From: m on
I am glad that you have found a workaround for your problem. I must
interject however, that as someone who has worked on many HW and software
platforms, some of your comments are silly. No version on *nix is immune to
the attacks that you describe as plaguing Windows - even though many builds
are better at hiding their deficiencies ;)

It is true that there are fewer viruses for *nix then for Windows, but that
should surprise no one, and does not imply that it is less vulnerable.
Similarly, it is easily possible to abuse the kernel in either OS, but more
commonly done for Windows since those who would try for UNIX, simply make
their own custom Linux build with whatever changes, detrimental or
otherwise, that they desire. And as the security model for both is nearly
identical, downloading and installing software bears the same risks in
either OS - but the lack of functionality in some kinds of programs for
Windows is a plaguing problem for me too!


"tanix" <tanix(a)mongo.net> wrote in message
news:hgl16j$l5e$2(a)news.eternal-september.org...
> In article <DAB9CB7C-E4B5-4FC2-90DC-90736DF1D9F6(a)microsoft.com>, "Pavel
> A." <pavel_a(a)12fastmail34.fm> wrote:
>>"tanix" <tanix(a)mongo.net> wrote in message
>>news:hgjpef$el6$3(a)news.eternal-september.org...
>>> In article <81878418-E87A-4C50-B6BA-EDBE053B03E2(a)microsoft.com>, "Pavel
>>> A." <pavel_a(a)12fastmail34.fm> wrote:
>>>>Then, let me explain this again.
>>>>Since the system becomes not responsible, it looks like a kernel mode
>>>>problem.
>>>
>>> Yep. That is what I thought first.
>>> Except Windows is not trully multi-tasking system
>>> and I saw plenty of times the system is freezing
>>> because of some not well behaved program so far.
>>
>>Understood. Yes, this should not normally occur, even on Windows.
>>Yet this can occur because of bugs in certain video drivers & BIOS,
>>various utilities that install hooks in various places, malware and
>>anti=malware.
>
> That is why I asked: is there a low level kernel mode driver
> in firefox? Cause that is about the only thing I can think of
> that can possibly cause this kind of a behavior. To freeze the
> kernel so bad that it even stops executing its normal disk
> activity as you disk stops flashing the disk access light?
>
> I really do not see what can possibly be the reason for the
> app to cause such a behavior, unless firefox does some fast
> rendering via their own kernel mode driver.
>
>>Windows still is a true multitasking system (unless abused).
>
> Well, that is not my experience.
> But let is slide for now. I could care less.
> It is what it is and I have to live with it
> even though Linux Ubuntu seems MUCH more pleasant and stable
> to me. Plus the very fact that you do not have security
> related issues, such as trojans and viruses, is becoming
> one of the prime criterias for me.
>
> Plus the ability to have as many desktops as you like
> is also a big plus for me.
>
> Plus the ability to install just about anything I possibly
> want without all the hassle and without worrying about security
> issues is also a big plus.
>
> Even such issues as text editors are much better on Linux
> then on windows, even though notepad++ is quite a nice editor.
> This is one of the things I care about quite a bit.
>
> Plus the ability to do all sorts of installs on line and
> not needing to reboot the box, is quite a plus for me.
>
> Plus knowing that Linux IS in fact a true multitasking system
> and that no app, no matter what, can possibly freeze your
> box or make your system non responsive as I saw WAY too many
> times on windows, counts for me.
>
> Probably about the only reason I am forced to stay with win
> for now is very poor performance of the JVM (Java Virtual Machine),
> which translates in my case in doubling the time of processing
> some big job I regularly do that takes hours if not days to
> complete.
>
> Another thing is GUI is not as fine grained as Windows
> and it looks a bit bulky.
>
> Beyond that, I'd be willing to swith to Linux entirely
> and forget all these windows horror trips. Cause they do
> get under my skin to the point that just one more thing
> may make me switch to Linux forever.
>
>>Regards,
>>--pa
>
> --
> Programmer's Goldmine collections:
>
> http://preciseinfo.org
>
> Tens of thousands of code examples and expert discussions on
> C++, MFC, VC, ATL, STL, templates, Java, Python, Javascript,
> organized by major topics of language, tools, methods, techniques.
>
From: tanix on
In article <#75VbkcgKHA.5792(a)TK2MSFTNGP05.phx.gbl>, "m" <m(a)b.c> wrote:
>I am glad that you have found a workaround for your problem. I must
>interject however, that as someone who has worked on many HW and software
>platforms, some of your comments are silly. No version on *nix is immune to
>the attacks that you describe as plaguing Windows - even though many builds
>are better at hiding their deficiencies ;)
>
>It is true that there are fewer viruses for *nix then for Windows, but that
>should surprise no one, and does not imply that it is less vulnerable.
>Similarly, it is easily possible to abuse the kernel in either OS, but more
>commonly done for Windows since those who would try for UNIX, simply make
>their own custom Linux build with whatever changes, detrimental or
>otherwise, that they desire. And as the security model for both is nearly
>identical, downloading and installing software bears the same risks in
>either OS - but the lack of functionality in some kinds of programs for
>Windows is a plaguing problem for me too!

