryptByKey') in online technical forums, where a live.com e-mail address was also provided. The account name was also linked to a shell account on the outsourcing web site freelancer.com, which lists 'hgfrfv' as an individual residing in the Russian Federation.""

Jesus Christ this guy fucked up.

dear retailers

get your shit off the public internet.

the only internet access at your location should be wifi for your customer's use. YOUR OWN SYSTEMS should be on a private network and dedicated lines or vpn totally inaccessible from the public internet.

unusual handle???

im seroius trace hgfrfv on the keyboard.... i swear i think the people who protect our country dont look for the stupidest things.

r
fgh
v

if its not a penis its some other random punch.

this submission is bull... wtf happened to slashdot...

Re:unusual handle???

Somebody decided to roll the dice...

Re:unusual handle???

This guy, +1 observant.

When will YOU ever learn, troll?

Current history shows Linux doesn't do so well in that role (small wonder you were down modded as a troll erroneous ):

2012:

New Linux Rootkit Emerges:

https://threatpost.com/en_us/blogs/new-linux-rootkit-emerges-112012

"A new Linux rootkit has emerged and researchers who have analyzed its code and operation say that the malware appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks. The rootkit is designed specifically for 64-bit Linux systems."

---

'FIRST ever' Linux, Mac OS X-only password sniffing virus spotted:

http://www.theregister.co.uk/2012/08/29/linux_mac_trojan/

---

Medicaid hack update: 500,000 records and 280,000 SSNs stolen:

http://www.zdnet.com/blog/security/medicaid-hack-update-500000-records-and-280000-ssns-stolen/11444

So, what's dts.utah.gov running everyone?

LINUX (and yes, it got HACKED) -> http://uptime.netcraft.com/up/graph?site=dts.utah.gov

What's health.utah.gov running too??

YOU GUESSED IT: LINUX AGAIN -> http://uptime.netcraft.com/up/graph?site=health.utah.gov

* Ah, yes - see the YEARS OF /. "BS" FUD is CRUMBLING AROUND THE PENGUINS EARS HERE & 2012's starting out just like 2011 did below!

===

2011:

KERNEL.ORG COMPROMISED - The Cracking of Kernel.org: (that's VERY bad - do you trust it now?)

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

What's that site running? You guessed it - Linux -> http://uptime.netcraft.com/up/graph?site=mysql.com

---

London Stock Exchange serving malware:

http://slashdot.org/submission/1484548/London-Stock-Exchange-Web-Site-Serving-Malware

(I mean hey - NOT ONLY DID LINUX FALL FLAT ON ITS FACE less than a few minutes into the job http://linux.slashdot.org/story/11/02/19/0147232/London-Stock-Exchange-Price-Errors-Emerged-At-Linux-Launch, & crash not only ONCE, but TWICE there? You see "Linux 'fine security'" in motion @ the LSE too!)

---

DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS:

http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers

---

Linux Foundation, Linux.com Sites Down To Fix Security Breach:

http://linux.slashdot.org/story/11/09/11/1325212/linux-foundation-linuxcom-sites-down-to-fix-security-breach

---

Linux's showing in CA's breached recently too? Ok:

Re:When will YOU ever learn, troll?

[cmdr_tofu]

I think what you are seeing is web-applications hosted on Linux being hacked. Apache and MySQL run on Windows too although the WAMP stack is harder to keep updated than the LAMP stack.

But I don't disagree with you. Hosting applications on Linux does not make them ecure. It takes a lot of time and energy. The same is true for Windows. The iframe-injecting kernel module that you linked to is really quite interesting.

Where the rubber meets the road, I think Linux and BSD still win in performance, security and manageability, but you are correct, the margins are a lot slimmer. Windows Server 2008 is not Windows 95 or XP.

Re:When will YOU ever learn, troll?

[morcego]

Hosting applications on Linux does not make them ecure. It takes a lot of time and energy. The same is true for Windows.

Thank you. I'm a unix guy, and have been using Linux since kernel 0.97. And I hate when people say thing like that, implying that just because it is in Linux, it is secure. It is not, and it takes a lot of work and knowledge to make any computer, running any OS, secure.

The different is that Linux will help you, while Windows will hinder your efforts.

Re:When will YOU ever learn, troll?

[VortexCortex]

Hosting applications on Linux does not make them ecure.

It depends on the application. For instance: If you've got a bad case of the MS vendor-lock-in, then the option of hosting on Linux may very well be an eCure.

Re:When will YOU ever learn, troll?

Or not. That can go either way, depending on application.

Re:When will YOU ever learn, troll?

[erroneus]

Two problems:

1. You just responded to APK. I am really and truly sorry for what happens to people who respond to APK. His paranoid imagination and school-boy level of maturity does not allow him to understand that people simply don't care what he has to say. It is always a fight to him... most often to some imaginary form of death.
2. Yes. Linux can be insecure. But it actually takes work to MAKE it insecure these days. Have you ever wrestled with SELinux? It's on by default in most current Linux distros these days meaning that you can't even run a web server without explicitly allowing it through SELinux or without turning SELinux off. Either way, the user is the one who weakened the OS.

One huge difference between Linux [and others] and Windows is that with Windows, one hack pretty much fits all. This is not generally the case with Linux. Also, you really have to trust Microsoft to have a system which is not naturally vulnerable. That has not ever happened for any amount of time as far as I have seen. Linux puts people in control at a level Microsoft Windows will not. The user can even recompile the kernel in order to add or remove anything they need. Vulnerabilities can be patched on the same day problems are identified. Users of Windows have to wait until the patch is released most of the time and ... well, sometimes Microsoft doesn't issue patches for known issues for a very long time for various reasons.

Re:When will YOU ever learn, troll?

You're right. APK destroys em point by point. Example here http://it.slashdot.org/comments.pl?sid=3319303&cid=42308415

Re:When will YOU ever learn, troll?

[erroneus]

OMFG :) Do you see what this guy does?! He goes absolutely nuts with commentary as if people live on slashdot and do nothing else! It's beyond imagination. The words "disproportionate response" and obsessive come to mind. I'll just back to pretending he doesn't exist and that I don't see what he writes. His style is pretty obvious so not hard to detect. I advise everyone else to do the same. Just pray that he doesn't resort to shooting up schools for attention.

Re:When will YOU ever learn, troll?

He kicked yer ass erroneus vs what you stated too http://it.slashdot.org/comments.pl?sid=3319303&cid=42309219 all you have now is off topic illogical ad hominem attacks which he disproved and egg on your face with a -1 troll downmod http://it.slashdot.org/comments.pl?sid=3319303&cid=42306539 which despite the crap fud in it seems to be getting upward modded (no big trick that though is it erroneus when we know you're the one doing it by using other registered accounts you keep here, obviously. We all know how that's done except the rest of most of us have more integrity and don't do it where you clearly do Mr. Bastida).

Re:When will YOU ever learn, troll?

1. You just responded to APK. I am really and truly sorry for what happens to people who respond to APK.

You should be sorry considering he blew you away here http://it.slashdot.org/comments.pl?sid=3319303&cid=42309219

Why...

Why did I think this was a post about anthropology...

At least YOU have some sense

"I don't disagree with you." - by cmdr_tofu (826352) on Sunday December 16, @10:00AM (#42306999) Homepage

It'd be hard not to! Per my subject-line above? You have a sensible outlook @ least. That's the "thing" that has bugged me on THIS particular website to NO END: "FUD"...

I don't "hate Linux" either!

In fact - I rather LIKE it, especially KDE bearing distros, like KUbuntu...

I just didn't like how Mr. Shuttleworth & Canonical are "running" from RMS' statement regarding LOCAL DISK-BOUND QUERIES GOING OUT TO REMOTE SERVERS OF THEIRS!

That's like putting a surveillance camera into our homes essentially & I see RMS' point...

Additionally - I wasn't 'crazy about' how the "pr flaks" from Canonical are using "std. pr flak technique #101" of *trying* to "cut down" RMS rather than disprove his points:

---

PERTINENT QUOTE/EXCERPT:

"Instead of addressing the queries raised by Stallman http://linux.slashdot.org/story/12/12/07/1527225/rms-speaks-out-against-ubuntu [slashdot.org] and the EFF, Canonical is now pushing for making Ubuntu a shopping cart"

---

(Sure - Many folks consider RMS a bit odd by THEIR standards, but then again, who isn't? We're all "weird" to one another - we're NOT THE SAME in all things is why, thank goodness... however, his personal habits etc./et al are NOT in question here. His findings are... & we SEE the results!))

