Welcome to MSDN Blogs Sign in | Join | Help

DDITDev

A crack team of devs in the Developer Division. ASP.NET, SQL, C#, development practices.
Elephants, monkeys and... Viruses?! - Posted by Avi

It's been a while since I posted - I was away on vacation, visiting my parents-in-law in Sri Lanka.

What a great country! Sunshine, wildlife, amazing food, and… viruses. I'm not talking about malaria (although we did have a close call); I'm talking about my in-laws' home computer.

As you all know, visiting family means fixing computers; it's been that way for me since I was 14, so I really don't mind. The symptoms in this case were random reboots and virus popup warnings. So one day I was down there diagnosing things (I had brought my trusty USB thumbdrive with all the cool tools), and indeed the machine was pretty well trashed.

It wasn't too surprising, I guess - run as an administrator, open all your mail attachments, trust the popup ads, and you're bound to get into trouble. Anyway, I vowed to fix it in 2 days, when we got back from a side-trip.

Well, turns out that the local computer whiz volunteered to come fix the issue, and they preferred not to wait - he arrived just before I left. I figured I'd like to see what he does, just for kicks. He tried to boot once; bang - immediate reboot. He wasn't going to take this kind of crap, so he immediately pulled out his trusty [pirated] Windows CD, formatted the HD, reinstalling the OS.

I guess he got the job done. Personally, I would have tried to diagnose first, but what he lacked in finesse he made up for with brute force. And you can't argue with brute force.

I went on the trip thinking everything was cool… Until I heard "we have viruses again!", within a day of returning. It can't be, I thought. I had explained the notion of not opening attachments and random EXEs, not following ads, etc. They had the firewall switched on. I *know* that Windows is secure; I use it all the time and I've never had trouble.

So I went in, logged on, and wow - there were tons of virus warnings, trojans, etc. I had to wash my hands after touching that keyboard, just in case. The funny thing is that they hadn't even used the computer - this is what they saw immediately after Fixit-Boy had messed with it.

So, turns out that a few things were a little wrong with his technique:

  • The pirated version of WinXP he had was already pre-infected with every virus known to man.
  • It had some pre-release version of XPSP2.
  • It had a virus scanner installed, but it required an activation key so wasn't actually doing anything.

Yikes. This time it was my turn:

  • Format (sometimes you just can't clean things up).
  • Install a [non pirated ;)] version of XP.
  • Install XPSP2, and all the latest patches.
  • Make sure the firewall is on.
  • Create accounts for the family, but make them non-administrative.
  • Set AutoUpdate to take care of things.

If they manage to hork the machine now, I'm going to be impressed. But I have to wonder… What percentage of Colombo is being served by Fixit-Boy, and how are they getting by?

Avi

Posted: Thursday, August 25, 2005 5:33 PM by dditweb

Comments

shaunbed said:

Besides from the pirated Windows, this is not to different from what would happen in the United States.

I have a brother who has a MS in Computer Science with a focus on Network Security. He doesn't install Microsoft updates because they generate too many problems and tends to uninstall any antiviruses I have on a system first thing. He will use antiviruses to check infected systems but he doesn't feel a user should need them unless they are incompetent. I don't think his machine has ever had a virus. Oh, and he restores machines by using back up cds ;)

He is kind of in the "Microsoft is evil" camp so I guess I can understand his ideas but I don't agree. I am probably in the minority here. I really like the new features of XP SP 2 and feel that it is necessary to stay on top of the patch process. Most users don't. I also feel that the typical user will get viruses and spyware and tend to install an antivirus and antispyware. I also know about running under limited user accounts though I don't personally know any home users that do this.

My point is this.. I might agree full heartedly with your views but the average computer guy where I live is in Fixit-boy's league if that good. Most of the young gurus I hear about anymore love Linux and assume that everything from Microsoft sucks. They tend to assume Windows is totally impossible to protect and do an aweful job on Windows boxes. The average person is just ignorant. My brother really knows about Security and I am sure he does a great job with Linux but I lack confidence of his abilities with Windows.

Given that an average person lives in an environment where viruses, phishing scams, spyware, and other issues.. Given that the average user feels that Microsoft updates often cause more problems than benefits.. What do we do to change this situation? I feel that the American culture where I live is creating "fixit" boys who have no idea how to correctly administer a Windows box. Some of the biggest problems are social not technical. Our "fixit" boys have a lot of technical know-how.

Shaun Bedingfield
shaunbed@swbell.net
blogsb.blogspot.com
# August 25, 2005 9:05 PM

dditweb said:

(Posting a 2nd time - looks like HREFs aren't allowed)

You're right on several counts, Shaun.

Firstly - as you say, this isn't limited to Sri Lanka, or to any country, or even to complete beginners. Unfortunately, it's non-trivial to remain completely secure nowadays, but the things I see being done by my [distant] colleages on the Windows team suggest that we're definitely going in the right direction. Compare XPSP2 to Win95 (or even to vanilla XP) and it's obvious.

The bottom line is as such: Being the owner of a computer necessarily puts you in a position where you can screw it up if you don't know what you're doing. If people want to be able to do administrative things, then by definition they can break stuff if they're too trusting.

The only way to prevent that is to put safeguards in place to make it very obvious that you're risking things - and that's quite difficult. How do you detect if a program being installed is malicious? What's the definition of "malicious" anyway? There are some programs that are borderline [I'll refrain from mentioning names].

The other interesting thread you bring up is the "Linux vs. Windows" religious war. I read slashdot often, and I must admit that I always flock to the daily "M$ is teh evil" posts. They're entertaining, in a masochistic kind of way.

But most of the stuff I read about Windows' lack of security is extremely misguided. The real truth is that an admin who knows what they're doing can secure either system very well.

The problem for users is learning what they need to know, the problem for coders is learning how to write secure code (which is difficult), and the hardest problem, in my opinion, is for OS/GUI designers to come up with solutions that don't require either of the above to be true.

PS. Tell your brother that it has been a while since installing patches was a risky proposition in terms of compatibility (XPSP2 is a notable exception; but it wasn't a risk - it was all documented). Not installing them is extremely risky. Does he use the same philosophy with FireFox, for example?

And what he says about spyware/virus scanners being unnecessary... Well, he's not necessarily wrong - I have them installed, but have never caught a virus because I take other precautions. But defense in depth is always a good idea. The only excuse I've seen for not running AV software is performance, and that only applies on file servers that are handling very large amounts of traffic - even then there are mitigating factors.

Avi
# August 26, 2005 12:51 PM

chaz said:

i just don't get it how do i turn on antiviruses

# March 8, 2008 3:35 PM

DDITDev Elephants monkeys and Viruses Posted by Avi | bird baths said:

PingBack from http://cutebirdbaths.info/story.php?id=4660

# June 14, 2009 10:49 AM

DDITDev Elephants monkeys and Viruses Posted by Avi | debt solutions said:

PingBack from http://debtsolutionsnow.info/story.php?id=12878

# June 19, 2009 2:20 PM
Leave a Comment

(required) 

(required) 

(optional)

(required) 

  
Enter Code Here: Required

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker