From: m on 20 Dec 2009 18:06 I am glad that you have found a workaround for your problem. I must interject however, that as someone who has worked on many HW and software platforms, some of your comments are silly. No version on *nix is immune to the attacks that you describe as plaguing Windows - even though many builds are better at hiding their deficiencies ;) It is true that there are fewer viruses for *nix then for Windows, but that should surprise no one, and does not imply that it is less vulnerable. Similarly, it is easily possible to abuse the kernel in either OS, but more commonly done for Windows since those who would try for UNIX, simply make their own custom Linux build with whatever changes, detrimental or otherwise, that they desire. And as the security model for both is nearly identical, downloading and installing software bears the same risks in either OS - but the lack of functionality in some kinds of programs for Windows is a plaguing problem for me too! "tanix" <tanix(a)mongo.net> wrote in message news:hgl16j$l5e$2(a)news.eternal-september.org... > In article <DAB9CB7C-E4B5-4FC2-90DC-90736DF1D9F6(a)microsoft.com>, "Pavel > A." <pavel_a(a)12fastmail34.fm> wrote: >>"tanix" <tanix(a)mongo.net> wrote in message >>news:hgjpef$el6$3(a)news.eternal-september.org... >>> In article <81878418-E87A-4C50-B6BA-EDBE053B03E2(a)microsoft.com>, "Pavel >>> A." <pavel_a(a)12fastmail34.fm> wrote: >>>>Then, let me explain this again. >>>>Since the system becomes not responsible, it looks like a kernel mode >>>>problem. >>> >>> Yep. That is what I thought first. >>> Except Windows is not trully multi-tasking system >>> and I saw plenty of times the system is freezing >>> because of some not well behaved program so far. >> >>Understood. Yes, this should not normally occur, even on Windows. >>Yet this can occur because of bugs in certain video drivers & BIOS, >>various utilities that install hooks in various places, malware and >>anti=malware. > > That is why I asked: is there a low level kernel mode driver > in firefox? Cause that is about the only thing I can think of > that can possibly cause this kind of a behavior. To freeze the > kernel so bad that it even stops executing its normal disk > activity as you disk stops flashing the disk access light? > > I really do not see what can possibly be the reason for the > app to cause such a behavior, unless firefox does some fast > rendering via their own kernel mode driver. > >>Windows still is a true multitasking system (unless abused). > > Well, that is not my experience. > But let is slide for now. I could care less. > It is what it is and I have to live with it > even though Linux Ubuntu seems MUCH more pleasant and stable > to me. Plus the very fact that you do not have security > related issues, such as trojans and viruses, is becoming > one of the prime criterias for me. > > Plus the ability to have as many desktops as you like > is also a big plus for me. > > Plus the ability to install just about anything I possibly > want without all the hassle and without worrying about security > issues is also a big plus. > > Even such issues as text editors are much better on Linux > then on windows, even though notepad++ is quite a nice editor. > This is one of the things I care about quite a bit. > > Plus the ability to do all sorts of installs on line and > not needing to reboot the box, is quite a plus for me. > > Plus knowing that Linux IS in fact a true multitasking system > and that no app, no matter what, can possibly freeze your > box or make your system non responsive as I saw WAY too many > times on windows, counts for me. > > Probably about the only reason I am forced to stay with win > for now is very poor performance of the JVM (Java Virtual Machine), > which translates in my case in doubling the time of processing > some big job I regularly do that takes hours if not days to > complete. > > Another thing is GUI is not as fine grained as Windows > and it looks a bit bulky. > > Beyond that, I'd be willing to swith to Linux entirely > and forget all these windows horror trips. Cause they do > get under my skin to the point that just one more thing > may make me switch to Linux forever. > >>Regards, >>--pa > > -- > Programmer's Goldmine collections: > > http://preciseinfo.org > > Tens of thousands of code examples and expert discussions on > C++, MFC, VC, ATL, STL, templates, Java, Python, Javascript, > organized by major topics of language, tools, methods, techniques. >
