How can Microsoft be proud to market this drivel !

[DanielN]

Hi People,

I have been a computer engineer for around 7 years professionally with
around 7 years prior to that self teaching myself all I could about Windows.
I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA
qualified as well.

I have used Vista only a couple of times although getting a very bad feeling
about it having read many bad things and experiencing some worrying things
like it takes more time for vista to spawn and animate the copying file
dialog then it does for say windows xp to even have copied the file already.
this is only minor though.

Today one of my customers who has a vista machine (I dont) got in touch
saying windows was bringing up an error saying that:

'Windows explorer has stopped working' and then 'Windows explorer is
restarting.'

Now I know there is a virus/spyware/adware on it. cause i can see an icon
for counterfit antispyware.

the problem is even if I go into safemode to clean it (remove program and
run scans of various kinds) which would have worked pretty much most of the
time in previous versions of windows doesnt work cause you have the same
problem.

i am getting the feeling MS have screwed up with Vista like they did with
Windows ME.


I am shocked that years down the line after ME and I am sure MS knew what
the score was with ME. They have managed to do it again. They should have
stuck with XP - perhaps brought out some addons/updates if they really
thought people were desperate for new stuff, and put in some serious work
into Vienna. I have heard that there were so many problems with Vista they
enlisted the help of the Vienna development team to help fix stuff. Obviously
there was to much to fix.

Now I have had my little rant. Maybe MS will sort this.

My advice demand Win XP Pro on new machines. Do not be told that u must have
Vista cause it is the best around.

Dan

Ps. I have also had a customer have a problem authenticating with a WPA
encrypted wireless network as well. Which turned out to be an incompatibility
between the wireless card and Vista even though the wireless card was built
into the laptop and it had a logo saying it was certified for Vista, and this
was a big OEM's laptop. So what hope is there!

 

[Richard Urban]

"DanielN" <DanielN@discussions.microsoft.com> wrote in message
news:1C18C11F-015D-40FC-86B6-3C2AF1A575A2@microsoft.com...
> Hi People,
>
> I have been a computer engineer for around 7 years professionally with
> around 7 years prior to that self teaching myself all I could about
> Windows.
> I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA
> qualified as well.
>
> I have used Vista only a couple of times although getting a very bad
> feeling
> about it having read many bad things and experiencing some worrying things
> like it takes more time for vista to spawn and animate the copying file
> dialog then it does for say windows xp to even have copied the file
> already.
> this is only minor though.
>
> Today one of my customers who has a vista machine (I dont) got in touch
> saying windows was bringing up an error saying that:
>
> 'Windows explorer has stopped working' and then 'Windows explorer is
> restarting.'
>
> Now I know there is a virus/spyware/adware on it. cause i can see an icon
> for counterfit antispyware.
>
> the problem is even if I go into safemode to clean it (remove program and
> run scans of various kinds) which would have worked pretty much most of
> the
> time in previous versions of windows doesnt work cause you have the same
> problem.
>
> i am getting the feeling MS have screwed up with Vista like they did with
> Windows ME.




WOW!

You don't think - just maybe - that there are new infections that have been
designed to prevent their being cleaned out, even in safe mode? Ever hear of
rootkits?

Using your thinking we should have stayed with Windows 3.1 because people
didn't hardly ever get any viruses using that system. If after building
their system and never inserted a floppy they were 100% safe. <grin>

 

[Alias]

Richard Urban wrote:
>
> "DanielN" <DanielN@discussions.microsoft.com> wrote in message
> news:1C18C11F-015D-40FC-86B6-3C2AF1A575A2@microsoft.com...
>> Hi People,
>>
>> I have been a computer engineer for around 7 years professionally with
>> around 7 years prior to that self teaching myself all I could about
>> Windows.
>> I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA
>> qualified as well.
>>
>> I have used Vista only a couple of times although getting a very bad
>> feeling
>> about it having read many bad things and experiencing some worrying
>> things
>> like it takes more time for vista to spawn and animate the copying file
>> dialog then it does for say windows xp to even have copied the file
>> already.
>> this is only minor though.
>>
>> Today one of my customers who has a vista machine (I dont) got in touch
>> saying windows was bringing up an error saying that:
>>
>> 'Windows explorer has stopped working' and then 'Windows explorer is
>> restarting.'
>>
>> Now I know there is a virus/spyware/adware on it. cause i can see an icon
>> for counterfit antispyware.
>>
>> the problem is even if I go into safemode to clean it (remove program and
>> run scans of various kinds) which would have worked pretty much most
>> of the
>> time in previous versions of windows doesnt work cause you have the same
>> problem.
>>
>> i am getting the feeling MS have screwed up with Vista like they did with
>> Windows ME.
>
>
>
>
> WOW!
>
> You don't think - just maybe - that there are new infections that have
> been designed to prevent their being cleaned out, even in safe mode?
> Ever hear of rootkits?
>
> Using your thinking we should have stayed with Windows 3.1 because
> people didn't hardly ever get any viruses using that system. If after
> building their system and never inserted a floppy they were 100% safe.
> <grin>

Back to the present. Use Ubuntu and never worry about a virus, root kit
or any other malware. http://www.ubuntu.com/

Alias

 

[Spirit]

Not exactly accurate :

http://www.internetnews.com/dev-news/article.php/3601946

"Alias" <aka@maskedandanonymous.info> wrote in message
news:u9nl1pvvHHA.3588@TK2MSFTNGP06.phx.gbl...
> Richard Urban wrote:
>>
>> "DanielN" <DanielN@discussions.microsoft.com> wrote in message
>> news:1C18C11F-015D-40FC-86B6-3C2AF1A575A2@microsoft.com...
>>> Hi People,
>>>
>>> I have been a computer engineer for around 7 years professionally with
>>> around 7 years prior to that self teaching myself all I could about
>>> Windows.
>>> I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA
>>> qualified as well.
>>>
>>> I have used Vista only a couple of times although getting a very bad
>>> feeling
>>> about it having read many bad things and experiencing some worrying
>>> things
>>> like it takes more time for vista to spawn and animate the copying file
>>> dialog then it does for say windows xp to even have copied the file
>>> already.
>>> this is only minor though.
>>>
>>> Today one of my customers who has a vista machine (I dont) got in touch
>>> saying windows was bringing up an error saying that:
>>>
>>> 'Windows explorer has stopped working' and then 'Windows explorer is
>>> restarting.'
>>>
>>> Now I know there is a virus/spyware/adware on it. cause i can see an
>>> icon
>>> for counterfit antispyware.
>>>
>>> the problem is even if I go into safemode to clean it (remove program
>>> and
>>> run scans of various kinds) which would have worked pretty much most of
>>> the
>>> time in previous versions of windows doesnt work cause you have the same
>>> problem.
>>>
>>> i am getting the feeling MS have screwed up with Vista like they did
>>> with
>>> Windows ME.
>>
>>
>>
>>
>> WOW!
>>
>> You don't think - just maybe - that there are new infections that have
>> been designed to prevent their being cleaned out, even in safe mode? Ever
>> hear of rootkits?
>>
>> Using your thinking we should have stayed with Windows 3.1 because people
>> didn't hardly ever get any viruses using that system. If after building
>> their system and never inserted a floppy they were 100% safe. <grin>
>
> Back to the present. Use Ubuntu and never worry about a virus, root kit or
> any other malware. http://www.ubuntu.com/
>
> Alias

 

[Richard Urban]

Alias doesn't know about the history of his operating system of choice to
know that rootkits were developed for Unix and are 100% effective in
Linux/Ubuntu.

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)



"Spirit" <unknown@lost.info> wrote in message
news:erapfxvvHHA.2304@TK2MSFTNGP06.phx.gbl...
> Not exactly accurate :
>
> http://www.internetnews.com/dev-news/article.php/3601946
>
> "Alias" <aka@maskedandanonymous.info> wrote in message
> news:u9nl1pvvHHA.3588@TK2MSFTNGP06.phx.gbl...
>> Richard Urban wrote:
>>>
>>> "DanielN" <DanielN@discussions.microsoft.com> wrote in message
>>> news:1C18C11F-015D-40FC-86B6-3C2AF1A575A2@microsoft.com...
>>>> Hi People,
>>>>
>>>> I have been a computer engineer for around 7 years professionally with
>>>> around 7 years prior to that self teaching myself all I could about
>>>> Windows.
>>>> I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA
>>>> qualified as well.
>>>>
>>>> I have used Vista only a couple of times although getting a very bad
>>>> feeling
>>>> about it having read many bad things and experiencing some worrying
>>>> things
>>>> like it takes more time for vista to spawn and animate the copying file
>>>> dialog then it does for say windows xp to even have copied the file
>>>> already.
>>>> this is only minor though.
>>>>
>>>> Today one of my customers who has a vista machine (I dont) got in touch
>>>> saying windows was bringing up an error saying that:
>>>>
>>>> 'Windows explorer has stopped working' and then 'Windows explorer is
>>>> restarting.'
>>>>
>>>> Now I know there is a virus/spyware/adware on it. cause i can see an
>>>> icon
>>>> for counterfit antispyware.
>>>>
>>>> the problem is even if I go into safemode to clean it (remove program
>>>> and
>>>> run scans of various kinds) which would have worked pretty much most of
>>>> the
>>>> time in previous versions of windows doesnt work cause you have the
>>>> same
>>>> problem.
>>>>
>>>> i am getting the feeling MS have screwed up with Vista like they did
>>>> with
>>>> Windows ME.
>>>
>>>
>>>
>>>
>>> WOW!
>>>
>>> You don't think - just maybe - that there are new infections that have
>>> been designed to prevent their being cleaned out, even in safe mode?
>>> Ever hear of rootkits?
>>>
>>> Using your thinking we should have stayed with Windows 3.1 because
>>> people didn't hardly ever get any viruses using that system. If after
>>> building their system and never inserted a floppy they were 100% safe.
>>> <grin>
>>
>> Back to the present. Use Ubuntu and never worry about a virus, root kit
>> or any other malware. http://www.ubuntu.com/
>>
>> Alias
>
>

 

[Mike Hall - MVP]

Why call it drivel? One attempt to unsuccessfully remove a piece of spyware
by somebody who had virtually no experience of an OS does not render it
drivel..

The OEMs are responsible for ensuring that ALL hardware included in a
package that they deem Vista capable at any level, and some have clearly not
done this.. hardly the fault of the OS, is it?


"DanielN" <DanielN@discussions.microsoft.com> wrote in message
news:1C18C11F-015D-40FC-86B6-3C2AF1A575A2@microsoft.com...
> Hi People,
>
> I have been a computer engineer for around 7 years professionally with
> around 7 years prior to that self teaching myself all I could about
> Windows.
> I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA
> qualified as well.
>
> I have used Vista only a couple of times although getting a very bad
> feeling
> about it having read many bad things and experiencing some worrying things
> like it takes more time for vista to spawn and animate the copying file
> dialog then it does for say windows xp to even have copied the file
> already.
> this is only minor though.
>
> Today one of my customers who has a vista machine (I dont) got in touch
> saying windows was bringing up an error saying that:
>
> 'Windows explorer has stopped working' and then 'Windows explorer is
> restarting.'
>
> Now I know there is a virus/spyware/adware on it. cause i can see an icon
> for counterfit antispyware.
>
> the problem is even if I go into safemode to clean it (remove program and
> run scans of various kinds) which would have worked pretty much most of
> the
> time in previous versions of windows doesnt work cause you have the same
> problem.
>
> i am getting the feeling MS have screwed up with Vista like they did with
> Windows ME.
>
>
> I am shocked that years down the line after ME and I am sure MS knew what
> the score was with ME. They have managed to do it again. They should have
> stuck with XP - perhaps brought out some addons/updates if they really
> thought people were desperate for new stuff, and put in some serious work
> into Vienna. I have heard that there were so many problems with Vista they
> enlisted the help of the Vienna development team to help fix stuff.
> Obviously
> there was to much to fix.
>
> Now I have had my little rant. Maybe MS will sort this.
>
> My advice demand Win XP Pro on new machines. Do not be told that u must
> have
> Vista cause it is the best around.
>
> Dan
>
> Ps. I have also had a customer have a problem authenticating with a WPA
> encrypted wireless network as well. Which turned out to be an
> incompatibility
> between the wireless card and Vista even though the wireless card was
> built
> into the laptop and it had a logo saying it was certified for Vista, and
> this
> was a big OEM's laptop. So what hope is there!

--


Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/

 

[Stephan Rose]

On Thu, 05 Jul 2007 08:11:07 -0400, Mike Hall - MVP wrote:

> Why call it drivel? One attempt to unsuccessfully remove a piece of spyware
> by somebody who had virtually no experience of an OS does not render it
> drivel..
>
> The OEMs are responsible for ensuring that ALL hardware included in a
> package that they deem Vista capable at any level, and some have clearly not
> done this.. hardly the fault of the OS, is it?


Here is one thing Mike I find to be interesting.

When it comes to non-windows OS' people like to blame the OS for hardware
incompatibility. I've yet to hear anyone outside the Linux community blame
hardware vendors for compatibility problems.

When it comes to Windows though, it's never the OS! It's always the
hardware vendors!

Quite an interesting double standard I think.

--
Stephan
2003 Yamaha R6

å›ã®ã“ã¨æ€ã„出ã™æ—¥ãªã‚“ã¦ãªã„ã®ã¯
å›ã®ã“ã¨å¿˜ã‚ŒãŸã¨ããŒãªã„ã‹ã‚‰

 

[Mike Hall - MVP]

Stephan

Those who blame non-Windows OS for hardware incompatibility have gotten it
wrong then.. with any OS, it is generally the job of the hardware
manufacturer to produce drivers..

"Stephan Rose" <nospam.noway@screwspammers.com> wrote in message
news:dtSdnYkvy_ZAeRHbnZ2dnUVZ8rOdnZ2d@giganews.com...
> On Thu, 05 Jul 2007 08:11:07 -0400, Mike Hall - MVP wrote:
>
>> Why call it drivel? One attempt to unsuccessfully remove a piece of
>> spyware
>> by somebody who had virtually no experience of an OS does not render it
>> drivel..
>>
>> The OEMs are responsible for ensuring that ALL hardware included in a
>> package that they deem Vista capable at any level, and some have clearly
>> not
>> done this.. hardly the fault of the OS, is it?
>
>
> Here is one thing Mike I find to be interesting.
>
> When it comes to non-windows OS' people like to blame the OS for hardware
> incompatibility. I've yet to hear anyone outside the Linux community blame
> hardware vendors for compatibility problems.
>
> When it comes to Windows though, it's never the OS! It's always the
> hardware vendors!
>
> Quite an interesting double standard I think.
>
> --
> Stephan
> 2003 Yamaha R6
>
> å›ã®ã“ã¨æ€ã„出ã™æ—¥ãªã‚“ã¦ãªã„ã®ã¯
> å›ã®ã“ã¨å¿˜ã‚ŒãŸã¨ããŒãªã„ã‹ã‚‰

--


Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/

 

[Alias]

Spirit wrote:
> Not exactly accurate :
>
> http://www.internetnews.com/dev-news/article.php/3601946

It accurately reported NO Linux computer has been compromised.
Possibilities are one thing reality another. It's possible that you
will be struck by lightening today but unlikely.

