[gentoo-user] Boot Gentoo to clean windows

[gentoo-user] Boot Gentoo to clean windows

[Mikie]

Does anyone know of a product (hopefully free) that can clean a Windows
PC while booted on Gentoo?

I guess I need a good malware tool that runs on Linux and cleans NTFS
volumes.

Thanks.
--
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Boot Gentoo to clean windows

[Dirk Heinrichs]

[-- Attachment #1: Type: text/plain, Size: 656 bytes --]

Am Mittwoch, 26. März 2008 schrieb ext Mikie:

> Does anyone know of a product (hopefully free) that can clean a Windows
> PC while booted on Gentoo?
>
> I guess I need a good malware tool that runs on Linux and cleans NTFS
> volumes.

What do you mean with "clean"? Remove Windows? Use fdisk.

Bye...

	Dirk
-- 
Dirk Heinrichs          | Tel:  +49 (0)162 234 3408
Configuration Manager   | Fax:  +49 (0)211 47068 111
Capgemini Deutschland   | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68      | Web:  http://www.capgemini.com
D-40468 Düsseldorf      | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Boot Gentoo to clean windows

[Davi Vidal]

Em Wednesday 26 March 2008, Mikie escreveu:
> Does anyone know of a product (hopefully free) that can clean a Windows
> PC while booted on Gentoo?
>
> I guess I need a good malware tool that runs on Linux and cleans NTFS
> volumes.
>

	AFAIK, AVG runs on Linux. And you can use ntfs-3g.


	Best regards,
-- 
Davi Vidal
--
E-mail: davividal@siscompar.com.br
MSN   : davividal@msn.com
GTalk : davividal@gmail.com
Skype : davi vidal
YIM   : davi_vidal
ICQ   : 138815296
-- 
gentoo-user@lists.gentoo.org mailing list

[gentoo-user] Re: Boot Gentoo to clean windows

[7v5w7go9ub0o]

Mikie wrote:
> Does anyone know of a product (hopefully free) that can clean a Windows
> PC while booted on Gentoo?
> 
> I guess I need a good malware tool that runs on Linux and cleans NTFS
> volumes.
> 
> Thanks.

FWIW, AntiVir, Bitdefender, and F-Prot run quite well on Linux, and each 
has BOTH Linux and Windows Trojan and virus signatures. So you can 
install these and scan your windows box, and then scan your Linux 
box/downloads for malware (e.g. openoffice files, media files, etc.).

Add Dazuko, and you can get real-time scanning of your Linux box while 
downloading/compiling software.

(AntiVir and Bitdefender each usually score high on the 
antivirus/antiTrojan tests run for Windows bugs.

Bitdefender and F-Prot are ebuilds; AntiVir is available as a Linux source

hth
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Re: Boot Gentoo to clean windows

[Florian Philipp]

[-- Attachment #1: Type: text/plain, Size: 956 bytes --]


On Wed, 2008-03-26 at 22:13 -0400, 7v5w7go9ub0o wrote:
> Mikie wrote:
> > Does anyone know of a product (hopefully free) that can clean a Windows
> > PC while booted on Gentoo?
> > 
> > I guess I need a good malware tool that runs on Linux and cleans NTFS
> > volumes.
> > 
> > Thanks.
> 
> FWIW, AntiVir, Bitdefender, and F-Prot run quite well on Linux, and each 
> has BOTH Linux and Windows Trojan and virus signatures. So you can 
> install these and scan your windows box, and then scan your Linux 
> box/downloads for malware (e.g. openoffice files, media files, etc.).
> 
> Add Dazuko, and you can get real-time scanning of your Linux box while 
> downloading/compiling software.

This is getting OT but I still want to ask:
Is it really necessary to run an anti-virus on linux? I just want to
hear some opinions on that topic because I thought security fixes for
your software are the way to go for fighting virae on linux.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Re: Boot Gentoo to clean windows

[Dirk Heinrichs]

[-- Attachment #1: Type: text/plain, Size: 469 bytes --]

Am Donnerstag, 27. März 2008 schrieb Florian Philipp:

> Is it really necessary to run an anti-virus on linux? I just want to
> hear some opinions on that topic because I thought security fixes for
> your software are the way to go for fighting virae on linux.

The main purpose is to remove virae from _Windows_ drives. You boot from a 
Linux LiveCD, like german c't magazin's "Knoppicillin", mount your NTFS 
partition(s) and clean them.

HTH...

	Dirk

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Re: Boot Gentoo to clean windows

[Conway S. Smith]

On Thu, 27 Mar 2008 19:18:57 +0100
"Dirk Heinrichs" <dirk.heinrichs@online.de> wrote:
> Am Donnerstag, 27. März 2008 schrieb Florian Philipp:
> 
> > Is it really necessary to run an anti-virus on linux? I just want
> > to hear some opinions on that topic because I thought security
> > fixes for your software are the way to go for fighting virae on
> > linux.
> 
> The main purpose is to remove virae from _Windows_ drives. You boot
> from a Linux LiveCD, like german c't magazin's "Knoppicillin",
> mount your NTFS partition(s) and clean them.
> 

Or to catch & remove a virus before it reaches the Windows machines -
say with a Linux file or email server on a network w/ Windows
machines.


