WHen a Windows machine gets really infested with spyware, it's tough to sort out the chickens from the eggs. Did a user to to a porn site that downloaded spyware that brought down kiddie porn, or did somebody intentionally go to a kiddie porn site?
I've never found pictures of kids on a customer's PC (thank God), but I have done some investigations on "porned" and infested PCs: it's hard enough for an IT pro to figure out which came first. When the cops are doing the investigating, I expect they'll come to whatever conclusion makes the suspect look guilty.
When AOL, Norton, Real and MusicMatch (among many others) pay Dell to include their incredibly bloated crapware on your new PC, Dell should be required to tell you that they paid... and how much.
Similarly, if the EU can force Microsoft to release Windows without a media player, they should also force the OEMs to offer computers with Windows only. They would cost a bit more, but it would be well worth it.
It's not my system, Anonymous Coward, it's his. I didn't build it, sell it to him, or install it. He does what he wants with it; I am paid only to fix it and make recommendations. You must be an idiot, if you don't understand that.
I made thousands of dollars -- more than half my company's gross revenue -- cleaning up spyware in 2006. A lot of it, probably 30% or 40%, was on fully patched machines with current anti-virus software. Almost every time I read about exploit code becoming available for a zero-day vulnerability, my phone starts to ring. I have one customer who gets hit three or four times a year. Each time, I get $75 to $150 for booting his system to Windows PE and cleaning off the pests. He's running McAfee Enterprise 8.0i (from his job) with all the "Unwanted Programs Policy" settings maxed out, and he still gets hit, and I still get paid. (I think it may be due to his Web surfing habits, but I don't ask and he doesn't tell).
If Microsoft ever delivers a really secure OS and browser, I may need to go get a job... after all the XP machines die off, that is. Since I still see Windows 98 and ME boxes running (some plugged directly into Comcast cable modems), I suspect that will be a few years yet.
I opened the Help Desk at 7 AM every morning for a company with sites in several states. Previously, if a server or a link was down, it would often go undiagnosed until 8:30 or 9 AM because not enough people would call the Help Desk to complain until then.
I wrote a simple batch file that would ping every server on the WAN with two packets, dump the results to a text file, and open the file in front of me when I logged in. I would search the file for the word "timed" (Request timed out) and start troubleshooting and notifying by 7:05. The CIO, who came in at 7:15, loved knowing that his network was up (or not) as he walked into the building. The only problem was, my old buddy the CIO was paying for an expensive network monitoring system, which I ignored completely because it was cumbersome, expensive, and I had never learned to use it. One morning, after I had scrambled resources to track down a server outage reported by my batch file, he insisted that I work with the network admin to track the problem through that system.
Half an hour later, I went to his office. "Dave, I found the details of the failure in the monitoring system: it couldn't ping the Exchange server in Michigan..." which, we both knew, was exactly what the batch file had told me earlier that day. He never bothered me about that system again...
Central air conditioning has an engineering limitation: at extremely low outside temperatures, it fails. Most people are not affected by this... I worked at a company with a windowless server room buried in the middle of the IT department. On the coldest day of the year, the AC quit. We had to open all the doors, and use fans to circulate air out of the server room. Needless to say, the staff -- especially those nearest the doors -- complained about this endlessly. I told the CIO, an old friend of mine, that we should run a single 12" duct through the drop ceiling from an outside wall to the server room, and put a fan in the room to pull in the subfreezing outdoor air next time this happened. Of course, when the AC came back on, he forgot all about this... until the next year, when the temperature plunged and the AC failed again. (He gave me a look that said, "Don't say it... I know you Told Me So...).
Within two days of that second failure, workers were running a flexible duct through the ceiling.
When I was the alpha geek on a four-geek Help Desk, we had to ask each caller for the computer name (we later used bginfo for that). We would ring a bell every time we got the answer "Dell," then patiently explain that the computer is a Dell, but the computer has a name on the network, and we need to figure out what that is... one woman interrupted me: "Trinitron?"
I slapped the mute switch just in time, and ROTFLMAO.
I see a lot of machines with multiple infestations, but I rarely rebuild 'em. My usual algorighm:
Start up in Safe Mode Use AutoRuns.exe to identify most of the offenders; delete those that don't self-reinstall Open IE and then System Information; look at Loaded Modules to find the vx2.DLLs (hint: sort the list by Manufacturer) Boot to Windows PE; back up and load the Software and System hives & clean them up; do the same with the user hive(s) Boot into Windows and check for stragglers.
Ten years ago, I pioneered a foolproof way to clean floppy disks. I worked at a chain of auto parts stores, with only five Windows machines. The marketing guy was constantly catching the Zombie virus from his drawer full of floppies. After about the 5th or 6th time, I took all the floppy disks out of his desk and smashed them with a ballpeen hammer.
Cleansing home PCs, I've seen some of the more exotic exploits become commonplace, including:
Direct Revenue hiding its core.DLL as a print monitor; one lone.DLL, registered in a CLSID key, warning of SPYWARE!!! from the system tray; launching executables from Group Policy subkeys; populating subkeys of Winolgon\Notify with self-renaming.DLL's.
Hiding malware so it launches before Explorer (and even before the antivirus app) is sneaky, underhanded, and ensures a steady stream of income so I don't need to get an actual job. Editing the Registry hives from WinPE is the only cost-effective way to remove many of these things, and Suzy Homeuser wull never be ready for that. So here's to you, scumbag malware writers... and here's to Microsoft for leaving soooo many ways to launch your malware: Thanks for paying my mortgage. Without security holes, and the slimeballs who exploit them, I'd be back selling auto parts.
I worked as a desktop support tech in several environments, with policies ranging from draconian to nonexistent.
In the locked-down world, our firm charged for repairs to "non-standard" machines: anything with user-installed software, even if it wasn't the cause of the problem. We were forbidden to use the terms PC or computer, instead calling every desktop and laptop a "workstation." People who downloaded stuff from the Internet often found themselves explaining the $300 repair charge to their boss, and were subject to termination at the company's discretion. (As desktop techs, we were very powerful... one guy I worked with actually received "personal services" in exchange for not reporting a young woman in the call center).
In the open environments, stupidity flourished. People would install Kazaa (with its load of spyware) and put their shared folders on the servers. Executives would download GoToMyPC and use their names as the password. During downtime, I would use PSList to remotely check computers for spyware, and remotely delete anything I didn't like. A few people complained about losing their Webshots and other crap, but the CIO was an old friend of mine and fully backed my efforts. One day, I claimed in a weekly meeting that spyware and adware were consuming 50% to 70% of our Internet bandwidth. The head of the network group immediately heaped scorn upon that statement... until the CIO asked him to check into the claim. He had to stand up the following week and say that I was wrong: the figure was closer to 90%.
I hate Yahoo. To me, they are evil... their software is crap, and breaks things... and they own Gator, er, Claria. Need I say more? In my PC repair practice, I routinely remove all Yahoo applications from customers' computers, especially that f***ing toolbar. (Many support calls start out when a customer is inflicted with the Yahoo Toolbar, usually via Adobe, and something else stops working). I do use Yahoo, however, when training other engineers to remove spyware. All I need to do to infest a machine is click on a few paid links in Yahoo search results. With their help, I can completely trash an XP machine in less than five minutes.
I have a few friends who always send me those stupid hoax Emails... the ones that urge you to make matters even worse by passing the bullshiat along to others.
I just sent them this article, warning that Bush will try to push this through the lame-duck Congress, and urging them to "Please forward this to everyone you know!!!"
Symantec and Network Associates will continue to pay their way onto every new Dell, HP, Gateway, Toshiba computer (with a three-month trial subscription), so the average consumer will still end up with a third-party security suite preinstalled.
Let's hope the Vista versions of their products don't suck as massively as their current offerings... but they will.
For me, hard disks are The Weakest Link. I work on a few thousand PCs per year, so I see way too many failed drives. Sometimes I can recover the data, sometimes it's way too late. Some of these drives are long out of warranty, some are a few months old.
The customers often have a warranty from the PC manufacturer, especially if it's a Dell: they do the best job of selling extended coverage. When they do, I encourage the customer to arrange warranty repairs directly. (About half of the customers would rather pay me for the repairs than deal with the manufacturer).
I encourage customers who need a hard disk to buy it themselves. I would rather spend the few minutes necessary to identify the right drive for them than provide it through my company.
When I do sell a hard drive, I buy it locally, give the original store receipt to the customer, and sell it at exactly my cost. I make it clear -- verbally and in writing -- that the warranty on the hard disk is between the customer, the seller, and the manufacturer, and that my company offers no guarantees on the part or labor.
I also explain hard drives to all of my customers in exactly these words:
1. Your hard drive is a complex system of parts moving at extremely high speeds.
2. Every hard drive will fail, including yours.
3. Some will fail tomorrow, some will fail in 2039, and nobody knows when yours will fail.
4. When your drive fails, you will lose all the data that you didn't back up.
This speech often results in profitable backup system design jobs...
Symantec and McAfee are not fighting for the right to sell a security product. They are fighting for the right to sell a subscription to their security services. The fact that both companies' flagship products are bloated crap -- even worse than Windows itself -- should give you some idea of what you'd be subscribing to.
Doing home PC repairs, more than half of my income is from malware... and that doesn't include the problems caused by Norton Internet Security itself, which accounts for about 5% of my initial calls. ("I can't get my mail, and I can't logon to my bank, and [Dell | Verizon | Comcast] says I have spyware!") When that program, or McAfee's suite, haven't killed the PC yet, I often find well-hidden malware.DLLs loaded that neither program detects or removes. I can't believe that they can't detect this stuff... instead, they won't because they want to sell you additional products and subscriptions, and more bloated crap.
Microsoft stayed out of the antivirus market all these years because they didn't want to be responsible for failing to prevent virus attacks. Now that they're ready to step up to the plate, let them... then we can sue them when the next Blaster worm or "I Love YOU" virus hits.
We are on the Do Not Call list; its effectiveness has diminished somewhat. We also have Call Intercept to block the no-number telemarketers.
The ones who do get through are immediately bombarded with questions:
Hi, this is Cindy calling on behalf of ATA...
"Cindy, is it? Could I have your last name?" We're not permitted to give that information, sir...
"You're required to by federal law, but we'll come back to that. You say you're calling on behalf of ATA. Do you work for ATA?" Um, no, sir, we are an independent survey company collecting information for ATA...
"What is the name of your company?" It's, uh, Persistent Marketing Services...
"Where are you located, and what's your phone number?" [city & state, number...]
"And what does ATA stand for? Where are they, and what is their phone number?" [full name, city & state, number...]
"Well, Cindy, the reason I ask these questions is that both ATA and Persistent Marketing Services need to place this number on their permanent Do Not Call lists, effective immediately, so you will take care of that for me?" Um, sir, we are a survey organization, so we don't maintain a Do Not Call list...
"Well, Cindy, this means that you -- personally -- must make sure that neither you, nor anyone else in your company, or anyone from ATA, ever calls this number again, or both companies -- and you personally -- will face charges of criminal harrassment and defiant tresspass here in Delaware. Have you ever been to Delaware?" um, sir, if you would like to speak to my supervisor...
(loudly) "Cindy, under Federal law, I don't have to speak to anyone but you. By calling my house, you have assumed personal responsibility for this matter. I assure you that, if anyone from your companies calls this number again, swift and severe legal action will follow... Oh, Cindy, did I mention that my wife is a lawyer, so we can haul you into court here in Delaware for free?" Um, yes, sir, we will take care of this immediately..."
Slashdot Mirror
WHen a Windows machine gets really infested with spyware, it's tough to sort out the chickens from the eggs.
Did a user to to a porn site that downloaded spyware that brought down kiddie porn, or did somebody intentionally go to a kiddie porn site?
I've never found pictures of kids on a customer's PC (thank God), but I have done some investigations on "porned" and infested PCs: it's hard enough for an IT pro to figure out which came first. When the cops are doing the investigating, I expect they'll come to whatever conclusion makes the suspect look guilty.
When AOL, Norton, Real and MusicMatch (among many others) pay Dell to include their incredibly bloated crapware on your new PC, Dell should be required to tell you that they paid... and how much.
Similarly, if the EU can force Microsoft to release Windows without a media player, they should also force the OEMs to offer computers with Windows only. They would cost a bit more, but it would be well worth it.
It's not my system, Anonymous Coward, it's his. I didn't build it, sell it to him, or install it. He does what he wants with it; I am paid only to fix it and make recommendations.
You must be an idiot, if you don't understand that.
I made thousands of dollars -- more than half my company's gross revenue -- cleaning up spyware in 2006. A lot of it, probably 30% or 40%, was on fully patched machines with current anti-virus software. Almost every time I read about exploit code becoming available for a zero-day vulnerability, my phone starts to ring.
I have one customer who gets hit three or four times a year. Each time, I get $75 to $150 for booting his system to Windows PE and cleaning off the pests. He's running McAfee Enterprise 8.0i (from his job) with all the "Unwanted Programs Policy" settings maxed out, and he still gets hit, and I still get paid. (I think it may be due to his Web surfing habits, but I don't ask and he doesn't tell).
If Microsoft ever delivers a really secure OS and browser, I may need to go get a job... after all the XP machines die off, that is. Since I still see Windows 98 and ME boxes running (some plugged directly into Comcast cable modems), I suspect that will be a few years yet.
I opened the Help Desk at 7 AM every morning for a company with sites in several states. Previously, if a server or a link was down, it would often go undiagnosed until 8:30 or 9 AM because not enough people would call the Help Desk to complain until then.
I wrote a simple batch file that would ping every server on the WAN with two packets, dump the results to a text file, and open the file in front of me when I logged in. I would search the file for the word "timed" (Request timed out) and start troubleshooting and notifying by 7:05. The CIO, who came in at 7:15, loved knowing that his network was up (or not) as he walked into the building.
The only problem was, my old buddy the CIO was paying for an expensive network monitoring system, which I ignored completely because it was cumbersome, expensive, and I had never learned to use it. One morning, after I had scrambled resources to track down a server outage reported by my batch file, he insisted that I work with the network admin to track the problem through that system.
Half an hour later, I went to his office. "Dave, I found the details of the failure in the monitoring system: it couldn't ping the Exchange server in Michigan..." which, we both knew, was exactly what the batch file had told me earlier that day.
He never bothered me about that system again...
Central air conditioning has an engineering limitation: at extremely low outside temperatures, it fails. Most people are not affected by this...
I worked at a company with a windowless server room buried in the middle of the IT department. On the coldest day of the year, the AC quit. We had to open all the doors, and use fans to circulate air out of the server room. Needless to say, the staff -- especially those nearest the doors -- complained about this endlessly.
I told the CIO, an old friend of mine, that we should run a single 12" duct through the drop ceiling from an outside wall to the server room, and put a fan in the room to pull in the subfreezing outdoor air next time this happened. Of course, when the AC came back on, he forgot all about this... until the next year, when the temperature plunged and the AC failed again. (He gave me a look that said, "Don't say it... I know you Told Me So...).
Within two days of that second failure, workers were running a flexible duct through the ceiling.
No. Sorry. My name is Bob, but my colleagues at the time called me "spok."
"I just use my Dell."
When I was the alpha geek on a four-geek Help Desk, we had to ask each caller for the computer name (we later used bginfo for that). We would ring a bell every time we got the answer "Dell," then patiently explain that the computer is a Dell, but the computer has a name on the network, and we need to figure out what that is...
one woman interrupted me: "Trinitron?"
I slapped the mute switch just in time, and ROTFLMAO.
I see a lot of machines with multiple infestations, but I rarely rebuild 'em.
.DLLs (hint: sort the list by Manufacturer)
My usual algorighm:
Start up in Safe Mode
Use AutoRuns.exe to identify most of the offenders; delete those that don't self-reinstall
Open IE and then System Information; look at Loaded Modules to find the vx2
Boot to Windows PE; back up and load the Software and System hives & clean them up; do the same with the user hive(s)
Boot into Windows and check for stragglers.
Lots of fun, especially for $1.25/minute.
Ten years ago, I pioneered a foolproof way to clean floppy disks.
I worked at a chain of auto parts stores, with only five Windows machines. The marketing guy was constantly catching the Zombie virus from his drawer full of floppies.
After about the 5th or 6th time, I took all the floppy disks out of his desk and smashed them with a ballpeen hammer.
Cleansing home PCs, I've seen some of the more exotic exploits become commonplace, including:
.DLL as a print monitor; .DLL, registered in a CLSID key, warning of SPYWARE!!! from the system tray; .DLL's.
Direct Revenue hiding its core
one lone
launching executables from Group Policy subkeys;
populating subkeys of Winolgon\Notify with self-renaming
Hiding malware so it launches before Explorer (and even before the antivirus app) is sneaky, underhanded, and ensures a steady stream of income so I don't need to get an actual job. Editing the Registry hives from WinPE is the only cost-effective way to remove many of these things, and Suzy Homeuser wull never be ready for that.
So here's to you, scumbag malware writers... and here's to Microsoft for leaving soooo many ways to launch your malware: Thanks for paying my mortgage. Without security holes, and the slimeballs who exploit them, I'd be back selling auto parts.
I worked as a desktop support tech in several environments, with policies ranging from draconian to nonexistent.
In the locked-down world, our firm charged for repairs to "non-standard" machines: anything with user-installed software, even if it wasn't the cause of the problem. We were forbidden to use the terms PC or computer, instead calling every desktop and laptop a "workstation." People who downloaded stuff from the Internet often found themselves explaining the $300 repair charge to their boss, and were subject to termination at the company's discretion. (As desktop techs, we were very powerful... one guy I worked with actually received "personal services" in exchange for not reporting a young woman in the call center).
In the open environments, stupidity flourished. People would install Kazaa (with its load of spyware) and put their shared folders on the servers. Executives would download GoToMyPC and use their names as the password. During downtime, I would use PSList to remotely check computers for spyware, and remotely delete anything I didn't like. A few people complained about losing their Webshots and other crap, but the CIO was an old friend of mine and fully backed my efforts.
One day, I claimed in a weekly meeting that spyware and adware were consuming 50% to 70% of our Internet bandwidth. The head of the network group immediately heaped scorn upon that statement... until the CIO asked him to check into the claim. He had to stand up the following week and say that I was wrong: the figure was closer to 90%.
127.0.0.1 yahoo.com
I hate Yahoo. To me, they are evil... their software is crap, and breaks things... and they own Gator, er, Claria. Need I say more?
In my PC repair practice, I routinely remove all Yahoo applications from customers' computers, especially that f***ing toolbar. (Many support calls start out when a customer is inflicted with the Yahoo Toolbar, usually via Adobe, and something else stops working).
I do use Yahoo, however, when training other engineers to remove spyware. All I need to do to infest a machine is click on a few paid links in Yahoo search results. With their help, I can completely trash an XP machine in less than five minutes.
I have a few friends who always send me those stupid hoax Emails... the ones that urge you to make matters even worse by passing the bullshiat along to others.
I just sent them this article, warning that Bush will try to push this through the lame-duck Congress, and urging them to "Please forward this to everyone you know!!!"
Yes, I know I'm going to Hell.
Long before the Web became World Wide, Howard Stern was sending his armies of listeners to investigate (and harrass) people who offended him.
Of course, it works much better in real time.......
If we're going to have an outside company farking with our election (again), I'm glad it's Venezuela this time: at least they're liberals!
...don't you?
Symantec and Network Associates will continue to pay their way onto every new Dell, HP, Gateway, Toshiba computer (with a three-month trial subscription), so the average consumer will still end up with a third-party security suite preinstalled.
Let's hope the Vista versions of their products don't suck as massively as their current offerings... but they will.
If I run into a customer who gets this virus from their new iPod, I look forward to making $75 per hour as an expert witness when they sue Apple.
When you hear the show, you will want it enough to pay the Sirius subscription fee.
Now that YouTube has money behind it, Google can expect legal action from a whole bunch of people... some of it justified.
127.0.0.1 localhost
...
