Hi People,

 

I have been a computer engineer for around 7 years professionally with

around 7 years prior to that self teaching myself all I could about Windows.

I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA

qualified as well.

 

I have used Vista only a couple of times although getting a very bad feeling

about it having read many bad things and experiencing some worrying things

like it takes more time for vista to spawn and animate the copying file

dialog then it does for say windows xp to even have copied the file already.

this is only minor though.

 

Today one of my customers who has a vista machine (I dont) got in touch

saying windows was bringing up an error saying that:

 

'Windows explorer has stopped working' and then 'Windows explorer is

restarting.'

 

Now I know there is a virus/spyware/adware on it. cause i can see an icon

for counterfit antispyware.

 

the problem is even if I go into safemode to clean it (remove program and

run scans of various kinds) which would have worked pretty much most of the

time in previous versions of windows doesnt work cause you have the same

problem.

 

i am getting the feeling MS have screwed up with Vista like they did with

Windows ME.

 

 

I am shocked that years down the line after ME and I am sure MS knew what

the score was with ME. They have managed to do it again. They should have

stuck with XP - perhaps brought out some addons/updates if they really

thought people were desperate for new stuff, and put in some serious work

into Vienna. I have heard that there were so many problems with Vista they

enlisted the help of the Vienna development team to help fix stuff. Obviously

there was to much to fix.

 

Now I have had my little rant. Maybe MS will sort this.

 

My advice demand Win XP Pro on new machines. Do not be told that u must have

Vista cause it is the best around.

 

Dan

 

Ps. I have also had a customer have a problem authenticating with a WPA

encrypted wireless network as well. Which turned out to be an incompatibility

between the wireless card and Vista even though the wireless card was built

into the laptop and it had a logo saying it was certified for Vista, and this

was a big OEM's laptop. So what hope is there!

"DanielN" <DanielN@discussions.microsoft.com> wrote in message

news:1C18C11F-015D-40FC-86B6-3C2AF1A575A2@microsoft.com...

> Hi People,

>

> I have been a computer engineer for around 7 years professionally with

> around 7 years prior to that self teaching myself all I could about

> Windows.

> I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA

> qualified as well.

>

> I have used Vista only a couple of times although getting a very bad

> feeling

> about it having read many bad things and experiencing some worrying things

> like it takes more time for vista to spawn and animate the copying file

> dialog then it does for say windows xp to even have copied the file

> already.

> this is only minor though.

>

> Today one of my customers who has a vista machine (I dont) got in touch

> saying windows was bringing up an error saying that:

>

> 'Windows explorer has stopped working' and then 'Windows explorer is

> restarting.'

>

> Now I know there is a virus/spyware/adware on it. cause i can see an icon

> for counterfit antispyware.

>

> the problem is even if I go into safemode to clean it (remove program and

> run scans of various kinds) which would have worked pretty much most of

> the

> time in previous versions of windows doesnt work cause you have the same

> problem.

>

> i am getting the feeling MS have screwed up with Vista like they did with

> Windows ME.

 

 

 

 

WOW!

 

You don't think - just maybe - that there are new infections that have been

designed to prevent their being cleaned out, even in safe mode? Ever hear of

rootkits?

 

Using your thinking we should have stayed with Windows 3.1 because people

didn't hardly ever get any viruses using that system. If after building

their system and never inserted a floppy they were 100% safe. <grin>

Richard Urban wrote:

>

> "DanielN" <DanielN@discussions.microsoft.com> wrote in message

> news:1C18C11F-015D-40FC-86B6-3C2AF1A575A2@microsoft.com...

>> Hi People,

>>

>> I have been a computer engineer for around 7 years professionally with

>> around 7 years prior to that self teaching myself all I could about

>> Windows.

>> I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA

>> qualified as well.

>>

>> I have used Vista only a couple of times although getting a very bad

>> feeling

>> about it having read many bad things and experiencing some worrying

>> things

>> like it takes more time for vista to spawn and animate the copying file

>> dialog then it does for say windows xp to even have copied the file

>> already.

>> this is only minor though.

>>

>> Today one of my customers who has a vista machine (I dont) got in touch

>> saying windows was bringing up an error saying that:

>>

>> 'Windows explorer has stopped working' and then 'Windows explorer is

>> restarting.'

>>

>> Now I know there is a virus/spyware/adware on it. cause i can see an icon

>> for counterfit antispyware.

>>

>> the problem is even if I go into safemode to clean it (remove program and

>> run scans of various kinds) which would have worked pretty much most

>> of the

>> time in previous versions of windows doesnt work cause you have the same

>> problem.

>>

>> i am getting the feeling MS have screwed up with Vista like they did with

>> Windows ME.

>

>

>

>

> WOW!

>

> You don't think - just maybe - that there are new infections that have

> been designed to prevent their being cleaned out, even in safe mode?

> Ever hear of rootkits?

>

> Using your thinking we should have stayed with Windows 3.1 because

> people didn't hardly ever get any viruses using that system. If after

> building their system and never inserted a floppy they were 100% safe.

> <grin>

 

Back to the present. Use Ubuntu and never worry about a virus, root kit

or any other malware. http://www.ubuntu.com/

 

Alias

Not exactly accurate :

 

http://www.internetnews.com/dev-news/article.php/3601946

 

"Alias" <aka@maskedandanonymous.info> wrote in message

news:u9nl1pvvHHA.3588@TK2MSFTNGP06.phx.gbl...

> Richard Urban wrote:

>>

>> "DanielN" <DanielN@discussions.microsoft.com> wrote in message

>> news:1C18C11F-015D-40FC-86B6-3C2AF1A575A2@microsoft.com...

>>> Hi People,

>>>

>>> I have been a computer engineer for around 7 years professionally with

>>> around 7 years prior to that self teaching myself all I could about

>>> Windows.

>>> I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA

>>> qualified as well.