Conway S. Smith
--
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] virusses on Linux [was: Re: Boot Gentoo to clean windows]

[Uwe Thiem]

On Thursday 27 March 2008, Florian Philipp wrote:

> This is getting OT but I still want to ask:
> Is it really necessary to run an anti-virus on linux? I just want
> to hear some opinions on that topic because I thought security
> fixes for your software are the way to go for fighting virae on
> linux.

FWIW: I have been using Linux workstations for over 10 years now 
without any virus protection. Not a single accident.

On the other hand, if you run a Linux server (say a mail server) for a 
mixed environment you definitely want a virus scanner on your server 
to protect your Windows clients.

Uwe

-- 
Informal Linux Group Namibia:
http://www.linux.org.na/
SysEx (Pty) Ltd.:
http://www.SysEx.com.na/
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Re: Boot Gentoo to clean windows

[Dale]

Florian Philipp wrote:
>
> This is getting OT but I still want to ask:
> Is it really necessary to run an anti-virus on linux? I just want to
> hear some opinions on that topic because I thought security fixes for
> your software are the way to go for fighting virae on linux.
>   

I have not ran a anti-virus here for years and no problems so far.  I 
don't think Linux has this problem except for the rootkit thing.  It 
seems Linux is just pretty much immune to this sort of thing.

Dale

:-)  :-)
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Re: Boot Gentoo to clean windows

[Alan McKinnon]

On Thursday 27 March 2008, Dale wrote:
> Florian Philipp wrote:
> > This is getting OT but I still want to ask:
> > Is it really necessary to run an anti-virus on linux? I just want
> > to hear some opinions on that topic because I thought security
> > fixes for your software are the way to go for fighting virae on
> > linux.
>
> I have not ran a anti-virus here for years and no problems so far.  I
> don't think Linux has this problem except for the rootkit thing.  It
> seems Linux is just pretty much immune to this sort of thing.

Not really immune as such, just well protected. It's very hard to gain 
remote access as a user and then find an exploit to elevate to root 
priviledges. The devastation wrought on the internet by zombie windows 
machines is by and large not really possible on Linux to anything like 
the same degree - if an attacker dupes a user into running some malware 
it tends to run as the user which limits what the malware can do i.e. 
no ports open below 1024 etc etc. 

BUT some points to keep in mind:

1. Linux us still small fry in the desktop market, and not really a 
target for malware scumbags. Why should they? It's much harder to do 
especially when Redmond's finest code in the wild is such juicy low 
hanging fruit. This is bound to change, just a matter of time

2. There are some Linuxes out there that run everything as root. 
Xandros, I'm especially looking at you here. Apparently the Xandros 
devs like the way Redmond does things, right down to the brain dead 
design decisions <sigh> human stupidity is apparently boundless

3. If an attacker gains access to your machine, he can trash your 
personal stuff just for spite. This is catastrophic to the average user 
even though it leaves the rest of the internet just as it was 

-- 
Alan McKinnon
alan dot mckinnon at gmail dot com

-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Re: Boot Gentoo to clean windows

[Dale]

Alan McKinnon wrote:
> On Thursday 27 March 2008, Dale wrote:
>   
>> Florian Philipp wrote:
>>     
>>> This is getting OT but I still want to ask:
>>> Is it really necessary to run an anti-virus on linux? I just want
>>> to hear some opinions on that topic because I thought security
>>> fixes for your software are the way to go for fighting virae on
>>> linux.
>>>       
>> I have not ran a anti-virus here for years and no problems so far.  I
>> don't think Linux has this problem except for the rootkit thing.  It
>> seems Linux is just pretty much immune to this sort of thing.
>>     
>
> Not really immune as such, just well protected. It's very hard to gain 
> remote access as a user and then find an exploit to elevate to root 
> priviledges. The devastation wrought on the internet by zombie windows 
> machines is by and large not really possible on Linux to anything like 
> the same degree - if an attacker dupes a user into running some malware 
> it tends to run as the user which limits what the malware can do i.e. 
> no ports open below 1024 etc etc. 
>
> BUT some points to keep in mind:
>
> 1. Linux us still small fry in the desktop market, and not really a 
> target for malware scumbags. Why should they? It's much harder to do 
> especially when Redmond's finest code in the wild is such juicy low 
> hanging fruit. This is bound to change, just a matter of time
>
> 2. There are some Linuxes out there that run everything as root. 
> Xandros, I'm especially looking at you here. Apparently the Xandros 
> devs like the way Redmond does things, right down to the brain dead 
> design decisions <sigh> human stupidity is apparently boundless
>
> 3. If an attacker gains access to your machine, he can trash your 
> personal stuff just for spite. This is catastrophic to the average user 
> even though it leaves the rest of the internet just as it was 
>
>   

True, but I did say 'pretty much'.  Nothing is completely immune.  A old 
Commodore Vic-20 can be hacked if you can connect it to the net.  
Although it is not fast enough to do much harm.  LOL 

I also agree that as Linux grows, so will the people trying to hack 
them.  As long as there are people using Linux that don't keep there box 
fairly secure, it will happen.  I don't think it will be as easy as the 
finest Redmond software but they will try.  If nothings else, they will 
try common passwords and there will always be some idiot with their 
password set to love, sex, god and other easy to guess ones.  I like my 
password tho.  It's numbers and letters and has no meaning whatsoever.  
Not even a birth date in it. 

