Saturday, March 25, 2006

Main machine back to PCLINUXOS

For the last two weeks I have been back using PCLINUXOS on my main machine/server. The other two machines are still Mandriva. I moved back as the distro is more responsive in my opinion and has more up-to-date packages. My wife and daughter stayed with Mandriva as there are more games that they like to play. It all comes down to personal tastes.

I liked PCLINUXOS enough to put my money down and support the package. If you are using Linux yourself think about supporting the distro that you are using. This will allow the person(s) who are putting a huge amount of time a bit of cash to help keep working on the product.

I may eventually migrate the other two machines. I don't like the fact of how they treated Gael Duval when he was let go from Mandriva. He was in my not humble opinion the reason that Mandriva got to be so popular. I hope that his new enterprise Ulteo does take off. That and IMNSHO Mandriva is getting too big and bloated. It is a wonderful distro and is a snap to install and administer, but, it has way too much and suffers for that.

Friday, March 10, 2006

I hate trojans and spyware

My step-son Matthew brought over his girlfriends laptop for cleaning up. It seemed to have a large number of windows popping up and mading her life impossible when using the computer. Scanning showed no viruses (yay), however using Ad-Aware it had 377 trojans and spyware. I purged and rebooted and it went down to 159. I used Spybot and got the number down a bit. Unfortunately the pieces left were very nasty (about 37). They hooked so tight into the OS that it was impossible to remove with anything that I could use. As fast as I removed pieces they re-appeared. Some of them denied me access and I was using the admin id! Part of them hid from the system somehow and didn't show up on the list of active tasks. Safe mode is absolutely useless. The spyware (SSK.EXE was one) still runs. What use is safe mode when crap is allowed to run. I went to command line mode and when I tried to delete the programs it told me that it was running... in safe mode! I want a mode that goes line by line and asks me permission to run!

I got desperate and tried a few Linux distros that had HPFS support. Unfortunately I could not get the RW option to work on her drive. It looks like she will have to use Knoppix to backup her data to CD and then wipe the drive and do a clean install.

The only thing she did was to click on one of the files Matthew downloaded before they scanned it. It took over her machine so fast and thoroughly that it is not funny.

Microsoft why do you allow your OS to do this? Why can't you set things up that a normal user cannot totally screw up the OS? I understand that users don't want to have an 'admin' id and a normal one, but, at least force a few more screens asking if they are sure and then ensure that it is a real person keying in the reply and not a program.

Upside is that I now have two people who may now listen to me about Linux. They can keep windows for the stuff that isn't on Linux, but, use Linux for everything else and they won't get screwed over as bad by the next Windows virus/trojan.

As for the trojan and spyware makers, YOU ARE SCUM! Any moron can wreak havoc on a machine and own it. Try something difficult, make a useful program that the user can uninstall when they don't want it.

Update: 2006-03-12

Matthew is backing up the laptop and will be re-imaging the machine again. This time he plans on turning up the security to a higher level. Namely dis-allowing a normal id admin functions, up-to-date virus scanner and several free sypware scanners. I also gave them a copy of Knoppix just in case.

Wednesday, March 08, 2006

New Phishing variant

I received another phishing email claiming to be from Paypal. I forwarded the note to Paypal for review. There was a small spelling error for 'Wednesday' the note spelled it 'Wensday'. Also, it had a link to download a 'driver'. Why would you need to download and install a driver to access a web page?

The link itself was '' (I deleted most of the link so you cannot accidentally go there). Note the '.ro', that is Romania if I remember correctly. Remember, never click on the links in the notes. Go to the site yourself if you are not sure send them an email first. I run Linux at home so I felt safe to try to download the program and see what little nasties were in it. Fortunately it appears that the link was not valid. I was disappointed in that I could not try out CLAMAV on this.

Here is the complete text of the message. I highlighted all of the spelling and grammar errors.

While performing it's regular scheduled monthly billing address check our system found incompatible information which seams to be no longer the same with your current credit card information that we have on file. If you changed your billing information or if you moved from you previous address please follow up the link bellow and update your billing information: If you didn't change any of this information you still need to follow up the previous link and update your existing billing information because it means that our database regular scheduled update wasn't made correctly. Choosing to ignore this message will result in to a temporary suspension of your account within 24 hours, until you will choose to solve this unpleasant situation.

We apologies for any inconvinience this may caused you and we strongly advise you to update your information you have on file with us. Clicking Click here for download PayPal Driver_ you will avoid any possible futuring billing problems with your account.

This is not one of the better phishing attempts going around. The thing that makes it different is that they are looking at getting you to click, download and run a program.

Two links that you can go to: