Home » antivirus » Page 15

antivirus

Upgrading a P2-300

Case study: Revitalizing a PII-300
It took me three and a half hours one night to squeeze another year or two of useful life out of a PII-300.

A fellow member of the Board of Directors at my church approached me one night. “Would you reinstall the OS on my computer?” he asked. He had a PII-300, not a barn burner by any modern measure, but not a slouch of a computer either. But as a performer it had been very much an underachiever of late. I had walked him through reinstalling the operating system over the phone back around Christmas and it had solved some problems, but not everything. It appeared his computer needed a clean start.

When I looked at it, I agreed. It wasn’t particularly stable and it definitely wasn’t fast. He had a Castlewood Orb drive to facilitate quick backups, so I had him copy his data directories (named Documents and My Documents), along with his AOL directory, over to the Orb. I also spotted a directory called Drv. As an afterthought, I grabbed that one too.

I proceeded to boot off a CD-ROM-enabled boot floppy. Tepidly, I typed the magic words format c: at the command prompt. Quickly I noticed a problem: the words “Saving current bad sector map” on the screen. As the drive formatted, Rick asked the magic question. “What do you think of partitioning?”

Dirty secret #1: Any time you see bad sectors, you should absolutely FDISK the drive. Bad clusters can be caused by physical problems on the disk, but they can also be caused by corruption of the FAT. No disk utility that I’ve ever seen (not Scandisk, not Disk Doctor, not even SpinRite) fixes that. The only way to fix that (verified by a technicians I talked to at Gibson Research, the makers of SpinRite) is to fdisk and format the drive.

Dirty secret #2: FAT16 is much faster than FAT32. Since Rick wasn’t opposed to partitioning the drive, I created a 2GB FAT16 partition. You do this by answering No when fdisk asks if you want to enable large disk support. This partition holds the operating system.

I exited FDISK, ran it again, and this time answered Y when it asked the cryptic large-disk question. I created a partition that spanned the rest of the drive. Then I rebooted, typed format c: then format d:, and watched for bad clusters. There were none. Excellent.

End result: I had a 2-gig FAT16 C drive and a 6-gig FAT32 D drive.

Dirty secret #3: Never, ever, ever, ever, ever (unless someone’s holding a gun to your head) install Windows as an upgrade. You have a Windows 95 CD and a Windows 98 upgrade CD? So what. Install Windows 98 on the bare drive. Setup will find no Windows installation present and ask for your Windows 95 CD. You insert your Win95 CD, it investigates it to make sure it’s not a blank CD with win.com on it somewhere, then asks for your Win98 CD back. End result: a clean install. Even if you install Win95 immediately followed by Win98, you get extra garbage you don’t need. And it takes twice as long.

Windows took about 30 minutes to install. I tackled his applications. When I installed MS Office, I did a complete install with one exception. I drilled down into Office Tools, found Find Fast, and unchecked it. Find Fast is a resource hog and doesn’t do anything useful.

I installed Office to drive D.

He’d bought Norton Systemworks on sale one weekend, hoping it would help his performance. It didn’t. I showed him a trick. Rather than install Systemworks directly, I explored the CD, drilled into the Norton Utilities directory, and ran Setup from there. I intentionally left out almost everything. Speed Disk and Disk Doctor are the two superstars. I also kept the Optimization Wizard. I left out most of the rest, because the other stuff doesn’t do anything useful but it sure slows down your system. When it asked about running Disk Doctor at startup, I said no. It just slows down startup and doesn’t do anything useful. I did let it replace Scandisk with Disk Doctor. That way if you get an improper shutdown, Disk Doctor can clean up the mess before Windows starts and makes a bigger mess. But Disk Doctor should run when you need it. Not all the time.

Then I drilled down into the Norton Antivirus directory and installed it. Then I did the same for Ghost. I needn’t have done that. Just copying the Ghostpe.exe file out of that directory onto a boot floppy suffices. More on Ghost later.

I installed this stuff to drive D.

Next, I installed his scanner software, Lotus SmartSuite, and his DVD decoder.

I copied the data back over from his Orb disk, noticed his modem wasn’t working, and installed the device driver I found in the Drv directory I’d copied over to the Orb as an afterthought. (I’d much rather back up too much stuff than not enough.) Then I copied his AOL directory over to drive D and installed AOL 5.0 over the top of it. It picked up all his settings.

I cleaned up c:msdos.sys and rebooted, watching the time. It booted in about 45 seconds, including POST. I was happy. Rick was very happy.

I did the other standard Windows optimizations outlined in chapter 2 of Optimizing Windows. I cleared out his root directory on C. Then I ran Norton Speed Disk. I had it do the full file reordering and directory sorting bit (also described in Optimizing Windows). Clearing out the root directory makes disk access much more efficient, but only after Speed Disk discards the now-empty directory entries. Directory sorting makes disk access more efficient by putting the important files early in the list so Windows finds them faster. The results are marvelous.

Finally, I ran Ghost. I copied the Ghost executable to a boot floppy that contained the Castlewood device driver internal.sys, then booted from it and Ghosted his drive to the Orb drive. Fifteen minutes later, he had an image of his system, so he can return back to this state any time he wants.

End result: Rick’s P2-300 with an 8-gig Quantum Bigfoot drive (a notoriously slow hard drive) and 288 MB RAM received a new lease on life. Despite its slow processor and hard drive, it performs better than a lot of consumer-level PCs available today.

That was a good investment of 3 1/2 hours.

Ghosts from the past…

Wednesday night, 6:35 PM: I was in my South St. Louis County apartment, getting ready for church, when my phone rang. I’d had at least one telemarketing call that night already, but I picked up the phone anyway.
“Hello?” I said, maybe slightly agitated.

“Dave?” a female voice asked. So much for a telemarketer. I recognized the voice but didn’t place it immediately. And obviously she knew me.

“Yes?”

“It’s Wendy.” Ah, Wendy from church. OK.

“What’s up?” I asked. She doesn’t routinely call me–she doesn’t routinely call anyone, I don’t think–so I figured she probably needed something. That’s OK. I take care of my friends.

“What’s it mean when your computer says, ‘Bad or missing command interpreter. Enter path of a valid command interpreter, e.g. c:windowscommand.com’?”

“Oh. That means one of the files your computer needs to get started is blitzed,” I said. “What happens if you type it?”

“You’re gonna hate me,” she said as she typed the filename. “You deal with this stuff all day and now I call you wanting computer advice.”

I could never hate her. She’s too nice. Besides, guys like fixing things, especially for people they like. I probably should have told her that.

“It just repeats the same thing again,” she said.

“I see.” I had her try a couple of other locations–Microsoft OSs have always installed command.com in too many places. But no go.

“Are my other files OK?”

“Hopefully,” I said. “My computer used to do this to me once a year.”

“My whole life is on this computer, Dave,” she said, sounding a little distressed. My heart melted. I hate it when bad things happen to good people. I especially hate it when bad things happen to good people and one of Bill Gates’ or Steve Jobs’ toy operating systems is involved. But sometimes it’s just a minor inconvenience. I hoped this was one of those instances.

“I just need to boot your computer off a floppy, type a command or two, and it’ll probably come right back to life,” I said.

“Do you have time to do this? I mean, really have time to do this?” She didn’t want to inconvenience me.

“Yeah, I’m on my way to church, and you’re on the way, and it should only take me a couple of minutes,” I said as I formatted a disk and copied sys.com to it.

After assuring her again that I was sure, I told her I’d be there in about 10 minutes. I hopped in my car, disk in hand, ready to go be a hero and still make it to church on time. I rang her bell, heard her dog scream bloody murder, and she opened the door. As soon as she let me in, her Labrador warmed up to me. She led me to the computer room, where I sat down and popped in a disk. She yanked on her Lab’s leash, trying to keep her away from me. She wasn’t having much luck.

“That’s OK,” I said to Wendy. “I like dogs.” Then I turned to the dog and started scratching behind her ears. “I’ll bet the most dangerous part of you is your tail. You just like people so much you thump ’em to death, don’t you?” I turned to the computer and booted off the floppy. It didn’t work. So I restarted, and when it asked for a command interpreter, I typed “a:command.com” and got a command prompt. Meanwhile, her dog grabbed onto my hand with her paw so I wouldn’t go anywhere. Shadow, the Cocker Spaniel/Irish Setter mix I had growing up, used to do that.

I ran sys.com and rebooted, expecting to be a hero. Instead, I got the dreaded invalid media type reading drive C error.

I told Wendy I’d need the heavy artillery to fix this problem. I kicked myself for not bringing any more sophisticated tools like MBRWORK. It looked like a blitzed partition table to me.

I rebooted a couple more times to try to get symptoms. The Windows logo splashed up ever so briefly. The drive didn’t make any weird noises. That was good. That meant the boot record was intact, and that some data was intact–obviously, because it was reading the Windows logo. It looked just like the time my Pentium-75 crashed and forced me to cycle power, then didn’t come back up. I didn’t know how to fix a blitzed partition table then. But that was a long time ago.

By now, it was 7:20. “I can go get some more tools,” I offered.

“Go to church,” she said. “I’d feel really bad if you miss church. Tell Pastor John it’s my fault.”

I did my best to reassure her that I could get her data back. I told her the odds looked like about 50/50. In reality I was more confident than that, but unless I’m about 99% certain, I won’t say the chances are any better than 50/50. There’s nothing I hate more than disappointing people.

I went to church mad at myself that I hadn’t gotten her data back. I came home from church, got ready to gather up my tools, and checked my messages. It was Wendy. She said she’d gone to school to work on a paper, that we’d worry about the computer tomorrow but it wasn’t a big deal.

Maybe it wasn’t to her. But it was to me. I hate losing, especially to a computer. I have since I was in first grade and played Atari at my neighbors’ house. True, back then I got mad when I lost at Donkey Kong, but in my mind there’s no difference. Even though it’s a different game today and I lost a lot then and I rarely lose now, it doesn’t make me hate losing any less. Especially when I’m playing with other people’s stuff. Her words echoed in my mind: “My whole life is on this computer, Dave.”

I wasn’t going to let her down. I wasn’t going to let myself down by letting her down. I was going to get that data back, and I didn’t care what I had to do to get it.

I called her back, expecting her not to be there. Her mom, Debby, answered the phone. She gave me a few more clues, told me she didn’t expect Wendy home until late, said one or the other of them would be home about 3:30 the next day. I’d been at work until close to six on Wednesday and saw the possibility of having to stay that late on Thursday. I didn’t make any hard and fast promises about when I’d be there, but I started plotting how I would escape work by 4:15.

On Thursday, I loaded up floppies containing all the standard Microsoft disk tools, plus Norton Disk Doctor, plus Spinrite, plus MBRWORK and a few other partition recovery tools, along with a Windows 98 CD, and took the whole wodge of stuff to work. At 4:20, I called. Debby answered. I told her I was leaving work and I’d probably get there in about 20 minutes.

Along the way, I listened to a bunch of punk rock, really loud, and got myself pumped up. Whether it’s stepping up to the plate in the bottom of the seventh with runners on second and third and two out, or just a tricky computer problem, I get myself into the same mental place. The world fades away and I see nothing but the challenge. By the time I got to their house, I was in the zone. I was so in the zone that I walked up to the front door of the wrong house. Wendy’s Lab was in the front yard giving me the “I know you! What are you doing over there? Get over here and pet me!” look. I didn’t notice. The neighbor pointed next door. Feeling stupid, I walked over. The dog congratulated me on getting smart, Debby greeted me, and I went another round with her computer, running MBRWORK. It recovered the partition successfully, it said. I got excited. I rebooted and the computer asked me for a command interpreter again.

Cantankerous computer 2, Dave 0.

I went home, fixed myself a little something to eat, pondered the situation, and wrote my Bible study for Friday night on my company laptop. That calmed me down enough to let me think rationally again. I packed up everything I could possibly need: Norton AntiVirus, Ghost, an extra hard drive, two laptops, a couple of Linux CDs, both versions of Windows 98, utilities disks…

I booted off my disks and tried a few things. Nothing. I booted my company laptop up with the disks–that laptop doesn’t have DOS installed–and added a couple more toys. They didn’t help. Wendy got home and asked if it was a bad sign I was there. I muttered something and probably came off as rude. I was in the zone, after all. I asked her if she had any floppies she wanted me to scan for viruses. She handed me one, and I tried to boot my laptop into Windows. It showed the very same symptoms as her computer.

I’ve said it before and I’ll say it again. Virus writers, PLEASE get a life. Get interested in girls or something. Anything!

Wendy didn’t like the look on my face. I told her what happened. She said a phrase I won’t repeat here, then apologized. There was no need. I felt like saying it too. Or something worse.

For grins, I tried booting the laptop into Linux. It booted up like it was cool. Hmm. Boot sector viruses that kill Windows dead don’t even make Linux flinch. I owe Linus Torvalds a beer.

I tried mounting my main Windows partition. Linux reported NTFS errors. Visions of virus writers getting beaten to a bloody pulp danced in my mind.

Since I was now convinced we were dealing with a boot sector virus, I replaced the MBR. No joy. I booted off a Linux CD, switched over to a console, ran cfdisk, and viewed the partition table. One 4-gig partition, FAT32. No problems. Odd.

Wendy started fretting. “You’ve spent all this time and you’ve lost your laptop. I’m about to start to cry.”

I stopped what I was doing, turned to her, and looked her straight in the eye. “I take care of my friends.”

She looked back at me like she thought that was kind of cool.

“I don’t care about the laptop. I can fix that later. I can rewrite the Bible study that was on it. It took me 20 minutes to write, so it’ll take me 15 minutes to rewrite. I’m going to get your data back.”

The Bible study I lost indeed took me about 15 minutes to rewrite, and the second version was a lot better. But I didn’t get her data back that night. Eventually I gave up, pulled her drive, installed a new drive, and installed Windows and Office on it so they’d have a computer that was useful for something. Debby walked in as I was switching drives, noticed the dust inside the case, and gave it a disgusted look. She came back with a rag and Wendy started laughing at her.

“She can’t stand dust anywhere. I guess not even inside electronics,” Wendy said.

Debby lit up when she walked in the room and saw the Windows 98 screen on her computer. Later when Wendy walked back in, she let out a whoop and told her mom she was missing beautiful things in the computer room. I was pretty happy about it too. Windows 98 didn’t install easily–the intial reboot failed and installation didn’t continue until I booted it in safe mode, then rebooted. I gave the computer a lecture as I booted it, reminding it that I have enough spare parts at home to build a computer like it and would have no qualms about destroying it and replacing it with something else. I know it didn’t hear or understand a word I said, but I felt better afterward.

I felt bad about not getting the data back that night. Wendy and I talked for about 45 minutes about other things. I felt better afterward. I forgot to thank her. Around midnight, I packed up the stuff and drove home.

Wendy and I talked the next day over e-mail. I’d taken my disks to work and scanned them on a non-networked PC nobody cared about and found the Form virus. Wendy had taken some disks to school and had them scanned. They contained both Form and antiCMOS. Since antiCMOS resides in the MBR and Form resides on the primary partition, the two viruses can coexist. Form was relatively harmless on FAT16 drives, and although antiCMOS was potentially destructive in 1991, it’s much less so now that PCs autodetect hard drives at boot rather than relying on parameters stored in CMOS. My work the night before would have eliminated antiCMOS, which explained why it wasn’t present on my disks. I did a Dejanews search on Form and FAT32, to see if that would explain the apparent partition corruption. I found that the symptoms were exactly what Wendy was showing. And I found recovery methods that had a high success rate.

I haven’t put Wendy’s drive in one of my PCs yet to recover it. But I’m pretty confident I’ll get her data back. That’s a good thing. I’ve met nicer people than Wendy and Debby. But only once or twice. People like them don’t come around very often, so I’d like to do something nice for them.

Bringing their data back from oblivion would do.

Software stuff I forgot about

I’m hoping someone can help me here. I read a couple of stories this week and can’t find them anymore. They’re fairly significant.
Evil Adobe software. The first involved an Adobe lawsuit. Some outfit was buying Adobe suites, breaking them up, and reselling the components. Adobe sued, saying this violated the click-through license. The court ruled that the reseller never agreed to the click-through license, this constituted a sale even though Adobe defined it as a license, and the vendor wasn’t violating any copyright laws by selling the software CDs and books just like stores that sell used books and music don’t violate the copyrights. The court also questioned whether a click-through license was legally binding anyway.

This story should be very significant. The way around it, of course, is to rent software, which is more profitable anyway. Expect Adobe to make tracks down that path very quickly. Adobe’s software licenses are generally slightly more generous than Microsoft’s (they allow you to install their products on your home PC if your business buys them, something Microsoft no longer allows) but then again Adobe’s the company responsible for jailing Dmitry Sklyarov, so they’re still evil. Maybe not quite as evil as Microsoft, but still evil.

So if you must buy Adobe software, do it smart. Buy the suites–which generally combine three or more Adobe products and generally sell for what two products would sell for seperately–and split them up. Find a friend or coworker to go halvesies with you.

Evil viruses. I’ve been fearing for a couple of months the virus that takes the methods used by Nimda and combines them with oldschool exploits like infecting file shares and e-mailing people in your address book. Such a beast appeared last week, but the stories faded very quickly. Presumably the virus was discovered but never really made it into the wild. The stories I read suggested the virus code was very buggy.

Still, if you’re still reeling from Nimda like I am, take steps to secure your network. Put an antivirus package on your mailserver. Consider blocking access at the DNS level to your local ISPs’ mailservers and free mail providers such as Hotmail to keep users from bringing unchecked mail into your network. Deploy IE 5.5SP2 with all of the current patches. Put Outlook in the Restricted Sites zone and very seriously consider replacing Outlook with something that works right and is secure, such as the Lotus Notes and Domino tag-team. (Exchange always was a Domino wannabe anyway, and not a very good one.) And since keeping your Microsoft software up to date is a royal pain, tell your boss to start thinking about remote deployment software such as Tivoli. Yes, it’s expensive, but it’s cheaper and easier than hiring another one of you and it frees you up to do real work. (My company’s been looking for another one of me for about three years, first so they could afford to get rid of me because I’m not a Microsoft lackey, and now so they can promote me. They’ve never succeeded. Presumably your company would have an equally difficult time finding another one of you.)