---

"Hosting applications on Linux does not make them ecure." - by cmdr_tofu (826352) on Sunday December 16, @10:00AM (#42306999) Homepage

True, and you're correct below also... it's the SAME on any given platform in computing really!

These companies... were I they? (MS, Apple, Linux distros galore)?

I'd send out MY OS totally "secured"/"security-hardened" & I MEAN any & ALL ways in or out, shutoff...

(Then, I'd tell the user - "You open this, this can happen, but you assume responsibility doing so").

Yes, it IS doable (SeLinux, Windows multiple methods & layers for "layered-security"/"defense-in-depth" etc./et al). Just takes time, & effort, as you stated. Worth it? Yes. Absolutely.

---

"It takes a lot of time and energy." - by cmdr_tofu (826352) on Sunday December 16, @10:00AM (#42306999) Homepage

It does, & that's ONLY OS SIDE ALONE (which I've been doing since, oh, 1996 or thereabouts, for Windows users online).

E.G. -> To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An E

Ok - let's see how fast "erroneOus" comes back

Tell us how you'd optimize OS/2 for memory, performance, & yes, security then.

* This I want to see...

(Since I've actually DONE IT for a division of NCR in Kennesaw Georgia USA in 1998, on the job professionally, for temrinals of all types that used it... & I was a HEAVY OS/2 USER 1992-1995).

APK

P.S.=> Better "hurry up" & search the web, eh, erroneOus? I state that, since IF you had familiarity with what to actually DO?? You should've and WOULD'VE stated it - that is, IF you actually KNEW what you were talking about, OS side...

... apk

How's Windows "hinder your efforts"?

"The different is that Linux will help you, while Windows will hinder your efforts." - by morcego (260031) on Sunday December 16, @10:53AM (#42307199)

Specify/Elucidate that statement... I will counter, point-by-point.

* The rest of your statement I can & do agree with... ala:

"I hate when people say thing like that, implying that just because it is in Linux, it is secure. It is not, and it takes a lot of work and knowledge to make any computer, running any OS, secure." - by morcego (260031) on Sunday December 16, @10:53AM (#42307199)

As do I, which is WHY I posted what I did to "erroneOus" (a KNOWN "Pro-*NIX" FUD spreading troll around here for YEARS) -> http://it.slashdot.org/comments.pl?sid=3319303&cid=42306663

Concrete, verifiable, & UNDENIABLE DOCUMENTED FACTS, vs. erroneOus' pure "FUD"!

Why I confront you on the above, is because of your statement I quoted there now

Well... you seem to be contradicting yourself!

(OR, you just aren't familiar enough with Windows internals since you're an ADMITTED "unix man", & that's ok too - perhaps this discussion can "enlighten you" on those grounds!)

APK

P.S.=> Thanks for replying... I can learn by this, so can others, everyone gains!

... apk

Re:How's Windows "hinder your efforts"?

[theskipper]

Lemme guess...this morning you found a Dunkin Donuts "Buy 1 coffee get 10 free" coupon? ;)

Re:How's Windows "hinder your efforts"?

[degeneratemonkey]

All I can say is that your mode of communication is too erratic to be worth engaging. Reading your posts is a lot like jamming a screwdriver into my eyes.

Re:How's Windows "hinder your efforts"?

Naa that's just how apk is. He never makes sense ;)
Always making claims that no one else makes, then trying to refute them.

This is just another example of that. No one claims Linux is 100% secure, but he states this as fact.
He then refutes his made up fact with points all over the map, and then posts a conclusion that is barely relevant to the rest of his posting, let alone the article he is posting under.

Highly entertaining though, especially if you just let your eyes glaze over it (which I'm pretty sure is his intent)
It's a pretty interesting insight into the inner workings of the mind of a 14 year old with the standard 90's attention span.

Re:How's Windows "hinder your efforts"?

Looks like APK asked a question you avoid here http://it.slashdot.org/comments.pl?sid=3319303&cid=42307263

Re:How's Windows "hinder your efforts"?

You can find questions in what APK writes?

Re:How's Windows "hinder your efforts"?

You can find questions in what APK writes?

Yes. Can't you read troll? See subject here http://it.slashdot.org/comments.pl?sid=3319303&cid=42307263 The question is explicit. You avoid it. It's that or you prove yourself illiterate. Your choice. Try to be on topic next time troll. End of story.

Re:How's Windows "hinder your efforts"?

Look at your subject line. It restated apk's question. Learn to read.

Re:How's Windows "hinder your efforts"?

Again, you see a question in that? Just because it is formed as a question doesn't mean it's a real question.

Re:How's Windows "hinder your efforts"?

"The different is that Linux will help you, while Windows will hinder your efforts." - by morcego (260031) on Sunday December 16, @10:53AM (#42307199)

Specify/Elucidate that statement... I will counter, point-by-point.

* The rest of your statement I can & do agree with... ala:

I beg you pardon. I'm not the guy you were talking, but as you seem to be willing to give some pointers I would like to know where I do find of standard Windows installation following tools and facilities:

1) /proc filesystem and all the information I can get from there of the running system and program or programs I'm interested.

2) lsof - (list open files & sockets and states of those, don't suggest netstat *nix has it too, but it old and sucks badly.

3) strace & ltrace connecting a program and seeing what it's upto, with capablity to follow forks etc.

4) tcpdump - surely you know this, but what's the equivalent tool in standard Windows to provide same data?

5) I would also appreciate that I would have when need to delve quite deep in libraries, kernel and especially startup of the system so that I can locate a problem and fix it. Just to let you know, I've done that quite bit, but not too much any more past 10 years. Before that I did some work with numerous system softare pieces, fixing problems once I found them and also added features that were lacking (much of the ideas was picked from Solaris, HP-UX and Irix which were still ahead of the curve then). Now If I would like to fix things with Windows like that wouldn't it that I don't have source avablabe, withouth huge cost and abiltity spread patches hindering this a bit?

6) from my opinion, 25+ years of deep experience of many OS's the windows up to its last incarnation (8) is by far the messiest* OS ever and if that doesn't count hindering you, making system run well and safe, what does?

*) if you disagree, please explain in plain language where we can find (no NDA bound documents) the windows filesystem and registry organization for windows OS and why when you install application software or system modules you end up such a mess and when trying to remove a program(s) you really cant' be sure that nothing was left behind but just the log entries indicating that such and such software was once loaded and then removed. What's the excuse letting system be swamped by installing programs like that, oh and if you thing that it's a problem of the application and sloppy coding not the windows itself think again, think hard. Why this works quite nicely on other platforms with decent packaging system and you can find quite easily which configuration was changed, which binaries and filesystem objects that came via packaging system don't match. With a bit of scripting you can find and extract any filesystem objects that didn't come via any package etc.

OK, that's enough I don't go this time to DLL naming and why COFF/PE as outdated executable a bad thing (relocations ....) .

Simply answering that you can get all that with shelling out huge amounts of money to m$, signing NDA and buying a huge pile of third party programs just don't cut and is lame. The point here, in my mind, is that windows as it comes in a box or downloaded doesn't help you much when you run in problems. The good point with Linux is that you have all the tools etc. available right away no additional cost, and not hindering you go solve the problems right away if you just have the skills to use the tools availabe. Windows doesn't have those tools and thus it hinders, IMHO.

Cheers,

ac

Re:How's Windows "hinder your efforts"?

One more for the road.

Would you mind showing how to do Policy Based Routing (PBR) with Windows server?

Justification: For example. It's nice to have a separate management interface and services on the other interface. With PBR you can set up (Linux) routing so that the default route points out (unless running dynamic routing) the gateway at the side where you have services running and handle requests. But then in additon you have route tables and policy in place that if the packets came via the management interface the the answers will also be sent via that interface. With firewall then you add rules that the management is allowed only via that separate management interface.

[root@xxx~]# ip route
172.16.4.85 via 172.16.5.1 dev eth0
172.16.253.0/28 dev eth1 proto kernel scope link src 172.16.253.10
172.16.5.0/26 dev eth0 proto kernel scope link src 172.16.5.55
default via 172.16.253.1 dev eth1
[root@xxx ~]#

This is from a live system that has been set up like that since 2005.

How do you do same with Windows?

TIA,

ac

Re:How's Windows "hinder your efforts"?

The meaning's explicit directed at poster apk replied to. Obviously a question. You're obviously stupid or trolling.

Re:How's Windows "hinder your efforts"?

[cbiltcliffe]

You're replying to an AC. How would you know APK asked that question of him?
Speaking of which...I love how EVERY single post that backs up APK by pointing out "avoided questions" that people didn't answer, is posted by an AC,just like APK himself.
Here's a hint, APK: Just because somevody didn't answer your "question" doesn't mean they're avoiding it. Maybe it's just such a stupid, rambling question that it doesn't deserve an answer, or it's so fscking obvious to those of us *without* extreme ADHD that the rest of us assume that it's rhetorical....

Re:How's Windows "hinder your efforts"?

opinions vary. see rating of +3 informative here http://it.slashdot.org/comments.pl?sid=3319303&cid=42306663

Re:How's Windows "hinder your efforts"?

Is apk the same guy as hairyfeet? He's certainly got a similar style (or lack thereof).

Re:How's Windows "hinder your efforts"?

I don't think so. Writing styles are very different to me.
harryfeet is more of a jerk troll, apk is more of a crazy adhd troll.

At least harryfeet can formulate a coherent idea (I just often disagree with him)

apk can't even parse a sentence, and his mind jumps back and forth multiple times even in the same sentence. Its clear he is just astroturfing.

Re:How's Windows "hinder your efforts"?

George Bastida the blackmailer otherwise known as erroneus http://slashdot.org/comments.pl?sid=3324585&threshold=-1&commentsort=0&mode=thread&pid=42328081

Re:How's Windows "hinder your efforts"?

This does stupid. Learn to read http://it.slashdot.org/comments.pl?sid=3319303&cid=42307263

Re:How's Windows "hinder your efforts"?

Read your subject line. Who wrote it 1st here? APK. You're stupid.

Re:How's Windows "hinder your efforts"?

[cbiltcliffe]

Unless APK's/your questions are directed at the entire world (which, given his/your level of delusion, wouldn't surprise me) then who asked the question is completely irrelevant. It's who it was asked *of* that matters, as that was what Mr. AC-defender-of-APK stated.

Re:How's Windows "hinder your efforts"?

[cbiltcliffe]

That's a post by an AC, claiming to be APK. That's not somebody defending APK with a logged in account.
Maybe you need to learn to read, rather than me....

Re:How's Windows "hinder your efforts"?

[cbiltcliffe]

And you're obviously apk trying (and doing a REALLY poor job) to pretend that you're somebody else that's agreeing with apk.

That's why you never log in, isn't it? Because it would be blatantly obvious if you accidentally posted a "APK asked you a question which you ran away from, STUPID TROLL!" comment under your apk account.

You think this way makes it impossible to tell, but there's only one poster on /. that has your arrogant, abusive posting style, so it's pretty obvious that you're apk, and you're attempting to fake many AC posters that "agree" with you to put on appearances of this mass horde of people that, by agreeing with you, means you must be correct.

So not only are you pathetically faking supporters, demonstrating a perfect example of an appeal to the majority fallacy, but since even in your deluded little world, they're all ACs, you're also committing a false attribution fallacy in your arguments.

Grow up. Nobody really gives a shit what you say. Although you are funny to read sometimes, what with your frothing-at-the-mouth verbiage.....

God this is a stupid post

[Impy+the+Impiuos+Imp]

> Analysis of Dexter Malware Uncovers Mystery
> Man, and Links To Zeus

I'll bet it's Baby Bowler. It's gotta be Baby Bowler.

Can't wait to see what she, Dexter, and Zeus do when teamed up!

FUD spreading trolls' puny tricks

Erroneus's modding himself up via his many /. registered 'luser' accts now too, not just replying to himself by ac. These fud spreading trolls and their puny tricks are so easy to see through it isn't funny.

Windows Is Terminally Screwed

Your paymasters in Redmond worship a single God. The God Of Money.

Everything is subordinate to that single god. Customer's security certainly is subordinate to Quarterly Revenues. How do you get more revenue next quarter ? By releasing new features. By releasing something which looks polished but is a spaghetti heap of stinking worms underneath.

"Let's ship now and fix the 7500 bugs we added with this release in something between 1 month and 1 decade"

THAT is the Microsoft attitude and nothing has changed.

Why

..don't you call the GESTAPO people when they bitch about cash. Ask them whether they want your ID, too.

That sounds like "OS fanatic zealotry"

Thin on substance & "off" to-the-max (especially regarding me):

"releasing something which looks polished but is a spaghetti heap of stinking worms underneath. "Let's ship now and fix the 7500 bugs we added with this release in something between 1 month and 1 decade" THAT is the Microsoft attitude and nothing has changed." - by Anonymous Coward on Sunday December 16, @01:35PM (#42307901)

Hmmm. Linux keeps patching too. Does it stop bugs or exploits? No! ANDROID IS THE "PRIME EXAMPLE THEREOF" in fact... look NO further.

* However, & in THEIR defense? They're trying, just like MS does... & things ARE getting better!

So - Is MS "slow" about it? Slower than Linux, yes, however, they DO do their "patch tuesdays" every 2nd Tuesday of the month!

NOW: Have YOU ever personally worked for a LARGE company?

If you have, & I have (fortune 100/500 types)?

Things MOVE SLOWLY in those "elephants"... it's called "red tape bureaucracy"! Getting ANYTHING done travels thru MANY layers of approval.

Still - I think that user education's MORE IMPORTANT though - Heck it is the MOST important thing!

(Hence the security guides I've been putting out for Windows users @ least, since 1997 online -> http://www.google.com/search?hl=en&tbo=d&output=search&sclient=psy-ab&q=%22HOW+TO+SECURE+Windows+2000/XP%22&btnG=Submit&gbv=1&sei=CBnOUIiIIIHP0wGOz4D4AQ & yes, those "layered-security"/"defense-in-depth" measures DO help... )

APK

P.S.=> Lastly: Sorry, but I am my OWN "paymaster" who runs his own show - I don't work for, or receive monies from, Microsoft, vs. your erroneous statement, here:

"Your paymasters in Redmond worship a single God. The God Of Money. Everything is subordinate to that single god." - by Anonymous Coward on Sunday December 16, @01:35PM (#42307901)

Wrong... see above.

---

"Customer's security certainly is subordinate to Quarterly Revenues. How do you get more revenue next quarter ? By releasing new features. By releasing something which looks polished but is a spaghetti heap of stinking worms underneath." - by Anonymous Coward on Sunday December 16, @01:35PM (#42307901)

See above...

Me? Well... sorry, but, I just tell it how it is, ala -> http://it.slashdot.org/comments.pl?sid=3319303&cid=42306663

(Though YOU may not *like* it? It is, how it is... fact!)

... apk

Dexter malware

Source: http://blog.seculert.com/2012/12/dexter-draining-blood-out-of-point-of.html

Restating a fact

You're an off topic troll. You downmodding my stating it before http://it.slashdot.org/comments.pl?sid=3319303&cid=42307435 = ineffectual. I just post it again since it is fact and watch you scramble to attempt to "bury" it, and I laugh. Too early for that troll. You fail.

Re:Restating a fact

[theskipper]

I stand corrected, it wasn't coffee. It must have been a coupon for Steve's Hand-Crafted Meth Emporium.

You clearly don't understand business' "POV"

"Business does not understand technology and so they love to imagine that since THEY can't understand it, neither can those 'stupid criminals' so they're safe right? One of the biggest problems is these geniuses trust brand names more than people." - by erroneus (253617) on Sunday December 16, @09:11AM (#42306839) Homepage

I was like that EARLY ON, but with GOOD SOLID ANALYSIS BASED REASONS (& got rejected, but, not without merit from the business pov):

Back circa 1997, I was a BIG fan of coding with Visual Studio... especially MSVC++ &/or VB.

I run into a review in VBPJ, of all places (Visual Basic Programmer's Journal) Sept./Oct. 1997 issue "Inside the VB Compiler", a competing trade rag no less & one that was QUITE respected!

Then?

There, I saw Borland Delphi LITERALLY "knock-the-chocolate" outta MS' offerings, overall, in performance...

How much so? Ok (& this IS what I took to mgt.):

In the 6 tests given, Delphi won the majority (overwhelmingly in fact, in what ALL PROGRAMS DO, math & strings work)...

Specifics below (the most important, overall? Again - imo @ least - What they ALL do - math & strings!):

---

STRING SUITE:

Delphi = .275ms
MSVC++ = .500ms
MSVB = 4.091ms

---

MATH SUITE:

Delphi = 1.523ms
MSVC++ = 2.890ms
MSVB = 7.071ms

* AGAIN - note what I said above? Even while I was a HUGE fan of MS' Visual Studio?? I couldn't "argue with the numbers" here, & gravitated towards a BETTER coding environs in Delphi, by far, for performance alone!

---

NATIVE TO LANGUAGE GRAPHICS METHODS SUITE:

MSVC++ = .293ms
MSVB = .455ms
Delphi = .503ms

---

API GRAPHICS METHODS SUITE:

MSVC++ = .266ms
Delphi = .269ms
MSVB = .292ms

---

TEXTBOX FORM LOADING SUITE:

MSVC++ = .012ms
Delphi = .069ms
MSVB = .072ms

---

ACTIVE X FORM LOADS:

MSVB = .114ms
Delphi = .495ms
MSVC++ = .778ms

---

There you are... however: KNOW WHAT I WAS TOLD, that I absolutely HAD TO LISTEN TO & UNDERSTAND (which, I did):

---

"Microsoft has BILLIONS of dollars & absolute stability. We want to have SOMEONE to take responsibility for errors in their stuff, and to have support in the future. Microsoft odds are WILL BE THERE STILL... Will Borland?"

---

THAT IS BUSINESS' POV in a nutshell... & Borland was getting "brain-drained" (especially for the designers of Delphi) by MS regularly... ever heard of Mr. Anders Heijelsberg &/or Chuck Andrzewski? They built Delphi... & MS got 'em!

APK

P.S.=> See my point? It's yours, I was there myself (decades ago) - However, unlike yourself?

I DID SEE "Business' POV" too!

It is NOT unwarranted...

I don't let "zealotry" get in the way of MY making a living, or learning something new anymore - Yes, that is what YOU STAND TO GAIN in these situations, personal growth, something for your skillset/resume, in those cases!

(Even IF forced to by workplace 'superiors' - all I could do was show facts. They took them into consideration, fairly I might add, but their point-of-view/pov? Pretty solid, from THEIR POV!)...

... apk

Re:You clearly don't understand business' "POV"

erroneus' is a codemonkey at best + shuts up fast like here http://it.slashdot.org/comments.pl?sid=3319303&cid=42309219 and then he attempts blackmail if you cut him to shreds like here shows http://slashdot.org/comments.pl?sid=2261720&cid=36545928 after he attempts to libel you.

Be more specific on #1, here are rest... apk

What in that list of yours can't I do with Windows or tools that are freeware that run on Windows, hmmm?

---

1.) Per my subject-line above - HERE, be specific (hence my asking, I will show specifics in return)

2.) TcpView by MS (Nir Sofer of NIRSOFT has a similar tool also, iirc) both free

3.) netstat &/or TcpView noted above (freeware by MS)

4.) TCPDUMP for Windows - http://www.google.com/search?hl=en&tbo=d&output=search&sclient=psy-ab&q=tcpdump+and+Windows&btnG=Submit&gbv=1&sei=Vi3OUNW-AuSQ0QHy4IDYAQ

5.) To this one? I'm not impressed... "been there, done that" as long as you (& I'd bet I can show MORE for it too). PLUS? DO SEE BELOW for my thoughts on that... more than just thoughts. Fact.

6.) I don't like it either... here, I am with you. Windows 7 64-bit for me, for now @ least.

---

IN REGARDS TO #5 above - specifics on how "Open 'SORES'" can 'backfire' on you:

Open "SORES" code also leads to something YOU DON'T SEE apparently:

That IF you have the sourcecode, it is FAR EASIER TO step trace in a compiler or debugger to FIND ERRORS IN IT, than it is with closed source (that needs fuzzers &/or disassemblers - MUCH harder to use).

* Think those with malicious intent, ala malware makers/botnet masters, etc.-et al, don't know that too? Trust me, they do... it's just that Linux on PC's &/or Servers only have what? A 1-2% share of market on PC desktops & perhaps a 50/50 split on Servers (which my init. post SHOWS being attacked more & more currently 2011-2012), but what shows it BEST as to how they think?

ANDROID (which yes, IS A LINUX)

It's getting "nuked" almost every week now!

Why?

Simple rule ("channel-your-inner-criminal" for this one):

WHAT IS MOST USED = WILL BE MOST ATTACKED!

(Since ANDROID rules the smartphone, toppling iOS recently? There's your proof of that statement from me!)

APK

P.S.=> Getting you down to "brass tacks" specifics with my initial question above HERE, since the original poster didn't reply back...THEN? I am going to "hit you" with things YOUR "OS WEAPON OF CHOICE" can't do, or do as well, in response (fair is fair)

... apk

Don't run away now... apk

Answer (I trashed you point by point here already) -> http://it.slashdot.org/comments.pl?sid=3319303&cid=42308415

I'll be waiting...

LMAO!

Honestly? it was FUNNY doing the above vs. yourself point-by-point vs. your EASILY "blown away" 6 points in fact!

You, with your "25 yrs of experience" (lol, did you *think* you were talking to kids here boy? WRONG, been there, done that too & again - I'd wager with MORE SUCCESSFUL RESULTS THAN YOU EVER HAD I can show here), easily!

APK

P.S.=> Since you "blew off" my points vs. yours above? Same here, for now:

ABOVE ALL ELSE - Want to know what Windows DID and Linux can't?

Take the lion's share of market on PC desktops + Servers COMBINED a pay for ware, VS. a freebie no less (defying business logic in fact, but showing CLEARLY what folks think & know, is better, overall)...

That's what (for starters), lol!

... apk

Re:Don't run away now... apk

I don't think you answered to that PBR question already.

Also if you ever looked and beyond that knew how useful /proc is under Linux when you are in trouble (running out of resources, tuning the system, salvaging file accideltally deleted but still recoverable because program using it was not quitted yet etc.) so many things that where most of the stuff under /proc is very usefull and an I haven't found anything like that so easy to use from windows.

It might be that the environments where you been working you are free to download and install any program you find from the net but it's not complete story. Once you work for military, big telecoms datacenters etc. where everything needs to be approved and be auditable you get the idea that you want a system with rich variety of tools which all come with the distro and you can use those without special and long lasting approvals even if you are going to get the permission to install something else is a real matter.

I don't disagree with the matter that plenty of linux boxes are being penetrated, but most of that because incompetence of the maintaing the system, running patches and installing badly written crap software with php etc.

I think the question was that wether Windows hinders you more (than Linux) having a well kept and secure system or not and IMHO it does, as it does not come prepackaged with the distribution more trusted software and you need to rely on third party software from net and that is a risk unless you absolutely can trust the software as much as the OS distributor.

ps. I'm not going to talk details what've done past 25 years or else I could as well login here and I don't (my id is below 80k but I seldom use it), all I could tell is that I've built and worked with such a large and complex systems that are only with large multinational companies have and need.

"1 more 4 the road", tit-for-tat... apk

Can you show me that Linux is as EASILY managed in volume configurations for networks as Windows is with Active Directory & Group Policies?

* Samba MIGHT be a way for SOME things, but not for "everything" & not natively!

(Yes, Good Ole' Linus T. & Penguin crew have built MORE SUPPORT into AD support into the latest kernel & correct me IF I am off here - it also REQUIRES SAMBA 4 iirc, but it's NOT native, and not the 'real thing', and it IS "doing what MS does" instead of their OWN toolset!)

MOST IMPORTANTLY:

Who's "Following whom" there, playing "catch up ball"? Looks like Linux is... not MS.

APK

P.S.=> Oh, don't worry - I've got more... easy ones, like what provides more games for users? Windows. Huge market there... what is easier to administrate?? Windows, hands-down...

... apk

Linked online handles

[pepsikid]

So if I want to throw detectives off my trail, all I have to do is harvest a bunch of handles from 4chan, Slashdot and Fark to reuse? Good to know. Not that I'd do that, of course. Or use my enemy's handle. Hur hurr.

Don't like it?

Don't read it. It's above your off topic troll comprehension level anyway troll. Your down mod of this comment before when I posted it once already, for common-sense, in response to your tripe http://it.slashdot.org/comments.pl?sid=3319303&cid=42307423 ? Troll, it was effete and ineffectual. I just post it again, watch you scramble to downmod to try hide it, and I laugh.

Annihilating you AGAIN, point-by-point

"I don't think you answered to that PBR question already." - by Anonymous Coward on Sunday December 16, @04:52PM (#42308779)

Now that YOU answered, I will as I said I would: That type of advanced routing & the data branchings are done by network hardware vendors like Cisco.

I.E.-> Using route-map config in IOS you can influence normal routing done by lookup to the routing table.

See here -> http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcpolicy.html Configuring Policy-Based Routing

MORE IMPORTANTLY - because of your attempts @ "patronizing me", boy?