Alias
>
> "Alias" <aka@maskedandanonymous.info> wrote in message
> news:u9nl1pvvHHA.3588@TK2MSFTNGP06.phx.gbl...
>> Richard Urban wrote:
>>> "DanielN" <DanielN@discussions.microsoft.com> wrote in message
>>> news:1C18C11F-015D-40FC-86B6-3C2AF1A575A2@microsoft.com...
>>>> Hi People,
>>>>
>>>> I have been a computer engineer for around 7 years professionally with
>>>> around 7 years prior to that self teaching myself all I could about
>>>> Windows.
>>>> I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA
>>>> qualified as well.
>>>>
>>>> I have used Vista only a couple of times although getting a very bad
>>>> feeling
>>>> about it having read many bad things and experiencing some worrying
>>>> things
>>>> like it takes more time for vista to spawn and animate the copying file
>>>> dialog then it does for say windows xp to even have copied the file
>>>> already.
>>>> this is only minor though.
>>>>
>>>> Today one of my customers who has a vista machine (I dont) got in touch
>>>> saying windows was bringing up an error saying that:
>>>>
>>>> 'Windows explorer has stopped working' and then 'Windows explorer is
>>>> restarting.'
>>>>
>>>> Now I know there is a virus/spyware/adware on it. cause i can see an
>>>> icon
>>>> for counterfit antispyware.
>>>>
>>>> the problem is even if I go into safemode to clean it (remove program
>>>> and
>>>> run scans of various kinds) which would have worked pretty much most of
>>>> the
>>>> time in previous versions of windows doesnt work cause you have the same
>>>> problem.
>>>>
>>>> i am getting the feeling MS have screwed up with Vista like they did
>>>> with
>>>> Windows ME.
>>>
>>>
>>>
>>> WOW!
>>>
>>> You don't think - just maybe - that there are new infections that have
>>> been designed to prevent their being cleaned out, even in safe mode? Ever
>>> hear of rootkits?
>>>
>>> Using your thinking we should have stayed with Windows 3.1 because people
>>> didn't hardly ever get any viruses using that system. If after building
>>> their system and never inserted a floppy they were 100% safe. <grin>
>> Back to the present. Use Ubuntu and never worry about a virus, root kit or
>> any other malware. http://www.ubuntu.com/
>>
>> Alias
>
>

 

[Alias]

Richard Urban wrote:
> Alias doesn't know about the history of his operating system of choice
> to know that rootkits were developed for Unix and are 100% effective in
> Linux/Ubuntu.
>

Yet there are no reports of this possibility happening so go figure.

Alias

 

[Alias]

Stephan Rose wrote:
> On Thu, 05 Jul 2007 08:11:07 -0400, Mike Hall - MVP wrote:
>
>> Why call it drivel? One attempt to unsuccessfully remove a piece of spyware
>> by somebody who had virtually no experience of an OS does not render it
>> drivel..
>>
>> The OEMs are responsible for ensuring that ALL hardware included in a
>> package that they deem Vista capable at any level, and some have clearly not
>> done this.. hardly the fault of the OS, is it?
>
>
> Here is one thing Mike I find to be interesting.
>
> When it comes to non-windows OS' people like to blame the OS for hardware
> incompatibility. I've yet to hear anyone outside the Linux community blame
> hardware vendors for compatibility problems.
>
> When it comes to Windows though, it's never the OS! It's always the
> hardware vendors!
>
> Quite an interesting double standard I think.
>

I noticed this double standard too.

Alias

 

[Peter Foldes]

>Now I know there is a virus/spyware/adware on it. cause i can see an icon
>for counterfit antispyware.

If the above holds true then you have a form of the Smithfraud Trojan malware.

Do the preparatory steps here:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to
do all scans in Safe Mode.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://pcdid.com/Multi_AV.htm - download

Then do the specific steps here:

http://www.elephantboycomputers.com/page2.html#Smitfraud_Trojan

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"DanielN" <DanielN@discussions.microsoft.com> wrote in message news:1C18C11F-015D-40FC-86B6-3C2AF1A575A2@microsoft.com...
> Hi People,
>
> I have been a computer engineer for around 7 years professionally with
> around 7 years prior to that self teaching myself all I could about Windows.
> I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA
> qualified as well.
>
> I have used Vista only a couple of times although getting a very bad feeling
> about it having read many bad things and experiencing some worrying things
> like it takes more time for vista to spawn and animate the copying file
> dialog then it does for say windows xp to even have copied the file already.
> this is only minor though.
>
> Today one of my customers who has a vista machine (I dont) got in touch
> saying windows was bringing up an error saying that:
>
> 'Windows explorer has stopped working' and then 'Windows explorer is
> restarting.'
>
> Now I know there is a virus/spyware/adware on it. cause i can see an icon
> for counterfit antispyware.
>
> the problem is even if I go into safemode to clean it (remove program and
> run scans of various kinds) which would have worked pretty much most of the
> time in previous versions of windows doesnt work cause you have the same
> problem.
>
> i am getting the feeling MS have screwed up with Vista like they did with
> Windows ME.
>
>
> I am shocked that years down the line after ME and I am sure MS knew what
> the score was with ME. They have managed to do it again. They should have
> stuck with XP - perhaps brought out some addons/updates if they really
> thought people were desperate for new stuff, and put in some serious work
> into Vienna. I have heard that there were so many problems with Vista they
> enlisted the help of the Vienna development team to help fix stuff. Obviously
> there was to much to fix.
>
> Now I have had my little rant. Maybe MS will sort this.
>
> My advice demand Win XP Pro on new machines. Do not be told that u must have
> Vista cause it is the best around.
>
> Dan
>
> Ps. I have also had a customer have a problem authenticating with a WPA
> encrypted wireless network as well. Which turned out to be an incompatibility
> between the wireless card and Vista even though the wireless card was built
> into the laptop and it had a logo saying it was certified for Vista, and this
> was a big OEM's laptop. So what hope is there!