I was not aware of #2.  Sounds like a bunch of Redmond whatabees.  o_O

Dale

:-)  :-)  :-) 
-- 
gentoo-user@lists.gentoo.org mailing list

[gentoo-user] Re: Boot Gentoo to clean windows

[7v5w7go9ub0o]

Florian Philipp wrote:
<snip>
>> FWIW, AntiVir, Bitdefender, and F-Prot run quite well on Linux, and each 
>> has BOTH Linux and Windows Trojan and virus signatures. So you can 
>> install these and scan your windows box, and then scan your Linux 
>> box/downloads for malware (e.g. openoffice files, media files, etc.).
>>
>> Add Dazuko, and you can get real-time scanning of your Linux box while 
>> downloading/compiling software.
> 
> This is getting OT but I still want to ask:
> Is it really necessary to run an anti-virus on linux? I just want to
> hear some opinions on that topic because I thought security fixes for
> your software are the way to go for fighting virae on linux.

Anti-Virus on Linux.  No.
(presuming that you don't run as root, and have lots of unprivileged 
users for individual applications.)

Anti-Malware on Linux.  Yes.
(Malware gets to the box via spoofed or hacked software distribution or 
creation sites; bad links or poisoned DNS caches; or via (e.g.) browser 
memory attacks - at plugins or exploits)

The oldtimers will tell you that safe hex and perhaps integrity 
monitoring (e.g. Samhain or tripwire) are all that's needed. But desktop 
Linux with Browsing, IM, etc. is changing that, IMHO.

The three packages above have Linux Trojan and Rootkit signatures, as 
well as Windows malware sigs. Easy enough to run an occasional scan of 
the Linux box (or Windows partition); and to scan each Linux download 
before reading, compiling, or passing on.

(Dazuko additionally allows realtime scans of compilation read/writes).

IMHO, Linux and MAC are the next frontier for malware, and -SADLY- 
AntiMalware signature and heuristic techniques are one thing we can 
learn about from Windows :-(




-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Re: Boot Gentoo to clean windows

[Mick]

On 28/03/2008, 7v5w7go9ub0o <7v5w7go9ub0o@gmail.com> wrote:
> Florian Philipp wrote:
>  <snip>
>
> >> FWIW, AntiVir, Bitdefender, and F-Prot run quite well on Linux, and each
>  >> has BOTH Linux and Windows Trojan and virus signatures. So you can
>  >> install these and scan your windows box, and then scan your Linux
>  >> box/downloads for malware (e.g. openoffice files, media files, etc.).
>  >>
>  >> Add Dazuko, and you can get real-time scanning of your Linux box while
>  >> downloading/compiling software.
>  >
>  > This is getting OT but I still want to ask:
>  > Is it really necessary to run an anti-virus on linux? I just want to
>  > hear some opinions on that topic because I thought security fixes for
>  > your software are the way to go for fighting virae on linux.
>
>
> Anti-Virus on Linux.  No.
>  (presuming that you don't run as root, and have lots of unprivileged
>  users for individual applications.)
>
>  Anti-Malware on Linux.  Yes.
>  (Malware gets to the box via spoofed or hacked software distribution or
>  creation sites; bad links or poisoned DNS caches; or via (e.g.) browser
>  memory attacks - at plugins or exploits)
>
>  The oldtimers will tell you that safe hex and perhaps integrity
>  monitoring (e.g. Samhain or tripwire) are all that's needed. But desktop
>  Linux with Browsing, IM, etc. is changing that, IMHO.
>
>  The three packages above have Linux Trojan and Rootkit signatures, as
>  well as Windows malware sigs. Easy enough to run an occasional scan of
>  the Linux box (or Windows partition); and to scan each Linux download
>  before reading, compiling, or passing on.
>
>  (Dazuko additionally allows realtime scans of compilation read/writes).
>
>  IMHO, Linux and MAC are the next frontier for malware, and -SADLY-
>  AntiMalware signature and heuristic techniques are one thing we can
>  learn about from Windows :-(

http://news.yahoo.com/s/pcworld/20080327/tc_pcworld/143901

What worries me is the reference to Safari . . . (khtml rendering engine?)