>>>

>>> I have used Vista only a couple of times although getting a very bad

>>> feeling

>>> about it having read many bad things and experiencing some worrying

>>> things

>>> like it takes more time for vista to spawn and animate the copying file

>>> dialog then it does for say windows xp to even have copied the file

>>> already.

>>> this is only minor though.

>>>

>>> Today one of my customers who has a vista machine (I dont) got in touch

>>> saying windows was bringing up an error saying that:

>>>

>>> 'Windows explorer has stopped working' and then 'Windows explorer is

>>> restarting.'

>>>

>>> Now I know there is a virus/spyware/adware on it. cause i can see an

>>> icon

>>> for counterfit antispyware.

>>>

>>> the problem is even if I go into safemode to clean it (remove program

>>> and

>>> run scans of various kinds) which would have worked pretty much most of

>>> the

>>> time in previous versions of windows doesnt work cause you have the same

>>> problem.

>>>

>>> i am getting the feeling MS have screwed up with Vista like they did

>>> with

>>> Windows ME.

>>

>>

>>

>>

>> WOW!

>>

>> You don't think - just maybe - that there are new infections that have

>> been designed to prevent their being cleaned out, even in safe mode? Ever

>> hear of rootkits?

>>

>> Using your thinking we should have stayed with Windows 3.1 because people

>> didn't hardly ever get any viruses using that system. If after building

>> their system and never inserted a floppy they were 100% safe. <grin>

>

> Back to the present. Use Ubuntu and never worry about a virus, root kit or

> any other malware. http://www.ubuntu.com/

>

> Alias

Alias doesn't know about the history of his operating system of choice to

know that rootkits were developed for Unix and are 100% effective in

Linux/Ubuntu.

 

--

 

 

Regards,

 

Richard Urban

Microsoft MVP Windows Shell/User

(For email, remove the obvious from my address)

 

 

 

"Spirit" <unknown@lost.info> wrote in message

news:erapfxvvHHA.2304@TK2MSFTNGP06.phx.gbl...

> Not exactly accurate :

>

> http://www.internetnews.com/dev-news/article.php/3601946

>

> "Alias" <aka@maskedandanonymous.info> wrote in message

> news:u9nl1pvvHHA.3588@TK2MSFTNGP06.phx.gbl...

>> Richard Urban wrote:

>>>

>>> "DanielN" <DanielN@discussions.microsoft.com> wrote in message

>>> news:1C18C11F-015D-40FC-86B6-3C2AF1A575A2@microsoft.com...

>>>> Hi People,

>>>>

>>>> I have been a computer engineer for around 7 years professionally with

>>>> around 7 years prior to that self teaching myself all I could about

>>>> Windows.

>>>> I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA

>>>> qualified as well.

>>>>

>>>> I have used Vista only a couple of times although getting a very bad

>>>> feeling

>>>> about it having read many bad things and experiencing some worrying

>>>> things

>>>> like it takes more time for vista to spawn and animate the copying file

>>>> dialog then it does for say windows xp to even have copied the file

>>>> already.

>>>> this is only minor though.

>>>>

>>>> Today one of my customers who has a vista machine (I dont) got in touch

>>>> saying windows was bringing up an error saying that:

>>>>

>>>> 'Windows explorer has stopped working' and then 'Windows explorer is

>>>> restarting.'

>>>>

>>>> Now I know there is a virus/spyware/adware on it. cause i can see an

>>>> icon

>>>> for counterfit antispyware.

>>>>

>>>> the problem is even if I go into safemode to clean it (remove program

>>>> and

>>>> run scans of various kinds) which would have worked pretty much most of

>>>> the

>>>> time in previous versions of windows doesnt work cause you have the

>>>> same

>>>> problem.

>>>>

>>>> i am getting the feeling MS have screwed up with Vista like they did

>>>> with

>>>> Windows ME.

>>>

>>>

>>>

>>>

>>> WOW!

>>>

>>> You don't think - just maybe - that there are new infections that have

>>> been designed to prevent their being cleaned out, even in safe mode?

>>> Ever hear of rootkits?

>>>

>>> Using your thinking we should have stayed with Windows 3.1 because

>>> people didn't hardly ever get any viruses using that system. If after

>>> building their system and never inserted a floppy they were 100% safe.

>>> <grin>

>>

>> Back to the present. Use Ubuntu and never worry about a virus, root kit

>> or any other malware. http://www.ubuntu.com/

>>

>> Alias

>

>

Why call it drivel? One attempt to unsuccessfully remove a piece of spyware

by somebody who had virtually no experience of an OS does not render it

drivel..

 

The OEMs are responsible for ensuring that ALL hardware included in a

package that they deem Vista capable at any level, and some have clearly not

done this.. hardly the fault of the OS, is it?

 

 

"DanielN" <DanielN@discussions.microsoft.com> wrote in message

news:1C18C11F-015D-40FC-86B6-3C2AF1A575A2@microsoft.com...

> Hi People,

>

> I have been a computer engineer for around 7 years professionally with

> around 7 years prior to that self teaching myself all I could about

> Windows.

> I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA

> qualified as well.

>

> I have used Vista only a couple of times although getting a very bad

> feeling

> about it having read many bad things and experiencing some worrying things

> like it takes more time for vista to spawn and animate the copying file

> dialog then it does for say windows xp to even have copied the file

> already.

> this is only minor though.

>

> Today one of my customers who has a vista machine (I dont) got in touch

> saying windows was bringing up an error saying that:

>

> 'Windows explorer has stopped working' and then 'Windows explorer is

> restarting.'

>

> Now I know there is a virus/spyware/adware on it. cause i can see an icon

> for counterfit antispyware.

>

> the problem is even if I go into safemode to clean it (remove program and

> run scans of various kinds) which would have worked pretty much most of

> the

> time in previous versions of windows doesnt work cause you have the same

> problem.