...
...
127.0.0.1 myspace.com
127.0.0.1 webshots.com
127.0.0.1 aol.com
The kids will hate it, but they're not the ones who pay me.
For me, hard disks are The Weakest Link. I work on a few thousand PCs per year, so I see way too many failed drives. Sometimes I can recover the data, sometimes it's way too late. Some of these drives are long out of warranty, some are a few months old.
The customers often have a warranty from the PC manufacturer, especially if it's a Dell: they do the best job of selling extended coverage. When they do, I encourage the customer to arrange warranty repairs directly. (About half of the customers would rather pay me for the repairs than deal with the manufacturer).
I encourage customers who need a hard disk to buy it themselves. I would rather spend the few minutes necessary to identify the right drive for them than provide it through my company.
When I do sell a hard drive, I buy it locally, give the original store receipt to the customer, and sell it at exactly my cost. I make it clear -- verbally and in writing -- that the warranty on the hard disk is between the customer, the seller, and the manufacturer, and that my company offers no guarantees on the part or labor.
I also explain hard drives to all of my customers in exactly these words:
1. Your hard drive is a complex system of parts moving at extremely high speeds.
2. Every hard drive will fail, including yours.
3. Some will fail tomorrow, some will fail in 2039, and nobody knows when yours will fail.
4. When your drive fails, you will lose all the data that you didn't back up.
This speech often results in profitable backup system design jobs...
Symantec and McAfee are not fighting for the right to sell a security product. They are fighting for the right to sell a subscription to their security services. The fact that both companies' flagship products are bloated crap -- even worse than Windows itself -- should give you some idea of what you'd be subscribing to.
.DLLs loaded that neither program detects or removes. I can't believe that they can't detect this stuff... instead, they won't because they want to sell you additional products and subscriptions, and more bloated crap.
Doing home PC repairs, more than half of my income is from malware... and that doesn't include the problems caused by Norton Internet Security itself, which accounts for about 5% of my initial calls. ("I can't get my mail, and I can't logon to my bank, and [Dell | Verizon | Comcast] says I have spyware!")
When that program, or McAfee's suite, haven't killed the PC yet, I often find well-hidden malware
Microsoft stayed out of the antivirus market all these years because they didn't want to be responsible for failing to prevent virus attacks. Now that they're ready to step up to the plate, let them... then we can sue them when the next Blaster worm or "I Love YOU" virus hits.
We are on the Do Not Call list; its effectiveness has diminished somewhat. We also have Call Intercept to block the no-number telemarketers.
The ones who do get through are immediately bombarded with questions:
Hi, this is Cindy calling on behalf of ATA...
"Cindy, is it? Could I have your last name?"
We're not permitted to give that information, sir...
"You're required to by federal law, but we'll come back to that. You say you're calling on behalf of ATA. Do you work for ATA?"
Um, no, sir, we are an independent survey company collecting information for ATA...
"What is the name of your company?"
It's, uh, Persistent Marketing Services...
"Where are you located, and what's your phone number?"
[city & state, number...]
"And what does ATA stand for? Where are they, and what is their phone number?"
[full name, city & state, number...]
"Well, Cindy, the reason I ask these questions is that both ATA and Persistent Marketing Services need to place this number on their permanent Do Not Call lists, effective immediately, so you will take care of that for me?"
Um, sir, we are a survey organization, so we don't maintain a Do Not Call list...
"Well, Cindy, this means that you -- personally -- must make sure that neither you, nor anyone else in your company, or anyone from ATA, ever calls this number again, or both companies -- and you personally -- will face charges of criminal harrassment and defiant tresspass here in Delaware. Have you ever been to Delaware?"
um, sir, if you would like to speak to my supervisor...
(loudly) "Cindy, under Federal law, I don't have to speak to anyone but you. By calling my house, you have assumed personal responsibility for this matter. I assure you that, if anyone from your companies calls this number again, swift and severe legal action will follow... Oh, Cindy, did I mention that my wife is a lawyer, so we can haul you into court here in Delaware for free?"
Um, yes, sir, we will take care of this immediately..."
I get very few repeat calls.