Searching \ for '[OT]Security threat' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=security+threat
Search entire site for: 'Security threat'.

Exact match. Not showing close matches.
PICList Thread
'[OT]Security threat'
2007\03\24@095231 by John Ferrell

face picon face
I have the misfortune to encounter a virus/malware/ransom ware problem that has recently been unleashed. It is know as "Spylocked" or "Zlob". Although it has been around for a while the recent variant continues to survive my efforts to remove it.

It blocks all my efforts (so far) to remove user files to allow a complete regeneration. I can input to the machine via the cd drive. There are multiple files and locations that store enough info for the virus to regenerate when any one element is removed. It exists as a running process (self restores when removed with task manager), an element in memory and a file (Enigma Software detects and removes them). Removal from the Control Panel Add/Remove function results in a restart which restores the virus.

It eludes detection by Norton (2007) with the latest updates.

It was self inflicted by the user installing what she thought was a trial copy of a game called "Cake Mania". I am inclined to believe that this was a spoof of a legitimate product. I feel the youthful user is targeted by this scheme. Internet Explorer is hijacked to point to Spylocked.com where they are offered a removal tool for a fee of $49.99. I have succeeded in removing that part of the bug but it has left IE with no internet connectivity.

The hardware in this case is a new Toshiba Laptop with Multimedia XP installed that belongs to my granddaughter.

The intent of this post is to make my friends aware that this threat exists and remind them to warn their youthful users of the risks involved in installing software downloaded form the internet.

My current strategy is to attempt to restore connectivity via flash drive, CD Write or network. That would permit retrieval of the user data and the Spyhunter logs (Enigma Software). Spyhunter support may have a solution if I can send them the logs. Then again, I don't know for sure that they are legitimate!

So far, Gramps is striking out....

John Ferrell    W8CCW
"Life is easier
if you learn to plow
      around the stumps"
http://DixieNC.US

2007\03\24@114526 by Dennis Crawley

picon face
On Saturday, March 24, 2007 10:55 AM [GMT-3=CET],
John Ferrell  wrote:

><snip hijack explanation>
> My current strategy is to attempt to restore connectivity via flash drive,
CD
> Write or network. That would permit retrieval of the user data and the
> Spyhunter logs (Enigma Software). Spyhunter support may have a solution if
I
> can send them the logs. Then again, I don't know for sure that they are
> legitimate!
>
> So far, Gramps is striking out....

John, you may try to start in safe mode, with no Internet connection.
Disable the Restore function (right click MY PC, properties,..
Run hijackthis with register back up-.
Explore non-usual things that run at the beginning, also the IE start page
and delete them.

You may want to run, also msconfig from run window.
Before restart, empty the recycled bin and search with Total Commander for
suspected files con c:\windows and System directories.

If a file refuses to be renamed,...
Run the original winXP CD, (not the Toshiba System Restore CD !!!), Start
the laptop as if you where going to install. When it offer to repair press
"R".

When program ask in which installation press 1 (normally (c:\windows)
Navigate the console with CD .. etc. search the suspected files with "dir
/a" and renamed them.

Typically, when the system is restarted the offending file may be called by
some value in registry. Search it and delete it. If you have doubts about
that operation you can export the registry value to a backup directory. Find
the import-export funcitons at Regedit menu.
This file can be imported by a double click on it.


regards.
Dennis.




2007\03\24@191354 by Jake Anderson

flavicon
face
John Ferrell wrote:
{Quote hidden}

If you know the files involved you could probably boot off a linux
liveCD and erase them. You can get a registry editor as well (for linux).

In the future you might look at a more "active" firewall, eg IPCop it
can proxy http/ftp (transparently so they cant turn it off) and will
virus scan all files that come through it. P2P stuff your on your own ;->.

2007\03\24@224905 by Mark Hanchey

flavicon
face
John Ferrell wrote:
> I have the misfortune to encounter a virus/malware/ransom ware problem that has recently been unleashed. It is know as "Spylocked" or "Zlob". Although it has been around for a while the recent variant continues to survive my efforts to remove it.
>
>  
>
> My current strategy is to attempt to restore connectivity via flash drive, CD Write or network. That would permit retrieval of the user data and the Spyhunter logs (Enigma Software). Spyhunter support may have a solution if I can send them the logs. Then again, I don't know for sure that they are legitimate!
>
> So far, Gramps is striking out....
>
> John Ferrell    W8CCW
> "Life is easier
> if you learn to plow
>        around the stumps"
> http://DixieNC.US
>  
If it were me I would boot the pc with a linux boot  cd.
Ubuntu is really easy to do and free .
http://www.ubuntu.com
Just download the image to a dvd/cd.
Boot the pc with the Ubuntu disc and you have full read access to all of
the files on it.
You can run the cd in live mode , so that it only runs off the cd and
nothing is touched on the host pc.
You can then retrieve all the log files, etc without having to worry
about the malware garbage.

Then I would transfer all my good data to another pc via network, or
flash drive, etc.
format the drive and re-install windows.


That ubuntu disc has saved me several times. A laptop once crashed so
bad that windows just blue screened on boot.
The linux cd allowed me to retrieve all the info.

2007\03\25@140509 by John Ferrell

face picon face
Will it acess the NTFS   hard drive?

John Ferrell    W8CCW
"Life is easier if you learn to plow
      around the stumps"
http://DixieNC.US

{Original Message removed}

2007\03\25@192437 by Jake Anderson

flavicon
face
John Ferrell wrote:
> Will it acess the NTFS   hard drive?
>
> John Ferrell    W8CCW
> "Life is easier if you learn to plow
>        around the stumps"
> http://DixieNC.US
It will but i believe you have to do it manually.
something like
http://ubuntuguide.org/wiki/Ubuntu_Edgy#How_to_mount.2Funmount_Windows_partitions_.28NTFS.29_manually.2C_and_allow_all_users_to_read_only

or this if you want it readwrite something along these lines
http://www.arsgeek.com/?p=675


the short version is
put livecd in
let it do its thing
go to system | administration | synaptic package manager
go to settings | repositories
tick the boxes to the left of main universe and multiverse
ok your way out of the dialog it and it will download some stuff
click search
enter ntfs
click the box next to ntfs-3g0
pick "mark for instillation"
press apply
press ok
It will now go and get all the stuff you need to access NTFS drives

now to mount it (this is read write so you can modify and delete files
too, it might be an idea to take a disk image first "just in case" which
you can do with an attached USB disk or over the network if your keen.
an attached usb disk (hard drive that is) would go something like this
but do not do it unless you are sure which drive is which otherwise you
will erase/overwrite your hard drive
sudo umount /media/usb0  (to turn off the auto mount and get direct access)
sudo dd if=/dev/hda of=/dev/sda bs=4096k
the "to" drive should be bigger than the "from" drive.
w00t free ghost ;->
for network ghosting you will need to mount a network share)

go to applications accessories terminal
type (keep in mind this is case sensitive)
cd Desktop
mkdir windowssux
sudo mount /dev/hda1 windowssux -t vfat -o iocharset=utf8,umask=000

hda1 is dependant on the drive you are interested in being the first IDE
drive in the computer and the information being in the first partition
if this is not the case then you will need to change that
if its the 2nd partition then it will be hda2 (IE if there is a recovery
partition or some such)

if its using SATA then it will probably be sda1

then on your desktop you should be able to open the windowssux folder
and see the contents of the drive
to copy to another server on the network go to places | home folder
in the location bar enter smb://<ip address of server without angle
brackets>
or if you stick a disk into a usb port that will show up on the desktop
and you can copy that way (though for some reason it seems stupidly slow
unless you turn some of the fancyness off)

any problems let me know and we can hook up via some form of IM


2007\03\26@100842 by John Ferrell

face picon face
I believe that you might be able to recover this data but for me to do it I
would have to learn what you already know and acquire the tools (and the
skill set!) that you suggest.

I don't think the data involved is that valuable. I will spend a little more
time today and confer with my grand daughter about the circumstance.

My assessment of the problem is:
The virus was self inflicted by downloading what appeared to be a legitimate
copy of a game (Cake Mania) that was offered as a time limited trial
edition. The virus (Zlob.Trojan) was included in the package.
Zlob then Highjacked  Outlook Express, replicated itself in many locations
and blocked all outputs from the system. System functions that may have
allowed recovery were blocked.

The offender did a complete job kidnapping the machine.It is well isolated
from the outside world.

If this were a machine owned by me I would likely pull the hard drive and
install it in one of my machines as a data drive and copy what I wanted.
However in this case that would likely invalidate the warranty.

The scary part of this to me is that it could have happened to me. I do
download a lot of shareware/freeware/trial ware relating to
computers/electronics and Amateur Radio. I probably would have balked at the
install process, but may be not.

I will next attempt to restore the machine to it original out-of-the-box
condition.

I will add that I am in favor of removing the perpetrator from the gene
pool.

John Ferrell    W8CCW
"Life is easier if you learn to plow
      around the stumps"
http://DixieNC.US

----- Original Message -----
From: "Dennis Crawley" <spam_OUTdennis.crawleyTakeThisOuTspamusa.net>
To: "Microcontroller discussion list - Public." <.....piclistKILLspamspam@spam@mit.edu>
Sent: Saturday, March 24, 2007 11:44 AM
Subject: Re: [OT]Security threat


> mailman.mit.edu/mailman/listinfo/piclist
>


2007\03\26@101430 by John Ferrell

face picon face
Please see the response to Dennis (above).

I do have a SUSE machine but my Linux skills are very poor and I find it
very time consuming learning curve.

John Ferrell    W8CCW
"Life is easier if you learn to plow
      around the stumps"
http://DixieNC.US

{Original Message removed}

2007\03\26@110459 by Mark Hanchey

flavicon
face
John Ferrell wrote:
> Will it acess the NTFS   hard drive?
>
> John Ferrell    W8CCW
> "Life is easier if you learn to plow
>        around the stumps"
> http://DixieNC.US
>
>  

Yes it will allow you to read all the files on the ntfs drive.
Linux/Ubuntu has a default limitation that prevents it from writing to a
ntfs drive, but it does provide full read access.
There are drivers for linux that allow read and write access to ntfs ,
but they don't put them on the cd/dvd download versions.

Mark

2007\03\26@112757 by Dennis Crawley

picon face
On Monday, March 26, 2007 11:11 AM [GMT-3=CET],
John Ferrell  wrote:

> I believe that you might be able to recover this data but for me to do it
I
> would have to learn what you already know and acquire the tools (and the
> skill set!) that you suggest.


This kind of trojan acts like this:

download a file
edit the windows registry so
   1.- all exe files must execute this file before Explorer execute the
called file
   2.- you can't access to the registry anymore.

A step by sted by-hand-cleaning can be done knowing the files and the
registry lines affected.

You can boot from almost any XP CD.
As was explained before, rename the offending files using this.

attrib -h -r -s  xxx.exe
'this makes this file visible-eraseable

ren xxx.exe xxx.vir
'this will renames the file.

In your case search for this files names here:
www.symantec.com/security_response/writeup.jsp?docid=2007-022713-5847
-99&tabid=2


Once you achieve this, enter windows in safe mode.
A explanation on how to do it:
service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?Op
enDocument&src=sec_doc_nam

Access the registry typing "Regedit" at run window:
search for those regstry lines, and export-erase them.
If you have problems to access regedit, you can download this tool
securityresponse.symantec.com/avcenter/UnHookExec.inf
rigth click "install"


Install AVG free edition antivirus with no internet connection (unplug the
laptop).
Scan for more viruses, torjans, etc.

Download AD-Aware free edition from http://www.lavasoftusa.com, and run it in also
in safe mode.

This procedure cleans up the majority of viruses. If you have a good backup
policy, you will never be affraid of this attacks.

Last thing,... change all your documents and accesses passwords, just in
case.

;)

Regards,
Dennis.



2007\03\26@114031 by John Ferrell

face picon face
OK, I will try some more...

John Ferrell    W8CCW
"Life is easier if you learn to plow
      around the stumps"
http://DixieNC.US

{Original Message removed}

2007\03\26@121845 by Tamas Rudnai

face picon face
> I do have a SUSE machine but my Linux skills are very poor and I find it
> very time consuming learning curve.

You would not have virus/spyware problem or such like that if you were find
the time to learn linux - so which one is more time consuming? :-)

Tamas



On 3/26/07, John Ferrell <johnferrellspamKILLspamearthlink.net> wrote:
{Quote hidden}

> {Original Message removed}

2007\03\26@191424 by John La Rooy

flavicon
face
On 3/27/07, John Ferrell <.....johnferrellKILLspamspam.....earthlink.net> wrote:

>
> If this were a machine owned by me I would likely pull the hard drive and
> install it in one of my machines as a data drive and copy what I wanted.
> However in this case that would likely invalidate the warranty.


I have in that past duplicated the contents of a notebook hard drive with by
linux from a floppy and using the dd command to copy an image of the drive
to another PC over the lan.

If you don't want to touch linux, I believe that norton's ghost can start
from
the CD drive and copy an image over the lan or to a USB hard drive.

If the BIOS supports booting from USB hard drive, you could also try
install windows onto there and boot/copy. But installing windows is a
painful
process compared to learning linux.

2007\03\26@202939 by Jake Anderson

flavicon
face
John Ferrell wrote:
> Please see the response to Dennis (above).
>
> I do have a SUSE machine but my Linux skills are very poor and I find it
> very time consuming learning curve.
>
> John Ferrell    W8CCW
> "Life is easier if you learn to plow
>        around the stumps"
> http://DixieNC.US
>  
Like I said its not a problem to talk via IM or even a phone call if you
want a hand, I hate virus/trojan thingies with a passion.
Free with Ubuntu P2P support ;->
Heh you would think that they would put the name of their own
distribution into their spell checker

The last time I was infected I wound up google-earthing a picture of
their house and emailing it to them with some harsh language.
Though it might also have been something to do with the phone calls at
9:00AM Australian eastern time. Somebody was making money of installing
popup generators onto my computer through a virus. I found them through
the server they downloaded their software from. (yes their website even
advertised their company name and their special "helpful context
advertising windowing system".
Bit silly doing that and then having directors names listed in their
local chamber of commerce.
And being in the phone book too.



2007\03\27@085344 by Michael Rigby-Jones

picon face


{Quote hidden}

For those that are not comfortable with Linux, the BartPE is one of the most useful (free) diagnostic disks you could wish for.  It takes a bit of putting together because it's so customisable, but it will basicly boot a stripped down version of XP from CD, and in the configuration you can add whatever tools you want, malware removers, virus scanners etc..

No serious XP user should be without this.

http://www.nu2.nu/pebuilder/

Regards

Mike

=======================================================================
This e-mail is intended for the person it is addressed to only. The
information contained in it may be confidential and/or protected by
law. If you are not the intended recipient of this message, you must
not make any use of this information, or copy or show it to any
person. Please contact us immediately to tell us that you have
received this e-mail, and return the original to us. Any use,
forwarding, printing or copying of this message is strictly prohibited.
No part of this message can be considered a request for goods or
services.
=======================================================================

2007\03\28@191314 by John Ferrell
face picon face
Bart looked good but for some reason it cannot find the XP Pro install files
on my system. It may be because the original disk is dated 2002... I will
try again later but I am weary of this game. If the restore disks work
tomorrow I will get it out of my shop and get back doing interesting things.

BTW, the user (my grand daughter ) does not use Outlook Express for mail.
She uses something her ISP offers. It was NOT locked by Zlob and the
important files were sent to my machine via email attachment!

I will look into BART and these other suggestions any way. There is bound to
be a next time...

John Ferrell    W8CCW
"Life is easier if you learn to plow
      around the stumps"
http://DixieNC.US

----- Original Message -----
From: "Michael Rigby-Jones" <@spam@Michael.Rigby-JonesKILLspamspambookham.com>
To: "Microcontroller discussion list - Public." <KILLspampiclistKILLspamspammit.edu>
Sent: Tuesday, March 27, 2007 8:53 AM
Subject: RE: [OT]Security threat


>
>
>>{Original Message removed}

2007\03\29@081512 by Gerhard Fiedler

picon face
John Ferrell wrote:

> I will look into BART and these other suggestions any way. There is bound to
> be a next time...

Since you're looking into preventing a next time... When you think you
don't have good control over the other co-users of a machine, using two
completely separate installs can be an advantage. This is easier than
setting a Windows system up so that the users don't have admin rights.

Gerhard

2007\03\31@085056 by John Ferrell

face picon face
A final note:
The system restore disks worked properly on the Toshiba L35 Laptop.
Thanks to all who shared their wisdom.

John Ferrell    W8CCW
"Life is easier if you learn to plow
      around the stumps"
http://DixieNC.US

----- Original Message -----
From: "John Ferrell" <RemoveMEjohnferrellTakeThisOuTspamearthlink.net>
To: "Microcontroller discussion list - Public." <spamBeGonepiclistspamBeGonespammit.edu>
Sent: Wednesday, March 28, 2007 7:16 PM
Subject: Re: [OT]Security threat


> Bart looked good but for some reason it cannot find the XP Pro install
> files
> on my system. It may be because the original disk is dated 2002... I will


2007\03\31@144455 by Dwayne Reid

flavicon
face
At 06:12 AM 3/29/2007, Gerhard Fiedler wrote:

>Since you're looking into preventing a next time... When you think you
>don't have good control over the other co-users of a machine, using two
>completely separate installs can be an advantage. This is easier than
>setting a Windows system up so that the users don't have admin rights.

