AVG disaster breaks Windows, Linux saves the day - Linux

This is a discussion on AVG disaster breaks Windows, Linux saves the day - Linux ; (In Dutch) http://webwereld.nl/articles/53507/u...t-windows.html Summary: AVG's most recent update falsely identifies the crucial system file user32.dll as a virus, and quarantines it. After this, Windows BSODs at boot time. It appears to have hit all Dutch, French, Italian, and Spanish AVG ...

+ Reply to Thread
Results 1 to 19 of 19

Thread: AVG disaster breaks Windows, Linux saves the day

  1. AVG disaster breaks Windows, Linux saves the day


    (In Dutch)

    http://webwereld.nl/articles/53507/u...t-windows.html

    Summary: AVG's most recent update falsely identifies the crucial system file
    user32.dll as a virus, and quarantines it. After this, Windows BSODs at
    boot time. It appears to have hit all Dutch, French, Italian, and Spanish
    AVG users.

    And sure enough, I got several phone calls from (quite distressed) Windows
    and (much less distressed) dual-boot users. The latter ones were the lucky
    ones: they still had a working system -- and once I know where AVG stored
    the quarantined user32.dll file, it's trivial to copy or restore it to its
    proper location.
    The Windows-only users are less lucky: many of them got stuck with an
    unbootable system; booting into safe mode with F8 and repairing the system
    from there only worked for a minority -- all the others will have to wait
    for me to come over with a Knoppix CD and fix things ...

    Ah well, another day, another heap of Windows crap to fix, with the help of
    Linux.

    Richard Rasker
    --
    http://www.linetec.nl

  2. Re: AVG disaster breaks Windows, Linux saves the day

    On Tue, 11 Nov 2008 15:56:10 +0100, Richard Rasker wrote:

    > (In Dutch)
    >
    > http://webwereld.nl/articles/53507/u...-virus-sloopt-

    windows.html
    >
    > Summary: AVG's most recent update falsely identifies the crucial system
    > file user32.dll as a virus, and quarantines it. After this, Windows
    > BSODs at boot time. It appears to have hit all Dutch, French, Italian,
    > and Spanish AVG users.
    >
    > And sure enough, I got several phone calls from (quite distressed)
    > Windows and (much less distressed) dual-boot users. The latter ones were
    > the lucky ones: they still had a working system -- and once I know where
    > AVG stored the quarantined user32.dll file, it's trivial to copy or
    > restore it to its proper location.
    > The Windows-only users are less lucky: many of them got stuck with an
    > unbootable system; booting into safe mode with F8 and repairing the
    > system from there only worked for a minority -- all the others will have
    > to wait for me to come over with a Knoppix CD and fix things ...
    >
    > Ah well, another day, another heap of Windows crap to fix, with the help
    > of Linux.
    >
    > Richard Rasker


    I've stopped recommending AVG to my Windows clients as it has become
    terribly bloated. They seem to be contending with Norton for the most
    useless and pointless bloat 'solution'. Avast! is a simple antivirus app
    that does it's job without fuss for Windows users, and all for free.

    --
    I'm always kind, polite and reasonable...

    except when I'm not.

  3. Re: AVG disaster breaks Windows, Linux saves the day

    On Nov 11, 9:29*am, SomeBloke wrote:
    > On Tue, 11 Nov 2008 15:56:10 +0100, Richard Rasker wrote:
    > > (In Dutch)

    >
    > >http://webwereld.nl/articles/53507/u...-virus-sloopt-

    > windows.html
    >
    > > Summary: AVG's most recent update falsely identifies the crucial system
    > > file user32.dll as a virus, and quarantines it. After this, Windows
    > > BSODs at boot time. It appears to have hit all Dutch, French, Italian,
    > > and Spanish AVG users.

    >
    > > And sure enough, I got several phone calls from (quite distressed)
    > > Windows and (much less distressed) dual-boot users. The latter ones were
    > > the lucky ones: they still had a working system -- and once I know where
    > > AVG stored the quarantined user32.dll file, it's trivial to copy or
    > > restore it to its proper location.
    > > The Windows-only users are less lucky: many of them got stuck with an
    > > unbootable system; booting into safe mode with F8 and repairing the
    > > system from there only worked for a minority -- all the others will have
    > > to wait for me to come over with a Knoppix CD and fix things ...

    >
    > > Ah well, another day, another heap of Windows crap to fix, with the help
    > > of Linux.

    >
    > > Richard Rasker

    >
    > I've stopped recommending AVG to my Windows clients as it has become
    > terribly bloated. They seem to be contending with Norton for the most
    > useless and pointless bloat 'solution'. Avast! is a simple antivirus app
    > that does it's job without fuss for Windows users, and all for free.
    >
    > --
    > I'm always kind, polite and reasonable...
    >
    > except when I'm not.


    I agree - I've been converting my machines over to Avast! and
    recommending it to other people now.

    --
    Tom Shelton

  4. Re: AVG disaster breaks Windows, Linux saves the day

    On Tue, 11 Nov 2008 10:29:15 -0600, SomeBloke wrote:

    >I've stopped recommending AVG to my Windows clients as it has become
    >terribly bloated. They seem to be contending with Norton for the most
    >useless and pointless bloat 'solution'. Avast! is a simple antivirus app
    >that does it's job without fuss for Windows users, and all for free.


    I had exactly the same experience with AVG's last major relase (8?). I
    decided it was an enormous turd and also switched to avast at that time.

    It's interesting that avg back down on their threat of not providing
    updates for AVG7 any more.

    I like how avast slowly goes through the file system unlike everybody
    else who do a full scan all at once. If you don't run a system 24x7,
    that means having a full scan going on while you're trying to use the
    system and the full scan terribly slows a system down.

    I like better how linux doesn't need an AV program as it doesn't
    require the immensly idiotic idea of users running as administrator/root.

  5. Re: AVG disaster breaks Windows, Linux saves the day

    On Tue, 11 Nov 2008 10:41:22 -0600, AZ Nomad wrote:

    > On Tue, 11 Nov 2008 10:29:15 -0600, SomeBloke wrote:
    >
    >>I've stopped recommending AVG to my Windows clients as it has become
    >>terribly bloated. They seem to be contending with Norton for the most
    >>useless and pointless bloat 'solution'. Avast! is a simple antivirus app
    >>that does it's job without fuss for Windows users, and all for free.

    >
    > I had exactly the same experience with AVG's last major relase (8?). I
    > decided it was an enormous turd and also switched to avast at that time.
    >
    > It's interesting that avg back down on their threat of not providing
    > updates for AVG7 any more.
    >
    > I like how avast slowly goes through the file system unlike everybody
    > else who do a full scan all at once. If you don't run a system 24x7,
    > that means having a full scan going on while you're trying to use the
    > system and the full scan terribly slows a system down.
    >
    > I like better how linux doesn't need an AV program as it doesn't require
    > the immensly idiotic idea of users running as administrator/root.


    Ain't that the truth!

    --
    I'm always kind, polite and reasonable...

    except when I'm not.

  6. Re: AVG disaster breaks Windows, Linux saves the day

    On 2008-11-11, Richard Rasker was urged to write the following:
    >
    > (In Dutch)
    >
    > http://webwereld.nl/articles/53507/u...t-windows.html
    >
    > Summary: AVG's most recent update falsely identifies the crucial system file
    > user32.dll as a virus, and quarantines it. After this, Windows BSODs at
    > boot time. It appears to have hit all Dutch, French, Italian, and Spanish
    > AVG users.
    >
    > And sure enough, I got several phone calls from (quite distressed) Windows
    > and (much less distressed) dual-boot users. The latter ones were the lucky
    > ones: they still had a working system -- and once I know where AVG stored
    > the quarantined user32.dll file, it's trivial to copy or restore it to its
    > proper location.
    > The Windows-only users are less lucky: many of them got stuck with an
    > unbootable system; booting into safe mode with F8 and repairing the system
    > from there only worked for a minority -- all the others will have to wait
    > for me to come over with a Knoppix CD and fix things ...
    >
    > Ah well, another day, another heap of Windows crap to fix, with the help of
    > Linux.
    >
    > Richard Rasker


    This was just on the news here. Local computer shops are charging €
    50,00 to "fix" a machine suffering from this problem.

    ~ Tommy
    --
    tommy@mordor:~$ telnet mordor
    telnet: could not resolve mordor/telnet: One does not simply telnet
    into mordor!

  7. Re: AVG disaster breaks Windows, Linux saves the day


    "Richard Rasker" wrote in message
    news:49199d0a$0$724$7ade8c0d@textreader.nntp.inter nl.net...

    It doesn't occur to you that AVG would be the one to blame?


  8. Re: AVG disaster breaks Windows, Linux saves the day

    amicus_curious wrote:

    >
    > "Richard Rasker" wrote in message
    > news:49199d0a$0$724$7ade8c0d@textreader.nntp.inter nl.net...
    >
    > It doesn't occur to you that AVG would be the one to blame?


    No. Windows is to blame, for needing such "protection" in the first place
    --
    Windows is just the instable version of Linux for users who are too
    dumb to handle the real thing


  9. Re: AVG disaster breaks Windows, Linux saves the day

    On 2008-11-11, amicus_curious was urged to write the following:
    >
    > "Richard Rasker" wrote in message
    > news:49199d0a$0$724$7ade8c0d@textreader.nntp.inter nl.net...
    >
    > It doesn't occur to you that AVG would be the one to blame?
    >


    In contrary to the many reports on this issue, this doesn't happen
    with AVG alone. McAffee for instance is also fooled by this virus,
    causing it to nuke the user32.dll file.

    ~ Tommy
    --
    Mijnen deem, mijnen deem
    Stoeng heelmaal vol exeem
    ~ Katastroof

  10. Re: AVG disaster breaks Windows, Linux saves the day

    TomB wrote:

    > On 2008-11-11, amicus_curious was urged to write the following:
    >>
    >> "Richard Rasker" wrote in message
    >> news:49199d0a$0$724$7ade8c0d@textreader.nntp.inter nl.net...
    >>
    >> It doesn't occur to you that AVG would be the one to blame?
    >>

    >
    > In contrary to the many reports on this issue, this doesn't happen
    > with AVG alone. McAffee for instance is also fooled by this virus,


    It isn't a virus in this case. The DLL itself is wrongly detected as being a
    virus
    This also happened last week with Kaspersky and G Data
    In January it happened with G Data and Avast

    > causing it to nuke the user32.dll file.
    >


    Well, it seems they correctly detect that windows itself is a virus
    mothership.
    So nuking user32.dll is a nice way to stop it dead in its track for 95% of
    windows users

    --
    Micro$oft. What's broken today?


  11. Re: AVG disaster breaks Windows, Linux saves the day


    "Peter Köhlmann" wrote in message
    news:4919e1df$0$32681$9b4e6d93@newsspool2.arcor-online.net...
    > amicus_curious wrote:
    >
    >>
    >> "Richard Rasker" wrote in message
    >> news:49199d0a$0$724$7ade8c0d@textreader.nntp.inter nl.net...
    >>
    >> It doesn't occur to you that AVG would be the one to blame?

    >
    > No. Windows is to blame, for needing such "protection" in the first place
    > --

    Interesting POV. Could that be why you lose so many wars?


  12. Re: AVG disaster breaks Windows, Linux saves the day

    amicus_curious wrote:

    >
    > "Richard Rasker" wrote in message
    > news:49199d0a$0$724$7ade8c0d@textreader.nntp.inter nl.net...
    >
    > It doesn't occur to you that AVG would be the one to blame?


    I distinctly recall blaming AVG ... yup:

    "AVG disaster breaks Windows" ... "AVG's most recent update falsely
    identifies the crucial system file user32.dll as a virus, and quarantines
    it. ..."

    But of course this Windows application AVG is only necessary because Windows
    itself is such an appalling mess. No other OS requires third-party tools to
    continuously sift throught and sometimes act upon system files and other
    vitally important components. So the conclusion that it's Windows crapware
    is fully justified. AVG is now officially degraded to crapware, and it's
    needed to protect users from the gaping holes in the other crapware.

    Richard Rasker
    --
    http://www.linetec.nl

  13. Re: AVG disaster breaks Windows, Linux saves the day


    "Richard Rasker" wrote in message
    news:4919e84f$0$719$7ade8c0d@textreader.nntp.inter nl.net...
    > amicus_curious wrote:
    >
    >>
    >> "Richard Rasker" wrote in message
    >> news:49199d0a$0$724$7ade8c0d@textreader.nntp.inter nl.net...
    >>
    >> It doesn't occur to you that AVG would be the one to blame?

    >
    > I distinctly recall blaming AVG ... yup:
    >
    > "AVG disaster breaks Windows" ... "AVG's most recent update falsely
    > identifies the crucial system file user32.dll as a virus, and quarantines
    > it. ..."
    >

    Well, maybe it was your adding the phrase to the effect of "another heap of
    Windows crap to fix" that led me astray as to the meaning of your post.

    > But of course this Windows application AVG is only necessary because
    > Windows
    > itself is such an appalling mess. No other OS requires third-party tools
    > to
    > continuously sift throught and sometimes act upon system files and other
    > vitally important components. So the conclusion that it's Windows crapware
    > is fully justified. AVG is now officially degraded to crapware, and it's
    > needed to protect users from the gaping holes in the other crapware.
    >

    For one thing, Microsoft is just as appalled as you are that third party
    software is used to sift through and act upon internals of Windows. They
    would much rather the user used the MS products for that purpose. Would you
    rather have MS manage to put AVG out of business? When Microsoft obviated
    the need for the Navigator browser by including IE, people were put off by
    MS so mistreating Netscape. If the need for A-V products were to go away,
    would the world similarly complain in regard to the fates of McAfee,
    Symantec, and a number of others? For that matter, a Windows without any
    flaws at all would be the death of Linux, too. Be grateful for your
    opportunities.
    >



  14. Re: AVG disaster breaks Windows, Linux saves the day

    amicus_curious wrote:

    >
    > "Richard Rasker" wrote in message
    > news:4919e84f$0$719$7ade8c0d@textreader.nntp.inter nl.net...
    >> amicus_curious wrote:
    >>
    >>>
    >>> "Richard Rasker" wrote in message
    >>> news:49199d0a$0$724$7ade8c0d@textreader.nntp.inter nl.net...
    >>>
    >>> It doesn't occur to you that AVG would be the one to blame?

    >>
    >> I distinctly recall blaming AVG ... yup:
    >>
    >> "AVG disaster breaks Windows" ... "AVG's most recent update falsely
    >> identifies the crucial system file user32.dll as a virus, and
    >> quarantines it. ..."
    >>

    > Well, maybe it was your adding the phrase to the effect of "another heap
    > of Windows crap to fix" that led me astray as to the meaning of your post.
    >
    >> But of course this Windows application AVG is only necessary because
    >> Windows
    >> itself is such an appalling mess. No other OS requires third-party tools
    >> to
    >> continuously sift throught and sometimes act upon system files and other
    >> vitally important components. So the conclusion that it's Windows
    >> crapware is fully justified. AVG is now officially degraded to crapware,
    >> and it's needed to protect users from the gaping holes in the other
    >> crapware.
    >>

    > For one thing, Microsoft is just as appalled as you are that third party
    > software is used to sift through and act upon internals of Windows. They
    > would much rather the user used the MS products for that purpose.


    Well, we've all seen how "competent" (hahaha) Microsoft has been with regard
    to antivirus and anti-malware. Not only do those total idiots still think
    that checking file names for the string "install" or blocking files with
    the extension .mp3 via MSN are "security measures" -- but they also managed
    to turn GeCAD's not-too-bad antivirus product into what may well be the
    worst-performing anti-malware tool ever.

    > Would you rather have MS manage to put AVG out of business?


    This whole multi-billion dollar antivirus business should not exist. If
    Microsoft can accomplish this by delivering a secure OS, then I wouldn't
    shed one tear about the demise of AVG and the others -- and it would be
    nice to see the amount of spam and other Internet scourges drop by 95%.

    But Microsoft traditionally treated even the most basic security as "Not Our
    Problem" at best, and a unnecessary drain of cash and effort at worst.

    > When Microsoft obviated the need for the Navigator browser by including
    > IE, people were put off by MS so mistreating Netscape.


    There was no technical necessity to include IE -- quite the contrary: its
    inclusion into the unsavoury bowels of the OS has been one of the single
    biggest causes of security problems with Windows. And we all know that IE
    was not included as an optional component, but forced down the throats of
    the OEMs, for reasons of greed and control over both the browser market and
    the Internet. And the users? Well, they could go screw themselves, and had
    no choice in the matter either.
    Besides, Microsoft did try to grab a piece of the AV market, and failed
    miserably so far.

    > If the need for A-V products were to go away, would the world similarly
    > complain in regard to the fates of McAfee, Symantec, and a number of
    > others?


    Well, no-one is complaining about the fact that you don't need AV for Linux,
    or for the Mac, now are they? If a particular type of product or service
    becomes obsolete, its makers must change or die.

    > For that matter, a Windows without any flaws at all would be the death of
    > Linux, too. Be grateful for your opportunities.


    The day that Microsoft produces a technically sound and secure OS is the day
    that pigs will fly. And no, Vista doesn't exactly fly -- it barely crawls.

    Richard Rasker
    --
    http://www.linetec.nl

  15. Re: AVG disaster breaks Windows, Linux saves the day

    > Rat wrote:
    >>
    >> For that matter, a Windows without any flaws at all would be the death of
    >> Linux, too.


    No it wouldn't, you stupid rat. Not even a "flawless" product is
    going to be the best solution for everyone in the world. That's one
    thing fsckwits like you have a difficult time understanding - the
    world NEEDS choice.


  16. Re: AVG disaster breaks Windows, Linux saves the day


    "Richard Rasker" wrote in message
    news:4919f523$0$728$7ade8c0d@textreader.nntp.inter nl.net...

    >
    > Well, no-one is complaining about the fact that you don't need AV for
    > Linux,
    > or for the Mac, now are they? If a particular type of product or service
    > becomes obsolete, its makers must change or die.
    >

    It seems to me that AV products for Linux and for Macintosh do exist,
    although they are not so popular as the ones for Wintel. Even so, are they
    necessary? People make a lot of light of Windows users who run afoul of
    some malware and suffer the consequences, but are the AV products at all
    effective? Certainly they will detect a known virus and block its
    introduction as far as I can tell, but I have never had a problem.

    Now I have used commercial AV products on all of my computers due to a
    requirement by my employer that I do so. Anything that can touch the
    company network either at the office or from the field must have the latest
    and up to datest as selected by our global IT staff. There is always a
    threat of severe retribution to be taken against anyone caught polluting the
    well due to negligence, so I have been most attentive. So I have used AV
    products in this way for well over a decade, actually almost 2 decades. I
    have been warned of perhaps 5 or 6 instances of a virus embedded in some
    file that I was importing onto my system. All of them were, save one, mail
    from some source that I had already consigned to the junk file. The one
    exception that I remember was an email supposedly from my brother that
    contained a file suggested to be pornographic with the text "You have to
    take a look at this!" or some such. Totall out of character anyway and I
    would not have opened it even without the alarms from the AV.

    My vague memory is that all of the warnings I have ever gotten were
    connected to email. I am pretty sure that I have never had the AV alert me
    in regard to an internet site.

    Now my exploration is pretty tame, perhaps, but it is extensive.

    I think that a Linux attack would be as effective as a Windows attack for
    most purposes, based on lectures that I have attended given by the gurus of
    the computer security business. Last year I went to the MS Tech-Ed
    conference where a Swedish fellow who was said to be a well-regarded
    consultant gave a very entertaining lecture. Most of his anecdotes involved
    a version of what is termed "social engineering" to break into a targeted
    system. He had one interesting story regarding how he was able to get a
    number of people to actually install and run a demonstration CD that he
    handed out at a security trade show. These were IT managers eager to view
    some form of security product. The CD itself was malware and easily
    bypassed all of the normal locks by the very hand of the system
    administrator. It is all a matter of faith.

    I think of this story every time that someone lauds the use of a Linux boot
    CD. Imagine the devastation possible with such a thing if it were crafted
    by a malevolent person. His claim, by the way, was that AV products are
    useless in general and the only way to protect critical systems is by direct
    overview and firm adherence to security procedures.


    >> For that matter, a Windows without any flaws at all would be the death
    >> of
    >> Linux, too. Be grateful for your opportunities.

    >
    > The day that Microsoft produces a technically sound and secure OS is the
    > day
    > that pigs will fly. And no, Vista doesn't exactly fly -- it barely crawls.
    >
    > Richard Rasker
    > --
    > http://www.linetec.nl



  17. Re: AVG disaster breaks Windows, Linux saves the day

    amicus_curious wrote:

    >
    > "Richard Rasker" wrote in message
    > news:4919f523$0$728$7ade8c0d@textreader.nntp.inter nl.net...
    >
    >>
    >> Well, no-one is complaining about the fact that you don't need AV for
    >> Linux,
    >> or for the Mac, now are they? If a particular type of product or service
    >> becomes obsolete, its makers must change or die.
    >>

    > It seems to me that AV products for Linux and for Macintosh do exist,
    > although they are not so popular as the ones for Wintel. Even so, are
    > they necessary?


    Yes, they are. They are used to protect *windows* machines against *windows*
    *viruses*
    You know, linux is often used as a server OS. Consequently windows machines
    connected to it need protection.

    Linux itself has *no* ( read *zero* ) viruses in the wild

    < snip utterly idiotic Bill Weisgerber garbage >
    --
    Law of Probable Dispersal:
    Whatever it is that hits the fan will not be evenly distributed.


  18. Re: AVG disaster breaks Windows, Linux saves the day

    amicus_curious wrote:

    >
    > "Richard Rasker" wrote in message
    > news:4919f523$0$728$7ade8c0d@textreader.nntp.inter nl.net...
    >
    >>
    >> Well, no-one is complaining about the fact that you don't need AV for
    >> Linux,
    >> or for the Mac, now are they? If a particular type of product or service
    >> becomes obsolete, its makers must change or die.
    >>

    > It seems to me that AV products for Linux and for Macintosh do exist,
    > although they are not so popular as the ones for Wintel.


    Linux AV products are only used to protect Windows boxes.

    > Even so, are they necessary?


    For Windows, they are.

    > People make a lot of light of Windows users who run afoul of some malware
    > and suffer the consequences, but are the AV products at all effective?
    > Certainly they will detect a known virus and block its introduction as far
    > as I can tell, but I have never had a problem.


    I get virus-laden e-mails every day, and only the day before yesterday, my
    spouse asked me what this was with a Web page saying "Malware detected on
    your system, immediate removal recommended. Click the Remove button to
    install the removal tool, or Cancel to decline", with the whole window
    containing both the Remove and Cancel buttons of course linked to a .exe
    file. Had she used Windows without AV, her machine would have been toast,
    most likely -- as she had already clicked the Cancel button to make the
    page go away. But as her Linux machine can't execute anything without
    having the x bit set first, and doesn't know what to do with an .exe file
    anyway, nothing happened except that Firefox offered to download the file.

    > Now I have used commercial AV products on all of my computers due to a
    > requirement by my employer that I do so. Anything that can touch the
    > company network either at the office or from the field must have the
    > latest and up to datest as selected by our global IT staff. There is
    > always a threat of severe retribution to be taken against anyone caught
    > polluting the well due to negligence, so I have been most attentive. So I
    > have used AV products in this way for well over a decade, actually almost
    > 2 decades. I have been warned of perhaps 5 or 6 instances of a virus
    > embedded in some file that I was importing onto my system. All of them
    > were, save one, mail from some source that I had already consigned to the
    > junk file. The one exception that I remember was an email supposedly from
    > my brother that contained a file suggested to be pornographic with the
    > text "You have to take a look at this!" or some such. Totall out of
    > character anyway and I would not have opened it even without the alarms
    > from the AV.


    You know what to look out for, what to click and what not, and when to be
    wary. Believe me, the majority of users doesn't. Children click anything and
    everything that looks interesting. Adolescent boys can't resist anything
    smelling of sex. And my own spouse definitely clicked the wrong button on
    this Trojan Horse download page -- but it's so much harder to infect Linux
    that she can click whatever she wants and never have anything more serious
    happening than land a porn site or the likes.

    > My vague memory is that all of the warnings I have ever gotten were
    > connected to email. I am pretty sure that I have never had the AV alert
    > me in regard to an internet site.
    >
    > Now my exploration is pretty tame, perhaps, but it is extensive.
    >
    > I think that a Linux attack would be as effective as a Windows attack for
    > most purposes, based on lectures that I have attended given by the gurus
    > of the computer security business. Last year I went to the MS Tech-Ed
    > conference where a Swedish fellow who was said to be a well-regarded
    > consultant gave a very entertaining lecture. Most of his anecdotes
    > involved a version of what is termed "social engineering" to break into a
    > targeted system. He had one interesting story regarding how he was able
    > to get a number of people to actually install and run a demonstration CD
    > that he handed out at a security trade show. These were IT managers eager
    > to view some form of security product. The CD itself was malware and
    > easily bypassed all of the normal locks by the very hand of the system
    > administrator. It is all a matter of faith.


    Sure, Linux users can be tricked too -- but not a easily as Windows users.
    Linux users simply aren't used to install stuff by hunting down installable
    files on the Internet, and downloading and executing said files. They fire
    up the package manager, select what they want installed, and click Install.
    Any malware coming with instructions such as "1. Open a terminal. 2.
    Type 'su' and provide your root password. 3. Now type 'chmod u+x virus.sh'
    4. type ./virus.sh" has an almost zero chance of propagating in the wild.
    Knowledgeable users won't get fooled, while not-so-savvy users will often
    have problems following instructions like this -- especially because
    they're not used to this /at all/.
    I recall how much trouble I had making a user of mine executing a script I
    sent her (something to install and set up the SBlive! wavetable synth for
    use with Rosegarden). She already failed to locate the terminal, and only
    after five minutes on the phone, dictating every command, did she get it
    running -- after several failed attempts due to typos and such.

    Linux is virtually immune to Windows' all-too-familiar "click-oops"
    syndrome; the only remaining way is to exploit vulnerabilities -- but with
    the Linux kernel and other key components of Linux having ten times less
    bugs than comparable commercial software, this is far less likely to
    happen. Not to mention the fact that networking, multi-user aspects and
    proper security were actually basic design considerations, instead of being
    half-heartedly stuck on afterwards, as with Windows.

    But if you can come up with a likely scenario how to infect a Linux box as
    easily as a Windows box, with social engineering, but no tricky or unusual
    instructions to follow, please tell. I'm all ears.

    > I think of this story every time that someone lauds the use of a Linux
    > boot CD.


    Our malware purveyor would have quite a job at hand, mass-distributing this
    boot CD, and getting people to boot up their machines with it. Sure, some
    people will fall for it. But the majority won't. It's simply too
    complicated to do unthinkingly, so the bad guy must really have a good
    story, like this Swedish guy. Linux users know that firing up a machine with
    a CD is usually only done to install or repair the OS, not for anything
    else.

    > Imagine the devastation possible with such a thing if it were
    > crafted by a malevolent person.


    Um, a few dozen or perhaps hundred cracked systems at most?

    > His claim, by the way, was that AV products are useless in general and the
    > only way to protect critical systems is by direct overview and firm
    > adherence to security procedures.


    AV is always an after-the-fact measure; there's always a Windows of
    opportunity between the creation of the malware and the antidote. So
    indeed, if 100% security is required, it's quite useless. But a decent AV
    product stops most of the known threats, and there are thousands of
    sometimes decade-old viruses still out there. So for Windows users, it's
    still a must-have.

    Richard Rasker
    --
    http://www.linetec.nl

  19. Re: AVG disaster breaks Windows, Linux saves the day

    On Tue, 11 Nov 2008 23:58:40 +0100, Richard Rasker wrote:

    >I get virus-laden e-mails every day, and only the day before yesterday, my
    >spouse asked me what this was with a Web page saying "Malware detected on
    >your system, immediate removal recommended. Click the Remove button to
    >install the removal tool, or Cancel to decline", with the whole window
    >containing both the Remove and Cancel buttons of course linked to a .exe
    >file. Had she used Windows without AV, her machine would have been toast,
    >most likely -- as she had already clicked the Cancel button to make the


    I love it when the website goes through an animation showing a scan, all
    kinds of malware being detected and then to a page where you can of course
    enter credit card information. Very funny when the animation is displayed on
    a linux box.

+ Reply to Thread