 

[MICHAEL]

* Alias:
> Back to the present. Use Ubuntu and never worry about a virus, root kit or any other
> malware. http://www.ubuntu.com/

http://www.ussrback.com/UNIX/penetration/rootkits/

http://www.juniper.net/security/auto/vulnerabilities/vuln737.html
Linux Rootkit II is a collection of publicly available Trojan utilities that target vulnerable
Linux operating systems.

http://linuxhelp.blogspot.com/2006/12/various-ways-of-detecting-rootkits-in.html
Consider this scenario... Your machine running GNU/Linux has been penetrated by a hacker without
your knowledge and he has swapped the passwd program which you use to change the user password
with one of his own. His passwd program has the same name as the real passwd program and works
flawlessly in all respects except for the fact that it will also gather data residing on your
machine such as the user details each time it is run and transmit it to a remote location or it
will open a back door for outsiders by providing easy root access and all the time, you will
not be aware of its true intention. This is an example of your machine getting rooted - another
way of saying your machine is compromised. And the passwd program which the hacker introduced
into your machine is a trojaned rootkit.

http://sourceforge.net/projects/checkps/

http://www.chkrootkit.org/
http://en.wikipedia.org/wiki/Chkrootkit

http://www.rootkit.nl/projects/rootkit_hunter.html
http://linux.softpedia.com/get/Security/Rootkit-Hunter-4460.shtml
http://en.wikipedia.org/wiki/Rkhunter

http://www.zeppoo.net/
Zeppoo allows you to detect rootkits on the i386 architecture under Linux by using /dev/kmem
and /dev/mem. It can also detect hidden tasks, modules, syscalls, some corrupted symbols, and
hidden connections.

http://www.theregister.co.uk/2002/09/19/linux_rootkit_hacker_suspect_arrested/
A 21-year old from Surbiton, Surrey has been arrested on suspicion of writing and distributing
the T0rn rootkit, which dumbs down the process of hacking Linux servers.

http://vancouver-webpages.com/rkdet/
This program is a daemon intended to catch someone installing a rootkit or running a packet
sniffer. It is designed to run continually with a small footprint under an innocuous name. When
triggered, it sends email, appends to a logfile, and disables networking or halts the system.
it is designed to install with the minimum of disruption to a normal multiuser system, and
should not require rebuilding with each kernel change or system upgrade.

http://www.sans.org/resources/malwarefaq/t0rn_rootkit.php
In most cases, it's quite easy to exploit a given vulnerability and gain root access to a
system. What's an actual challenge to an attacker is to maintain such privileges and remain
stealthy.

There are many options to accomplish this goal, such as deleting log files, installing rootkits
and kernel rootkits. The main concepts described here are applicable to the most rootkits
available.

One of the most known rootkits available for Linux platform is the t0rn rootkit, created by
J0hnny7. The version showed at this paper (the first one published) uses pre-compiled binaries
and it's structure is based on Linux Rootkit (LRK).

http://www.la-samhna.de/library/rootkits/index.html
the Linux Kernel Rootkits paper

http://search.techrepublic.com.com/search/Linux+and+rootkit.html

http://www.linuxforums.org/forum/linux-security/2510-linux-has-rootkit-problem.html

http://www.linuxsecurity.com/content/view/127202/171/
26 February 2007

Overview
A rootkit is a group of software tools which an attacker can use to hide their tracks. A
rootkit can also contain software which allows the attacker to get root access and steal or
remove files on a system. Another goal for a rootkit is for the attacker to maintain access to
the hijacked computer. Rootkits are written for many different operating systems however, this
article will only talk about Linux rootkits.

 

[Mike Hall - MVP]

Alias

You are way too smug regarding how safe you believe Linux/Unix to be..

One of the articles below explains how a Linux system can be a virus carrier
without the user ever knowing.. this situation is every bit as bad as a
Windows system that has been breached.. the others are from different years,
but all alerting to the fact that Linux/Unix and MAC are not 100% virus
immune..

I have yet to come across a 'true' Linux professional who would put their
name to the misleading claims made by you.. your anti-MS stance is blinding
you to the realities of ANY OS.. that makes you dangerous..


"Alias" <aka@maskedandanonymous.info> wrote in message
news:eS2gVRwvHHA.3468@TK2MSFTNGP05.phx.gbl...
> Richard Urban wrote:
>> Alias doesn't know about the history of his operating system of choice to
>> know that rootkits were developed for Unix and are 100% effective in
>> Linux/Ubuntu.
>>
>
> Yet there are no reports of this possibility happening so go figure.
>
> Alias

--


Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/

 

[Mike Hall - MVP]

Unfortunately, Windows bigots are every bit as misleading as Linux bigots..

The common denominator here is the term 'bigot'..


"Alias" <aka@maskedandanonymous.info> wrote in message
news:ueAguRwvHHA.3468@TK2MSFTNGP05.phx.gbl...

 

[Richard Urban]

Alias will refuse to believe "any" of this. He has placed his head where the
sun doesn't shine.

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)



"MICHAEL" <u158627_emr2@dslr.net> wrote in message
news:udVstfwvHHA.736@TK2MSFTNGP06.phx.gbl...
>
>
> * Alias:
>> Back to the present. Use Ubuntu and never worry about a virus, root kit
>> or any other
>> malware. http://www.ubuntu.com/
>
> http://www.ussrback.com/UNIX/penetration/rootkits/
>
> http://www.juniper.net/security/auto/vulnerabilities/vuln737.html
> Linux Rootkit II is a collection of publicly available Trojan utilities
> that target vulnerable
> Linux operating systems.
>
> http://linuxhelp.blogspot.com/2006/12/various-ways-of-detecting-rootkits-in.html
> Consider this scenario... Your machine running GNU/Linux has been
> penetrated by a hacker without
> your knowledge and he has swapped the passwd program which you use to
> change the user password
> with one of his own. His passwd program has the same name as the real
> passwd program and works
> flawlessly in all respects except for the fact that it will also gather
> data residing on your
> machine such as the user details each time it is run and transmit it to a
> remote location or it
> will open a back door for outsiders by providing easy root access and all
> the time, you will
> not be aware of its true intention. This is an example of your machine
> getting rooted - another
> way of saying your machine is compromised. And the passwd program which
> the hacker introduced
> into your machine is a trojaned rootkit.
>
> http://sourceforge.net/projects/checkps/
>
> http://www.chkrootkit.org/
> http://en.wikipedia.org/wiki/Chkrootkit
>
> http://www.rootkit.nl/projects/rootkit_hunter.html
> http://linux.softpedia.com/get/Security/Rootkit-Hunter-4460.shtml
> http://en.wikipedia.org/wiki/Rkhunter
>
> http://www.zeppoo.net/
> Zeppoo allows you to detect rootkits on the i386 architecture under Linux
> by using /dev/kmem
> and /dev/mem. It can also detect hidden tasks, modules, syscalls, some
> corrupted symbols, and
> hidden connections.
>
> http://www.theregister.co.uk/2002/09/19/linux_rootkit_hacker_suspect_arrested/
> A 21-year old from Surbiton, Surrey has been arrested on suspicion of
> writing and distributing
> the T0rn rootkit, which dumbs down the process of hacking Linux servers.
>
> http://vancouver-webpages.com/rkdet/
> This program is a daemon intended to catch someone installing a rootkit or
> running a packet
> sniffer. It is designed to run continually with a small footprint under an
> innocuous name. When
> triggered, it sends email, appends to a logfile, and disables networking
> or halts the system.
> it is designed to install with the minimum of disruption to a normal
> multiuser system, and
> should not require rebuilding with each kernel change or system upgrade.
>
> http://www.sans.org/resources/malwarefaq/t0rn_rootkit.php
> In most cases, it's quite easy to exploit a given vulnerability and gain
> root access to a
> system. What's an actual challenge to an attacker is to maintain such
> privileges and remain
> stealthy.
>
> There are many options to accomplish this goal, such as deleting log
> files, installing rootkits
> and kernel rootkits. The main concepts described here are applicable to
> the most rootkits
> available.
>
> One of the most known rootkits available for Linux platform is the t0rn
> rootkit, created by
> J0hnny7. The version showed at this paper (the first one published) uses
> pre-compiled binaries
> and it's structure is based on Linux Rootkit (LRK).
>
> http://www.la-samhna.de/library/rootkits/index.html
> the Linux Kernel Rootkits paper
>
> http://search.techrepublic.com.com/search/Linux+and+rootkit.html
>
> http://www.linuxforums.org/forum/linux-security/2510-linux-has-rootkit-problem.html
>
> http://www.linuxsecurity.com/content/view/127202/171/
> 26 February 2007
>
> Overview
> A rootkit is a group of software tools which an attacker can use to hide
> their tracks. A
> rootkit can also contain software which allows the attacker to get root
> access and steal or
> remove files on a system. Another goal for a rootkit is for the attacker
> to maintain access to
> the hijacked computer. Rootkits are written for many different operating
> systems however, this
> article will only talk about Linux rootkits.