You evaded questions here -> http://it.slashdot.org/comments.pl?sid=3319303&cid=42308415

Especially @ the very end of THAT post, completely...

Additionally: I utterly BURNED YOU here, point-by-point & rather easily -> http://it.slashdot.org/comments.pl?sid=3319303&cid=42308415

(Answer me that...)

---

"Also if you ever looked and beyond that knew how useful /proc is under Linux when you are in trouble (running out of resources, tuning the system, salvaging file accideltally deleted but still recoverable because program using it was not quitted yet etc.) so many things that where most of the stuff under /proc is very usefull and an I haven't found anything like that so easy to use from windows." - by Anonymous Coward on Sunday December 16, @04:52PM (#42308779)

Really? Never heard of taskmgr.exe?? How about ProcessExplorer.exe??? Both are MS products, & come with the OS &/or are free MS tools respectively.

FACT - since you're showing us that much already:

You don't KNOW your Windows that well!

---

"It might be that the environments where you been working you are free to download and install any program you find from the net but it's not complete story." - by Anonymous Coward on Sunday December 16, @04:52PM (#42308779)

WTF? AGAIN - Quit *trying* to play "senior" & patronize/look down your nose @ ME, BOY!

I doubt you can prove you've been there...

ME? I've actually worked for Lockheed Martin (before that when they were GE), the U.S. Military, & more in the Fortune 100-500 on contracts, as both a system admin, tech, + developer since 1994 professionally.

You came in here, talking your "25 yrs. of bullshit" as far as I am concerned - since you are UNWILLING TO BACK IT UP below...

(My guess? You can't... and you KNOW it!).

---

"Once you work for military, big telecoms datacenters etc." - by Anonymous Coward on Sunday December 16, @04:52PM (#42308779)

See above blowhard... & quit trying to "patronize me", Mr. nobody "ne'er-do-well" that's done zero he can show for his words!

Hell - You can't even BACKUP your b.s. below!

Evasions & patronizing me? I strongly DISLIKE your attitude... especially trying to "patronize me" from someone that can't back up their b.s. & face it:

YOU fucked up LARGE, here -> http://it.slashdot.org/comments.pl?sid=3319303&cid=42308415

---

"I think the question was that wether Windows hinders you more (than Linux) having a well kept and secure system or not" - by Anonymous Coward on Sunday December 16, @04:52PM (#42308779)

Are you HIGH? Did you see my 1st post?? "Great Security there" (not) -> http

Remember YOU trying to BLACKMAIL ME here?

"1. You just responded to APK. I am really and truly sorry for what happens to people who respond to APK." - by erroneus (253617) on Sunday December 16, @05:51PM (#42309055) Homepage

You should - see my subject-line above, nooby wussboy, and my ps below especially (which REALLY showed you're a complete noob).

You were already downmoderated to hell already -> http://it.slashdot.org/comments.pl?sid=3319303&cid=42306539

(Saw that go from -1 troll, to 0 troll over 6++ hours now & it's obvious you're using alternate registered accounts to mod it up, because everyone KNOWS that what you wrote there's COMPLETE bullshit - just like what's in my ps below that "shot down" your rookie-noob b.s. in the post before it!)

However: I'll finish you off MORE, per my subject-line above!

Erroneus annihilated (NASDAQ vs. his b.s. lies) -> http://slashdot.org/comments.pl?sid=1681772&cid=32556164

(Talking STALE out of date information & falsehoods in that entire exchange... what'd that lead to? See next... lol!)

THIS LITTLE GOOF ERRONEUS EVEN TRIED TO "BLACKMAIL ME", see proof here -> http://slashdot.org/comments.pl?sid=2261720&cid=36545928

That's against LAWS erroneus. It also SHOWED by your reaction, that I "beat your ass" so badly, you *tried* to "scare me off"... did it work? No, & did you get your butt kicked?? Absolutely.

Here again?

You and your ac troll pals FAIL as per usual vs. myself, because off-topic ad hominem attacks are merely illogical b.s.

Yes ... just like you, noob (I say noob, because of your other post here noted below - if you don't know THAT? You're a noob, nothing more...).

"His paranoid imagination and school-boy level of maturity does not allow him to understand that people simply don't care what he has to say." - by erroneus (253617) on Sunday December 16, @05:51PM (#42309055) Homepage

Your attempting to blackmail me, for TRASHING YOUR NOOB LEVEL OF UNDERSTANDING IN COMPUTING (yet again, albeit earlier than today now again)?? Real mature, boy... lol, you noob.

SPECIFICALLY IN REGARDS TO WHAT YOU JUST SAID ALSO (ala nobody cares what I write here)? YOU FAILED THEIR NOW BADLY, since upward moderations show QUITE otherwise:

I'll put it into the thread RIGHT below this one, to keep it "cleaner" here (because the point below was my fav here today vs. your b.s. boy)

See my reply to myself, vs. your crap above now!

APK

P.S.=> Funniest one was this, in THIS VERY THREAD, which shows me you are STILL A NOOB worse than the other posts above -> http://it.slashdot.org/comments.pl?sid=3319303&cid=42308339

... apk

wow

[drinkypoo]

what a waste of a trollmod, modtroll

Re:wow

erroneus uses many registered accts here to mod himself up with. You down mod him rightfully as was done to his initial post (originally at -1 troll) http://it.slashdot.org/comments.pl?sid=3319303&cid=42306539 ? He comes along with those multiple accounts and mods it up again (now at 1 troll, and watch it go up more, guaranteed, per the methods he uses).

Everyone knows it goes on here, even big name Open source people:

It just takes one Ubuntu sympathizer or PR flack to minus-moderate any comment. Unfortunately, once PR agencies and so on started paying people to moderate online communities, and to have hundreds of accounts each, things changed.

from Mr. Bruce Perens at http://linux.slashdot.org/comments.pl?sid=1738364&cid=33089192

Then, when you get the better of erroneus? He tries blackmail http://slashdot.org/comments.pl?sid=2261720&cid=36545928 and ad hominem attacks. You can see it in this exchange too.

Facts list vs. ERRONEOUS' Fictions & blackmail

"His paranoid imagination and school-boy level of maturity does not allow him to understand that people simply don't care what he has to say." - by erroneus (253617) on Sunday December 16, @05:51PM (#42309055) Homepage

Funny - 100's of upward moderations show QUITE otherwise:

Roughly 233++ of them & I post as AC (hard to get even +1, as /. hides our posts & we "AC"'s start @ ZERO/0 points, unlike registered "lusers", lol!):

+5 'modded up' posts by "yours truly" (8):

HOSTS & BGP:2010 -> http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450
FIREFOX IN DANGER: 2011 -> http://news.slashdot.org/comments.pl?sid=2559120&cid=38268580
TESLA:2010 -> http://science.slashdot.org/comments.pl?sid=1872982&cid=34264190
TESLA:2010 -> http://tech.slashdot.org/comments.pl?sid=1806946&cid=33777976
NVIDIA 2d:2006 -> http://hardware.slashdot.org/comments.pl?sid=175774&cid=14610147
Ubuntu Linux sends back local disk query strings to CANONICAL: 2012 -> http://news.slashdot.org/comments.pl?sid=3304601&cid=42234351
Question to Mr. Mark Shuttleworth @ UBUNTU/CANONICAL: 2012 -> http://news.slashdot.org/comments.pl?sid=3304725&cid=42243467
COMPUTER ASSOCIATES BUSTED FOR ACCOUNTING FRAUD:2010 -> http://news.slashdot.org/comments.pl?sid=1884922&cid=34350102

----

+4 'modded up' posts by "yours truly" (5):

APK SECURITY GUIDE:2005 -> http://developers.slashdot.org/comments.pl?sid=167071&cid=13931198
INFO. SYSTEMS WORK:2005 -> http://slashdot.org/comments.pl?sid=161862&cid=13531817
WINDOWS @ NASDAQ 7++ YRS. NOW:2009 -> http://tech.slashdot.org/comments.pl?sid=1290967&cid=28571315
CARMACK'S ARMADILLO AEROSPACE:2005 -> http://science.slashdot.org/comments.pl?sid=158310&cid=13263898
What I admire about Theo DeRaadt of BSD fame: 2012 -> http://linux.slashdot.org/comments.pl?sid=3007641&cid=40785151

----

+3 'modded up' posts by "yours truly" (7):

APK MICROSOFT INTERVIEW:2005 -> http://developers.slashdot.org/comments.pl?sid=155172&cid=13007974
APK MS SYMBOLIC DIRECTORY LINKS:2005 -> http://it.slashdot.org/comments.pl?sid=166850&cid=13914137
APK FOOLS IE7 INSTALL IN BETA HOW TO:2006 -> http://slashdot.org/comments.pl?sid=175857&cid=14615222
PROOFS ON OPERA SPEED & SECURITY:2007 -> http://slashdot.org/comments.pl?sid=273931&cid=20291847
HBGary POST in Fake Names On Social Networks, a Fake Problem:2011 -> http://tech.sl

Stand? You got knocked on your ass

So much for "stand corrected" - More failing off topic illogical ad hominem attacks? /. trolls = weak. A fact http://it.slashdot.org/comments.pl?sid=3319303&cid=42308151 is still a fact. You are an off topic troll. Fact.

Better than attempting blackmail erroneus

Like you tried, erroneus http://slashdot.org/comments.pl?sid=2261720&cid=36545928 and failed badly in.

Small edit, correcting myself... apk

API GRAPHICS METHODS SUITE:

MSVC++ = .266ms
Delphi = .269ms
MSVB = .292ms - by me last post http://it.slashdot.org/comments.pl?sid=3319303&cid=42308339 )

That was actually this:

Delphi = .269ms
MSVC++ = .293ms
MSVB = 292

* So, my statement there was correct - Delphi took the MOST "1sts" & "2nds" overall, but also the MOST IMPORTANT ONES, which ALL programs do, in Math & Strings, & by tremendous margins...

APK

P.S.=> Sorry about that folks - Between cooking for guests, corralling cats going nuts or seeking attention, & posting? I do DO a "typo", now & then - getting better @ catching them, so trolls don't, 1st, lmao...

... apk

Let me show you deep packet cookie monster

Welcome to part of the 0 Day January 13th 2013.

Good ideas, no patches. accept it; it is called get out more. the best part is that facebook is going to take a huge hit with this.

LOL - how many times've I "blown YOU away"?

Funny you ran after trying to put words in my mouth I never said http://it.slashdot.org/comments.pl?sid=2282088&cid=36731660

* Would you like more examples of the times I've trashed you here, cbiltcliffe?

(I've got tons more... lol, tons!)

APK

P.S.=> There's no QUESTION that fool's avoiding what I said, so what's your point, fool? Are you trying to "amuse me", again, @ YOUR expense?? Yes, obviously... apk

Re:LOL - how many times've I "blown YOU away"?

[cbiltcliffe]

I didn't run.

If you can wrap your brain around reality for a few minutes, you'll notice that slashdot locks discussions, preventing any new replies after the story's been posted for a few weeks. Not exactly sure how long it is, but it's not forever.

When I went back to read your delusional response to my last post, the discussion was locked, and I couldn't reply.

But that would interfere with your delusions of grandeur, so you'd never admit to it, even if you knew that happened.

Interestingly, nobody else seems to have problems finding the words that I *didn't* put in your mouth, because you *did* actually say them. It's only in your alternate reality that you didn't.

Re:LOL - how many times've I "blown YOU away"?

[cbiltcliffe]

Really? You're still going on about an argument you lost badly nearly a year an a half ago?

Since you keep harping on this insistence that you didn't say something you blatantly did, here are your exact words:

P.S.=> Besides, there isn't a botnet (or even ROOTKIT) I can't deal with effectively for removal anyhow - & I don't use the same tools others do...

Well, @ first I do, & when those fail? Out come the "big guns" in Process Explorer & Recovery Console - & there's nothing I can't "dust" between them... ... apk

They're from this post:
http://it.slashdot.org/comments.pl?sid=2282088&cid=36618008

You directly say you use Process Explorer to get rid of rootkits when other tools fail. It's not even implied. You said it, outright. Maybe you didn't mean it (although I think you did, because instead of clarifying what you said, you've instead tried desperately to state that you didn't, in fact, say it), but there's no question you said it.

So why don't you take your damaged brain back to whatever warped reality you reside in when you're not trolling slashdot, and lick your wounds. Make sure they're all healed, because next time they'll be much deeper.....

HELLO OAKGOOF!

We know it's your Oakgrove (or rather, oakgoof, lol).

LMAO - I lost? Your tool was unneeded...

I proved it EASILY since the "indestructible rootkit" was easily destroyed by anyone with a Windows install disk/cd/dvd & the RECOVERY CONSOLE you can bootup from & use listsvc & disable commands it has to STOP THE ROOTKIT POWERING DRIVER(s)...

* ProcessExplorer is used to "mop up" in usermode/Windows once logged in, IF the malware hauls in ANY other ones... & many rootkits do that too!

(Face it - you failed! NOBODY questioned it works either...)

APK

P.S.=> Thus? Well, face it - You FAIL, yet again... I love it!

... apk

Oh, it's me alright (I asked that question)... apk

"That's a post by an AC, claiming to be APK. That's not somebody defending APK with a logged in account. - by cbiltcliffe (186293) on Thursday December 20, @09:23PM (#42355417) Homepage

So - Don't make us laugh more than you did here -> http://slashdot.org/comments.pl?sid=3319303&cid=42360301

(That's WHERE I PROVED YOU'RE FULL OF CRAP, YET AGAIN, & THAT I ABSOLUTELY "DUSTED YOU" before on the "indestructable rootkit", easily... &, of course, yet again once more, as is per my usual!)

APK

P.S.=>

"Maybe you need to learn to read, rather than me...." - by cbiltcliffe (186293) on Thursday December 20, @09:23PM (#42355417) Homepage

Maybe? Ok then - Read the subject-line of your post... what is THAT? A question!

Who asked it initially?? Me!

Right here --> http://slashdot.org/comments.pl?sid=3319303&cid=42307263 (hence, why it carried down into YOUR post, since MY POST THERE is the parent one to yours)...

LMAO - Man, YOU FAIL, yet again, so take your own advice - you NEED it, lmao...

... apkDon't make us laugh more than you did here

No delusions present in these links, lol... apk

http://slashdot.org/comments.pl?sid=3319303&cid=42360301

or here too:

http://slashdot.org/comments.pl?sid=3319303&cid=42360413

Face it: Vs. myself? YOU WILL ALWAYS FAIL... that's just what YOU do/how "you roll"... lol!

APK

P.S.=> I guess you just can't help yourself, but that's FINE BY ME... why? Well... it's guys like you here on /., that make ME look GOOD, every single time...

... apk

This link easily proves otherwise... apk

"I didn't run." - by cbiltcliffe (186293) on Thursday December 20, @08:55PM (#42355183) Homepage

This proves QUITE otherwise -> http://slashdot.org/comments.pl?sid=3319303&cid=42360301

(and you couldn't disprove it... period.)

There, I simply PROVED your tool was TOTALLY unnecessary vs. "the indestructible rootkit"... period.

FACT: Anyone with a Windows install CD/DVD can destroy it using RECOVERY CONSOLE bootup & the listsvc + disable commands to kill its driver...

Then, if you need to?

Use ProcessExplorer to "mop up" after, IF the rootkit hauled down any usermode malwares... & processexplorer EXCELS here, is free, & is a Microsoft tool as well!

---

"When I went back to read your delusional response to my last post, the discussion was locked, and I couldn't reply." - by cbiltcliffe (186293) on Thursday December 20, @08:55PM (#42355183) Homepage

Oh, really? Well, see the 1st link above I just posted again

Then - "drink it in, & digest it" since you FAILED BADLY, and you knew it... piss poor "excuse" there pal!

After all - how could you disprove a FACT?

Answer = You couldn't... lol, & I know it, YOU KNOW IT, & everyone reading there did too!

---

http://slashdot.org/comments.pl?sid=3319303&cid=42360301

Secondly - Your reading comprehension NEEDS WORK

(I suggest you get your "hooked on phonics" out BOY... you need it, since you can't seem to understand how to identify a VALID QUESTION, that I asked... & the fact I also yet again as usual, blew away my 'naysayers' on, easily, every single time here!)

---

"Interestingly, nobody else seems to have problems finding the words that I *didn't* put in your mouth, because you *did* actually say them. It's only in your alternate reality that you didn't." - by cbiltcliffe (186293) on Thursday December 20, @08:55PM (#42355183) Homepage

LMAO - considering I've already SHOWN YOU DON'T KNOW HOW TO READ, just above (since you can't seem to identify a valid question that I MYSELF asked)?

Please... lol!

APK

P.S.=> Naysayers, including yourself... lol, yet again

(I have SO MANY OF THOSE 'dustings' of you vs. myself, it'd take me an HOUR to assemble them all most likely, just to throw back in your face yet again here once more)

However: Are YOU worth that much of MY time? LMAO - Heck no!