>

> i am getting the feeling MS have screwed up with Vista like they did with

> Windows ME.

>

>

> I am shocked that years down the line after ME and I am sure MS knew what

> the score was with ME. They have managed to do it again. They should have

> stuck with XP - perhaps brought out some addons/updates if they really

> thought people were desperate for new stuff, and put in some serious work

> into Vienna. I have heard that there were so many problems with Vista they

> enlisted the help of the Vienna development team to help fix stuff.

> Obviously

> there was to much to fix.

>

> Now I have had my little rant. Maybe MS will sort this.

>

> My advice demand Win XP Pro on new machines. Do not be told that u must

> have

> Vista cause it is the best around.

>

> Dan

>

> Ps. I have also had a customer have a problem authenticating with a WPA

> encrypted wireless network as well. Which turned out to be an

> incompatibility

> between the wireless card and Vista even though the wireless card was

> built

> into the laptop and it had a logo saying it was certified for Vista, and

> this

> was a big OEM's laptop. So what hope is there!

 

--

 

 

Mike Hall

MS MVP Windows Shell/User

http://msmvps.com/blogs/mikehall/

On Thu, 05 Jul 2007 08:11:07 -0400, Mike Hall - MVP wrote:

> Why call it drivel? One attempt to unsuccessfully remove a piece of spyware

> by somebody who had virtually no experience of an OS does not render it

> drivel..

>

> The OEMs are responsible for ensuring that ALL hardware included in a

> package that they deem Vista capable at any level, and some have clearly not

> done this.. hardly the fault of the OS, is it?

 

 

Here is one thing Mike I find to be interesting.

 

When it comes to non-windows OS' people like to blame the OS for hardware

incompatibility. I've yet to hear anyone outside the Linux community blame

hardware vendors for compatibility problems.

 

When it comes to Windows though, it's never the OS! It's always the

hardware vendors!

 

Quite an interesting double standard I think.

 

--

Stephan

2003 Yamaha R6

 

å›ã®ã“ã¨æ€ã„出ã™æ—¥ãªã‚“ã¦ãªã„ã®ã¯

å›ã®ã“ã¨å¿˜ã‚ŒãŸã¨ããŒãªã„ã‹ã‚‰

Stephan

 

Those who blame non-Windows OS for hardware incompatibility have gotten it

wrong then.. with any OS, it is generally the job of the hardware

manufacturer to produce drivers..

 

"Stephan Rose" <nospam.noway@screwspammers.com> wrote in message

news:dtSdnYkvy_ZAeRHbnZ2dnUVZ8rOdnZ2d@giganews.com...

> On Thu, 05 Jul 2007 08:11:07 -0400, Mike Hall - MVP wrote:

>

>> Why call it drivel? One attempt to unsuccessfully remove a piece of

>> spyware

>> by somebody who had virtually no experience of an OS does not render it

>> drivel..

>>

>> The OEMs are responsible for ensuring that ALL hardware included in a

>> package that they deem Vista capable at any level, and some have clearly

>> not

>> done this.. hardly the fault of the OS, is it?

>

>

> Here is one thing Mike I find to be interesting.

>

> When it comes to non-windows OS' people like to blame the OS for hardware

> incompatibility. I've yet to hear anyone outside the Linux community blame

> hardware vendors for compatibility problems.

>

> When it comes to Windows though, it's never the OS! It's always the

> hardware vendors!

>

> Quite an interesting double standard I think.

>

> --

> Stephan

> 2003 Yamaha R6

>

> å›ã®ã“ã¨æ€ã„出ã™æ—¥ãªã‚“ã¦ãªã„ã®ã¯

> å›ã®ã“ã¨å¿˜ã‚ŒãŸã¨ããŒãªã„ã‹ã‚‰

 

--

 

 

Mike Hall

MS MVP Windows Shell/User

http://msmvps.com/blogs/mikehall/

Spirit wrote:

> Not exactly accurate :

>

> http://www.internetnews.com/dev-news/article.php/3601946

 

It accurately reported NO Linux computer has been compromised.

Possibilities are one thing reality another. It's possible that you

will be struck by lightening today but unlikely.

 

Alias

>

> "Alias" <aka@maskedandanonymous.info> wrote in message

> news:u9nl1pvvHHA.3588@TK2MSFTNGP06.phx.gbl...

>> Richard Urban wrote:

>>> "DanielN" <DanielN@discussions.microsoft.com> wrote in message

>>> news:1C18C11F-015D-40FC-86B6-3C2AF1A575A2@microsoft.com...

>>>> Hi People,

>>>>

>>>> I have been a computer engineer for around 7 years professionally with

>>>> around 7 years prior to that self teaching myself all I could about

>>>> Windows.

>>>> I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA

>>>> qualified as well.

>>>>

>>>> I have used Vista only a couple of times although getting a very bad

>>>> feeling

>>>> about it having read many bad things and experiencing some worrying

>>>> things

>>>> like it takes more time for vista to spawn and animate the copying file

>>>> dialog then it does for say windows xp to even have copied the file

>>>> already.

>>>> this is only minor though.

>>>>

>>>> Today one of my customers who has a vista machine (I dont) got in touch

>>>> saying windows was bringing up an error saying that:

>>>>

>>>> 'Windows explorer has stopped working' and then 'Windows explorer is

>>>> restarting.'

>>>>

>>>> Now I know there is a virus/spyware/adware on it. cause i can see an

>>>> icon

>>>> for counterfit antispyware.

>>>>

>>>> the problem is even if I go into safemode to clean it (remove program

>>>> and

>>>> run scans of various kinds) which would have worked pretty much most of

>>>> the

>>>> time in previous versions of windows doesnt work cause you have the same

>>>> problem.

>>>>

>>>> i am getting the feeling MS have screwed up with Vista like they did

>>>> with

>>>> Windows ME.

>>>

>>>

>>>

>>> WOW!