What is an appropriate anti-malware for Linux, other than safe-hex?
-- 
Regards,
Mick
-- 
gentoo-user@lists.gentoo.org mailing list

[gentoo-user] Re: Boot Gentoo to clean windows

[7v5w7go9ub0o]

Mick wrote:
> On 28/03/2008, 7v5w7go9ub0o <7v5w7go9ub0o@gmail.com> wrote:

>>
>> Anti-Virus on Linux.  No.
>>  (presuming that you don't run as root, and have lots of unprivileged
>>  users for individual applications.)
>>
>>  Anti-Malware on Linux.  Yes.
>>  (Malware gets to the box via spoofed or hacked software distribution or
>>  creation sites; bad links or poisoned DNS caches; or via (e.g.) browser
>>  memory attacks - at plugins or exploits)
>>
>>  The oldtimers will tell you that safe hex and perhaps integrity
>>  monitoring (e.g. Samhain or tripwire) are all that's needed. But desktop
>>  Linux with Browsing, IM, etc. is changing that, IMHO.
>>
>>  The three packages above have Linux Trojan and Rootkit signatures, as
>>  well as Windows malware sigs. Easy enough to run an occasional scan of
>>  the Linux box (or Windows partition); and to scan each Linux download
>>  before reading, compiling, or passing on.
>>
>>  (Dazuko additionally allows realtime scans of compilation read/writes).
>>
>>  IMHO, Linux and MAC are the next frontier for malware, and -SADLY-
>>  AntiMalware signature and heuristic techniques are one thing we can
>>  learn about from Windows :-(
> 
> http://news.yahoo.com/s/pcworld/20080327/tc_pcworld/143901
> 
> What worries me is the reference to Safari . . . (khtml rendering engine?)
> 
> What is an appropriate anti-malware for Linux, other than safe-hex?

As a "monitor" (a.k.a. real-time access), I've had good experience with
AntiVir and Dazuko. AntiVir has lots of Linux signatures and heuristics,
and Dazuko/Antivir has both caught bugs in downloads, and blocked
"suspicious scripts" in my browser cache when visiting bad sites.

As a "scanner", I tend to scan my box from a second "maintenance OS" on
another partition hoping to avoid stealthing by any RootKits on the
primary partition. Scanning includes Samhain, equery md5 checks, the
three Anti-Malware products mentioned earlier, Rootkithunter, and
Checkrootkit. I'll run this occasionally overnight.

Interesting that this year's exploit was a "safe" browser Safari, on a
"safe" 'nix/BSD OS.... MAC. And last year's exploit winner, QuickTime,
can also appear on multiple OS's. Both of these were likely online
attacks; via streaming in the case of quicktime.

Seems to me that WAN-connected applications should be sequestered from
the rest of the system in the same way that a server sequesters
WAN-connected processes - i.e. put them each in their own chroot jail.
In addition to individual chroot jails, I run my mail client and browser
in RamDisk - so that any changes to them (other than bookmarks and mail)
are discarded at shutdown

Using Hardened Sources (GRSecurity) with both memory protection and
access control, one gets a particularly resilient, hardened chroot jail
(i.e. OpenBSD theory :-) ) and a kernel that restricts where the browser
user/application can go, and what it can do.

hth



-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Re: Boot Gentoo to clean windows

[Alan McKinnon]

On Friday 28 March 2008, 7v5w7go9ub0o wrote:
> IMHO, Linux and MAC are the next frontier for malware, and -SADLY-
> AntiMalware signature and heuristic techniques are one thing we can
> learn about from Windows :-(

True, but with one *huge* difference:

If something like ActiveX were to be unleashed on Linux, it will be 
fixed very quickly even if that requires an ABI change. We tend not to 
pull the "backwards compatibility" card, so obvious holes from that 
don't hang around for long

-- 
Alan McKinnon
alan dot mckinnon at gmail dot com

-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Boot Gentoo to clean windows

[Stroller]

On 26 Mar 2008, at 15:19, Mikie wrote:

> Does anyone know of a product (hopefully free) that can clean a  
> Windows
> PC while booted on Gentoo?
>
> I guess I need a good malware tool that runs on Linux and cleans NTFS
> volumes.

Hi there,

Some of the replies to your message are now a little off-topic, so  
here's some advice about actually cleaning Windows (rather than  
removing it, or running Linux). I intended to reply to this a couple  
of days ago, so hope my advice isn't too late.

I deal with h0sed Windows installations for my customers all the  
time. I regularly boot a Knoppix CD and copy the whole C: drive to a  
portable disk so that I have a complete backup. I find it reassuring  
to use Linux for this purpose because I feel confident that cp or  
rsync will copy _every file on the drive_ without just silently  
ignoring those marked with the hidden flag, or bitching about  
permissions.

But if your system is so hosed you can't fix it from within Windows  
then it's probably past simple repair. It can be very slow to work on  
a machine with a lot of crap on it, and there comes a point at which  
I would never consider working on the machine at the customer's  
house, simply because it would take so long. If I take the machine  
home with me I can allow uninstall programs and antivirus to run  
(unsupervised & in the corner of my study) for hours without having  
to worry about it.