Man, face it - you don't merit that much of my time - lol, especially after that link above & the fact you can't read & identify what a question is, lol, or who asked it (me)

... apk/b

Re:This link easily proves otherwise... apk

[cbiltcliffe]

Oh...I see what you're doing now:

You're changing your claim as to what the debate was about, so in your delusional little world, it looks like you won.
I never said the "indestructible rootkit" was actually indestructible, so claiming that I was wrong when I did is simply a straw man. That's not winning an argument; that's being a douche, which I believe I may have called you at some point.

My problem with your randomly capitalized, scatterbrained posts is that you claimed rootkits (not this particular rootkit, but rootkits in general) could be removed with Process Explorer when other tools fail. Yes, you also included Recovery Console in there, but you stated "removed" with Process Explorer. Afterwards you modified this to be "mopped up" with Process Explorer. (hmmmm... changing the terms of the argument again. Seems to be something you do a lot of. Terrified of losing, maybe?)
You then went on to claim that an partially automated tool that I wrote to do this kind of removal was unnecessary, because your manual method worked. You might as well say that GPS is unnecessary, because you can read a map to figure out where you're going. Or cars are unnecessary, because you can get where you're going on a horse.

This particular rootkit could be removed using your modified method (NOT your original method, mind you), although many can't.
The ONLY rootkits this method can remove are ones that use a windows driver to hide the rootkit components. Boot sector rootkits, BIOS rootkits and more do not use this method for hiding, and CANNOT be removed by your method.
I seem to remember telling you this in the conversation 18 months ago, which you promptly ignored with your "I completely SMOKED some weed...errr...you IN that ARGUMENT!!1!11!eleventy!1!11!!" posts. I'm not going to bother looking it up, because your childish, simpleton arguments are not worth any more of my time.

Pretend you won the debate if you want, and maybe in your universe you did. But in this reality, you were beaten, badly, and you just refuse to admit it.

Re:This link easily proves otherwise... apk

[cbiltcliffe]

"I didn't run." - by cbiltcliffe (186293) on Thursday December 20, @08:55PM (#42355183) Homepage

This proves QUITE otherwise -> http://slashdot.org/comments.pl?sid=3319303&cid=42360301

Really? How does that "prove" anything, other than you do a lot of acid before you post?
Your barely coherent ramblings cannot possibly prove or disprove anything that goes on outside your own little reality distortion field.

Explain it to the rest of us: How does that post of yours prove that I "ran?"
Don't get into all sorts of other irrelevant, unrelated crap, just answer that simple question.

Who posted this question?

I did, right here -> http://slashdot.org/comments.pl?sid=3319303&cid=42307263 Now, read the subject-line of YOUR POST NOW, you illiterate ignoramus! What post is PARENT to yours & gave it its subject-line?? Mine/that very one!

(Man - lmao: You really, REALLY need to work on reading comprehension as you can't identify what a question is OR who originated it... lol!)

Then, To each of the replies afterwards to "naysayers" here? I easily, EASILY "dusted them" point-by-point of theirs, as is my usual style... e.g. -> http://slashdot.org/comments.pl?sid=3319303&cid=42308415

APK

P.S.=> This one's going to be VERY easy to "blow you away with", yet again:

"Grow up. Nobody really gives a shit what you say." - by cbiltcliffe (186293) on Friday December 21, @10:16AM (#42359717) Homepage

Hmmm, then why's my post HERE rated +3 INFORMATIVE then? Hmmm?? See here -> http://slashdot.org/comments.pl?sid=3319303&cid=42306663

Answer that...

Also/Lastly - How about this partial list of some of my fav. posts on /. that were upward moderated:

---

Roughly 235++ of them & I post as AC (hard to get even +1, as /. hides our posts & we "AC"'s start @ ZERO/0 points, unlike registered "lusers", lol!):

+5 'modded up' posts by "yours truly" (8):

HOSTS & BGP:2010 -> http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450
FIREFOX IN DANGER: 2011 -> http://news.slashdot.org/comments.pl?sid=2559120&cid=38268580
TESLA:2010 -> http://science.slashdot.org/comments.pl?sid=1872982&cid=34264190
TESLA:2010 -> http://tech.slashdot.org/comments.pl?sid=1806946&cid=33777976
NVIDIA 2d:2006 -> http://hardware.slashdot.org/comments.pl?sid=175774&cid=14610147
Ubuntu Linux sends back local disk query strings to CANONICAL: 2012 -> http://news.slashdot.org/comments.pl?sid=3304601&cid=42234351
Question to Mr. Mark Shuttleworth @ UBUNTU/CANONICAL: 2012 -> http://news.slashdot.org/comments.pl?sid=3304725&cid=42243467
COMPUTER ASSOCIATES BUSTED FOR ACCOUNTING FRAUD:2010 -> http://news.slashdot.org/comments.pl?sid=1884922&cid=34350102

----

+4 'modded up' posts by "yours truly" (6):

APK SECURITY GUIDE:2005 -> http://developers.slashdot.org/comments.pl?sid=167071&cid=13931198
INFO. SYSTEMS WORK:2005 -> http://slashdot.org/comments.pl?sid=161862&cid=13531817
WINDOWS @ NASDAQ 7++ YRS. NOW:2009 -> http://tech.slashdot.org/comments.pl?sid=1290967&cid=28571315
CARMACK'S ARMADILLO AEROSPACE:2005 -> http://science.slashdot.org/comments.pl?sid=158310&cid=13263898
What I admire about Theo DeRaadt of BSD fame: 2012 ->

Re:Who posted this question?

[cbiltcliffe]

I did, right here -> http://slashdot.org/comments.pl?sid=3319303&cid=42307263 Now, read the subject-line of YOUR POST NOW, you illiterate ignoramus! What post is PARENT to yours & gave it its subject-line?? Mine/that very one!

You really have trouble following a thread, don't you?
The parent post to mine was not your question. It didn't even claim to be you, although, I think it was yours; you just didn't put your name on it, as you wanted it to appear to be someone else who was supporting your asinine arguments.

The post I responded to was this:

The meaning's explicit directed at poster apk replied to. Obviously a question. You're obviously stupid or trolling.

from here:
http://slashdot.org/comments.pl?sid=3319303&cid=42308455

Do you see your name at the end of that post? I don't. I'm pretty sure nobody else does, either. Well...maybe you do, but that would be your reality distortion field at work again.

In fact, it specifically refers to you in the third person, pretty definitively stating that it was NOT written by you.

Regardless of most of the world's opinion of your lack of mental capacity, incoherence, and incessant ramblings, every post in a thread that you've "contributed" to is neither a direct response to you, or a direct attack on you. Sometimes, responses are to people other than you. That's right. I know it's shocking to your ego, but not all human interaction on the planet has you as one of the parties. In fact, the vast, vast majority of it does not involve you at all, despite your best efforts.

We see what you do fatass (drool for pizza)

"Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 since that disgusting fatbody pig's an obese swine with no dick!

erroneus (253617) FatASS needs PIZZA

"Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 since that disgusting fatbody pig's an obese swine with no dick!

You're too bloated and fat for the planet

"Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 since that disgusting fatbody pig's an obese swine with no dick, who's downmodded as troll yet again.

attempting blackmail's stupid of you erroneus

http://slashdot.org/comments.pl?sid=2261720&cid=36545928

erroneus/johnbwilcox ate 50 dozen donuts

no but parent poster john b wilcox/erroneus must've eaten 50 dozen donuts http://slashdot.org/comments.pl?sid=3345911&cid=42414637

john b wilcox/erroneus the planet can't feed ya

Since being publicly obese like you is embarassing. Erroneus/john b wilcox: When you eat, is your dish a wheelbarrow, your fork a pitchfork, and spoon a shovel or what http://slashdot.org/comments.pl?sid=3345911&cid=42414637 ? Does your bed use chevy truck coil springs and struts to hold your fat ass off the floor too? Hahahaha. No wonder you said this "Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 you disgustingly fat hog.

john b wilcox/erroneus = familiar with obesity

Since being publicly obese like you is embarassing. Erroneus/john b wilcox: When you eat, is your dish a wheelbarrow, your fork a pitchfork, and spoon a shovel or what http://slashdot.org/comments.pl?sid=3345911&cid=42414637 ? Does your bed use chevy truck coil springs and struts to hold your fat ass off the floor too? Hahahaha. No wonder you said this "Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 you disgustingly fat hog.

You're a piece of shit little punk... apk

The Recovery Console can wipe out any rootkits (MBR or driver based type) & then ProcessExplorer can mop up any malware used to bind them to C&C servers in botnets.