 

[MICHAEL]

* Alias:
> Back to the present. Use Ubuntu and never worry about a virus, root kit or any other
> malware. http://www.ubuntu.com/

http://www.sans.org/reading_room/whitepapers/linux/901.php
Linux RootKits For Beginners - From Prevention to Removal

One day while reading a mail list for the Linux Users Group in my hometown I discovered a call
for help. It was a posting from a novice Linux user with a disturbing issue. While doing some
routine checks on a Linux system, he found a user that had been added to the system with the
user id of 0 (root). His first thought was that it might be a rootkit. He wanted to know what
he could do to verify it was a rootkit and how to remove it from the system. He further asked
for suggestions on preventative measures to ensure this kind of attack does not reoccur. That
situation prompted me to write this paper to an understanding of rootkits and its effects. This
paper will also discuss how to monitor for a rootkit, and the steps that need to be taken to
remove one.

 

[Alias]

Mike Hall - MVP wrote:
> Alias
>
> You are way too smug regarding how safe you believe Linux/Unix to be..
>
> One of the articles below explains how a Linux system can be a virus
> carrier without the user ever knowing.. this situation is every bit as
> bad as a Windows system that has been breached.. the others are from
> different years, but all alerting to the fact that Linux/Unix and MAC
> are not 100% virus immune..
>
> I have yet to come across a 'true' Linux professional who would put
> their name to the misleading claims made by you.. your anti-MS stance is
> blinding you to the realities of ANY OS.. that makes you dangerous..

Care to give me proof that a Linux box has been compromised? Can't?
Didn't think so. Shall we compare the number of Windows boxes that are a
part of a bot-herd to Linux? Didn't think so.

Fact is that Windows is MUCH more susceptible than Ubuntu and, in the
unlikely case that one's Ubuntu box has become infected, all one need do
is nuke the user, create another one and restore the back up.

Alias
>
>
> "Alias" <aka@maskedandanonymous.info> wrote in message
> news:eS2gVRwvHHA.3468@TK2MSFTNGP05.phx.gbl...
>> Richard Urban wrote:
>>> Alias doesn't know about the history of his operating system of
>>> choice to know that rootkits were developed for Unix and are 100%
>>> effective in Linux/Ubuntu.
>>>
>>
>> Yet there are no reports of this possibility happening so go figure.
>>
>> Alias
>

 

[Mike Hall - MVP]

I see that you are not taking any prisoners today..


"MICHAEL" <u158627_emr2@dslr.net> wrote in message
news:udVstfwvHHA.736@TK2MSFTNGP06.phx.gbl...
>
>
> * Alias:
>> Back to the present. Use Ubuntu and never worry about a virus, root kit
>> or any other
>> malware. http://www.ubuntu.com/
>
> http://www.ussrback.com/UNIX/penetration/rootkits/
>
> http://www.juniper.net/security/auto/vulnerabilities/vuln737.html
> Linux Rootkit II is a collection of publicly available Trojan utilities
> that target vulnerable
> Linux operating systems.
>
> http://linuxhelp.blogspot.com/2006/12/various-ways-of-detecting-rootkits-in.html
> Consider this scenario... Your machine running GNU/Linux has been
> penetrated by a hacker without
> your knowledge and he has swapped the passwd program which you use to
> change the user password
> with one of his own. His passwd program has the same name as the real
> passwd program and works
> flawlessly in all respects except for the fact that it will also gather
> data residing on your
> machine such as the user details each time it is run and transmit it to a
> remote location or it
> will open a back door for outsiders by providing easy root access and all
> the time, you will
> not be aware of its true intention. This is an example of your machine
> getting rooted - another
> way of saying your machine is compromised. And the passwd program which
> the hacker introduced
> into your machine is a trojaned rootkit.
>
> http://sourceforge.net/projects/checkps/
>
> http://www.chkrootkit.org/
> http://en.wikipedia.org/wiki/Chkrootkit
>
> http://www.rootkit.nl/projects/rootkit_hunter.html
> http://linux.softpedia.com/get/Security/Rootkit-Hunter-4460.shtml
> http://en.wikipedia.org/wiki/Rkhunter
>
> http://www.zeppoo.net/
> Zeppoo allows you to detect rootkits on the i386 architecture under Linux
> by using /dev/kmem
> and /dev/mem. It can also detect hidden tasks, modules, syscalls, some
> corrupted symbols, and
> hidden connections.
>
> http://www.theregister.co.uk/2002/09/19/linux_rootkit_hacker_suspect_arrested/
> A 21-year old from Surbiton, Surrey has been arrested on suspicion of
> writing and distributing
> the T0rn rootkit, which dumbs down the process of hacking Linux servers.
>
> http://vancouver-webpages.com/rkdet/
> This program is a daemon intended to catch someone installing a rootkit or
> running a packet
> sniffer. It is designed to run continually with a small footprint under an
> innocuous name. When
> triggered, it sends email, appends to a logfile, and disables networking
> or halts the system.
> it is designed to install with the minimum of disruption to a normal
> multiuser system, and
> should not require rebuilding with each kernel change or system upgrade.
>
> http://www.sans.org/resources/malwarefaq/t0rn_rootkit.php
> In most cases, it's quite easy to exploit a given vulnerability and gain
> root access to a
> system. What's an actual challenge to an attacker is to maintain such
> privileges and remain
> stealthy.
>
> There are many options to accomplish this goal, such as deleting log
> files, installing rootkits
> and kernel rootkits. The main concepts described here are applicable to
> the most rootkits
> available.
>
> One of the most known rootkits available for Linux platform is the t0rn
> rootkit, created by
> J0hnny7. The version showed at this paper (the first one published) uses
> pre-compiled binaries
> and it's structure is based on Linux Rootkit (LRK).
>
> http://www.la-samhna.de/library/rootkits/index.html
> the Linux Kernel Rootkits paper
>
> http://search.techrepublic.com.com/search/Linux+and+rootkit.html
>
> http://www.linuxforums.org/forum/linux-security/2510-linux-has-rootkit-problem.html
>
> http://www.linuxsecurity.com/content/view/127202/171/
> 26 February 2007
>
> Overview
> A rootkit is a group of software tools which an attacker can use to hide
> their tracks. A
> rootkit can also contain software which allows the attacker to get root
> access and steal or
> remove files on a system. Another goal for a rootkit is for the attacker
> to maintain access to
> the hijacked computer. Rootkits are written for many different operating
> systems however, this
> article will only talk about Linux rootkits.

--


Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/

 

[Alias]

MICHAEL wrote:
>
> * Alias:
>> Back to the present. Use Ubuntu and never worry about a virus, root kit or any other
>> malware. http://www.ubuntu.com/
>
> http://www.ussrback.com/UNIX/penetration/rootkits/
>
> http://www.juniper.net/security/auto/vulnerabilities/vuln737.html
> Linux Rootkit II is a collection of publicly available Trojan utilities that target vulnerable
> Linux operating systems.
>
> http://linuxhelp.blogspot.com/2006/12/various-ways-of-detecting-rootkits-in.html
> Consider this scenario... Your machine running GNU/Linux has been penetrated by a hacker without
> your knowledge and he has swapped the passwd program which you use to change the user password
> with one of his own. His passwd program has the same name as the real passwd program and works
> flawlessly in all respects except for the fact that it will also gather data residing on your
> machine such as the user details each time it is run and transmit it to a remote location or it
> will open a back door for outsiders by providing easy root access and all the time, you will
> not be aware of its true intention. This is an example of your machine getting rooted - another
> way of saying your machine is compromised. And the passwd program which the hacker introduced
> into your machine is a trojaned rootkit.
>
> http://sourceforge.net/projects/checkps/
>
> http://www.chkrootkit.org/
> http://en.wikipedia.org/wiki/Chkrootkit
>
> http://www.rootkit.nl/projects/rootkit_hunter.html
> http://linux.softpedia.com/get/Security/Rootkit-Hunter-4460.shtml
> http://en.wikipedia.org/wiki/Rkhunter
>
> http://www.zeppoo.net/
> Zeppoo allows you to detect rootkits on the i386 architecture under Linux by using /dev/kmem
> and /dev/mem. It can also detect hidden tasks, modules, syscalls, some corrupted symbols, and
> hidden connections.
>
> http://www.theregister.co.uk/2002/09/19/linux_rootkit_hacker_suspect_arrested/
> A 21-year old from Surbiton, Surrey has been arrested on suspicion of writing and distributing
> the T0rn rootkit, which dumbs down the process of hacking Linux servers.
>
> http://vancouver-webpages.com/rkdet/
> This program is a daemon intended to catch someone installing a rootkit or running a packet
> sniffer. It is designed to run continually with a small footprint under an innocuous name. When
> triggered, it sends email, appends to a logfile, and disables networking or halts the system.
> it is designed to install with the minimum of disruption to a normal multiuser system, and
> should not require rebuilding with each kernel change or system upgrade.
>
> http://www.sans.org/resources/malwarefaq/t0rn_rootkit.php
> In most cases, it's quite easy to exploit a given vulnerability and gain root access to a
> system. What's an actual challenge to an attacker is to maintain such privileges and remain
> stealthy.
>
> There are many options to accomplish this goal, such as deleting log files, installing rootkits
> and kernel rootkits. The main concepts described here are applicable to the most rootkits
> available.
>
> One of the most known rootkits available for Linux platform is the t0rn rootkit, created by
> J0hnny7. The version showed at this paper (the first one published) uses pre-compiled binaries
> and it's structure is based on Linux Rootkit (LRK).
>
> http://www.la-samhna.de/library/rootkits/index.html
> the Linux Kernel Rootkits paper
>
> http://search.techrepublic.com.com/search/Linux+and+rootkit.html
>
> http://www.linuxforums.org/forum/linux-security/2510-linux-has-rootkit-problem.html
>
> http://www.linuxsecurity.com/content/view/127202/171/
> 26 February 2007
>
> Overview
> A rootkit is a group of software tools which an attacker can use to hide their tracks. A
> rootkit can also contain software which allows the attacker to get root access and steal or
> remove files on a system. Another goal for a rootkit is for the attacker to maintain access to
> the hijacked computer. Rootkits are written for many different operating systems however, this
> article will only talk about Linux rootkits.

Possibilities, possibilities ... How many Linux boxes have been
compromised compared to Windows boxes?

Alias