The AGM on Friday
February 14 at the WEA was kept short. The existing committee etc continues
and fees were set at $15 pa.
AND OTHER MALICIOUS CODE
With the Internet
simply swimming in viruses and other malicious code such as worms,
Trojan horses, spyware, user registration (as well as other
"come-ons"), and spam, it is high time that we devoted a
meeting to these problems that are now out of control.
Even the word "virus"
is a problem in itself because the media calls everything a "virus"
from legionella that is responsible for Legionaire's disease to
meningacoccus that can cause meningitis (these are actually both
bacterial infections and nothing to do with viruses) through to any
form of unexpected computer behaviour.
Have you had any
experiences with malicious code on the Internet or elsewhere? What
were they? What precautions do you use or recommend to avoid
malicious code problems? Do you always run anti-virus software? Do
you keep it up-to-date? Do you run firewall software? Does it work
or do you lose access to stuff you want? Do you do frequent backups?
Do you use separate PCs, one for serious stuff and one for the
Internet? Do you run a LAN with shared folders while simultaneously
going on-line? Are the attempts at avoidance worse than the problem?
Do you allow Email previewing, ActiveX, or Java to run on your PC?
Is Linux more immune to malicious code attacks than Windows? Do you
investigate or track down the sources of malicious code? Do you
think there isn't a problem, or if there is, is it exaggerated? If
your answer to any of those questions is "yes" then bring
your comments along to the February meeting. It should be good.
And if you don't think
this is a serious problem, then imagine you've just installed your
brand new LG Internet 'fridge, connected up the power and the ADSL
line then opened up the door only to find a virus in the milk, a worm
in the lettuce, and nothing else to eat but spam! Then you
might think it's serious!
. . . Rick Matthews
Some links that came out of the meeting;
Cache & Cookie Washer
WinPcap (needed for Ethereal)
Eicar (The Anti-Virus test file)
Sygate Personal Firewall
Steve Gibsons ShieldsUp etc
EICAR Anti Virus test program
Copy the text string below and save it as a text file.
Rename the text file to EICAR.COM
It will then be detected as the EICAR test virus.
MALICIOUS & OTHER UNINVITED SOFTWARE
Viruses (including polymorphic)
Spyware (AOL, Netscape, RealMedia, KaZaA, & many large corporations)
Pop-ups, consoles, Adware
Money Handling, Banking
Denial of service attacks
AOL Internet Setup CDs
Go!zilla (mucks up IE)
Disable Sharing Discs, Printers, LAN
Virus Checkers (presently totalling 78,000 at a rate of 25 a day?)
Fire-walls (Zone Alarm, Ad-Aware)
Protocol Analyser (Ethereal)
Separate Net & Serious PCs
Turn off or ask for Active-X, Java, cookies
Use aliases on the net for IRC, etc
Control-Alt-Delete to check running programs such as "save now" (from BugBear)
TCPA (Trusted Computing Platform Alliance), Palladium, LeGrande
Encription (Public key, Hard Drive access, on-board crypto chips)
Exclusion from some areas of the O/S and/or H/W (& that includes you!)
WHO IS DOING IT?
Individuals / Big Corporations?
Virus checks deliberately limited - eg. no spyware warnings
HUNTING DOWN "CRACKERS"
Examining EMail headers (beware of spoofing, aliases)
Examine data with Protocol Analyser
Full reformat and reload hard drive
Linux partition (Knoppix)
WITH A REAL DIFFERENCE - KNOPPIX 3.1
The October 2002 DVD
edition of Linux Format has a very clever variant of Debian Linux on
it called Knoppix 3.1 written by a German Linux enthusiast.
The DVD will auto-boot
to Knoppix Linux just like a number of distributions can (if your
BIOS is set for booting from DVD/CD), but the difference with this
version is that it only needs the DVD and the system RAM to boot up
with no reference to the hard drive whatsoever, except that it
auto-mounts any hard drive or drives and all their partitions if they
If there are no hard
drives it still fully boots up. That's right! You don't need to
have a hard drive in the system at all. This Linux can boot up with
no hard drive in the machine and can do everything you would expect
of any other Linux system including being configured to run on a LAN
or dial-up Internet access. This makes Knoppix ideal as a first
taste of Linux without disturbing an existing system in any way.
Because Knoppix Linux's
900 packages are compressed down to 700MB on the DVD and decompresses
all files when they run, it actually has about 1.7 GB equivalent of
software on it. I followed the magazine instructions to extract
Knoppix from the DVD onto a CD and it all fits, auto-boots, and runs
from the CD version with a similar speed to Linux running from a hard
Apart from hard drives,
the auto-configuation also correctly finds the mouse, keyboard, sound
card, USB ports, serial/parallel ports, printers and, more
importantly, the extremely difficult correct video settings on all
machines Knoppix has been tried on.
If your CD or DVD drive
can't auto-boot or if you don't want to fiddle with the BIOS settings
you can boot partially from a floppy and then complete the booting
process from the CD or DVD.
As already mentioned,
Knoppix auto-mounts any hard drives and all their partitions that it
sees on the system when it boots up. This means that you could
rescue all your valuable files by writing them out to CDs, or even
patch up a crashed Windows or Linux system on your hard drive. Even
if Windows is the only partition on the hard drive and Linux has
never run on that machine before it should still work.
Another surprise is
that if your hard drive happens to be loaded with Windows NT and you
have forgotten the password. No problem. You just click the
auto-mounted desktop icon and Knoppix sees all the NT files and gives
you full read/write access to them without any passwords.
As a bonus among the
900 packages, Knoppix contains Open Office, an OGG player and some
OGG music files (the licence-free alternative to MP3), heaps of
multimedia players including MP3, MPEG, AVI, various CD burners and
many diagnostic programs.
With all of Knoppix's
incredible features there has to be a down side. There is. Because
Knoppix uses your system RAM for much of its storage including the
swap partition, it needs at least 80 MB of RAM to run and a lot of
your new stuff may be lost when you close down unless you save it to
a floppy, CD-R or CD-RW (yes, you can use Knoppix's CD burning
programs here), Flash USB RAM, Zip disc, to another machine on a LAN,
to another machine over the Internet, or a hard drive somewhere.
But, considering how useful Knoppix is, this is not too much to do,
In fact, I can even
save files, any files, as well as picture files, to the flash RAM
card in my digital camera which has both serial and USB access which
Knoppix interfaces to. Just imagine, with a Knoppix CD and a
digital camera you could just about do anything to any system,
anytime, anywhere, without trace. Now there's something to dwell
. . . Rick Matthews