Providing the system is bootable, remove all the crap you can see  
from "Add & Remove Programs" (shortcut: Windows-R, type  
"appwiz.cpl"). Some of the browser-hijacking malware does tout itself  
as "legitimate" "opt-in" marketing, and removing it correctly can  
actually be cleaner than forcibly removing it - seems to me like  
it'll insert itself in the TCP/IP stack (winsock?) or the LSP layers  
(??) and the unistalller will actually correct things when it's removed.

Remove anything Norton / Symantec or McAfee first - that shit's not  
doing any good, and just slows things down. I usually uninstall each  
Norton / Symantec component through add & remove programs - the  
manufacturer does have on their website a tool to remove all their  
software from your machine, but they recommend this only as a last  
resort (I guess you could run it after uninstalling everything  
manually, to get rid of the bits that the program uninstallers often  
miss, but I like to follow their advice in the first instance).

If the PC is still slow then check disk-space, pagefile settings  
("allow the system to manage pagefile size for me", click "set") and  
fragmentation (shortcut: Windows-R, type "dfrg,msc"). Install AVG  
anti-virus & allow a complete run through, reboot & then check for  
nasties in hi-jack this. Learning what to remove & what to leave when  
using hi-jack this is a bit of an art-form, and is the most  
significant skill necessary for cleaning virus- or malware-infected PCs.

The only time I use Linux to clean Windows is for files & programs  
running at start up that I can't remove in hijack this. Windows  
occasionally locks files that are in use and other nasties can be  
quite persistent at reinstalling themselves. I simply note the full  
path of the files (or use Hijack This' "save logfile" facility) &  
delete them (or their whole parent directory, if appropriate) when  
I've booted to Knoppix.

If the machine's not bootable then repair with a Windows installation  
CD - sometimes manufacturers' partitioning schemes may make this  
impossible, but don't be tempted to use an Advent or Packard-Hell   
"system restore" CD or partition. This may get you to the point where  
you have to start following the procedure outlined in my previous 4  
paragraphs.

Be aware that sometimes Windows isn't cleanly fixable. Although I try  
to avoid it until I've exhausted avenues for a clean repair,  
sometimes the best thing to do is simply to back-up & reinstall.

Stroller.
-- 
gentoo-user@lists.gentoo.org mailing list

[gentoo-user] Re: Boot Gentoo to clean windows

[7v5w7go9ub0o]

Stroller wrote:
<snip important, informative stuff>
> 
> Be aware that sometimes Windows isn't cleanly fixable. Although I try to 
> avoid it until I've exhausted avenues for a clean repair, sometimes the 
> best thing to do is simply to back-up & reinstall.
> 

Think this is a great write up.

The last paragraph seems most important - given today's
professionally-authored compromises, the best thing to do may be presume
that you've been rooted with redundancy, and simply be prepared to 
quickly rebuild the box from scratch.

Especially if you use the computer for business or other sensitive matters.

So arguably, one should use the second OS (Linux or Windows) as a 
diagnostic tool to determine if it's compromised or not, and except for 
something simple (e.g. an infection vector caught before activation by 
an AntiTrojan scanner in a browser cache, mail letter, etc.), one should 
simply rebuild the box.

So to the above, I'd add a "have a rebuild strategy"  i.e. copies of 
data (not executables), addresses, passwords, etc. that can be quickly 
returned to a rebuilt OS. Windows benefits greatly from rebuilding - a 
rebuilt box will seem quicker and faster than ever before, and won't 
have lingering "relics" from earlier maintenance levels.


-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Re: Boot Gentoo to clean windows

[Stroller]

On 28 Mar 2008, at 16:43, 7v5w7go9ub0o wrote:

> Stroller wrote:
> <snip important, informative stuff>
>> Be aware that sometimes Windows isn't cleanly fixable. Although I  
>> try to avoid it until I've exhausted avenues for a clean repair,  
>> sometimes the best thing to do is simply to back-up & reinstall.
>
> Think this is a great write up.
>
> The last paragraph seems most important - given today's
> professionally-authored compromises, the best thing to do may be  
> presume
> that you've been rooted with redundancy, and simply be prepared to  
> quickly rebuild the box from scratch.
>
> Especially if you use the computer for business or other sensitive  
> matters.

Certainly. I have a number of machines which use roaming-profiles on  
a Windows domain, mail stored on an IMAP server, and I would have no  
hesitation in reinstalling if I thought it necessary.

> So arguably, one should use the second OS (Linux or Windows) as a  
> diagnostic tool to determine if it's compromised or not, and except  
> for something simple (e.g. an infection vector caught before  
> activation by an AntiTrojan scanner in a browser cache, mail  
> letter, etc.), one should simply rebuild the box.

I take your point on board - it depends upon how paranoid you want to  
be over the particular PC and its use.

I don't mean paranoid in a negative way, here, of course.

