p2pnet virus infection
Hi all:
p2pnet will be down for a while today because of a virus infection that’s screwing up the works.
Yesterday I downloaded several free fonts for a project I’m working on, and one of them contained a Trojan.
It hasn’t shut me down completely, but it’s seriously interferring with my ability to post, so I’ll be dealing with it fot the next little while.
Back soon, I hope 
Cheers! And thanks …
Jon
[Click here for an update and a headline roundup.]
Use free p2pnet newsfeeds for your site. It’s really easy!Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
September 11th, 2008 at 9:46 am
UPDATE: This is going to take a while.
Cheers!
September 11th, 2008 at 9:54 am
Last I heard, fonts can’t contain executable code. Were they bundled up in one of those “executable installers for people who don’t know to right-click and choose ‘install’”?
September 11th, 2008 at 10:03 am
In retrospect, it probably wasn’t the fonts.
Cheers!
September 11th, 2008 at 10:22 am
wasn’t me!
September 11th, 2008 at 12:01 pm
Fonts?!?
Geez, Jon! I’ve got MILLIONS of fonts.
Ya could’ve asked me!
…unless “fonts” is code for “something more likely to have infected you”.
: )
Cheers, Jon
…And stay off those ,er, “font sites”, won’tcha?!
September 11th, 2008 at 12:39 pm
Due to many aholes out there it’s advised to use very good after-market firewall [zonealarm or zonealarm suite is pretty good for winblows]
Top anti-virus appz: kaspersky, nod32, avast, antivir … no one anti-virus will catch all
Never use norton360 or mcafee due to scripts and they miss a lot,
Once a month to 3 months pull the HD, stick it in HD caddy and scan it in another system with another brand of anti-virus [i use minimum or 3 types]
Never use free anti-virus [unless you absolutely have to] as it’s usually crippled and can’t tell it to bypass good or custom appz
Also use anti-spyware appz like ad-aware and spybot [with spybot u need to get into advanced and disable the ads, but it's worth it]
Up to you disable teatimer in spybot install as it’s highly system intensive
note: windows defender is also crap
Scan every file you get just after download! … this goes for Linux and Mac too
With that out of the way … Thou shalt Not EVER use demo, free trial, crippleware, shareware or any such promo appz
To be more secure and happy i find simply mepis linux or ubuntu a good general desktop OS, and you have about 12000 free appz to choose from
September 11th, 2008 at 1:23 pm
Or just get a MAC.
September 11th, 2008 at 4:47 pm
“Or just get a MAC.”
Yeah cuz MAC’s will survive the end of the world and never have any viruses.
I wonder why they write virus software for Mac’s.
September 11th, 2008 at 5:03 pm
Well, they CAN get viruses, Dude, but if you were going to invest a couple hundred hours in writing malware, would you do it for 8 percent or 92 percent of the platforms? As MAC grows, so does the virus risk. But it’s always been essentially nada. When I bought my first computers I wanted design apps, and specifically lighting design apps. Windows was just pathetic with nothing at all at the time, barely limping up to 3.1.
I found 6 different lighting design apps for the MAC back then and it’s been one of the best business decisions I’ve ever made. My poor Windows buddies in a year invest in system administration more than what I’ve invested in 16-plus-years total. Truth is, we’ve been wall-to-wall MAC here since the early 90’s and never even purchased or installed a virus application. It just works.
September 11th, 2008 at 5:40 pm
why does it not surprise me that sam i am is a mac fanboi?
September 11th, 2008 at 8:18 pm
Yeah, Macs don’t get viruses because nobody bothers to write viruses for them. Just like many software authors don’t bother to write software for them.
September 12th, 2008 at 12:08 am
Mac’s can indeed get infected, but there really isn’t much incentive for malware programmers to bother with them. Security by obscurity it’s called and Linux falls into the same category. People think this makes them 100% safe but in reality it all comes down to a false sense of security and chance. Naturally the odds of infection increase as the number of people using the more obscure platforms grow.
One thing I’ve always found funny is how some users, regardless of the platform they use, refuse to use a firewall that monitors not just incoming traffic, but outgoing as well. This is a last (first?) line of defense when it comes to all software on your PC, not just malware. I guess what I’m really saying is that I’m amazed at how many people are completely trusting when it comes to commercial entities. Most people don’t bother to read the license agreement when they install software. Even if you do, who truly believes these corporate entities honestly have your best interests at heart when it comes to ideals such as privacy? Do you also leave the doors unlocked at home? Are you really that trusting? Anyways, something to think about.
Perhaps I sound like the paranoid tin foil hate wearing type, but really I’m just trying to be prudent. When you see the lengths that some people will go to in order to make an easy buck, the things they are willing to do to one another and the lows they let themselves sink to, sometimes for little to no real gain at all, how can one not be at least a little bit paranoid deep down inside? Hmm, perhaps that is why, despite being a PC enthusiast and running Windows for as long as it has been around, I’ve never once gotten an infection.
September 12th, 2008 at 12:34 am
“One thing I’ve always found funny is how some users, regardless of the platform they use, refuse to use a firewall that monitors not just incoming traffic, but outgoing as well.”
I run Kerio Personal Firewall, which monitors outgoing traffic as well as incoming. I convinced my friend to install it, but he got frustrated with it always asking him about allowing connections. Previously, he was just using the Windows XP firewall. Another person I met had Zone Alarm installed, but when an alert would pop up, he’d just click the Permit/Allow button until it went away.
“Most people don’t bother to read the license agreement when they install software.”
I’m guilty of this as well, but in my case it’s because I know they mostly all have the same terms in them. Namely that the company makes no guarantees, they will not be held liable for any damage, even if it’s clearly their fault, etc. Any company that does something truly sneaky like installing malware on your system usually doesn’t mention it in the EULA.
September 12th, 2008 at 12:37 am
For me, the main benefit to using Linux software isn’t the security by obscurity, but the security of having the nVidia drivers and a copy of Opera (for testing sites I write) as the only apps on my entire system which weren’t built from freely-available source (usually hash-verified) by people who know the risk involved in letting something untrustworthy through and delivered to me by a package manager which also verifies hashes.
Of course, running a platform where the applications expect user-administrator privilege separation (unlike many Windows apps) and it’s the default mode of operation also helps.
Now I just wish someone would fix the PID, SID, and command-based filter matching for SMP kernels so outbound firewalling would be feasible for a dual-core desktop system without a dedicated sysadmin.
September 12th, 2008 at 10:42 pm
Actually, no:
The thing that makes Linux sturdy as hell is NOT the “security by obscurity” by any means.
1. It’s not like Linux doesn’t have market-share. The fact is, there’s most likely vastly more Linux systems running even as “desktop” systems than ever get reported. (That’s one of the kewl parts about it — Linux distros are easy to come by (and very low price — “Free” as in BOTH senses of the term many times!)
Nobody’s really “keeping score” on Linux penetration into the “Home PC” market, but it’s definitely bigger than just 2% 
2. When you factor in the prevalence of Linux systems in other settings (Apache wasn’t “native” to Windows, etc.) — you end up with the fact that at least a sizeable chunk of the world’s computer systems are running some variant of Unix/Linux, and have been since at least the 1970s. The fact that Microsoft managed to grab a significant chunk of the “Desktop” market has never really MEANT anything in terms of total amount of computer systems running any given OS.
3. Additionally, how in hell can anybody claim “obscurity” for something where damn near all the codebase even down to the Kernel level is freely-available? From a technical standpoint, there’s infinitely more “obscurity” with a proprietary, closed-source OS (such as Microsoft products).
No, what REALLY ruggedizes Linux, is the fact that (like Unix before it), every single file and process on the system is “owned” by — and associated with — specific users/groups. Thus, programs can only “do stuff” to files when it’s permitted to them to do.)
That’s why you have to do the “super-user” thing. You have to be logged in as “root” to actually be able to modify most of the critical stuff of the system.
Now, yeah, while “viruses” are pretty much impossible under Unix/Linux, there ARE a lot of other sorts of nastiness that ppl can do — buffer overrides and such, so running a Linux Distro isn’t quite a “magic bullet” by any stretch — but, since most Distros are either gratis (”Free as in Beer”) or at the very least, MUCH less expensive/with less restrictive licensing terms, it’s no big deal do reinstall, or even system recovery — just slap a KNoppix CD in (for example), dump all your mission-critical files to a CD or USB flash-drive, and do a clean reinstallation. THEN just dump your files back to their “original” location (making sure to use the same user accounts etc so the system doesn’t bitch about it!), and you’re back.
Sam: What version of MacOS are you running? Leopard?
No hard feelings, Man — best of luck with your biz and your life.
(Oh, and Thanks, sam: if we hadn’t gotten into that little “scuffle”, Jon would never have offered me the chance to contribute more fully to p2pnet!
Rest assured — more (as you called it) “useless history lessons” to come! 
September 12th, 2008 at 10:45 pm
Saw that Rekrul mentioned the user-admin seperation issue, and did a far better job of explaining it than I ever could! (What can I say – I”m not a tech-nerd, just a nerd!)
September 13th, 2008 at 3:22 am
Technically, Windows does have user-administrator privilege separation, it’s just that users have historically defaulted to being administrator for Win9x compatibility (because Win9x and Win3.1 DIDN’T have that kind of security) and, as a result, many programs which shouldn’t need to run as admin… accidentally do.
As for things like buffer overflows, that’s one of many things where protections are easier to enable as an opt-out on Linux. (WinXP and WinVista support Hardware DEP… but it’s set to “opt in” by default for backwards-compatibility) For Linux, they just patched GCC so it tags generated binaries with information on whether they naively do things which require a DEP exception. (eg. things like Java which generate machine code at runtime and then execute it) Since most of the software is open-source stuff that’s fresh-compiled for each release, the problem all but fixed itself after that. Closed-source stuff with no DEP-compatibility info can be manually tagged before packaging.
Security features like DEP (having hardware enforce a “code can’t be edited, data can’t be executed” rule) and partial ASLR (address-space layour randomization) arrived in Linux for several years now. (They also added the last pieces of complete ASLR a few months ago.) The main thing holding back hardware DEP on 32-bit Linux is that, in order to access the NX-bit in 32-bit mode, you have to do something which will freeze up the Pentium Pro and any older processors. I’ve heard that some distros work around that by offering two kernels, but since I already run 64-bit Linux, I haven’t bothered to keep an eye on that.
Of course, it also helps that Linux distributors have a better track record than Microsoft for quick patch releases when security holes are discovered… and that automatic security updates aren’t limited to the OS itself and any apps which provide their own update-checking system.
Of course, possibly most importantly, Linux’s security advantages aren’t limited to the kernel and package manager. Here are some examples of conventions and specific program behaviours which improve security:
- Binaries cannot provide a custom icon to the file manager, and instead of hiding extensions, the file manager simply auto-selects everything but the extension when you choose “Rename”.
- In most cases, file managers check the file header to identify the file’s type. In the case of Nautilus, double-clicking a file where the header and extension don’t match will trigger a warning box.
- Default umask settings ensure that, if you save a binary from any non-malicious application (browser, etc.), it won’t be executable. (and then file managers will pop up an “Open With…” dialog if you double-click it)
- Unlike Windows, there are at least two popular applications for any given activity and there’s no guarantee that a given machine will have a specific vulnerable component installed. As in nature, avoiding a monoculture makes it more difficult for viruses and other nasties to spread.
- All embeddable browser widgets default to disallowing easy installation of untrusted components. (Something the Internet Explorer ActiveX control apparently has a problem with)
- Konqueror uses KDE KParts (an ActiveX-like technology) but keeps it safe by exposing a web-visible API more along the lines of netscape plugins. (Websites cannot request a specific part beyond specifying the mimetype that needs to be supported, one-click remote install is not supported, Javascript access to KPart internals ranges from minimal to nonexistant, etc.)
- All Linux media players will ignore the “This file is DRMed. Here’s where to get authorized” links that ASF streams (WMV, WMA, etc.) can contain. Those have been exploited to open Internet Explorer into a vulnerable site before.