Home
About
Meetings Program
 and Reports
Location
Contact Us
Links
Blog
Headlines List

Page updated Wednesday
19th 2003f February 2003
22:44:22 UTC
Now 15:39:39 UTC
Hits:1330


  AGM and Viruses, Malicious Code, Hacking, & members experiences

Date:February 14, 2003
Time:7:00 pm.
Place:WEA, 223 Angas Street, ADELAIDE
Presenter:SAMG Members

AGM

The AGM on Friday February 14 at the WEA was kept short. The existing committee etc continues and fees were set at $15 pa.



VIRUSES AND OTHER MALICIOUS CODE

With the Internet simply swimming in viruses and other malicious code such as worms, Trojan horses, spyware, user registration (as well as other "come-ons"), and spam, it is high time that we devoted a meeting to these problems that are now out of control.


Even the word "virus" is a problem in itself because the media calls everything a "virus" from legionella that is responsible for Legionaire's disease to meningacoccus that can cause meningitis (these are actually both bacterial infections and nothing to do with viruses) through to any form of unexpected computer behaviour.


Have you had any experiences with malicious code on the Internet or elsewhere? What were they? What precautions do you use or recommend to avoid malicious code problems? Do you always run anti-virus software? Do you keep it up-to-date? Do you run firewall software? Does it work or do you lose access to stuff you want? Do you do frequent backups? Do you use separate PCs, one for serious stuff and one for the Internet? Do you run a LAN with shared folders while simultaneously going on-line? Are the attempts at avoidance worse than the problem? Do you allow Email previewing, ActiveX, or Java to run on your PC? Is Linux more immune to malicious code attacks than Windows? Do you investigate or track down the sources of malicious code? Do you think there isn't a problem, or if there is, is it exaggerated? If your answer to any of those questions is "yes" then bring your comments along to the February meeting. It should be good.


And if you don't think this is a serious problem, then imagine you've just installed your brand new LG Internet 'fridge, connected up the power and the ADSL line then opened up the door only to find a virus in the milk, a worm in the lettuce, and nothing else to eat but spam! Then you might think it's serious!


. . . Rick Matthews

Some links that came out of the meeting;
Ad-Aware
Agnitum
MailWasher
Cache & Cookie Washer
Ethereal
WinPcap (needed for Ethereal)
KaZaA
Morpheus
Eicar (The Anti-Virus test file)
Sygate Personal Firewall
Steve Gibsons ShieldsUp etc

EICAR Anti Virus test program

Copy the text string below and save it as a text file.
Rename the text file to EICAR.COM
It will then be detected as the EICAR test virus.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
MALICIOUS & OTHER UNINVITED SOFTWARE
Viruses (including polymorphic)
Worms
Trojan horses
Spyware (AOL, Netscape, RealMedia, KaZaA, & many large corporations)
Spam
Come-ons
User Registration
Cookies
Updates
Xmas Cards
Pop-ups, consoles, Adware
Chain EMail
ID Theft
Money Handling, Banking
Instant Messaging
Peer-to-peer
Freebies
Security Holes
Privacy issues
Denial of service attacks
AOL Internet Setup CDs
Go!zilla (mucks up IE)
PROTECTION
Frequent Backups
Disable Sharing Discs, Printers, LAN
Virus Checkers (presently totalling 78,000 at a rate of 25 a day?)
Fire-walls (Zone Alarm, Ad-Aware)
Protocol Analyser (Ethereal)
Separate Net & Serious PCs
Turn off or ask for Active-X, Java, cookies
Use aliases on the net for IRC, etc
Control-Alt-Delete to check running programs such as "save now" (from BugBear)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Verisign
TCPA (Trusted Computing Platform Alliance), Palladium, LeGrande
Encription (Public key, Hard Drive access, on-board crypto chips)
Exclusion from some areas of the O/S and/or H/W (& that includes you!)
Passwords
Biometrics
WHO IS DOING IT?
Individuals / Big Corporations?
Virus checks deliberately limited - eg. no spyware warnings
HUNTING DOWN "CRACKERS"
Examining EMail headers (beware of spoofing, aliases)
Examine data with Protocol Analyser
RECOVERY
Full reformat and reload hard drive
Anti-virus S/W
Boot Discs
Linux partition (Knoppix)

LINUX WITH A REAL DIFFERENCE - KNOPPIX 3.1

The October 2002 DVD edition of Linux Format has a very clever variant of Debian Linux on it called Knoppix 3.1 written by a German Linux enthusiast.

The DVD will auto-boot to Knoppix Linux just like a number of distributions can (if your BIOS is set for booting from DVD/CD), but the difference with this version is that it only needs the DVD and the system RAM to boot up with no reference to the hard drive whatsoever, except that it auto-mounts any hard drive or drives and all their partitions if they exist.

If there are no hard drives it still fully boots up. That's right! You don't need to have a hard drive in the system at all. This Linux can boot up with no hard drive in the machine and can do everything you would expect of any other Linux system including being configured to run on a LAN or dial-up Internet access. This makes Knoppix ideal as a first taste of Linux without disturbing an existing system in any way.

Because Knoppix Linux's 900 packages are compressed down to 700MB on the DVD and decompresses all files when they run, it actually has about 1.7 GB equivalent of software on it. I followed the magazine instructions to extract Knoppix from the DVD onto a CD and it all fits, auto-boots, and runs from the CD version with a similar speed to Linux running from a hard drive.

Apart from hard drives, the auto-configuation also correctly finds the mouse, keyboard, sound card, USB ports, serial/parallel ports, printers and, more importantly, the extremely difficult correct video settings on all machines Knoppix has been tried on.

If your CD or DVD drive can't auto-boot or if you don't want to fiddle with the BIOS settings you can boot partially from a floppy and then complete the booting process from the CD or DVD.

As already mentioned, Knoppix auto-mounts any hard drives and all their partitions that it sees on the system when it boots up. This means that you could rescue all your valuable files by writing them out to CDs, or even patch up a crashed Windows or Linux system on your hard drive. Even if Windows is the only partition on the hard drive and Linux has never run on that machine before it should still work.

Another surprise is that if your hard drive happens to be loaded with Windows NT and you have forgotten the password. No problem. You just click the auto-mounted desktop icon and Knoppix sees all the NT files and gives you full read/write access to them without any passwords.

As a bonus among the 900 packages, Knoppix contains Open Office, an OGG player and some OGG music files (the licence-free alternative to MP3), heaps of multimedia players including MP3, MPEG, AVI, various CD burners and many diagnostic programs.

With all of Knoppix's incredible features there has to be a down side. There is. Because Knoppix uses your system RAM for much of its storage including the swap partition, it needs at least 80 MB of RAM to run and a lot of your new stuff may be lost when you close down unless you save it to a floppy, CD-R or CD-RW (yes, you can use Knoppix's CD burning programs here), Flash USB RAM, Zip disc, to another machine on a LAN, to another machine over the Internet, or a hard drive somewhere. But, considering how useful Knoppix is, this is not too much to do, is it?

In fact, I can even save files, any files, as well as picture files, to the flash RAM card in my digital camera which has both serial and USB access which Knoppix interfaces to. Just imagine, with a Knoppix CD and a digital camera you could just about do anything to any system, anytime, anywhere, without trace. Now there's something to dwell on.

. . . Rick Matthews