Now, "your tool" (which I also believe you did NOT WRITE COMPLETELY YOURSELF even, iirc) wasn't necessary in our initial debate & I prove that per the above...

Your off-topic bullshit now - DAYS LATER?

You're VERY LUCKY you're not in front of me in person... you wouldn't get up. I hate little weasels like you with a PASSION... you little FUCK!

* Quit trying to make excuses for your blatant "fail", days later, thinking I am not watching (you dirty little sneaky wuss)...

"Regardless of most of the world's opinion of your lack of mental capacity, incoherence, and incessant ramblings" - by cbiltcliffe (186293) on Sunday December 30, @11:11AM (#42426307) Homepage

and

"Really? How does that "prove" anything, other than you do a lot of acid before you post?
Your barely coherent ramblings cannot possibly prove or disprove anything that goes on outside your own little reality distortion field." - by cbiltcliffe (186293) on Sunday December 30, @11:11AM (#42426307) Homepage

You're a done zero loser, and you know it. Hell, while you were in diapers? I was making headlines, commercially sold software from a certified Microsoft partner (that still sells well), and far more in respected trade shows... you little punk, who posts days later thinking I am not looking... you have to, with little weasels like you.

See below, you cowardly little punk (posting days later thinking I wasn't looking? Guess again - I know little weasels like you, and just how you "maneuver" and I swat them everytime, just like I have yourself yet again).

APK

P.S.=> Besides - the day "the likes of you" can show you've done MORE, BETTER & EARLIER than I have (while you were STILL IN DIAPERS I wager no less)? Is the day you can even *try* think you're in my league... because I know you're not!

"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."

----

Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61

(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row 2000-2002, in its HARDEST CATEGORY: SQLServer Performance Enhancement).

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it

HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!

Also, a British PC Mag in 2002 for many utilities I wrote, saw it @ BORDERS BOOKS but didn't buy it... by that point, I had moved onto other areas in this field besides coding only...

Being paid for an article that made me money over @ PCPitstop in 2008 for writing up a guide that has people showing NO VIRUSES/SPYWARES & other screwups, via following its point, such as THRONKA sees here -> http://www.xtremepccentral.com/forums/showthread.php?s=ee926d913b81bf6d63c3c7372fd2a24c&t=28430&page=3

9 days later you answer, weasel?

See subject-line you punk and yes it was me that asked the question and you know it... right here (parent to them all) -> http://slashdot.org/comments.pl?sid=3319303&cid=42307263

Above all else here though?

YOU PROVE that You're a little BITCH of a punk ass weasel, replying nearly 10 days later *thinking* I wouldn't see your weasel b.s. now, eh?

That much is obvious!

I track that type of "I am a beyotch worse than a woman trying to get the last word in" punk behaviour outta the likes of a DONE ZERO LOSER like yourself in comparison to MYSELF in computing!

(I, who was making headlines & piles of money in this art & science of computing while the likes of you, a done zero "ne'er-do-well" loser, was still in diapers).

* Do me a favor - tell whoever the BUM your father was he would have been better off shooting his load on the wall, than impregnatiing your whore mother (lol), ok?

He'd have done the world a favor!

APK

P.S.=> My Lord, having to watch a thread for 10 days is what you have to do with the little done zero with their LIVES punks around /., like cbiltcliffe = the fool who I proved his "tool" he didn't even WRITE ALL OF HIMSELF iirc, wasn't needed @ all, here and LONG AGO before it -> http://slashdot.org/comments.pl?sid=3319303&cid=42428443 ...

... apk

Time to REALLY embarass you... apk

From -> http://slashdot.org/comments.pl?sid=2324770&cid=36782140

DESPITE YOU POSTING 10 days later *trying* to "get the last word" like some WOMAN might, boy?

The past does you in, with your OWN WORDS, re-quoted below:

---

PERTINENT QUOTES/EXCERPTS:

"Will it get rid of an MBR rootkit? Yes. Will it get rid of a driver-based rootkit with a discrete .sys file for the driver? Yes." - by cbiltcliffe (186293) on Tuesday July 12, @03:12PM (#36738656) Homepage Journal

NOW - Didn't you state that which is quoted above?

I.E.-> That my technique for non-destructively destroying the rootkit portion using Windows installation media (read only) works for non-destructively removing the rootkit portion of this combined rootkit/botnet??

Yes, you did! Period... all you HAD was calling me a douche, in utter "FruStraTioN", you little punk!

(Which means your CD you were "hawking/shilling" there was totally unnecessary! Folks already have tools @ hand for it off of their install media for Windows!)

---

"There you go again, conveniently removing the part where I said it won't work against a rootkit that patches legitimate driver files." - by cbiltcliffe (186293) on Friday July 15, @08:49PM (#36782014) Homepage

Ahem: That wasn't the topic, or the mechanics of the rootkit being discussed there - it was about the mechanics of THE ROOTKIT that was called "indestructable" & it was DESTROYED by me, w/ out destroying a Window setup, & with tools folks already have...

AND, you DID admit that my technique for removing it, works, quoted above!

(And, your CD? Again, unnecessary!)

Also, I list a way to remove patched files rootkits too, as well as layering defenses against it in WFP, Group Policies, & even bcedit commandlines too! That's shown in my reply above as well...

(Funny how you "omit" those 2 crucial points here, eh? NOT!)
---

* YOU FAILED... badly, as usual!

APK

P.S.=> Know what? Now, I am going to assemble every single time I have "dusted" you in technical debates, & throw them out in your posts from now on since I've done it before & on a LOT MORE THAN JUST THAT ABOVE!

(Yes, just to laugh as you *try* to "mince words" to scramble to get outta them... & then, I'll do it some more yet again, & just as I have here? With links that shoot you down EVEN MORE here publicly)

... apk

Right from "the indestructible rootkit" thread

"My problem with your randomly capitalized, scatterbrained posts is that you claimed rootkits (not this particular rootkit, but rootkits in general) could be removed with Process Explorer when other tools fail. Yes, you also included Recovery Console in there, but you stated "removed" with Process Explorer. Afterwards you modified this to be "mopped up" with Process Explorer. (hmmmm... changing the terms of the argument again. Seems to be something you do a lot of. Terrified of losing, maybe?)" - by cbiltcliffe (186293) on Sunday December 30, @10:45AM (#42426167) Homepage

Eat your WORDS yet again, liar, vs. what I quoted from here, below -> http://it.slashdot.org/comments.pl?sid=2282088&cid=36653602 - & that IS the actual "indestructible rootkit" thread itself no less!

You're also projecting on "terrified about losing" because YOU LOST BADLY & what's below (my method quoted) shows it!

I "modified" NOTHING & the link below proves it (direct quote of my method, which makes your "tool" completely unnecessary & YOU KNOW IT):

---

PERTINENT QUOTE/EXCERPT of my method, from the link above:

"STEPS TO TAKE TO ERADICATE THIS ROOTKIT/BOTNET. NON-DESTRUCTIVELY:

---

1.) Recovery Console bootup
2.) listsvc command to spot offending bogus MBR protecting driver (hello_tt.sys)
3.) disable command to stop it from loading
4.) Reboot to RC again
5.) Fixmbr command to clear bootsector (no longer protected by said driver since it was disabled from load)
6.) REBOOT NORMALLY (it WILL be gone, guaranteed)

---

* Which works against ANY rootkit, both bootsector originating type, or driver driven type (or like this one, a combination of BOTH), 100% guaranteed - NO QUESTIONS ASKED, period...

APK

P.S.=> Then, IF this thing "hauls in" any more malware, which it CAN do?

Then - You "mop it up" using Process Explorer completely once the rootkit is destroyed!

(ProcessExplorer.exe works vs. ANY malware, even hidden ones beneath other std. processes hooked by libs/dlls, or services even)

I.E./E.G. -> You use its "suspend" feature to send HLT instructions to the offending malware, & then?

Then, you can delete it on disk & it's "Gone With The Dawn"...'

---

* Oh, I am going to EMBARASS YOU BADLY in all of your posts for QUITE A WHILE with this one you little punk that POSTED 10 DAYS LATER *stupidly thinking* I wouldn't watch a little punk like you that "tries to get in the last word" that way!

(THANK YOU, for being SO stupid!)

APK

P.S.=> Yes - You FAIL yet again, badly... & that's only 1 of nearly 50 I have done so before vs.yourself (it will be a PAIN to reassemble them again, but I have done it before to SHUT YOU UP, & it worked just fine, lol... time to do it again is all!)

... apk