Linux in the enterprise. The ultimate solution to this virus crap (and other Windows-related crap) is to get rid of Windows and replace it with Linux, since Linux viruses are extremely rare and almost never damaging. While Linux has security vulnerabilities too, they’re generally more rare than Windows vulnerabilities and a desktop PC often won’t be running the programs that can be exploited. Besides, you are firewalled, aren’t you? If you are, you’re pretty reasonably secure, since in the Unix world, operating systems are operating systems–they don’t try to be operating systems and web browsers and mail clients and everything else.

But what about usability and maintainability? Linux plus KDE is no harder for an end-user to use than a PC or a Mac. Corel WordPerfect Office gives you everything you need to run your business, and secretaries like WordPerfect better than Microsloth Word anyway. Oh, you need Outlook, you say? Fine. Wait a month then. Ximian Evolution is approaching version 1.0, which will bring Outlook functionality to the Linux desktop. And if you don’t want to pay for WordPerfect Office, there’s always StarOffice. (But you can easily afford WP Office with the money you save by not buying Windows licenses anymore.)

So you don’t know anything about fixing Linux if it goes bad? So what? No sane person fixes a Windows installation either. Fixing a troublesome Windows box can easily take half a day, so the best practice is to keep an image of a working configuration, then when the user breaks it, back up user data (usually scattered all over the drive), re-image, then restore the data and be back up and running in an hour. Linux restricts user data to the /home hierarchy, so maintaining an army of Linux boxes is actually considerably easier than maintaining an army of NT boxes. Back up /home and re-image. Or if you’re really smart, you already redirected /home to a server somewhere, in which case all your desktops are now interchangeable. And Linux imaging is much easier than in NT. Linux generally doesn’t care about the motherboard, so if your video, sound, and network cards are identical, your disk images are interchangeable. Often you can get away with changing sound cards too. And if you’re limited to two or three types of NICs (probably Intel EtherExpress Pro and 3Com 90x; most cheapie 10/100 cards are covered by the Realtek 8139, DEC Tulip or NatSemi drivers), you can just statically compile those into the kernel and you’re set–then the video card is all you have to worry about. Running XConfigurator can take care of that in a matter of minutes. So a dead Linux box can be wiped and restored in 30 minutes, easy, during which your user can still be working, either on a vacationing neighbor’s PC or on your PC.

Remember too that a good percentage of NT problems are caused by toy programs users download off the ‘Net, or games or other programs people bring in from home and install. Those toys generally aren’t available for Linux, and since Linux has a low penetration in the home, people aren’t going to be bringing in their Barbie CDs and installing them. So you’re a fool not to think about Linux on the desktop in the enterprise.

Outta here. I’ve got more but I’m pretty much out of time. We’re doing a prayer vigil this weekend, and no fool signed up to lead from 1:00-2:00. When I stay up that late, my mind tends to be at its best, though my emotions tend to be at their worst (I get depressed easily). But since I can be plenty lucid at that hour, this fool signed up to lead. I’ll be back with more tomorrow.

Thirteen hours! Woo hoo!

It’s a beautiful day in the virushood, it’s a beautiful day for a virus, would you be my, could you be my…
Yes, today we hunted down and killed a couple of live Nimda specimens. I actually didn’t find any viruses whatsoever, but I found a number of PCs that I really liked. I kept trying to bet one of my coworkers they would float. Of course, that’s just my diabolical scheme, usually reserved for cantankerous Macintoshes. You get someone to bet you 10 bucks the thing doesn’t float, then throw it in the pond and see what happens. If it sinks, you’re out a problem. And if it floats? Well, that’s just proof that it’s a witch. And what do we do with witches? We build a bridge out of them! No, wait. That’s something else. Burn them!

Victim #1 was a P166 built by a local outfit called Intek. Intek is one of those clone shops that builds PCs out of the cheapest parts you can buy (including stuff even Packard Bell wouldn’t have touched) then sells for the price of a Dell or a Micron. But since it has an Intel processor in it and the place promises same-day service (which doesn’t always happen), CIOs fall for it. Anyway, I’ve seen 486DX2-66s that outperform this P166. And when I put the current version of Norton AntiVirus on it, it quit booting.

Personally, I think it’s time to just take the machine, slap a second NIC in it, and install a minimal Linux on it and make it a network bridge to keep a chatty Mac segment from killing the rest of the network, because that’s about all that PC is ever going to be good for in this day and age. But it’s not my decision.

We had one PC infected with PrettyPark. Of course, NAV deleted Files32.vxd but left all the registry entries behind, so the PC would no longer run any .exe files. I downloaded Symantec’s PrettyPark fix, but it looked, found no Files32.vxd, and pronounced the system clean. But thanks to the registry entries pointing to files32.vxd, no executable would run. So I faked it out. copy con: c:winntsystemfiles32.vxd, type some gobbledygook, then hit ctrl-z. Then, copy con: c:winntsystem32files32.vxd, type more gobbledygook, then hit ctrl-z. Run the fix again. Aha! We’re infected. Shall I clean you up? Why, thank you for asking, please do, kind sir.

Seeing as this PC sits on the desk of the head of the accounting department, I figured it’d be best to have it in working order for him this morning.

So. I’ve now worked something like 51 hours this week. And it’s Thursday. I have no social life. But once that paycheck comes in, I’ll be able to afford to have a very nice social life for a little while…

So I came home about 10:15, after stopping off at a gas station for a tank of gas (I was on E) and a beer. I very rarely drink, but I’ve been so tightly wound this week I figured I could use a little help unwinding. I threw in a microwave pizza, popped a beer, sat down, and wrote this. Now the pizza’s gone and the beer’s empty, and I’m not just tired, I’m also a little drowsy. That’s good. Hopefully that means I’m in for a good night, for the first time this week since Sunday.

And that was the last building that needed scanning. So now I can concentrate on my job. Currently I have about 25 trouble tickets open. Normally I have about four open at once. On any given day, four new ones should come in. On a good day I can close between five and eight. So now that the virus scanning’s done, I think the tickets will stop coming in faster than I can close them, but I’ve got a long road ahead to get caught up. Next week won’t be a 60-hour week, but it won’t be a 40 either.

Worst practices for e-mail

If you want to wreck your computer with a virus and put your neighbors’ computers at serious risk, there’s a really easy way to do it. Just be really cavalier with your e-mail habits. Approach e-mail with reckless abandon, and you’ll quickly receive your just reward.
But if you like having a computer that works well, and you kind of like your neighbors, there are things you can do to minimize your risk. If, on the other hand, you want to leave your mark on the world in a negative way, do the opposite of the things I suggest here.

1. Acquire good anti-virus software and keep it up to date. I’ve been configuring Norton AntiVirus to update itself every day. It’s excessive, but since it’s impossible to guess when the next big thing will come out, and it might hit you before you know about it, it’s the only safe way. Update every day, and keep autoprotect on, so that files are scanned as they’re created. That way, if you get a virus, it won’t get far. I also set NAV to scan the entire computer–all files, not just executable files–at least once a week.

While sweeping the network at work, I found copies of Nimda, but I also found old friends like SirCam, Happy99, PrettyPark, and Kak. Obviously people were aborting the scheduled updates and scans.

2. If you do get infected, don’t count on your antivirus package to completely clean up the mess. Visit www.sarc.com or www.antivirus.com/vinfo/virusencyclo to download a specialized removal tool for the virus your antivirus package caught. Run it to remove any residual damage your antivirus package may have missed.

3. Don’t take e-mail attachments from strangers. I take an even stronger stance than that. Frankly, when someone sends me e-mail with an attachment, the first thing I do is delete the message. I don’t even open it. I don’t care if I’ve known the guy who sent it for 10 years. Some attachments can execute without you even opening the message, so the only safe thing to do is delete it.

The only exception I make is when someone e-mails me and tells me something’s coming. Sure, I’ll look at my friend’s resume, as long as he lets me know ahead of time that it’s coming and I should look for it.

Yes, I miss some good jokes and fun games that way. But you know what? I’d rather be accused of having no sense of humor than to have to rebuild my computer. I don’t have time to rebuild my computer. I’m already too busy rebuilding the computers that belong to people who open each and every e-mail attachment they get.

The virus of the week is W32.Vote.A, which masquerades as a chance to vote for peace or war between the United States and the Middle East. It doesn’t actually let you vote; it e-mails itself to your contacts and deletes files off your drive.

4. Don’t be the first on your block with the newest Microsoft software. Microsoft continues to refuse to take security seriously. No one in his right mind should be running Internet Explorer and Outlook Express 6.0 right now. Every single dot-oh release from Microsoft in recent memory has been an atrocity. Get Internet Explorer 5.5SP2 and stick with it. It’s fast, it’s as stable as anything Microsoft has written, and all the known holes that viruses exploit have been patched. Is the same true for 6.0? Who knows?

5. Don’t use a Microsoft e-mail client if you can help it. Microsoft’s the biggest kid on the block, so their mail clients are the most frequent targets. They also have more security holes in them than a vacant building in East St. Louis. There are a number of competent alternatives out there, including Pegasus, Netscape Messenger, and Qualcomm Eudora. (Just watch out for Euroda’s spyware–run Ad-Aware from www.lavasoftusa.com after you install Eudora.)

6. If you must use a Microsoft e-mail client, turn off the preview pane. Also, go to the client’s security options and put it in the Restricted Sites zone. That way when some idiot forwards you a message with hostile ActiveX code in it to automatically execute an attachment that e-mails itself to everyone in your inbox and address book and then low-level formats your hard drive, you won’t be affected. There is absolutely no legitimate reason for HTML e-mail to contain any ActiveX, Java, or JavaScript.

7. Don’t run any Microsoft software if you can help it. A Mac doesn’t count–the most popular Mac application is (drum roll please) Microsoft Office. Besides, there are plenty of Mac viruses out there to get you too. I’m writing this on a cheap PC running Linux. I use a tiny, lightning-fast mail client called Sylpheed. It takes up 733K on my hard drive. Outrageous, isn’t it? I use a tiny, lightning-fast Web browser called Dillo. It’s secure as a rock because it doesn’t do Java, JavaScript, or ActiveX. It renders pages instantly. It’s 240K in size. They’re both in alpha testing, but they crash less for me than Internet Explorer 5.5 and Outlook 2000SP2. And don’t be fooled by the tiny size: I compiled them for speed, not size. If I’d used size optimizations they’d be a lot smaller.

8. Don’t run your Web site on IIS. Even the Gartner Group is recommending everyone abandon IIS ASAP. It’s impossible to keep up with the patches well enough to prevent outbreaks like Nimda. Nimda knows about 16(!) security holes in IIS that it can exploit in order to send itself to people who visit your Web page. Yes, people try to hack Apache. Of course they do–70% of the Web uses it. But I hear of one Apache vulnerability a year. That compares to one IIS vulnerability a week. It is fiscally and socially irresponsible to bank your business on such an insecure, poorly written piece of software. (This site runs on Apache, and its only downtime in five months has been from a power failure. Zero crashes, no having to take it down to apply a patch. My system uptime reads 112 days.)

Nimda ate my weekend…

I left for Promise Keepers as planned late Friday morning, but not before I had a hectic morning with Nimda. Nimda didn’t spread too far (it seems most people got it from visiting Web sites, and in a lot of cases it was just pieces of it sitting dormant in browser caches), but we had no way of knowing that until we visited virtually every PC on the network. That takes a while–especially when you find people with anti-virus software that came free with a PC they bought in 1995 or 1996 whose definitions were last updated when Ace of Base was popular.
So we have a good argument in favor of kicking Norton AntiVirus into managed mode. And with the large number of unpatched copies of Internet Explorer out there, we’ve got an argument in favor of some kind of site management software so we can push installs.

