Dylan wrote:
> In article <442D6DD7.8050204@nospam.org>, Georg Wrede says...
> 
>> Paolo Invernizzi wrote:
>> 
>>> Walter Bright wrote:
>>> 
>>> 
>>>> Turns out, I did have a trojan rootkit on my system. arrgh!
>>> 
>>> It's more and more problematic... from Slashdot today.
>>> 
>>> http://it.slashdot.org/it/06/03/31/0741221.shtml
>>> 
>>> As a test, I've a rootkit installed on an Windows machine from 3 years, and it's still undetected. ;-(
>> 
>> That made a thought cross my mind.
>> 
>> If I were the *head* of a three-letter government agency [you name
>> it, or then it's one whose name we don't even know] today, I'd sure
>> as heck tell B. Gates to install a for-me-only backdoor to Windows,
>> such that if "we" really feel threatened, then I can shut down all
>> the Windowses in the [non-free] world. Or hopefully, a more
>> accurately defined selection.
>> 
>> Yes, yes, this is not serious, so please no flames from anyone. I'm
>> just jotting down corollaries to the thought.
>> 
>> Anyhow, we all see the trend: computers are becoming more and more
>>  essential -- for _anything_ these days. One day (be it next year,
>> or 200 years from now) some bad-butt _will_ launch a major attack
>> upon somebody else (not even necessarily the U.S.). It would be
>> pretty reasonable to hope that there's something we [the "defenders
>> of the Free World", or whoever -- no offense] can do about it. And
>> nukes are no match for a global digital assault.
>> 
>> Next season's "24" might do well to belabor this thought.
>> Seriously.
>> 
>> ----
>> 
>> Frankly, I'm not even sure I'd be against such a back door. (Not
>> that I'm for it either, but building a solid opinion on it should
>> not be done off-hand. There are too many implications, pros and
>> cons involved. And the issue is way too important to just dismiss
>> to either side.)
>> 
>> Their [the afore-not-mentioned three-letter agency] problem of
>> course is Linux and BSD. But I would not be surprised if this issue
>> didn't come up somewhere (secretly or publicly) within the next 10
>> years.
>> 
>> Like laws in every single country stating that Internet Cafes using
>>  Linux have to have such a backdoor explicitly installed, lest they
>> face huge fines.
>> 
>> ----
>> 
>> No idea where this thought is leading, and I really don't care or
>> know. But thought it'd be appropriate to write it _somewhere_ as
>> soon as it came up.
>> 
>> ----
>> 
>> Hmmm. After proofreading, seems Windows is not enough. "I" should
>> go talk with Cisco Systems too. (Routers, backbone HW.)




> If? Thats a good one. If you seriously analize the components of
> windows - from the context of a data collection system - everything
> that didnt make sense, begins to make completely perfect sense.
> 
> Windows is a government data collection device masquerading as an
> Operating System.

Heh, yeah, that I read a couple of messages back. It must've still been in the back of my mind.

(Ehh, please spell it like "analyze", lest lewd people get ideas.)

All I can say is, I promise not to raise an eyebrow when somebody prooves that. :-)

Walter Bright wrote:
> Dave wrote:
> 
>> In article <e0io88$22jc$2@digitaldaemon.com>, Walter Bright says...
>> 
>>> Walter Bright wrote:
>>> 
>>>> At this point, it was apparent that tech support had no idea
>>>> why this was happening, and I was beginning to worry there was
>>>> either a rootkit installed, or there was just creeping
>>>> corruption going on. I gave up on Microsoft tech support, and
>>>> decided to reinstall Windows.
>>> 
>>> Turns out, I did have a trojan rootkit on my system. arrgh!
>> 
>> Any idea how that happened / made it onto your system? (it has me worried that virus scanning didn't pick it up).
> 
> I have no idea how it got on. Being a trojan, I must have run
> something. I'm usually very careful about not running anything I am
> not sure of, careful enough that this is the first virus/trojan I've
> had in 10 years.
> 
> I'm almost to the point of using a separate sacrificial machine for
> web surfing.

You _should_! I do. Some Really In-The-Know people do. And they're not even paranoid.

This has not come up, but now having thrown OE for Thunderbird, would you like to consider Firefox for IE? Rumors tell me that merely visiting hostile sites can install a rootkit, without you even touching a "link" on the page. On IE, that is.

---

PS, D might not feel like any Military Grade, High Treason, National Secrets. (At least I wouldn't feel like it if I had developed it.) But, to others, (ask the spooks or the Pygmy's guys,) D stuff might really be Important Stuff. (Or at least a trophy.)

Not to mention that even if (!) we all (!) do consider D as a lot safer [than the others], a yellow-paper headline telling the world that the Afganisthans stole the D back-end source code, would be an irreparable dent. In the Public Image of the "D Programming Language" anyway. Right?

-------------

Oh and please, don't _ever_ install a firewall or a NAT box at home!!!!!!!!! (Trust me, I know what I'm doing! (Quoted from the TV show, I forget the name.))

ONLY have EACH individual computer protected with it's OWN firewall!!!

Georg Wrede wrote:
> Oh and please, don't _ever_ install a firewall or a NAT box at
> home!!!!!!!!! (Trust me, I know what I'm doing! (Quoted from the TV
> show, I forget the name.))
> 
> ONLY have EACH individual computer protected with it's OWN firewall!!!

What do you mean? I have a dedicated proxy/NAT/firewall-PC and it surely does not let anyone unauthorized to login or do something bad.

Sai wrote:
> I used browser appliance only when I need to do lengthy high-risk browsing. Even
> though it needs huge chunk of memory (256MB out of 785MB) and is definitely slow
> than native IE, its worth the security.
> 
> However for quick and safe browsing, I use Firefox natively with NoScript
> extension. Its works well for me. Until now I have no complaints in either case.

Another option is to set up a user account with very low privileges and to browse via that login.  Since XP supports session switching, this allows everything to be done simultaneously but is also more seamless than the VM-based method if data sharing is needed.


Sean

Walter Bright wrote:
> Dave wrote:
> 
>> In article <e0io88$22jc$2@digitaldaemon.com>, Walter Bright says...
>>
>>> Walter Bright wrote:
>>>
>>>> At this point, it was apparent that tech support had no idea why this was happening, and I was beginning to worry there was either a rootkit installed, or there was just creeping corruption going on. I gave up on Microsoft tech support, and decided to reinstall Windows.
>>>
>>> Turns out, I did have a trojan rootkit on my system. arrgh!
>>

How did you pick up on this?

>>
>> Any idea how that happened / made it onto your system? (it has me worried that
>> virus scanning didn't pick it up).
> 
> 
> I have no idea how it got on. Being a trojan, I must have run something. I'm usually very careful about not running anything I am not sure of, careful enough that this is the first virus/trojan I've had in 10 years.
> 
> I'm almost to the point of using a separate sacrificial machine for web surfing.

Next time you upgrade a computer, use the old one (or get one from a second hand store). I have seen computers for about $20-30 (US) that would do just fine, particularly if you can turn off all that useless #@$%# that you won't need to run Fire fox/T-bird

Georg Wrede wrote:
>
> Actually, if I ever install Windows on a machine, (anybody's,) I do it
> from the (or a) CD, install ZA, configure it, and only then connect the
> lan cable.
>

I have heard stories of people who did that and still got hacked befor they could download all of the new patches.

In article <e0jqoa$20i$1@digitaldaemon.com>, Walter Bright says...
>
>Dave wrote:
>> In article <e0io88$22jc$2@digitaldaemon.com>, Walter Bright says...
>>> Walter Bright wrote:
>>>> At this point, it was apparent that tech support had no idea why this was happening, and I was beginning to worry there was either a rootkit installed, or there was just creeping corruption going on. I gave up on Microsoft tech support, and decided to reinstall Windows.
>>> Turns out, I did have a trojan rootkit on my system. arrgh!
>> 
>> Any idea how that happened / made it onto your system? (it has me worried that virus scanning didn't pick it up).
>
>I have no idea how it got on. Being a trojan, I must have run something. I'm usually very careful about not running anything I am not sure of, careful enough that this is the first virus/trojan I've had in 10 years.
>
>I'm almost to the point of using a separate sacrificial machine for web surfing.

Apologies if you already explained and I missed it - how did you test for a rootkit / vm?

Kevin

In article <442D6DD7.8050204@nospam.org>, Georg Wrede says...
>
..
>If I were the *head* of a three-letter government agency [you name it, or then it's one whose name we don't even know] today, I'd sure as heck tell B. Gates to install a for-me-only backdoor to Windows, such that if "we" really feel threatened, then I can shut down all the Windowses in the [non-free] world. Or hopefully, a more accurately defined selection.

I work for a gov. agency, but all our code is public domain - I don't think it's one of the ones you are referring to.  So I have no knowledge of the following, but that said...

With all the back doors, side doors, tunnels, and hacks that are already built into windows now (i.e. Sony *accidentally* installed one...), I'm not sure what difference one more would make.  The biggest problem for said agency or agencies is probably that their agents are constantly tripping over and being trampled by all the Sony executives, hackers, phrackers, citibank employees, encyclopedia salesmen, and ordinary catburglars that are the normal traffic through those doors now.

Seriously, a system that lets *any application* install drivers UNDER the cd-rom is not even trying to implement security.  This is what happened in the Sony instance as I understand it -- a Sony-procured software agent was slipped under the CDROM driver to keep an eye out for assorted naughtiness.  In reality, the Sony debacle happened when their sub-contractors waltzed in through the *front door*.

The "hack" they did went through a supported and documented Microsoft API, being used more or less for its intended purpose.

[ In fairness, as a Linuxoid, I should point out that most Linux dists. install all software as root, which could almost have the same effect.  The primary difference then, is that the software on Linux systems is usually open source and from the Linux or distribution people, whereas in MS-land it is closed and from various vendors. ]

( Perhaps the pertinent observation here is one of human nature.  A prison is confining, but a navy submarine is probably even more confining than a prison. However, most people would much rather be on a navy submarine.  Because the critical question in life is not where you are but who you're with.  Corporate and anti-corporate politics aside, most of the difference is that you can trust Torvalds, Stallman, de Icaza, and so on, further than the fellow at Sony. )

Kevin

Kevin Bealer wrote:
> In article <e0jqoa$20i$1@digitaldaemon.com>, Walter Bright says...
> 
>>Dave wrote:
>>
>>>In article <e0io88$22jc$2@digitaldaemon.com>, Walter Bright says...
>>>
>>>>Walter Bright wrote:
>>>>
>>>>>At this point, it was apparent that tech support had no idea why this was happening, and I was beginning to worry there was either a rootkit installed, or there was just creeping corruption going on. I gave up on Microsoft tech support, and decided to reinstall Windows.
>>>>
>>>>Turns out, I did have a trojan rootkit on my system. arrgh!
>>>
>>>Any idea how that happened / made it onto your system? (it has me worried that
>>>virus scanning didn't pick it up).
>>
>>I have no idea how it got on. Being a trojan, I must have run something. I'm usually very careful about not running anything I am not sure of, careful enough that this is the first virus/trojan I've had in 10 years.
>>
>>I'm almost to the point of using a separate sacrificial machine for web surfing.
> 
> 
> Apologies if you already explained and I missed it - how did you test for a
> rootkit / vm?
> 
> Kevin
> 
> 
> 

I don't know how Walter detected the rootkit on his machine, but I would recommend SysInternals' excellent freeware RootKitRevealer, available at http://www.sysinternals.com/utilities/rootkitrevealer.html

I Have to wonder why you were using Outlook Express in the first place...

-S.

On 2006-03-29 00:57:14 -0800, "Walter Bright" <newshound@digitalmars.nospamm.com> said:

> A few days ago, Outlook Express starting acting flaky - my account names were forcibly converted to 1, 2, 3, etc., and retyping in the correct ones refused to stick. Then, windows update started failing with useless messages consisting of 8 digit hex numbers.
> 
> So I thought I'd try Microsoft update tech support (which is free for update failures). They asked me to send them logs, which I did. Then, came an endless series of "try this ...", which usually involved unregistering a dozen dlls, rebooting, starting/stopping services, reregistering them, renaming system files, booting in safe mode, wiping directories, deleting files, rebooting, rebooting, all to no avail (except the 8 digit hex number would change).
> 
> Then came the exhortation to run a virus scan, with a couple links. The symantec virus scan crashed after a half hour. The other one completed, and found nothing.
> 
> At this point, it was apparent that tech support had no idea why this was happening, and I was beginning to worry there was either a rootkit installed, or there was just creeping corruption going on. I gave up on Microsoft tech support, and decided to reinstall Windows.
> 
> Do you know it takes THREE HOURS to install Windows from scratch? Gads, you install XP from the CD which requires rebooting several times, then again from the XP SP2 update CD (rebooting n more times), then you log in to Windows update and update/reboot 4 or 5 more times. Why can't Windows Update download everything at once and reboot only once?
> 
> So now I've got Windows reinstalled. Now comes the dance of reinstalling everything else. The worst is, of course, Outlook Express which completely loses track of everything after a reinstall. I have a crib sheet of most of the settings, but even so, there's no way to restore which newsgroup files are read/unread. I also use the undocumented method of finding which gawdawful directory O.E. squirrels the files away in (all in deeply nested hidden directories with 80+ character tty noise filenames) and saving/restoring the dbx files manually.
> 
> Most of the other apps aren't too bad, if you were smart enough to keep a crib sheet of all the serial numbers, registration numbers, and funky passwords. The whole job takes about 12 hours.
> 
> Morals of the story:
> 
> 1) Keep a crib sheet of all the settings, passwords, serial numbers, registration follderalls, etc.
> 
> 2) If you're going to provide an update program, fer cryin out loud, make it a monolithic program that doesn't depend on everything else in the OS working perfectly. After all, when you need it, it's probably because the rest of the system isn't right. And if the update program itself is corrupted, then tech support can just send you a new one.
> 
> 3) If you're writing an app, don't require it to be reinstalled if Windows is reinstalled. DM programs don't need to be. Store your configuration in some text file that can be saved/restored. Please!
> 
> 4) If you're going to need to muck about with the system registry, do it like Quicken does. Quicken has a menu item "Backup" which, amazingly enough, backs up all its settings and crud to a file you specify. Then, I reinstall Quicken from the CD, hit "Restore" and give the file name, and it fixes itself. Quicken is full of horrible design choices, but at least they got that right. No other app I've used does that.
> 
> 5) Never, ever install anything with DRM on it on your work computer. DRM often involves rootkits, installing new drivers that destabilize your system, etc. This includes most game software. Use a separate computer for DRM, one that you won't mind regularly reinstalling Windows on.
> 
> There, I feel better now <g>.

On 2006-03-29 09:19:27 -0800, Jari-Matti Mäkelä <jmjmak@utu.fi.invalid> said:

> pragma wrote:
>> In article <e0dtb1$2mld$1@digitaldaemon.com>, Juan Jose Comellas says...
>>> At some point in the past, the only way to be able to be certified
>>> "Windows-logo compatible" was if you used the registry to save your
>>> program's settings. I guess they wanted to make it really difficult to
>>> switch computers without reinstalling. The registry is probably the worst
>>> abomination to come from Redmond and it's the cause of most of the problems
>>> Windows has.
>> 
>> Here's how I look at it.  The registry works fantastic for a few things:
>> 
>> 1) Making explorer do file type magic
>> 2) OLE/Drag-and-Drop interoperability (more file type registration and metadata)
>> 3) COM registry
>> 4) Application initalization
>> 
>> .. but design wise it has the following drawbacks:
>> 
>> 1) Behaves as its own entity in memory (can you say "cache-thrashing"?)
>> 2) Has its own LRU algorithm and behavior
>> 3) Is prone to bloat, as applications abuse it in various ways
> 
> IMO the worst thing is that you really can't separate all the per-user
> settings from the system-wide configuration. That makes it impossible to
> backup your personal data without 3rd party programs. In *nixes it's
> damn easy to backup your home directory without any problems and restore
> all data to another system in a breeze. Even a newbie can do that.

Much of the registry is stored in data files in your documents and settings folder.

> 
>> Why they didn't just come up with a universal configuraiton file tree ( /etc
>> anyone? ), with filesystem drivers that feature superior or tree-specific
>> caching, I'll never know.  In every possible way, it would have provided a more
>> stable configuration, for about half as much engineering.
> 
> FAT-file systems used to have bad space efficiency. Currently a complex
> registry would require you to have at least reiserfs4 to work fast enough.

That is absolutely not true.  Not to mention that they use NTFS now.  If you're talking about storing a file for each variable, you missed the point of the original comment.  Switching to everything used per-app XML files would simply require changing the behavior of the Registry function calls.

-S.