Wut?

First of all, when I get some package on Linux,
I get it from the trusted site by definition.

Since there is no "copyright" issues, I am mean it when I quote it,
there is really no need for you to even bother downloading something
from some funky site.

True, there is no fundamental difference between different O/Ses,
as far as security goes.

But...

For some strange reason, there is no such a concept in Linux
as viruses or trojans.

When my box was rooted with the "latest and greatest" rootkit,
that was as sophisticated as I have EVER seen anything,
and after me, trying to recover for it for few days, thanx
to my monitoring firewall, the more I was digging into it,
the more my hairs rose as I began to realize that even if
i reformat my drive, it won't help anything. The rootkit
is still there.

Even if i throw that drive away, does not help.
The rootkit is still there.

Here is what I found:

First of all, since it is possible to modify your boot
record on a hard disk, that means you can insall a jump
vector and totally control the boot process or anything
else for that matter.

Even if you flush BIOS, you are "flushing" it under the
rootkit supervision. So all those "OK" mesages are
meaningless.

What happens is this:

During the boot process, they modify your MBR, and I did
verify it for fact. So, they make one of your parititions
smaller and you don't even notice any of that.
ALL that happened is you lost about 6 megs of memory
in my case.

Now, they store tons of trojans and viruses between
partitions and they can run them any time they want more
or less, no matter what you think or do.

No antivirus program is capable of detecting this kind of
thing even in principle.

Do I have to tell you more?

Well, I WAS able to recover. I took me more than a month,
and it was a matter of principle for me.
Eventually, I found its weaknesses and simply cut a vain
on their throat, again, thanx to my monitoring fireawall.
And I logged their entire global network so bad, that
some "rulers" on IRC and specifically on #ubuntu channel
got freaked out for some reason.

Well, that is good enough for now.
I do not want to waste more time on this.

>"tanix" <tanix(a)mongo.net> wrote in message
>news:hgl16j$l5e$2(a)news.eternal-september.org...
>> In article <DAB9CB7C-E4B5-4FC2-90DC-90736DF1D9F6(a)microsoft.com>, "Pavel
>> A." <pavel_a(a)12fastmail34.fm> wrote:
>>>"tanix" <tanix(a)mongo.net> wrote in message
>>>news:hgjpef$el6$3(a)news.eternal-september.org...
>>>> In article <81878418-E87A-4C50-B6BA-EDBE053B03E2(a)microsoft.com>, "Pavel
>>>> A." <pavel_a(a)12fastmail34.fm> wrote:
>>>>>Then, let me explain this again.
>>>>>Since the system becomes not responsible, it looks like a kernel mode
>>>>>problem.
>>>>
>>>> Yep. That is what I thought first.
>>>> Except Windows is not trully multi-tasking system
>>>> and I saw plenty of times the system is freezing
>>>> because of some not well behaved program so far.
>>>
>>>Understood. Yes, this should not normally occur, even on Windows.
>>>Yet this can occur because of bugs in certain video drivers & BIOS,
>>>various utilities that install hooks in various places, malware and
>>>anti=malware.
>>
>> That is why I asked: is there a low level kernel mode driver
>> in firefox? Cause that is about the only thing I can think of
>> that can possibly cause this kind of a behavior. To freeze the
>> kernel so bad that it even stops executing its normal disk
>> activity as you disk stops flashing the disk access light?
>>
>> I really do not see what can possibly be the reason for the
>> app to cause such a behavior, unless firefox does some fast
>> rendering via their own kernel mode driver.
>>
>>>Windows still is a true multitasking system (unless abused).
>>
>> Well, that is not my experience.
>> But let is slide for now. I could care less.
>> It is what it is and I have to live with it
>> even though Linux Ubuntu seems MUCH more pleasant and stable
>> to me. Plus the very fact that you do not have security
>> related issues, such as trojans and viruses, is becoming
>> one of the prime criterias for me.
>>
>> Plus the ability to have as many desktops as you like
>> is also a big plus for me.
>>
>> Plus the ability to install just about anything I possibly
>> want without all the hassle and without worrying about security
>> issues is also a big plus.
>>
>> Even such issues as text editors are much better on Linux
>> then on windows, even though notepad++ is quite a nice editor.
>> This is one of the things I care about quite a bit.
>>
>> Plus the ability to do all sorts of installs on line and
>> not needing to reboot the box, is quite a plus for me.
>>
>> Plus knowing that Linux IS in fact a true multitasking system
>> and that no app, no matter what, can possibly freeze your
>> box or make your system non responsive as I saw WAY too many
>> times on windows, counts for me.
>>
>> Probably about the only reason I am forced to stay with win
>> for now is very poor performance of the JVM (Java Virtual Machine),
>> which translates in my case in doubling the time of processing
>> some big job I regularly do that takes hours if not days to
>> complete.
>>
>> Another thing is GUI is not as fine grained as Windows
>> and it looks a bit bulky.
>>
>> Beyond that, I'd be willing to swith to Linux entirely
>> and forget all these windows horror trips. Cause they do
>> get under my skin to the point that just one more thing
>> may make me switch to Linux forever.
>>
>>>Regards,
>>>--pa
>>
>> --
>> Programmer's Goldmine collections:
>>
>> http://preciseinfo.org
>>
>> Tens of thousands of code examples and expert discussions on
>> C++, MFC, VC, ATL, STL, templates, Java, Python, Javascript,
>> organized by major topics of language, tools, methods, techniques.
>>

--
Programmer's Goldmine collections:

http://preciseinfo.org

Tens of thousands of code examples and expert discussions on
C++, MFC, VC, ATL, STL, templates, Java, Python, Javascript,
organized by major topics of language, tools, methods, techniques.

From: David Craig on
I sure wouldn't want to waste any more time on this since it has so many
totally wrong statements. While it is possible to write a BIOS vector, I
have not seen one. If you have, then the symptoms are possible. On many
motherboards there is a fallback BIOS in ROM and not in the flash memory.
Using some jumpers you can blow away the BIOS settings, replace the flash
BIOS chip and force it to boot from the ROM. Then you can program the flash
chip with a clean version.

If the malware is only based upon the hard drive, then it is easy to wipe
the HD and start over with a OS install. Boot to a MS-DOS CD and run
something to wipe the first few hundred sectors on the drive or even easier
just replace the drive. If you have more than one drive, disable all but
the new one. You may have to clean those up after you get a new OS
installed. You will probably have to take ownership of all files on the
drives as you reconnect them. With SATA drives, you can connect the data
cable while the OS is running to add a drive back, but I would verify there
is no autorun files on the drive from the MS-DOS CD or inhibit all autorun
capability in the newly installed OS. One trick is to use the WAIK to build
a bootable DVD-ROM on a system with no hard drives connected. Use an
EZ-Dock from Kingwin that permits USB and eSATA connections to a HD. As you
connect the device you can search for any files in the root directory. All
of this does require some experience and skill, but you can keep trying
until you get it right.

The reason for a lack of malware on Unix, Linux, MAC, etc. is that those
writing malware want to make money. With 90% of computers running Windows
and many untrained users it makes sense to attack that platform. With the
other platforms it is natural for the malware writers and users to believe
those machines are being run by someone who is much better trained and
knowledgeable.