From: tanix on 20 Dec 2009 19:59 In article <#75VbkcgKHA.5792(a)TK2MSFTNGP05.phx.gbl>, "m" <m(a)b.c> wrote: >I am glad that you have found a workaround for your problem. I must >interject however, that as someone who has worked on many HW and software >platforms, some of your comments are silly. No version on *nix is immune to >the attacks that you describe as plaguing Windows - even though many builds >are better at hiding their deficiencies ;) > >It is true that there are fewer viruses for *nix then for Windows, but that >should surprise no one, and does not imply that it is less vulnerable. >Similarly, it is easily possible to abuse the kernel in either OS, but more >commonly done for Windows since those who would try for UNIX, simply make >their own custom Linux build with whatever changes, detrimental or >otherwise, that they desire. And as the security model for both is nearly >identical, downloading and installing software bears the same risks in >either OS - but the lack of functionality in some kinds of programs for >Windows is a plaguing problem for me too! Wut? First of all, when I get some package on Linux, I get it from the trusted site by definition. Since there is no "copyright" issues, I am mean it when I quote it, there is really no need for you to even bother downloading something from some funky site. True, there is no fundamental difference between different O/Ses, as far as security goes. But... For some strange reason, there is no such a concept in Linux as viruses or trojans. When my box was rooted with the "latest and greatest" rootkit, that was as sophisticated as I have EVER seen anything, and after me, trying to recover for it for few days, thanx to my monitoring firewall, the more I was digging into it, the more my hairs rose as I began to realize that even if i reformat my drive, it won't help anything. The rootkit is still there. Even if i throw that drive away, does not help. The rootkit is still there. Here is what I found: First of all, since it is possible to modify your boot record on a hard disk, that means you can insall a jump vector and totally control the boot process or anything else for that matter. Even if you flush BIOS, you are "flushing" it under the rootkit supervision. So all those "OK" mesages are meaningless. What happens is this: During the boot process, they modify your MBR, and I did verify it for fact. So, they make one of your parititions smaller and you don't even notice any of that. ALL that happened is you lost about 6 megs of memory in my case. Now, they store tons of trojans and viruses between partitions and they can run them any time they want more or less, no matter what you think or do. No antivirus program is capable of detecting this kind of thing even in principle. Do I have to tell you more? Well, I WAS able to recover. I took me more than a month, and it was a matter of principle for me. Eventually, I found its weaknesses and simply cut a vain on their throat, again, thanx to my monitoring fireawall. And I logged their entire global network so bad, that some "rulers" on IRC and specifically on #ubuntu channel got freaked out for some reason. Well, that is good enough for now. I do not want to waste more time on this. >"tanix" <tanix(a)mongo.net> wrote in message >news:hgl16j$l5e$2(a)news.eternal-september.org... >> In article <DAB9CB7C-E4B5-4FC2-90DC-90736DF1D9F6(a)microsoft.com>, "Pavel >> A." <pavel_a(a)12fastmail34.fm> wrote: >>>"tanix" <tanix(a)mongo.net> wrote in message >>>news:hgjpef$el6$3(a)news.eternal-september.org... >>>> In article <81878418-E87A-4C50-B6BA-EDBE053B03E2(a)microsoft.com>, "Pavel >>>> A." <pavel_a(a)12fastmail34.fm> wrote: >>>>>Then, let me explain this again. >>>>>Since the system becomes not responsible, it looks like a kernel mode >>>>>problem. >>>> >>>> Yep. That is what I thought first. >>>> Except Windows is not trully multi-tasking system >>>> and I saw plenty of times the system is freezing >>>> because of some not well behaved program so far. >>> >>>Understood. Yes, this should not normally occur, even on Windows. >>>Yet this can occur because of bugs in certain video drivers & BIOS, >>>various utilities that install hooks in various places, malware and >>>anti=malware. >> >> That is why I asked: is there a low level kernel mode driver >> in firefox? Cause that is about the only thing I can think of >> that can possibly cause this kind of a behavior. To freeze the >> kernel so bad that it even stops executing its normal disk >> activity as you disk stops flashing the disk access light? >> >> I really do not see what can possibly be the reason for the >> app to cause such a behavior, unless firefox does some fast >> rendering via their own kernel mode driver. >> >>>Windows still is a true multitasking system (unless abused). >> >> Well, that is not my experience. >> But let is slide for now. I could care less. >> It is what it is and I have to live with it >> even though Linux Ubuntu seems MUCH more pleasant and stable >> to