The choice is pretty simple: Fork out the bucks for site management, or pay me enough overtime to make a downpayment on a house. It’s pretty obvious which decision makes sense.

As for PK, I learned a ton, and the bus ride to and from KC was fun. My buddies and I scored the very back seats. A couple of guys brought their early teenage sons, but for the most part, we were the young rowdies on our bus. (The kids in senior high were on the other bus.) I’ll talk about that later, when I have time to do it justice.

I worked 11 hours today, so I’m tired. I think it’s time for some quality time with my pillow.

Finding an open-source alternative to Ghost

Finding an open-source alternative to Ghost. Have I mentioned lately just how pathetic a software company Symantec is? Norton Utilities is adequate, don’t get me wrong. But I don’t think I’d put Norton AntiVirus on any computer that I wanted to work right. I’d give you my opinion of McAfee’s product, but that’s a violation of the license agreement, so I’ll give you my opinion of the company instead. They’d rather spend their time and money and energy keeping you from talking about their products than they would making them worth buying.
So, anyway. Since Symantec is making my life difficult, why do we keep rewarding them by buying Ghost licenses over and over again?

Knowing that the Unix command dd if=/dev/hda of=[filename] makes a bit-for-bit copy of a hard drive, I sought to utilize the Linux kernel and dd as an alternative. Pipe it through bzip2 and it’d be great, right?

Uh, no. I imaged a 1.6-gig HD that had about 400 MB in use. About an hour later, I had a 900 MB disk image. This is bad. Very bad. Ghost would have given me a 250-300 MB image in 15 minutes.

But then I stumbled across PartImage, which does an intelligent, files-only disk image like Ghost does. It’s fast, it’s small, it works. NTFS support is experimental, but as long as you defragment your drive before you try to make an image, it seems to do fine.

However, it doesn’t do a full disk clone like Ghost does. Not yet, at least. Not on its own, at least. But this is Unix. Where there’s a will, there are 47 ways.

First, dump your partition table: sfdisk -d /dev/hda > table

Next, get your MBR: dd if=/dev/hda of=mbr bs=512 count=1

Yes, Eagle Eye, dd does grab your partition table. But restoring the table with DD will only get your primary partition(s). It won’t get your extended partitions, so that’s why sfdisk is necessary.

Now that we’ve got that detail out of the way, you can use PartImage to create images of all your disk partitions. It’s menu driven like Ghost. It’s text mode and not graphics-mode, so it’s not as pretty, but it’s also a fraction of the size.

Got your files made? Great. Now, to make the clone, you reverse it.

Write out the MBR: dd if=mbr of=/dev/hda bs=512 count=1

Re-create your partition layout: sfdisk /dev/hda

Then restore your partitions, one at a time, using PartImage either in interactive mode or with command-line switches.

It's a lot to remember, so the best bet would be to dump the images plus these two small files to a CD, make a Linux boot floppy containing dd, sfdisk, and partimage, and write a shell script that does it all. Then you can think about getting fancy and making a bootable CD that holds all of it and restores a system lickety-split.

A lot of trouble? Ugh. Yeah. Worth it? Probably. Ghost licenses aren't cheap, and PartImage has the potential to be a whole lot quicker, since it's built on a better foundation. Today's PCs are extremely powerful, and DOS has been underutilizing PCs' power since the introduction of the PC/AT in 1985. Linux will very happily scale up to whatever amount of memory and CPU power your PC has under the hood, making compression and decompression go faster. And if you do a little tweaking with hdparam before creating and before restoring (again, a good job for a shell script), you'll get far better disk throughput than DOS could ever give you. On these P3-866s, I found PartImage was a good 20-60 MB/minute faster than Ghost.

So this is not only faster, it also frees you from the difficulty of keeping track of Ghost licenses, which is a hidden administrative expense. With Linux and PartImage and the associated tools, you're free to use them as you like. The only questions anyone will ask is, "How'd you do that?"

That's not to say I have any objection to paying for a good product, but when you can't even buy a site license to escape the paperwork, it gets ridiculous. I suspect some companies just count their PCs and buy that many Ghost licenses once a year in order to be rid of the administrative overhead.

So I think it's more than worth it to figure out how to effectively do this job with open-source tools.

Of course I've left some questions. How do you make Linux boot floppies? How do you make Linux CDs? The PartImage site has images of bootdisks and boot CDs, but they don't have everything you need. Notably, sfdisk is missing from those images. And obviously you'd have to write your shell scripts and add those yourself.

I'll let you know when I figure it out. I'm pretty darn close.

04/03/2001

Interesting day at work yesterday. Some genius decided it’d be great to send a 281-K attachment to everyone in their address book (only 5,000 people). That meant no e-mail came in or out that afternoon while our poor VMS-based mail server tried valiantly to plow through 140 gigs’ worth of data. (I’ll be building that person a new PC. I knew I was keeping that 10 MHz 286 motherboard for a reason…)

But in the meantime, I pulled off the turnaround of the month. One of the users I support has an old NEC Versa laptop. It was a dog the day they got it, and it’s still yapping away today. Actually I probably shouldn’t insult the canine species by comparing them to this thing. It’s a Pentium-133 with MMX (the slowest MMX CPU Intel ever made), with a woefully underpowered 16 MB of RAM and a hard drive that’s been going soft for as long as I can remember.

At any rate, even after I tweaked it out, the thing still took the better part of two minutes to boot, and it took a good 30-45 seconds to launch Word 97. Memory usage was obnoxiously high–nearly 40 megs without any applications running. In short, the thing was unusable.

So I took the entire contents of the hard drive and shoved them into a directory called OLD, just in case I needed them. I copied the Win95 directory of the OSR2.1 CD into C:WindowsOptionsCabs. I hacked out MSN, IE, the Exchange client, and the other online services as described in my book (the freebie sample chapter describes the process), then I installed it, leaving out networking and basically leaving out everything but the bare essentials like Calc, WordPad (questionable, but I kept it anyway), Defrag, and Notepad. No networking. No Internet. When all was said and done, the system booted in 19 seconds. No kidding. I couldn’t believe it myself. And memory usage was right about 16 megs.

I did the Vcache trick and got memory usage down to 10. Excellent. I downloaded the laptop’s video drivers with another PC and installed them, which got me into 800x600x256. Then I installed Word. Word loaded in about 10 seconds. Astounding. I rebooted, and surprisingly enough, the machine still booted in 21 seconds, even after installing slow, fat, instrusive Word 97.

I installed Norton AntiVirus, assuming that’d kill performance once and for all, but we can’t have corporate PCs running around without it. NAV more than doubled boot time and memory usage (ugh), but it was still booting in under a minute, and Word was still loading in under 15 seconds. Can’t complain about that.

I did a few more filesystem tweaks and I defragged, which cut a little off the boot time and Word’s load time. This woefully underpowered laptop is about ready to turn some heads. The trick is to know exactly what you want, and ask it for exactly what you want. It’ll reward you.

And Windows, once liberated from the Evil Internet Exploiter Empire and the rest of Microsoft’s plans for world domination, can do things no one would have imagined.

And a big thank-you to my readers. Occasionally, editthispage/userland.com has a glitch that tabulates its Top 100 sites incorrectly. Well, yesterday such a glitch occurred, a bunch of other candidates’ votes were lost entirely, and I cracked the Top 100, at position #99, with 52,259 hits. (The usual holder of that spot has around 68,000 hits.) That’s since Oct. 21, which isn’t bad at all.

With 400-500 reads per day on average, I should be a legitimate Top 100 site within about six weeks.

That’s the first cumulative statistic I’ve seen in a number of months, since the last big glitch put me in the Top 100 when I wasn’t. And at the time I wasn’t tracking so I didn’t have a good count. (I track now.)

Argh. Yesterday Roger Clemens broke Walter Johnson’s 74-year-old record for the most career strikeouts by an American League pitcher. He did it against my Royals, which bothers me some, but what really bothers me is seeing a record held by one of the classiest guys to ever play the game by a jerk like Clemens.

A Mac Norton Antivirus tip

Mac Norton AntiVirus tip. If this affects you, you probably already know this, but just in case, I’ll metnion it. NAV under Mac OS 9 isn’t exactly reliable. Its autodetection of installing software (so it can offer to disable itself during the process) likes to crash the system. The conventional advice of rebooting without extensions to install software is no longer a suggestion in this environment. It’s a must.

I don’t like having antivirus software running all the time personally (it slows down systems something fierce and I find it preferable to just not engage in high-risk activities because sometimes things slip past antivirus software–I’ve always thought it’s better to promote responsible behavior than it is to try to make irresponsible behavior safe), but sometimes that’s unavoidable, e.g. in corporate environments where there are policies mandating such things.

Weird day yesterday. My boss and I had talked about moving me on to bigger and better things. Yesterday was the day. I totally forgot. I was wondering about mid-day why I hadn’t had anything to do when someone else mentioned it. Oops. So now I’m Office 2000 Deployment Czar. Sort of. Yuck. Didn’t I see a pile of IBM Selectrics somewhere…?

And then this… My songwriting partner asks about the feasibility of writing an original Christmas song for the Christmas Eve 11 pm service. Ooh. Is there such thing as an original Christmas song? But this is like being asked to write a song for your best friend’s wedding or something, so if there’s a way to still write an original Christmas song, I’ll find it.

~~~~~~~~~~

From: “Gary Mugford” <mugford@nospam.aztec-net.com>
Subject: The definition of rich
David,

  From the Great White North, have a great holiday season. We struggle
away ourselves, having already had the holiday
back in October.

  Your pastor’s saying brought back a memory of something I wrote way back
in Grade 9. Haven’t changed belief in it much
since then. It was a poetry assignment in English that was supposed to
combine traditional and non-traditional form.
It’s lousy, but I’ve never written a poem since then. To me, I’d done
better than I could ever do again. And since I had
the marks to afford it, I declined to ever write another poem. Schmaltzy,
yeah. Crazy for sure. But i’s gotta be me!

  I unabashedly give you …

The Richest Man in the World

“Rich,” he said, “That’s what I’ll be!”
“I’ll own the world, just you wait and see!”

And then he met her.

And his world started to shrink, not grow larger.
And his wallet grew thinner, not fatter.

As the years passed by,
and life passed unto death,
there came to be erected
in the Olde Church graveyard,
a tombstone bearing an inscription,

“Here lies a very, very rich man.
She loved him.”
~~~~~

Poetically, sure, there’s room to criticize it, but that doesn’t change the
message one bit. That is the coolest thing I’ve read in a long time. Thanks!
~~~~~~~~~~

From: “Don Armstrong” <darmst@nospam.yahoo.com.au>
Subject: Ergonomic thingies

Dave, have you checked out 3M’s CWS (Computer Workstation Solutions) site, particularly their Ergonomics section, and particularly what they call their Renaissance Mouse?

It’s at http://www.3m.com/cws/index.html

Now, the “Renaissance Mouse” obviously owes a lot of its ancestry to gamer’s joysticks, but it seems to me to make a lot of sense when I play-act going through the motions of using it. There are other things there – like gel-filled wrist-rests – that also make sense. I’ve used them before, and they help.

Regards, Don Armstrong
~~~~~

I just checked the site. The renaissance mouse looks much like the old
third-party joysticks people bought for Atari 2600 consoles. Definitely
interesting. I may be putting my credit card to use…

Thanks!

~~~~~~~~~~

From: Edwards, Bruce
Subject: Ripping audio

Hi Dave:

I noticed that yesterday you talked about ripping audio from your CDs.  What sound card do you recommend as a good choice for encoding audio from LPs to either WAV or MP3 format?  I am interested in (when I build my next PC in about three to four months) getting a sound card that will provide excellent fidelity from an analog line in source.  I know there will then be interference issues within the PC too, are certain sounds cards more immune to this than others?

Thanks for any comments.

By the way, I ordered you book off Amazon last Friday and they were selling it for 50% off list.

Sincerely,

Bruce

~~~~~

It’d be really hard to beat the Sound Blaster Live! series (just avoid the Value version of the card, now discontinued). The card itself has excellent sound quality, and a much larger number of capacitors on it than I’m used to seeing these days, which will cut down on excess noise. The sound inputs are outstanding as well. The only way you’ll do better would be to get a truly professional-grade audio card, such as those from Digital Audio Labs (but you’ll pay more for it and you’ll have a card with zero multimedia capability–no MIDI, no nothing).
 