> So to the above, I'd add a "have a rebuild strategy"  i.e. copies  
> of data (not executables), addresses, passwords, etc. that can be  
> quickly returned to a rebuilt OS. Windows benefits greatly from  
> rebuilding - a rebuilt box will seem quicker and faster than ever  
> before, and won't have lingering "relics" from earlier maintenance  
> levels.

Yes, this is great if you can. Unfortunately many of the most-hosed  
Windows PCs tend to come from home users who have no backup regimen  
in place. How can one be sure that _all_ data is restored? Many times  
my customers - those that use Outlook or Outlook Express - have no  
idea of their email password or wireless-network key, having had the  
"remember" box ticked since they set the machine up 2 years ago.

I would attribute most of the breakage I see not to sophisticated  
viruses, but to poorly-written "sponsorware". to "adware" removers  
that may delete files arbitrarily, to Windows bugs and to filesystem  
corruption (for instance: because the user likes to switch their PC  
off at the wall-socket, and was too impatient when it was shutting  
down!).

Oftentimes, a Windows reinstall gives as much performance improvement  
as buying a new PC would do, and many users are very glad to get a  
"new" machine that is so clean and fresh (this is characterised by  
the reduced number of icons on the desktop - from 30+ to about 5!).  
But this has to be compromised against disruption to the user's  
environment - they may be very familiar with the way everything's set  
up, and all their favourite software is installed. With a not-booting- 
but-otherwise-fairly-clean PC this may tip the balance. Unfortunately  
one often cannot tell whether reinstall or repair is the best  
solution until one has already made a good attempt at repairing the  
system!! And you often don't discover which software - amongst all  
the crud of different p2p, photo programs and whatnot - that users  
depend on, until you after return the machine and they complain "my  
icon is missing" (with usually only a very generic description of  
what the icon does).

One of my biggest bugbears against reinstalling is drivers. Dell &  
Sony are wonderful! You just enter the tag or model number on their  
website and the correct drivers are listed. Advent - and here, in the  
UK, other "brands" of computer which are only available "exclusively"  
from PC World - can be a royal PITA, and once every month or two I  
encounter a machine for which it takes HOURS to find the correct  
drivers for all devices.

Stroller.
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Re: Boot Gentoo to clean windows

[Etaoin Shrdlu]

On Saturday 29 March 2008, 19:53, Stroller wrote:

> One of my biggest bugbears against reinstalling is drivers. Dell &
> Sony are wonderful! You just enter the tag or model number on their
> website and the correct drivers are listed. Advent - and here, in the
> UK, other "brands" of computer which are only available "exclusively"
> from PC World - can be a royal PITA, and once every month or two I
> encounter a machine for which it takes HOURS to find the correct
> drivers for all devices.

Ok, this is going /way/ OT already, however, speaking of windows driver 
recovery, drivergrabber and drivermax (just google a bit to find them) 
have helped me *a lot* in the past, especially with old or esoteric 
hardare. 
Hope this helps.
-- 
gentoo-user@lists.gentoo.org mailing list

[gentoo-user] Re: Boot Gentoo to clean windows

[Francesco Talamona]

On Friday 28 March 2008, Stroller wrote:
> I deal with h0sed Windows installations for my customers all the  
> time. I regularly boot a Knoppix CD and copy the whole C: drive to a
>   portable disk so that I have a complete backup. I find it
> reassuring to use Linux for this purpose because I feel confident
> that cp or rsync will copy _every file on the drive_ without just
> silently ignoring those marked with the hidden flag, or bitching
> about permissions.

I prefer to save the entire partition with PING (Partimage Is Not Ghost) 
or equivalent tools to avoid gotchas with charsets.
rsync and cp are excellent, but you have to mount the partition with the 
right options not to loose coherence in file naming.

Everything else in your post is no more no less what I do to rescue all 
those boxes people bring to me :-)
Starting from the uninstall of bloated antivirus!

Great post
	Francesco

-- 
Linux Version 2.6.24-gentoo-r3, Compiled #1 PREEMPT Thu Feb 28 22:23:31 
CET 2008
One 2.2GHz AMD Athlon 64 Processor, 2GB RAM, 4408.81 Bogomips Total
aemaeth
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Re: Boot Gentoo to clean windows

[Stroller]

On 28 Mar 2008, at 19:13, Francesco Talamona wrote:

> On Friday 28 March 2008, Stroller wrote:
>> I deal with h0sed Windows installations for my customers all the
>> time. I regularly boot a Knoppix CD and copy the whole C: drive to a
>>   portable disk so that I have a complete backup. I find it
>> reassuring to use Linux for this purpose because I feel confident
>> that cp or rsync will copy _every file on the drive_ without just
>> silently ignoring those marked with the hidden flag, or bitching
>> about permissions.
>
> I prefer to save the entire partition with PING (Partimage Is Not  
> Ghost)
> or equivalent tools to avoid gotchas with charsets.
> rsync and cp are excellent, but you have to mount the partition  
> with the
> right options not to loose coherence in file naming.

Thanks! I'll look into PING. The documentation on PING's homepage  
seems a little scanty, but I'm sure a Google will be a bit more  
forthcoming.

There are a couple of reasons I appreciate copying on a file-by-file  
basis - I don't know if PING would allow me the same flexibility.

Firstly, if I undertake a full format-and-install of XP, I like to  
copy back _every file_ from the old system back into a folder called  
"C:\Old Stuff" (and place a shortcut to this on the user's desktop).  
I find this more reassuring than, say, copying just "My Documents"  
because occasionally programs save their data somewhere stupid. For  
instance, I recently discovered that the software for a Canon camera  
- which offers to automagically import one's photos when the camera  
is plugged in - stores the pictures in "Program Files/Canon/PhotoEx/ 
Library".

When I return the PC to the customer I open "Old Stuff", find the old  
"My Documents" and copy the contents into their new "My Documents". I  
then right-click on the "Old Stuff" desktop shortcut and choose  
"search" - I find their internet Favourites folder, and show them how  
one would find (for example) a file called "letter", so that anything  
I've missed they can (hopefully) find for themselves.

In the case of the family photos in the Canon folder, I was very glad  
to have the whole original contents of the drive available!! I was  
able to subsequently copy them to My Photos and tell the software to  
use this as its "library", but it might have been inconvenient had I  
used a tool that backed up the partition as a single image - I don't  
think I'd have been able to recover single files from that once back  
onsite at the customer's house and booted into XP?

I tend to take this copy-every-file-on-the-system approach so that if  
ever there is a problem with a file missing from backup I can put my  
hand on my heart and say, "if it was on your PC before, then you  
still have a copy of it". I tend to delete only "temp", "temporary  
internet files", "recycled", "recycler" and "system volume  
information" directories, plus the old hiberfile (spelling?) &  
pagefile. Ideally, when a Windows reinstall is required, I suppose I  
would prefer to preserve completely the original hard-drive, and to  
do the new reinstall on a brand new hard-disk. However disks are  not  
yet quite cheap enough that one could normally justify the additional  
expense to a domestic customer, and besides, it would rather seem  
like a waste to consume a perfectly good hard-drive as a backup that  
is unlikely ever to be referenced.

I also find discrete-file copying useful when a computer needs a  
repair-install of XP, but the PC OEM has configured it with some  
stupid partitioning scheme (probably packaged with a "System Restore"  
partition) that is unrecognised by a Microsoft installation CD. In  
this case one may be able to back up all the files on the disk,  
delete the partition table, create a new single primary NTFS   
partition, copy the files back, (edit the boot.ini, if necessary) and  
then repair install over the top (which also creates the master boot  
record). There are times when an unbootable system may be recovered  
to a perfectly usable state, complete with all the users' files &  
settings intact (and consequently, with little disruption for the  
user). `ntfsclone` might well allow me to do this same thing - as  
might PING? - however I haven't yet explored its possibilities - I  
wonder about how (well) an ntfscloned secondary-partition might be  
restored as a primary, for example.

I have experienced file-copy failures using `rsync` and `cp`, and  
this was quite disconcerting until I discovered the cause likely to  
be the charset-related problem you mention. I now redirect stderr to  
a file when copying & review this afterwards - I don't know whether  
I'm fortunate with the charset used in the UK, but so far I might  
typically find that only 1 or 3 files from "Temporary Internet Files"  
fail (amongst the thousands on a Windows hard-drive), so it has not  
(yet) been a problem here.

Stroller.
-- 
gentoo-user@lists.gentoo.org mailing list

[gentoo-user] Re: Boot Gentoo to clean windows

[Francesco Talamona]

On Saturday 29 March 2008, Stroller wrote:
> Thanks! I'll look into PING. The documentation on PING's homepage  
> seems a little scanty, but I'm sure a Google will be a bit more  
> forthcoming.

It's very easy to use, I found a pdf somewhere that described it in few 
pages.

> There are a couple of reasons I appreciate copying on a file-by-file
>   basis - I don't know if PING would allow me the same flexibility.

Sure it won't. You provide plenty of examples...
While reading them I remembered dar & kdar but it seems the latter is no 
more actively mantained. And anyway not a solution for windows users if 
you want to let them to take a bit of care of themselves.

An option is to shrink the old disk to a secondary partition and leave 
it on the same disk, but again having another partition isn't the best 
for end users: it's easier to claim back space without specializer 
tools if everything's is just a folder away.

Ciao
	Francesco
-- 
Linux Version 2.6.24-gentoo-r3, Compiled #1 PREEMPT Thu Feb 28 22:23:31 
CET 2008
One 2.2GHz AMD Athlon 64 Processor, 2GB RAM, 4408.90 Bogomips Total
aemaeth
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Boot Gentoo to clean windows

[Alan Milnes]

[-- Attachment #1: Type: text/plain, Size: 431 bytes --]

On 28/03/2008, Stroller <stroller@stellar.eclipse.co.uk> wrote:

Your note is excellent but I disagree with this bit:-

>
> If the PC is still slow then check disk-space, pagefile settings
> ("allow the system to manage pagefile size for me", click "set")
>

unless as a temporary workaround you should always have the paging file set
as a fixed size to avoid worsening the chronic fragmentation problem on
Windows.

Regards

Alan

[-- Attachment #2: Type: text/html, Size: 762 bytes --]

Re: [gentoo-user] Boot Gentoo to clean windows

[Stroller]

On 28 Mar 2008, at 22:12, Alan Milnes wrote:
> On 28/03/2008, Stroller <stroller@stellar.eclipse.co.uk> wrote:
>
> Your note is excellent but I disagree with this bit:-
>
>> If the PC is still slow then check disk-space, pagefile settings
>> ("allow the system to manage pagefile size for me", click "set")
>
> unless as a temporary workaround you should always have the paging  
> file set as a fixed size to avoid worsening the chronic  
> fragmentation problem on Windows.


I'm not arguing with you, but for me it depends on the user & usage &  
stuff. Several years ago, before XP, I used to be a Windows "power  
user" - I kept my pagefile on a separate disk and set it's size  
manually. I even monitored usage in Task Manager (or was it one of  
the utilities under "Administrative Tools"?) to see what actual  
amount of swap was used, but was never convinced of the accuracy of  
the results (it seemed so little). Whilst a pagefile of fixed size on  
a separate disk may be the "best" way to configure a swap file, I  
don't think it's optimal for most users.

There are times when someone else may work on the PC, and having the  
swapfile on C: is simply what they'd expect to find, if they ever  
need to mess with it. I generally like to have systems that I  
configure for my Joe Sixpack customers to generally look "normal" and  
"standard", so that there's ease of maintenance and so that  
everything just "makes sense" if anyone else (probably less  
experienced than I) works on it in the future.

Take, for example, partitioning - it's quite logical and correct to  
have a separate partition for the C: drive and another, D:, for  
users' files & folders; this protects users' documents on D: if  
filesystem corruption occurs on C:, or if a Windows reinstall is  
otherwise needed. But unfortunately this configuration needs more  
maintenance in the future if one of the partitions becomes full -  
experience tells me that there's always one user in the household who  
will not understand to use D:, and that users will try uninstalling  
programs and deleting their letters to free up space, if the system  
starts complaining that the C: drive is full. I would prefer they  
call me, so that I can delete something that's REALLY consuming  
space, or resize partitions appropriately, but they often do not do  
so, and with 5% or less free space the partition gets rapidly  
fragmented and slows down considerably (to the extent that  
defragmenter may be unable to do its job). When short of disk space  
other users may right-click on the drive properties and choose  
"compress files on this drive to save space" - this slows down the  
system even more!

But I admit that - if the system has two drives installed already -  
then putting the swapfile on the second drive is probably less of a  
problem than my partitioning example. (Although, having said that, if  
this user _does_ choose to have a D: drive and intends to use it for  
something, then a pagefile.sys scattered amongst their music or video  
files might be confusing, or simply considered clutter).

Just because you set the swapfile to a fixed size doesn't mean it's  
not fragmented - admittedly, if you do set it to a fixed size, then  
boot from another disk and defrag the drive then the pagefile should  
never fragment in the future, but I'm not convinced of the cost- 
benefit of doing so. A fragmented swapfile is only  going to be a  
problem (I think - please correct me if I'm wrong) if the system is  
writing out a page of memory that spans multiple fragments. If the  
swapfile is contained in only (for example) two fragments then how  
often will this occur? I have no idea - and one of the reasons I gave  
up Windows on my own machines is its the sort of thing that's  
completely undocumented - but I'll bet it's not too often.

A swapfile of a fixed size is a compromise between consumption of  
disk-space and the risk of running out of pagefile. I have customers  
I don't see for two years, so what seems perfectly adequate for a  
swapfile now may seem silly small when I next see them. Although I  
don't tend to monitor swapfile sizes & usage, Windows memory  
requirements have bloomed in that time - 2 years ago one might've  
gotten away with 256megs of RAM, but I'm certainly recommending at  
least 768meg now.

Considering the size of hard-drives these days I guess I'm being  
silly in not simply allocating a fixed-size swapfile of 2gig (or even  
4!) and trusting that that'll be adequate for the life of the  
machine, but I don't like to waste space unnecessarily, and I'd just  
far rather the machine said "out of virtual memory, increasing swap  
file size" if it needs it.

To generalise, I have two kinds of customers - those who fragment  
once a month, and those who never do. I don't think the slight  
penalty of a fragmented swapfile is noticeable to either category.  
Either their machine is quick enough, anyway, or it tends to  
horrendous slowness. The risk / hassle of running out of swap space  
is more considerable, IMO.

Like I say, I'm not saying you shouldn't set the swapfile to a fixed  
size, I'm just saying it's horses-for-courses. I guess I'd recommend  
setting the swapfile to a fixed size to readers of this list, whereas  
I wouldn't to most of my customers.

Stroller.
-- 
gentoo-user@lists.gentoo.org mailing list