I'm intrigued but confused.

What do you mean by "two completely separate installs"?

Any particular OS?

dwayne

--
Dwayne Reid   <TakeThisOuTdwaynerEraseMEspamspam_OUTplanet.eon.net>
Trinity Electronics Systems Ltd    Edmonton, AB, CANADA
(780) 489-3199 voice          (780) 487-6397 fax

Celebrating 22 years of Engineering Innovation (1984 - 2006)
 .-.   .-.   .-.   .-.   .-.   .-.   .-.   .-.   .-.   .-
    `-'   `-'   `-'   `-'   `-'   `-'   `-'   `-'   `-'
Do NOT send unsolicited commercial email to this email address.
This message neither grants consent to receive unsolicited
commercial email nor is intended to solicit commercial email.

2007\03\31@180807 by Gerhard Fiedler

picon face
Dwayne Reid wrote:

>>Since you're looking into preventing a next time... When you think you
>>don't have good control over the other co-users of a machine, using two
>>completely separate installs can be an advantage. This is easier than
>>setting a Windows system up so that the users don't have admin rights.
>
> I'm intrigued but confused.
>
> What do you mean by "two completely separate installs"?
>
> Any particular OS?

No particular OS... AFAIK, you can do this with all common OSes. For
example, just create a few partitions and install Windows or Linux several
times, one installation per partition. A boot menu allows you to choose
which one you want to boot to.

Given that harddisk space is so cheap, and most of the space is used for
media file storage anyway (which can be on a partition independent of any
of the installed systems), it is worth a consideration to install a
separate system if you want separation from other users of the same
computer.

The major disadvantage is that switching users means a reboot rather than
logging out and in. The major advantage is that if another user hoses the
system, it's her system and not yours (in almost all cases).

In theory, you can achieve a similar separation by carefully restricting
the rights of each user. But that's quite some work, especially if you want
to make sure there are no holes.

Gerhard

2007\03\31@182319 by peter green

flavicon
face
part 1 663 bytes content-type:text/plain; (unknown type 8bit not decoded)


> No particular OS... AFAIK, you can do this with all common OSes. For
> example, just create a few partitions and install Windows or Linux several
> times, one installation per partition. A boot menu allows you to choose
> which one you want to boot to.
how does doing this achive anything security wise? in a dual boot setup both OS installs (whether the same os or different ones) have complete access to mess with each others drives.
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.23/740 - Release Date: 30/03/2007 13:15




part 2 35 bytes content-type:text/plain; charset="us-ascii"
(decoded 7bit)


'[OT]Security threat'
2007\04\01@090651 by Gerhard Fiedler
picon face
peter green wrote:

>> No particular OS... AFAIK, you can do this with all common OSes. For
>> example, just create a few partitions and install Windows or Linux
>> several times, one installation per partition. A boot menu allows you
>> to choose which one you want to boot to.

> how does doing this achive anything security wise? in a dual boot setup
> both OS installs (whether the same os or different ones) have complete
> access to mess with each others drives.

(I'm talking about Win2k+ and NTFS in the following. Some of it may also
apply to other systems and file systems.)

I'm not sure, but I think that the large majority of trojans, viruses and
other animals won't (and probably can't) access disks in the system that
are not registered as disk drive letters. If the goal is separating the
systems, you of course would not have the other drives present as disk
drive letters. I also think that most of them infect running programs
(including system parts), which are separated as you don't run system and
application executables from the other systems.

Furthermore, I'm not sure it is possible to access files on an NTFS
partition if you don't have the proper credentials. I think it is not
possible (unless access is set to Everbody or any of the general groups
like Users). On a normal multi-user system, you have the problem that every
user may want to install and run programs that have their files in strange
places or require changes to the system areas during installation. This
makes it quite difficult to "harden" a typical Windows system with multiple
users from this angle and is the reason why most Windows users run as part
of the Administrators group. However, if it's only you as user, it is easy
to make all files only accessible (maybe only writeable) by you. I'm not
sure, but I think another user, from another installation, won't be able to
access (write to) these files. (I'm not sure how the SYSTEM user and other
similar system users come into play here. They may complicate things a
bit.)

I'm not quite sure about the NTFS access restrictions cross-system. OTOH,
the first part may be enough (that the viruses won't access files on
partitions that are not present as drive letters). Has somebody ever
actually had a system cross-contamination in such a setup? I haven't, but I
haven't had any contamination to speak of at all, so I really can't tell.

Gerhard

2007\04\01@092057 by Dario Greggio

face picon face
Gerhard Fiedler wrote:

> I'm not quite sure about the NTFS access restrictions cross-system. OTOH,
> the first part may be enough (that the viruses won't access files on
> partitions that are not present as drive letters). Has somebody ever
> actually had a system cross-contamination in such a setup? I haven't, but I
> haven't had any contamination to speak of at all, so I really can't tell.

Well, I'm happy to discuss this 'cause I still have some doubts after 10
years of working on NT OSes...

I used to think that *every* file on a NTFS drive could only be read
i.e. accessed *only* if you were a recognized user: I found out that
this was not the case, i.e. installing that hard disk on another NT
machine will give you access to those files.
OK.
Then, I hoped that files could be "encrypted", and this should be
possible (though time-consuming), but anyway this is not going to
protect from overwrites & such.

So, at the very end, in theory (and Vista seems to be going this
direction) you (we) should only work as Normal User, and giving thus
Full Access to User's folders (Documents, Desktop, My Images etc);
Windows and Program Files Folder would then be inaccessible.
Of course, this is going to give headaches if you use your machine for
"real Work" i.e. reinstall, updates ...

--
Ciao, Dario

2007\04\01@181754 by Gerhard Fiedler

picon face
Dario Greggio wrote:

> Gerhard Fiedler wrote:
>
>> I'm not quite sure about the NTFS access restrictions cross-system.

I separated my quote in two parts, because your answer is only about this
part -- but I'm more interested in the other part (see below).


> Well, I'm happy to discuss this 'cause I still have some doubts after 10
> years of working on NT OSes...
>
> I used to think that *every* file on a NTFS drive could only be read
> i.e. accessed *only* if you were a recognized user:

AFAIK this is not true. It all depends on the exact permissions valid for
the file you're trying to access. (Right-click on the file in Explorer,
select properties, tab Security.)

> I found out that this was not the case, i.e. installing that hard disk on
> another NT machine will give you access to those files.

On a normal Windows system, to my knowledge most files grant at least one
of these groups read/write privileges: Administrators, Power Users, Users,
Everyone. Pretty much all files have read/write enabled for Administrators,
most files have read access for Users. Unless you're in a directory
structure that has a specific system function, default read/write access is
for Everyone.

So if on the new install you're accessing files as member of
Administrators, that's where you're probably getting your permission from.
Interesting would be to have a few files with specific permissions (/only/
for a specific user) and trying to access them after taking the disk to a
different computer, where you're logged in as a different user.

> So, at the very end, in theory (and Vista seems to be going this
> direction) you (we) should only work as Normal User, and giving thus
> Full Access to User's folders (Documents, Desktop, My Images etc);
> Windows and Program Files Folder would then be inaccessible. Of course,
> this is going to give headaches if you use your machine for "real Work"
> i.e. reinstall, updates ...

You always can run installations as a different user (right-click, select
Run as...). But the problem I've found is that many applications store
application configuration files in their installation directory (where the
executables are), and not in the application data directory. This of course
requires that every user of the application needs to have write access to
the installation directory -- which makes this sort of security maintenance
not easy.

> Then, I hoped that files could be "encrypted", and this should be
> possible (though time-consuming), but anyway this is not going to
> protect from overwrites & such.

It is possible. If you know the login and password and are admin, you can
get access to the contents on a different system (not quite
straightforward, but possible), but if not, you don't (at least not with
common methods). If you have the rights to do so (depends on the exact
permissions set on the directory), you can overwrite/delete though.


But notwithstanding the exact workings of NTFS security after taking a
drive to a different system, I'm still interested whether this is really
necessary:

>> OTOH, the first part may be enough (that the viruses won't access files
>> on partitions that are not present as drive letters). Has somebody ever
>> actually had a system cross-contamination in such a setup? I haven't,
>> but I haven't had any contamination to speak of at all, so I really
>> can't tell.

Say you have a system with several partitions (on the same disk or on
different disks). You have Windows or Linux installed on several of these
partitions. None of the systems has a partition of another system
accessible as a drive letter (Windows) or mounted (Linux). Has anybody
actually seen cross-infection (that is, one system got infected by a virus
and it spread to the other systems on the other, not mounted, partitions)
happen? I haven't.

Gerhard

More... (looser matching)
- Last day of these posts
- In 2007 , 2008 only
- Today
- New search...