I see as well that the book’s at 50% off list. I wonder if that means it’s nearing the end of the line? It’s still at 20% off in the UK, which is where my sales are anyway, so if it stays in print there I’m in good shape.

Ultra-useful Windows and DOS utilities (plus Linux stuff)

4/3/00
There are loads of links in this mail. Explore them; you won’t be disappointed.

Hello. I maintain the Interesting DOS programs website and I was pleasantly surprised when I got an email telling me my site was mentioned in your book as a download reference site for XMSDSK.

While I only provided a link to the XMSDSK file on Simtel, it was still great to see my site which I never thought will ever get mentioned in any book, especially a Windows one 🙂

I got your book and I like it (a lot). However, there were some tools I thought should have gotten mentioned (most are mentioned on my site)

———————————————————————–

On Page 65, you mentioned FIPS as a tool to resize partitions. While I haven’t tried FIPS, there is another freeware utility which I’ve used several times :

Partition Resizer v1.33 It resizes/moves your FAT16/FAT32 partitions safely without losing the data on it. It doesn’t eliminate the need for FDISK. You use Partition Resizer to resize and rearrange the FAT16/FAT32 partitions to create free space on your drive and then run FDISK to create the partition.

———————————————————————–

The Infozip link at http://www.cdrom.com/pub/infozip is orphaned and is no longer updated. An updated link is at ftp://ftp.info-zip.org/pub/infozip/Info-ZIP.html

———————————————————————–

On Page 209, you mentioned that internal Zip drives lack DOS drivers, this is not true as I have an internal ZIP drive and I access them from DOS. Perhaps you were trying the older drivers that came with the first Iomega parallel port drive?

———————————————————————–

FastVid v1.10 Improves video performance on Pentium Pro and Pentium II PCI/AGP systems. I haven’t tested this myself but you may want to check it out.

———————————————————————–

LFN Tools v1.48 These are DOS commands (as stand alone EXE’s) that can handle long filenames in plain DOS. Supports FAT32

For example there is LCOPY which works like XCOPY under a DOS window (copying the long filenames) but in plain DOS. This is useful for diaster recovery situations when you can’t get into Windows and you need to get files off your Windows drive. Other commands include

LMD – create a long directory name LRD – remove a directory with a long directory name (e.g lrd “Program Files”) LDIR – like the DIR command showing long filenames.

The Tools are released under the GPL so source code is available and it is free.

————————————————————————

AVPLite Build 134 Free (yet powerful) command-line antivirus detection and removal program.

The engine is only is only 49K (the antivirus updates are about 1.7MB) but it can scan inside ZIP, TGZ, CAB, mail folders in Netscape and Outlook, DOC files). If there is a virus on a machine, you can have a bootable disk with XMSDSK to create a ramdisk, then have the AVPlite and the antivirus update on separate floppy disks unzipped to the ramdrive and then run AVPlite from the ramdrive.

————————————————————————-

Some Linux links :

SET’s editor v0.4.41

GREAT text editor with the fimiliar Borland IDE interface with syntax highlighting. This is literally the FIRST app to install after you boot Linux. Editing text files with Joe, Vi and Emacs were ummmmmm….. kinda difficult ;-). Released under GPL.

(SET edit is also available for DOS with a built-in MP3 player 😉 )

The one page linux manual A PDF containing a summary of useful Linux commands You mentioned on your Silicon Underground that you wished there was a command reference for Linux. This one is close

————————————————————————- Since you mentioned Win3.x program manager, thought I’ll mention this

Calmira II v3.02 Freeware Win95 shell/interface for Windows 3.x, including explorer, etc.

Mask for Windows – PRWin98 Gives Win3.x apps the look and feel of Win9x apps

————————————————————————-

Looking forward to your upcoming Linux book (I agree with your sentiments on Silicon Underground – documentation is the main holdback for Linux)

Dev Teelucksingh
devtee@trinidad.net
Interesting DOS programs at http://www.opus.co.tt/dave
Trinidad and Tobago Computer Society at http://www.ttcsweb.org

— This email sent with Arachne, the ultimate Internet client —
— http://home.arachne.cz/ —

Wow. Thanks for all the links. That’ll keep my readers busy for ages and ages to come. I did immediately go download SET edit. Very, very nice.

I’m very glad you like my book and look forward to the Linux book. It’s coming along, faster than the Windows book did, but not as quickly as I’d like. I’m not even willing to hazard a guess when it will be finished at this point.

A year from now, there will probably be twice as many Linux books available as there are now. Maybe more. The quality will vary widely. But we need them. The stuff coming out of the Linux Documentation Project is getting better (or maybe I’m just getting smarter) but the stuff available even six months ago very frequently had gaps that a newcomer wouldn’t be able to climb over: missing steps, poor or inaccurate description of output–all kinds of little things that suggest the author didn’t take the time to step through the process one last time. A plethora of available Linux books will help in more ways than one.

Back to DOS and Windows… Although many people deny it, DOS is still an integral part of Windows, and some things just can’t be accomplished without diving into DOS. Even under NT, I always keep a command line open. I can tell you the last day I didn’t use a command line. It was in June of last year. I know because I was in New Mexico, far away from work and from any of my computers.

So Iomega finally got around to releasing Zip drivers that work with the internal IDE and ATAPI models? About time. We bought a big batch of them at work about two years ago, and I needed to access them from DOS, and nothing. The drivers wouldn’t work. We contacted Iomega, and their line was, “These drives require Windows 95 or newer.” A year later, when I was writing that chapter, drivers still hadn’t appeared. But better late than never.

Thanks again.