me. Plus the very fact that you do not have security >> related issues, such as trojans and viruses, is becoming >> one of the prime criterias for me. >> >> Plus the ability to have as many desktops as you like >> is also a big plus for me. >> >> Plus the ability to install just about anything I possibly >> want without all the hassle and without worrying about security >> issues is also a big plus. >> >> Even such issues as text editors are much better on Linux >> then on windows, even though notepad++ is quite a nice editor. >> This is one of the things I care about quite a bit. >> >> Plus the ability to do all sorts of installs on line and >> not needing to reboot the box, is quite a plus for me. >> >> Plus knowing that Linux IS in fact a true multitasking system >> and that no app, no matter what, can possibly freeze your >> box or make your system non responsive as I saw WAY too many >> times on windows, counts for me. >> >> Probably about the only reason I am forced to stay with win >> for now is very poor performance of the JVM (Java Virtual Machine), >> which translates in my case in doubling the time of processing >> some big job I regularly do that takes hours if not days to >> complete. >> >> Another thing is GUI is not as fine grained as Windows >> and it looks a bit bulky. >> >> Beyond that, I'd be willing to swith to Linux entirely >> and forget all these windows horror trips. Cause they do >> get under my skin to the point that just one more thing >> may make me switch to Linux forever. >> >>>Regards, >>>--pa >> >> -- >> Programmer's Goldmine collections: >> >> http://preciseinfo.org >> >> Tens of thousands of code examples and expert discussions on >> C++, MFC, VC, ATL, STL, templates, Java, Python, Javascript, >> organized by major topics of language, tools, methods, techniques. >> -- Programmer's Goldmine collections: http://preciseinfo.org Tens of thousands of code examples and expert discussions on C++, MFC, VC, ATL, STL, templates, Java, Python, Javascript, organized by major topics of language, tools, methods, techniques.
From: David Craig on 20 Dec 2009 20:49 I sure wouldn't want to waste any more time on this since it has so many totally wrong statements. While it is possible to write a BIOS vector, I have not seen one. If you have, then the symptoms are possible. On many motherboards there is a fallback BIOS in ROM and not in the flash memory. Using some jumpers you can blow away the BIOS settings, replace the flash BIOS chip and force it to boot from the ROM. Then you can program the flash chip with a clean version. If the malware is only based upon the hard drive, then it is easy to wipe the HD and start over with a OS install. Boot to a MS-DOS CD and run something to wipe the first few hundred sectors on the drive or even easier just replace the drive. If you have more than one drive, disable all but the new one. You may have to clean those up after you get a new OS installed. You will probably have to take ownership of all files on the drives as you reconnect them. With SATA drives, you can connect the data cable while the OS is running to add a drive back, but I would verify there is no autorun files on the drive from the MS-DOS CD or inhibit all autorun capability in the newly installed OS. One trick is to use the WAIK to build a bootable DVD-ROM on a system with no hard drives connected. Use an EZ-Dock from Kingwin that permits USB and eSATA connections to a HD. As you connect the device you can search for any files in the root directory. All of this does require some experience and skill, but you can keep trying until you get it right. The reason for a lack of malware on Unix, Linux, MAC, etc. is that those writing malware want to make money. With 90% of computers running Windows and many untrained users it makes sense to attack that platform. With the other platforms it is natural for the malware writers and users to believe those machines are being run by someone who is much better trained and knowledgeable. "tanix" <tanix(a)mongo.net> wrote in message news:hgmhad$sd$2(a)news.eternal-september.org... > In article <#75VbkcgKHA.5792(a)TK2MSFTNGP05.phx.gbl>, "m" <m(a)b.c> wrote: >>I am glad that you have found a workaround for your problem. I must >>interject however, that as someone who has worked on many HW and software >>platforms, some of your comments are silly. No version on *nix is immune >>to >>the attacks that you describe as plaguing Windows - even though many >>builds >>are better at hiding their deficiencies ;) >> >>It is true that there are fewer viruses for *nix then for Windows, but >>that >>should surprise no one, and does not imply that it is less vulnerable. >>Similarly, it is easily possible to abuse the kernel in either