>>>

>>> You don't think - just maybe - that there are new infections that have

>>> been designed to prevent their being cleaned out, even in safe mode? Ever

>>> hear of rootkits?

>>>

>>> Using your thinking we should have stayed with Windows 3.1 because people

>>> didn't hardly ever get any viruses using that system. If after building

>>> their system and never inserted a floppy they were 100% safe. <grin>

>> Back to the present. Use Ubuntu and never worry about a virus, root kit or

>> any other malware. http://www.ubuntu.com/

>>

>> Alias

>

>

Richard Urban wrote:

> Alias doesn't know about the history of his operating system of choice

> to know that rootkits were developed for Unix and are 100% effective in

> Linux/Ubuntu.

>

 

Yet there are no reports of this possibility happening so go figure.

 

Alias

Stephan Rose wrote:

> On Thu, 05 Jul 2007 08:11:07 -0400, Mike Hall - MVP wrote:

>

>> Why call it drivel? One attempt to unsuccessfully remove a piece of spyware

>> by somebody who had virtually no experience of an OS does not render it

>> drivel..

>>

>> The OEMs are responsible for ensuring that ALL hardware included in a

>> package that they deem Vista capable at any level, and some have clearly not

>> done this.. hardly the fault of the OS, is it?

>

>

> Here is one thing Mike I find to be interesting.

>

> When it comes to non-windows OS' people like to blame the OS for hardware

> incompatibility. I've yet to hear anyone outside the Linux community blame

> hardware vendors for compatibility problems.

>

> When it comes to Windows though, it's never the OS! It's always the

> hardware vendors!

>

> Quite an interesting double standard I think.

>

 

I noticed this double standard too.

 

Alias

>Now I know there is a virus/spyware/adware on it. cause i can see an icon

>for counterfit antispyware.

 

If the above holds true then you have a form of the Smithfraud Trojan malware.

 

Do the preparatory steps here:

 

http://www.elephantboycomputers.com/page2.html#Removing_Malware

 

Include scanning with David Lipman's Multi_AV and follow instructions to

do all scans in Safe Mode.

 

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions

http://pcdid.com/Multi_AV.htm - download

 

Then do the specific steps here:

 

http://www.elephantboycomputers.com/page2.html#Smitfraud_Trojan

 

When all else fails, run HijackThis and post your log in one of the

specialty forums listed at the first link above (not here, please).

 

--

Peter

 

Please Reply to Newsgroup for the benefit of others

Requests for assistance by email can not and will not be acknowledged.

 

"DanielN" <DanielN@discussions.microsoft.com> wrote in message news:1C18C11F-015D-40FC-86B6-3C2AF1A575A2@microsoft.com...

> Hi People,

>

> I have been a computer engineer for around 7 years professionally with

> around 7 years prior to that self teaching myself all I could about Windows.

> I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA

> qualified as well.

>

> I have used Vista only a couple of times although getting a very bad feeling

> about it having read many bad things and experiencing some worrying things

> like it takes more time for vista to spawn and animate the copying file

> dialog then it does for say windows xp to even have copied the file already.

> this is only minor though.

>

> Today one of my customers who has a vista machine (I dont) got in touch

> saying windows was bringing up an error saying that:

>

> 'Windows explorer has stopped working' and then 'Windows explorer is

> restarting.'

>

> Now I know there is a virus/spyware/adware on it. cause i can see an icon

> for counterfit antispyware.

>

> the problem is even if I go into safemode to clean it (remove program and

> run scans of various kinds) which would have worked pretty much most of the

> time in previous versions of windows doesnt work cause you have the same

> problem.

>

> i am getting the feeling MS have screwed up with Vista like they did with

> Windows ME.

>

>

> I am shocked that years down the line after ME and I am sure MS knew what

> the score was with ME. They have managed to do it again. They should have

> stuck with XP - perhaps brought out some addons/updates if they really

> thought people were desperate for new stuff, and put in some serious work

> into Vienna. I have heard that there were so many problems with Vista they

> enlisted the help of the Vienna development team to help fix stuff. Obviously

> there was to much to fix.

>

> Now I have had my little rant. Maybe MS will sort this.

>

> My advice demand Win XP Pro on new machines. Do not be told that u must have

> Vista cause it is the best around.

>

> Dan

>

> Ps. I have also had a customer have a problem authenticating with a WPA

> encrypted wireless network as well. Which turned out to be an incompatibility

> between the wireless card and Vista even though the wireless card was built

> into the laptop and it had a logo saying it was certified for Vista, and this

> was a big OEM's laptop. So what hope is there!

* Alias:

> Back to the present. Use Ubuntu and never worry about a virus, root kit or any other

> malware. http://www.ubuntu.com/

 

http://www.ussrback.com/UNIX/penetration/rootkits/

 

http://www.juniper.net/security/auto/vulnerabilities/vuln737.html

Linux Rootkit II is a collection of publicly available Trojan utilities that target vulnerable

Linux operating systems.

 

http://linuxhelp.blogspot.com/2006/12/various-ways-of-detecting-rootkits-in.html

Consider this scenario... Your machine running GNU/Linux has been penetrated by a hacker without

your knowledge and he has swapped the passwd program which you use to change the user password

with one of his own. His passwd program has the same name as the real passwd program and works

flawlessly in all respects except for the fact that it will also gather data residing on your

machine such as the user details each time it is run and transmit it to a remote location or it

will open a back door for outsiders by providing easy root access and all the time, you will

not be aware of its true intention. This is an example of your machine getting rooted - another

way of saying your machine is compromised. And the passwd program which the hacker introduced

into your machine is a trojaned rootkit.

 

http://sourceforge.net/projects/checkps/

 

http://www.chkrootkit.org/

http://en.wikipedia.org/wiki/Chkrootkit

 

http://www.rootkit.nl/projects/rootkit_hunter.html

http://linux.softpedia.com/get/Security/Rootkit-Hunter-4460.shtml

http://en.wikipedia.org/wiki/Rkhunter

 

http://www.zeppoo.net/

Zeppoo allows you to detect rootkits on the i386 architecture under Linux by using /dev/kmem

and /dev/mem. It can also detect hidden tasks, modules, syscalls, some corrupted symbols, and

hidden connections.

 

http://www.theregister.co.uk/2002/09/19/linux_rootkit_hacker_suspect_arrested/

A 21-year old from Surbiton, Surrey has been arrested on suspicion of writing and distributing

the T0rn rootkit, which dumbs down the process of hacking Linux servers.

 

http://vancouver-webpages.com/rkdet/

This program is a daemon intended to catch someone installing a rootkit or running a packet

sniffer. It is designed to run continually with a small footprint under an innocuous name. When

triggered, it sends email, appends to a logfile, and disables networking or halts the system.

it is designed to install with the minimum of disruption to a normal multiuser system, and

should not require rebuilding with each kernel change or system upgrade.

 

http://www.sans.org/resources/malwarefaq/t0rn_rootkit.php

In most cases, it's quite easy to exploit a given vulnerability and gain root access to a

system. What's an actual challenge to an attacker is to maintain such privileges and remain

stealthy.

 

There are many options to accomplish this goal, such as deleting log files, installing rootkits

and kernel rootkits. The main concepts described here are applicable to the most rootkits

available.

 

One of the most known rootkits available for Linux platform is the t0rn rootkit, created by

J0hnny7. The version showed at this paper (the first one published) uses pre-compiled binaries

and it's structure is based on Linux Rootkit (LRK).

 

http://www.la-samhna.de/library/rootkits/index.html

the Linux Kernel Rootkits paper

 

http://search.techrepublic.com.com/search/Linux+and+rootkit.html

 

http://www.linuxforums.org/forum/linux-security/2510-linux-has-rootkit-problem.html

 

http://www.linuxsecurity.com/content/view/127202/171/

26 February 2007

 

Overview

A rootkit is a group of software tools which an attacker can use to hide their tracks. A

rootkit can also contain software which allows the attacker to get root access and steal or

remove files on a system. Another goal for a rootkit is for the attacker to maintain access to

the hijacked computer. Rootkits are written for many different operating systems however, this

article will only talk about Linux rootkits.

Alias

 

You are way too smug regarding how safe you believe Linux/Unix to be..

 

One of the articles below explains how a Linux system can be a virus carrier

without the user ever knowing.. this situation is every bit as bad as a

Windows system that has been breached.. the others are from different years,

but all alerting to the fact that Linux/Unix and MAC are not 100% virus

immune..

 

I have yet to come across a 'true' Linux professional who would put their

name to the misleading claims made by you.. your anti-MS stance is blinding

you to the realities of ANY OS.. that makes you dangerous..

 

 

"Alias" <aka@maskedandanonymous.info> wrote in message

news:eS2gVRwvHHA.3468@TK2MSFTNGP05.phx.gbl...

> Richard Urban wrote:

>> Alias doesn't know about the history of his operating system of choice to

>> know that rootkits were developed for Unix and are 100% effective in

>> Linux/Ubuntu.

>>

>

> Yet there are no reports of this possibility happening so go figure.

>

> Alias

 

--

 

 

Mike Hall

MS MVP Windows Shell/User

http://msmvps.com/blogs/mikehall/

Unfortunately, Windows bigots are every bit as misleading as Linux bigots..

 

The common denominator here is the term 'bigot'..

 

 

"Alias" <aka@maskedandanonymous.info> wrote in message

news:ueAguRwvHHA.3468@TK2MSFTNGP05.phx.gbl...

Alias will refuse to believe "any" of this. He has placed his head where the

sun doesn't shine.

 

--

 

 

Regards,

 

Richard Urban

Microsoft MVP Windows Shell/User

(For email, remove the obvious from my address)

 

 

 

"MICHAEL" <u158627_emr2@dslr.net> wrote in message

news:udVstfwvHHA.736@TK2MSFTNGP06.phx.gbl...

>

>

> * Alias:

>> Back to the present. Use Ubuntu and never worry about a virus, root kit

>> or any other

>> malware. http://www.ubuntu.com/

>

> http://www.ussrback.com/UNIX/penetration/rootkits/

>

> http://www.juniper.net/security/auto/vulnerabilities/vuln737.html

> Linux Rootkit II is a collection of publicly available Trojan utilities

> that target vulnerable

> Linux operating systems.

>

> http://linuxhelp.blogspot.com/2006/12/various-ways-of-detecting-rootkits-in.html

> Consider this scenario... Your machine running GNU/Linux has been

> penetrated by a hacker without

> your knowledge and he has swapped the passwd program which you use to

> change the user password

> with one of his own. His passwd program has the same name as the real

> passwd program and works

> flawlessly in all respects except for the fact that it will also gather

> data residing on your

> machine such as the user details each time it is run and transmit it to a

> remote location or it

> will open a back door for outsiders by providing easy root access and all

> the time, you will

> not be aware of its true intention. This is an example of your machine

> getting rooted - another

> way of saying your machine is compromised. And the passwd program which

> the hacker introduced

> into your machine is a trojaned rootkit.

>

> http://sourceforge.net/projects/checkps/

>

> http://www.chkrootkit.org/

> http://en.wikipedia.org/wiki/Chkrootkit

>

> http://www.rootkit.nl/projects/rootkit_hunter.html

> http://linux.softpedia.com/get/Security/Rootkit-Hunter-4460.shtml

> http://en.wikipedia.org/wiki/Rkhunter

>

> http://www.zeppoo.net/

> Zeppoo allows you to detect rootkits on the i386 architecture under Linux

> by using /dev/kmem

> and /dev/mem. It can also detect hidden tasks, modules, syscalls, some

> corrupted symbols, and

> hidden connections.