"tanix" <tanix(a)mongo.net> wrote in message
news:hgmhad$sd$2(a)news.eternal-september.org...
> In article <#75VbkcgKHA.5792(a)TK2MSFTNGP05.phx.gbl>, "m" <m(a)b.c> wrote:
>>I am glad that you have found a workaround for your problem. I must
>>interject however, that as someone who has worked on many HW and software
>>platforms, some of your comments are silly. No version on *nix is immune
>>to
>>the attacks that you describe as plaguing Windows - even though many
>>builds
>>are better at hiding their deficiencies ;)
>>
>>It is true that there are fewer viruses for *nix then for Windows, but
>>that
>>should surprise no one, and does not imply that it is less vulnerable.
>>Similarly, it is easily possible to abuse the kernel in either OS, but
>>more
>>commonly done for Windows since those who would try for UNIX, simply make
>>their own custom Linux build with whatever changes, detrimental or
>>otherwise, that they desire. And as the security model for both is nearly
>>identical, downloading and installing software bears the same risks in
>>either OS - but the lack of functionality in some kinds of programs for
>>Windows is a plaguing problem for me too!
>
> Wut?
>
> First of all, when I get some package on Linux,
> I get it from the trusted site by definition.
>
> Since there is no "copyright" issues, I am mean it when I quote it,
> there is really no need for you to even bother downloading something
> from some funky site.
>
> True, there is no fundamental difference between different O/Ses,
> as far as security goes.
>
> But...
>
> For some strange reason, there is no such a concept in Linux
> as viruses or trojans.
>
> When my box was rooted with the "latest and greatest" rootkit,
> that was as sophisticated as I have EVER seen anything,
> and after me, trying to recover for it for few days, thanx
> to my monitoring firewall, the more I was digging into it,
> the more my hairs rose as I began to realize that even if
> i reformat my drive, it won't help anything. The rootkit
> is still there.
>
> Even if i throw that drive away, does not help.
> The rootkit is still there.
>
> Here is what I found:
>
> First of all, since it is possible to modify your boot
> record on a hard disk, that means you can insall a jump
> vector and totally control the boot process or anything
> else for that matter.
>
> Even if you flush BIOS, you are "flushing" it under the
> rootkit supervision. So all those "OK" mesages are
> meaningless.
>
> What happens is this:
>
> During the boot process, they modify your MBR, and I did
> verify it for fact. So, they make one of your parititions
> smaller and you don't even notice any of that.
> ALL that happened is you lost about 6 megs of memory
> in my case.
>
> Now, they store tons of trojans and viruses between
> partitions and they can run them any time they want more
> or less, no matter what you think or do.
>
> No antivirus program is capable of detecting this kind of
> thing even in principle.
>
> Do I have to tell you more?
>
> Well, I WAS able to recover. I took me more than a month,
> and it was a matter of principle for me.
> Eventually, I found its weaknesses and simply cut a vain
> on their throat, again, thanx to my monitoring fireawall.
> And I logged their entire global network so bad, that
> some "rulers" on IRC and specifically on #ubuntu channel
> got freaked out for some reason.
>
> Well, that is good enough for now.
> I do not want to waste more time on this.
>
>>"tanix" <tanix(a)mongo.net> wrote in message
>>news:hgl16j$l5e$2(a)news.eternal-september.org...
>>> In article <DAB9CB7C-E4B5-4FC2-90DC-90736DF1D9F6(a)microsoft.com>, "Pavel
>>> A." <pavel_a(a)12fastmail34.fm> wrote:
>>>>"tanix" <tanix(a)mongo.net> wrote in message
>>>>news:hgjpef$el6$3(a)news.eternal-september.org...
>>>>> In article <81878418-E87A-4C50-B6BA-EDBE053B03E2(a)microsoft.com>,
>>>>> "Pavel
>>>>> A." <pavel_a(a)12fastmail34.fm> wrote:
>>>>>>Then, let me explain this again.
>>>>>>Since the system becomes not responsible, it looks like a kernel mode
>>>>>>problem.
>>>>>
>>>>> Yep. That is what I thought first.
>>>>> Except Windows is not trully multi-tasking system
>>>>> and I saw plenty of times the system is freezing
>>>>> because of some not well behaved program so far.
>>>>
>>>>Understood. Yes, this should not normally occur, even on Windows.
>>>>Yet this can occur because of bugs in certain video drivers & BIOS,
>>>>various utilities that install hooks in various places, malware and
>>>>anti=malware.
>>>
>>> That is why I asked: is there a low level kernel mode driver
>>> in firefox? Cause that is about the only thing I can think of
>>> that can possibly cause this kind of a behavior. To freeze the
>>> kernel so bad that it even stops executing its normal disk
>>> activity as you disk stops flashing the disk access light?
>>>
>>> I really do not see what can possibly be the reason for the
>>> app to cause such a behavior, unless firefox does some fast
>>> rendering via their own kernel mode driver.
>>>
>>>>Windows still is a true multitasking system (unless abused).
>>>
>>> Well, that is not my experience.
>>> But let is slide for now. I could care less.
>>> It is what it is and I have to live with it
>>> even though Linux Ubuntu seems MUCH more pleasant and stable
>>> to me. Plus the very fact that you do not have security
>>> related issues, such as trojans and viruses, is becoming
>>> one of the prime criterias for me.
>>>
>>> Plus the ability to have as many desktops as you like
>>> is also a big plus for me.
>>>
>>> Plus the ability to install just about anything I possibly
>>> want without all the hassle and without worrying about security
>>> issues is also a big plus.
>>>
>>> Even such issues as text editors are much better on Linux
>>> then on windows, even though notepad++ is quite a nice editor.
>>> This is one of the things I care about quite a bit.
>>>
>>> Plus the ability to do all sorts of installs on line and
>>> not needing to reboot the box, is quite a plus for me.
>>>
>>> Plus knowing that Linux IS in fact a true multitasking system
>>> and that no app, no matter what, can possibly freeze your
>>> box or make your system non responsive as I saw WAY too many
>>> times on windows, counts for me.
>>>
>>> Probably about the only reason I am forced to stay with win
>>> for now is very poor performance of the JVM (Java Virtual Machine),
>>> which translates in my case in doubling the time of processing
>>> some big job I regularly do that takes hours if not days to
>>> complete.
>>>
>>> Another thing is GUI is not as fine grained as Windows
>>> and it looks a bit bulky.
>>>
>>> Beyond that, I'd be willing to swith to Linux entirely
>>> and forget all these windows horror trips. Cause they do
>>> get under my skin to the point that just one more thing
>>> may make me switch to Linux forever.
>>>
>>>>Regards,
>>>>--pa
>>>
>>> --
>>> Programmer's Goldmine collections:
>>>
>>> http://preciseinfo.org
>>>
>>> Tens of thousands of code examples and expert discussions on
>>> C++, MFC, VC, ATL, STL, templates, Java, Python, Javascript,
>>> organized by major topics of language, tools, methods, techniques.
>>>
>
> --
> Programmer's Goldmine collections:
>
> http://preciseinfo.org
>
> Tens of thousands of code examples and expert discussions on
> C++, MFC, VC, ATL, STL, templates, Java, Python, Javascript,
> organized by major topics of language, tools, methods, techniques.
>


From: Tim Roberts on

tanix(a)mongo.net (tanix) wrote:
>
>What happens is box totally freezes. Task manager ->
>Performance tab shows one of cores going up to 100% CPU time,
>mouse freezes, keyboard does not work (not even ctl-alt-del)
>and disk stops flashing every few seconds as it normally does
>under XP.
>
>Interestingly enough, it does not happen under Windows 7 on
>the same box no matter how hard I try.
>
>Some say it is a problem with crappy XP scheduler.
>Is there anything I can do under XP to fix this issue?

Get real. A software problem cannot cause your machine to lock up so hard
that even mouse and keyboard stop. The likely issues are (1) RAM problem,
(2) graphics driver problem, or (3) USB controller problem (if you have USB
mouse).
--
Tim Roberts, timr(a)probo.com
Providenza & Boekelheide, Inc.
From: tanix on
In article <kcmti5h5t6k7pj9mhh519e76mgheppmg9s(a)4ax.com>, Tim Roberts <timr(a)probo.com> wrote:
>
>tanix(a)mongo.net (tanix) wrote:
>>
>>What happens is box totally freezes. Task manager ->
>>Performance tab shows one of cores going up to 100% CPU time,
>>mouse freezes, keyboard does not work (not even ctl-alt-del)
>>and disk stops flashing every few seconds as it normally does
>>under XP.
>>
>>Interestingly enough, it does not happen under Windows 7 on
>>the same box no matter how hard I try.
>>
>>Some say it is a problem with crappy XP scheduler.
>>Is there anything I can do under XP to fix this issue?
>
>Get real.

:--}

> A software problem cannot cause your machine to lock up so hard
>that even mouse and keyboard stop.

Tell me about it.
:--}

>The likely issues are (1) RAM problem,
>(2) graphics driver problem, or (3) USB controller problem (if you have USB
>mouse).

One more time: I did ran the memtest86 for about 20 hrs. No problem.
I did ran the Prime95 for several hours. No problem.
I did flash the bios with the latest version.
I did install the latest graphics drivers as far as I recall.

The bottom line. After I disabled all the addons in firefox 3.5.6
except of imacros, the system seems to be stable. Do not recall
seeing a single freeze so far.

So, can a software problem cause the O/S to behave in such a way
going as far as totally freezing your mouse, making your keyboard
inactive? And what IS the problem, especially if the same thing
is not happening on a different box with a single core processor?
Anyway, so far I am ok. I just pray this thing has gone away.
Someone suggested that it is not a ff problem but a crappy XP
scheduler misbehaving on a multi-core system. Simple as that.

--
Programmer's Goldmine collections:

http://preciseinfo.org

Tens of thousands of code examples and expert discussions on
C++, MFC, VC, ATL, STL, templates, Java, Python, Javascript,
organized by major topics of language, tools, methods, techniques.