OS, but >>more >>commonly done for Windows since those who would try for UNIX, simply make >>their own custom Linux build with whatever changes, detrimental or >>otherwise, that they desire. And as the security model for both is nearly >>identical, downloading and installing software bears the same risks in >>either OS - but the lack of functionality in some kinds of programs for >>Windows is a plaguing problem for me too! > > Wut? > > First of all, when I get some package on Linux, > I get it from the trusted site by definition. > > Since there is no "copyright" issues, I am mean it when I quote it, > there is really no need for you to even bother downloading something > from some funky site. > > True, there is no fundamental difference between different O/Ses, > as far as security goes. > > But... > > For some strange reason, there is no such a concept in Linux > as viruses or trojans. > > When my box was rooted with the "latest and greatest" rootkit, > that was as sophisticated as I have EVER seen anything, > and after me, trying to recover for it for few days, thanx > to my monitoring firewall, the more I was digging into it, > the more my hairs rose as I began to realize that even if > i reformat my drive, it won't help anything. The rootkit > is still there. > > Even if i throw that drive away, does not help. > The rootkit is still there. > > Here is what I found: > > First of all, since it is possible to modify your boot > record on a hard disk, that means you can insall a jump > vector and totally control the boot process or anything > else for that matter. > > Even if you flush BIOS, you are "flushing" it under the > rootkit supervision. So all those "OK" mesages are > meaningless. > > What happens is this: > > During the boot process, they modify your MBR, and I did > verify it for fact. So, they make one of your parititions > smaller and you don't even notice any of that. > ALL that happened is you lost about 6 megs of memory > in my case. > > Now, they store tons of trojans and viruses between > partitions and they can run them any time they want more > or less, no matter what you think or do. > > No antivirus program is capable of detecting this kind of > thing even in principle. > > Do I have to tell you more? > > Well, I WAS able to recover. I took me more than a month, > and it was a matter of principle for me. > Eventually, I found its weaknesses and simply cut a vain > on their throat, again, thanx to my monitoring fireawall. > And I logged their entire global network so bad, that > some "rulers" on IRC and specifically on #ubuntu channel > got freaked out for some reason. > > Well, that is good enough for now. > I do not want to waste more time on this. > >>"tanix" <tanix(a)mongo.net> wrote in message >>news:hgl16j$l5e$2(a)news.eternal-september.org... >>> In article <DAB9CB7C-E4B5-4FC2-90DC-90736DF1D9F6(a)microsoft.com>, "Pavel >>> A." <pavel_a(a)12fastmail34.fm> wrote: >>>>"tanix" <tanix(a)mongo.net> wrote in message >>>>news:hgjpef$el6$3(a)news.eternal-september.org... >>>>> In article <81878418-E87A-4C50-B6BA-EDBE053B03E2(a)microsoft.com>, >>>>> "Pavel >>>>> A." <pavel_a(a)12fastmail34.fm> wrote: >>>>>>Then, let me explain this again. >>>>>>Since the system becomes not responsible, it looks like a kernel mode >>>>>>problem. >>>>> >>>>> Yep. That is what I thought first. >>>>> Except Windows is not trully multi-tasking system >>>>> and I saw plenty of times the system is freezing >>>>> because of some not well behaved program so far. >>>> >>>>Understood. Yes, this should not normally occur, even on Windows. >>>>Yet this can occur because of bugs in certain video drivers & BIOS, >>>>various utilities that install hooks in various places, malware and >>>>anti=malware. >>> >>> That is why I asked: is there a low level kernel mode driver >>> in firefox? Cause that is about the only thing I can think of >>> that can possibly cause this kind of a behavior. To freeze the >>> kernel so bad that it even stops executing its normal disk >>> activity as you disk stops flashing the disk access light? >>> >>> I really do not see what can possibly be the reason for the >>> app to cause such a behavior, unless firefox does some fast >>> rendering via their own kernel mode driver. >>> >>>>Windows still is a true multitasking system (unless abused). >>> >>> Well, that is not my experience. >>> But let is slide for now. I could care less. >>> It is what it is and I have to live with it >>> even though Linux Ubuntu seems MUCH more pleasant and stable >>> to me. Plus the very fact that you do not have security >>> related issues, such as trojans and viruses, is becoming >>> one of the prime criterias for me. >>> >>> Plus the ability to have as many desktops as you like >>> is