>

> http://www.theregister.co.uk/2002/09/19/linux_rootkit_hacker_suspect_arrested/

> A 21-year old from Surbiton, Surrey has been arrested on suspicion of

> writing and distributing

> the T0rn rootkit, which dumbs down the process of hacking Linux servers.

>

> http://vancouver-webpages.com/rkdet/

> This program is a daemon intended to catch someone installing a rootkit or

> running a packet

> sniffer. It is designed to run continually with a small footprint under an

> innocuous name. When

> triggered, it sends email, appends to a logfile, and disables networking

> or halts the system.

> it is designed to install with the minimum of disruption to a normal

> multiuser system, and

> should not require rebuilding with each kernel change or system upgrade.

>

> http://www.sans.org/resources/malwarefaq/t0rn_rootkit.php

> In most cases, it's quite easy to exploit a given vulnerability and gain

> root access to a

> system. What's an actual challenge to an attacker is to maintain such

> privileges and remain

> stealthy.

>

> There are many options to accomplish this goal, such as deleting log

> files, installing rootkits

> and kernel rootkits. The main concepts described here are applicable to

> the most rootkits

> available.

>

> One of the most known rootkits available for Linux platform is the t0rn

> rootkit, created by

> J0hnny7. The version showed at this paper (the first one published) uses

> pre-compiled binaries

> and it's structure is based on Linux Rootkit (LRK).

>

> http://www.la-samhna.de/library/rootkits/index.html

> the Linux Kernel Rootkits paper

>

> http://search.techrepublic.com.com/search/Linux+and+rootkit.html

>

> http://www.linuxforums.org/forum/linux-security/2510-linux-has-rootkit-problem.html

>

> http://www.linuxsecurity.com/content/view/127202/171/

> 26 February 2007

>

> Overview

> A rootkit is a group of software tools which an attacker can use to hide

> their tracks. A

> rootkit can also contain software which allows the attacker to get root

> access and steal or

> remove files on a system. Another goal for a rootkit is for the attacker

> to maintain access to

> the hijacked computer. Rootkits are written for many different operating

> systems however, this

> article will only talk about Linux rootkits.

* Alias:

> Back to the present. Use Ubuntu and never worry about a virus, root kit or any other

> malware. http://www.ubuntu.com/

 

http://www.sans.org/reading_room/whitepapers/linux/901.php

Linux RootKits For Beginners - From Prevention to Removal

 

One day while reading a mail list for the Linux Users Group in my hometown I discovered a call

for help. It was a posting from a novice Linux user with a disturbing issue. While doing some

routine checks on a Linux system, he found a user that had been added to the system with the

user id of 0 (root). His first thought was that it might be a rootkit. He wanted to know what

he could do to verify it was a rootkit and how to remove it from the system. He further asked

for suggestions on preventative measures to ensure this kind of attack does not reoccur. That

situation prompted me to write this paper to an understanding of rootkits and its effects. This

paper will also discuss how to monitor for a rootkit, and the steps that need to be taken to

remove one.

Mike Hall - MVP wrote:

> Alias

>

> You are way too smug regarding how safe you believe Linux/Unix to be..

>

> One of the articles below explains how a Linux system can be a virus

> carrier without the user ever knowing.. this situation is every bit as

> bad as a Windows system that has been breached.. the others are from

> different years, but all alerting to the fact that Linux/Unix and MAC

> are not 100% virus immune..

>

> I have yet to come across a 'true' Linux professional who would put

> their name to the misleading claims made by you.. your anti-MS stance is

> blinding you to the realities of ANY OS.. that makes you dangerous..

 

Care to give me proof that a Linux box has been compromised? Can't?

Didn't think so. Shall we compare the number of Windows boxes that are a

part of a bot-herd to Linux? Didn't think so.

 

Fact is that Windows is MUCH more susceptible than Ubuntu and, in the

unlikely case that one's Ubuntu box has become infected, all one need do

is nuke the user, create another one and restore the back up.

 

Alias

>

>

> "Alias" <aka@maskedandanonymous.info> wrote in message

> news:eS2gVRwvHHA.3468@TK2MSFTNGP05.phx.gbl...

>> Richard Urban wrote:

>>> Alias doesn't know about the history of his operating system of

>>> choice to know that rootkits were developed for Unix and are 100%

>>> effective in Linux/Ubuntu.

>>>

>>

>> Yet there are no reports of this possibility happening so go figure.

>>

>> Alias

>

I see that you are not taking any prisoners today.. :-)

 

 

"MICHAEL" <u158627_emr2@dslr.net> wrote in message

news:udVstfwvHHA.736@TK2MSFTNGP06.phx.gbl...

>

>

> * Alias:

>> Back to the present. Use Ubuntu and never worry about a virus, root kit

>> or any other

>> malware. http://www.ubuntu.com/

>

> http://www.ussrback.com/UNIX/penetration/rootkits/

>

> http://www.juniper.net/security/auto/vulnerabilities/vuln737.html

> Linux Rootkit II is a collection of publicly available Trojan utilities

> that target vulnerable

> Linux operating systems.

>

> http://linuxhelp.blogspot.com/2006/12/various-ways-of-detecting-rootkits-in.html

> Consider this scenario... Your machine running GNU/Linux has been

> penetrated by a hacker without

> your knowledge and he has swapped the passwd program which you use to

> change the user password

> with one of his own. His passwd program has the same name as the real

> passwd program and works

> flawlessly in all respects except for the fact that it will also gather

> data residing on your

> machine such as the user details each time it is run and transmit it to a

> remote location or it

> will open a back door for outsiders by providing easy root access and all

> the time, you will

> not be aware of its true intention. This is an example of your machine

> getting rooted - another

> way of saying your machine is compromised. And the passwd program which

> the hacker introduced

> into your machine is a trojaned rootkit.