also a big plus for me. >>> >>> Plus the ability to install just about anything I possibly >>> want without all the hassle and without worrying about security >>> issues is also a big plus. >>> >>> Even such issues as text editors are much better on Linux >>> then on windows, even though notepad++ is quite a nice editor. >>> This is one of the things I care about quite a bit. >>> >>> Plus the ability to do all sorts of installs on line and >>> not needing to reboot the box, is quite a plus for me. >>> >>> Plus knowing that Linux IS in fact a true multitasking system >>> and that no app, no matter what, can possibly freeze your >>> box or make your system non responsive as I saw WAY too many >>> times on windows, counts for me. >>> >>> Probably about the only reason I am forced to stay with win >>> for now is very poor performance of the JVM (Java Virtual Machine), >>> which translates in my case in doubling the time of processing >>> some big job I regularly do that takes hours if not days to >>> complete. >>> >>> Another thing is GUI is not as fine grained as Windows >>> and it looks a bit bulky. >>> >>> Beyond that, I'd be willing to swith to Linux entirely >>> and forget all these windows horror trips. Cause they do >>> get under my skin to the point that just one more thing >>> may make me switch to Linux forever. >>> >>>>Regards, >>>>--pa >>> >>> -- >>> Programmer's Goldmine collections: >>> >>> http://preciseinfo.org >>> >>> Tens of thousands of code examples and expert discussions on >>> C++, MFC, VC, ATL, STL, templates, Java, Python, Javascript, >>> organized by major topics of language, tools, methods, techniques. >>> > > -- > Programmer's Goldmine collections: > > http://preciseinfo.org > > Tens of thousands of code examples and expert discussions on > C++, MFC, VC, ATL, STL, templates, Java, Python, Javascript, > organized by major topics of language, tools, methods, techniques. >
From: Tim Roberts on 20 Dec 2009 21:13 tanix(a)mongo.net (tanix) wrote: > >What happens is box totally freezes. Task manager -> >Performance tab shows one of cores going up to 100% CPU time, >mouse freezes, keyboard does not work (not even ctl-alt-del) >and disk stops flashing every few seconds as it normally does >under XP. > >Interestingly enough, it does not happen under Windows 7 on >the same box no matter how hard I try. > >Some say it is a problem with crappy XP scheduler. >Is there anything I can do under XP to fix this issue? Get real. A software problem cannot cause your machine to lock up so hard that even mouse and keyboard stop. The likely issues are (1) RAM problem, (2) graphics driver problem, or (3) USB controller problem (if you have USB mouse). -- Tim Roberts, timr(a)probo.com Providenza & Boekelheide, Inc.
From: tanix on 21 Dec 2009 02:04
In article <kcmti5h5t6k7pj9mhh519e76mgheppmg9s(a)4ax.com>, Tim Roberts <timr(a)probo.com> wrote: > >tanix(a)mongo.net (tanix) wrote: >> >>What happens is box totally freezes. Task manager -> >>Performance tab shows one of cores going up to 100% CPU time, >>mouse freezes, keyboard does not work (not even ctl-alt-del) >>and disk stops flashing every few seconds as it normally does >>under XP. >> >>Interestingly enough, it does not happen under Windows 7 on >>the same box no matter how hard I try. >> >>Some say it is a problem with crappy XP scheduler. >>Is there anything I can do under XP to fix this issue? > >Get real. :--} > A software problem cannot cause your machine to lock up so hard >that even mouse and keyboard stop. Tell me about it. :--} >The likely issues are (1) RAM problem, >(2) graphics driver problem, or (3) USB controller problem (if you have USB >mouse). One more time: I did ran the memtest86 for about 20 hrs. No problem. I did ran the Prime95 for several hours. No problem. I did flash the bios with the latest version. I did install the latest graphics drivers as far as I recall. The bottom line. After I disabled all the addons in firefox 3.5.6 except of imacros, the system seems to be stable. Do not recall seeing a single freeze so far. So, can a software problem cause the O/S to behave in such a way going as far as totally freezing your mouse, making your keyboard inactive? And what IS the problem, especially if the same thing is not happening on a different box with a single core processor? Anyway, so far I am ok. I just pray this thing has gone away. Someone suggested that it is not a ff problem but a crappy XP scheduler misbehaving on a multi-core system. Simple as that. -- Programmer's Goldmine collections: http://preciseinfo.org Tens of thousands of code examples and expert discussions on C++, MFC, VC, ATL, STL, templates, Java, Python, Javascript, organized by major topics of language, tools, methods, techniques. |