>

> http://sourceforge.net/projects/checkps/

>

> http://www.chkrootkit.org/

> http://en.wikipedia.org/wiki/Chkrootkit

>

> http://www.rootkit.nl/projects/rootkit_hunter.html

> http://linux.softpedia.com/get/Security/Rootkit-Hunter-4460.shtml

> http://en.wikipedia.org/wiki/Rkhunter

>

> http://www.zeppoo.net/

> Zeppoo allows you to detect rootkits on the i386 architecture under Linux

> by using /dev/kmem

> and /dev/mem. It can also detect hidden tasks, modules, syscalls, some

> corrupted symbols, and

> hidden connections.

>

> http://www.theregister.co.uk/2002/09/19/linux_rootkit_hacker_suspect_arrested/

> A 21-year old from Surbiton, Surrey has been arrested on suspicion of

> writing and distributing

> the T0rn rootkit, which dumbs down the process of hacking Linux servers.

>

> http://vancouver-webpages.com/rkdet/

> This program is a daemon intended to catch someone installing a rootkit or

> running a packet

> sniffer. It is designed to run continually with a small footprint under an

> innocuous name. When

> triggered, it sends email, appends to a logfile, and disables networking

> or halts the system.

> it is designed to install with the minimum of disruption to a normal

> multiuser system, and

> should not require rebuilding with each kernel change or system upgrade.

>

> http://www.sans.org/resources/malwarefaq/t0rn_rootkit.php

> In most cases, it's quite easy to exploit a given vulnerability and gain

> root access to a

> system. What's an actual challenge to an attacker is to maintain such

> privileges and remain

> stealthy.

>

> There are many options to accomplish this goal, such as deleting log

> files, installing rootkits

> and kernel rootkits. The main concepts described here are applicable to

> the most rootkits

> available.

>

> One of the most known rootkits available for Linux platform is the t0rn

> rootkit, created by

> J0hnny7. The version showed at this paper (the first one published) uses

> pre-compiled binaries

> and it's structure is based on Linux Rootkit (LRK).

>

> http://www.la-samhna.de/library/rootkits/index.html

> the Linux Kernel Rootkits paper

>

> http://search.techrepublic.com.com/search/Linux+and+rootkit.html

>

> http://www.linuxforums.org/forum/linux-security/2510-linux-has-rootkit-problem.html

>

> http://www.linuxsecurity.com/content/view/127202/171/

> 26 February 2007

>

> Overview

> A rootkit is a group of software tools which an attacker can use to hide

> their tracks. A

> rootkit can also contain software which allows the attacker to get root

> access and steal or

> remove files on a system. Another goal for a rootkit is for the attacker

> to maintain access to

> the hijacked computer. Rootkits are written for many different operating

> systems however, this

> article will only talk about Linux rootkits.

 

--

 

 

Mike Hall

MS MVP Windows Shell/User

http://msmvps.com/blogs/mikehall/

MICHAEL wrote:

>

> * Alias:

>> Back to the present. Use Ubuntu and never worry about a virus, root kit or any other

>> malware. http://www.ubuntu.com/

>

> http://www.ussrback.com/UNIX/penetration/rootkits/

>

> http://www.juniper.net/security/auto/vulnerabilities/vuln737.html

> Linux Rootkit II is a collection of publicly available Trojan utilities that target vulnerable

> Linux operating systems.

>

> http://linuxhelp.blogspot.com/2006/12/various-ways-of-detecting-rootkits-in.html

> Consider this scenario... Your machine running GNU/Linux has been penetrated by a hacker without

> your knowledge and he has swapped the passwd program which you use to change the user password

> with one of his own. His passwd program has the same name as the real passwd program and works

> flawlessly in all respects except for the fact that it will also gather data residing on your

> machine such as the user details each time it is run and transmit it to a remote location or it

> will open a back door for outsiders by providing easy root access and all the time, you will

> not be aware of its true intention. This is an example of your machine getting rooted - another

> way of saying your machine is compromised. And the passwd program which the hacker introduced

> into your machine is a trojaned rootkit.

>

> http://sourceforge.net/projects/checkps/

>

> http://www.chkrootkit.org/

> http://en.wikipedia.org/wiki/Chkrootkit

>

> http://www.rootkit.nl/projects/rootkit_hunter.html

> http://linux.softpedia.com/get/Security/Rootkit-Hunter-4460.shtml

> http://en.wikipedia.org/wiki/Rkhunter

>

> http://www.zeppoo.net/

> Zeppoo allows you to detect rootkits on the i386 architecture under Linux by using /dev/kmem

> and /dev/mem. It can also detect hidden tasks, modules, syscalls, some corrupted symbols, and

> hidden connections.

>

> http://www.theregister.co.uk/2002/09/19/linux_rootkit_hacker_suspect_arrested/

> A 21-year old from Surbiton, Surrey has been arrested on suspicion of writing and distributing

> the T0rn rootkit, which dumbs down the process of hacking Linux servers.

>

> http://vancouver-webpages.com/rkdet/

> This program is a daemon intended to catch someone installing a rootkit or running a packet

> sniffer. It is designed to run continually with a small footprint under an innocuous name. When

> triggered, it sends email, appends to a logfile, and disables networking or halts the system.

> it is designed to install with the minimum of disruption to a normal multiuser system, and

> should not require rebuilding with each kernel change or system upgrade.

>

> http://www.sans.org/resources/malwarefaq/t0rn_rootkit.php

> In most cases, it's quite easy to exploit a given vulnerability and gain root access to a

> system. What's an actual challenge to an attacker is to maintain such privileges and remain

> stealthy.

>

> There are many options to accomplish this goal, such as deleting log files, installing rootkits

> and kernel rootkits. The main concepts described here are applicable to the most rootkits

> available.

>

> One of the most known rootkits available for Linux platform is the t0rn rootkit, created by

> J0hnny7. The version showed at this paper (the first one published) uses pre-compiled binaries

> and it's structure is based on Linux Rootkit (LRK).

>

> http://www.la-samhna.de/library/rootkits/index.html

> the Linux Kernel Rootkits paper

>

> http://search.techrepublic.com.com/search/Linux+and+rootkit.html

>

> http://www.linuxforums.org/forum/linux-security/2510-linux-has-rootkit-problem.html

>

> http://www.linuxsecurity.com/content/view/127202/171/

> 26 February 2007

>

> Overview

> A rootkit is a group of software tools which an attacker can use to hide their tracks. A

> rootkit can also contain software which allows the attacker to get root access and steal or

> remove files on a system. Another goal for a rootkit is for the attacker to maintain access to

> the hijacked computer. Rootkits are written for many different operating systems however, this

> article will only talk about Linux rootkits.

 

Possibilities, possibilities ... How many Linux boxes have been

compromised compared to Windows boxes?

 

Alias

Richard Urban wrote:

> Alias will refuse to believe "any" of this. He has placed his head where

> the sun doesn't shine.

>

 

With what would one be safer from malware, Linux or Windows?

 

Alias

MICHAEL wrote:

>

> * Alias:

>> Back to the present. Use Ubuntu and never worry about a virus, root kit or any other

>> malware. http://www.ubuntu.com/

>

> http://www.sans.org/reading_room/whitepapers/linux/901.php

> Linux RootKits For Beginners - From Prevention to Removal

>

> One day while reading a mail list for the Linux Users Group in my hometown I discovered a call

> for help. It was a posting from a novice Linux user with a disturbing issue. While doing some

> routine checks on a Linux system, he found a user that had been added to the system with the

> user id of 0 (root). His first thought was that it might be a rootkit. He wanted to know what

> he could do to verify it was a rootkit and how to remove it from the system. He further asked

> for suggestions on preventative measures to ensure this kind of attack does not reoccur. That

> situation prompted me to write this paper to an understanding of rootkits and its effects. This

> paper will also discuss how to monitor for a rootkit, and the steps that need to be taken to

> remove one.

>

 

I never said that a firewall wasn't necessary. Ubuntu comes with one

built-in. I would also recommend a router hard firewall.

 

Alias

This is where you are DEAD WRONG? Windows, because of its

popularity, is attacked more often. It is NOT because it in inherently

more susceptible. Seems folks that write the malware really like to

see it do as much damage as possible.

 

Saying that Linux has less to worry about presently is true. Saying its

because its a fundamentally more sound OS is not even close.

 

"Alias" <aka@maskedandanonymous.info> wrote in message

news:eDCvIqwvHHA.4384@TK2MSFTNGP02.phx.gbl...

> Mike Hall - MVP wrote:

>> Alias

>>

>> You are way too smug regarding how safe you believe Linux/Unix to be..

>>

>> One of the articles below explains how a Linux system can be a virus

>> carrier without the user ever knowing.. this situation is every bit as

>> bad as a Windows system that has been breached.. the others are from

>> different years, but all alerting to the fact that Linux/Unix and MAC are

>> not 100% virus immune..

>>

>> I have yet to come across a 'true' Linux professional who would put their

>> name to the misleading claims made by you.. your anti-MS stance is

>> blinding you to the realities of ANY OS.. that makes you dangerous..

>

> Care to give me proof that a Linux box has been compromised? Can't? Didn't

> think so. Shall we compare the number of Windows boxes that are a part of

> a bot-herd to Linux? Didn't think so.

>

> Fact is that Windows is MUCH more susceptible than Ubuntu and, in the

> unlikely case that one's Ubuntu box has become infected, all one need do

> is nuke the user, create another one and restore the back up.

>

> Alias

>>

>>

>> "Alias" <aka@maskedandanonymous.info> wrote in message

>> news:eS2gVRwvHHA.3468@TK2MSFTNGP05.phx.gbl...

>>> Richard Urban wrote:

>>>> Alias doesn't know about the history of his operating system of choice

>>>> to know that rootkits were developed for Unix and are 100% effective in

>>>> Linux/Ubuntu.

>>>>

>>>

>>> Yet there are no reports of this possibility happening so go figure.

>>>

>>> Alias

>>

Alias

 

Even the educated Linux community are laughing at you.. I have never come

across anybody so deep into denial as you.. absolutely stunning..

* Richard Urban:

> Alias will refuse to believe "any" of this. He has placed his head where the

> sun doesn't shine.

 

Mr. Alias the Evangelist has a common flaw

that strikes many fanatics- he wants you to

"see" the truth, no matter if it's actually true.

 

"Absolute truth" is for absolute fools

 

Change a few words in this poem, and it can fit several

fools who roam this group.

 

http://www.authorsden.com/visit/viewpoetry.asp?id=169324&AuthorID=6177

 

The "Evangelists"

© P. J. Oszmann (2006)

 

They're everyday people, just like the rest,

 

But with one all prevailing interest,

 

Spreading the message of "ultimate truth",

 

Eternal life and spiritual youth,

 

Way to paradise, endless happiness,

 

The end to feeling dread and emptiness.

 

They preach from pulpit, minaret, or church,

 

Synagogue, dome, temple, any odd perch,

 

At your doorstep, even at your table,

 

Filling heads with "miraculous fable"…

 

…If you can't see it, you got to be blind,

 

These people are just toying with your mind.

 

The matter of faith is for you alone

 

You may embrace it, or you may disown,

 

The path you walk is a choice for your heart,

 

But use your mind too you got to be smart.

 

"Absolute truth" is for absolute fools

 

Carrying burdens best left to the mules.

 

The path to "enlightenment" is hard enough,

 

Without leg irons, chains and tight handcuffs.

 

Follow your own path with an open heart

 

And you will soar high, like a golden dart.

 

Don't let false prophets turn you deaf and blind,

 

These people are just toying with your mind.