Date: Thu, 05 Jan 2006 00:06:29 -0500
To: WSFA members <WSFAlist at keithlynch.net>,
        WSFA members <WSFAlist at keithlynch.net>
From: "Mike B." <omni at omniphile.com>
Subject: [WSFA] Re: Crash, thud
Reply-To: WSFA members <WSFAlist at KeithLynch.net>

At 1/4/2006 04:42 PM, Elspeth Kovar wrote:
>At 07:42 PM 1/3/2006, Keith F. Lynch wrote:
>
> >I am a computer expert with 34 years experience.  And I know that
> >*I* don't have the skill to keep a Windows machine on the net free
> >of viruses, worms, and other malware.
>
>That's part of all of this: except for some reckless downloading when I
>first got online, which resulted in getting a virus that took a lot of work
>to get rid of and cost me a fair bit of data, I *have* been able to protect
>my computer.

If you use Windows, especially on the net, you will have problems
eventually.  It may or may not be your fault.  Windows is like that.  It
can be a matter of carelessness or ignorance on the part of the user, but
it can also be the fault of MicroSoft for putting out the quality of design
that they produce (i.e. low, due to being marketing driven rather than
engineering driven...which has gotten them to where they are today: among
the largest marketers of mediocre software in the world, with various
governments threatening to go after them for that low quality thing).

My desktop has never had a virus...but it has had its file system corrupted
to the point where it wouldn't boot or run and it had to be reinstalled
fresh, along with every piece of software on it (about three weeks
work).  That corruption happened as a result of an install failure.  I was
installing a drafting program called "AutoSketch", from the makers of
AutoCAD.  The install crashed, and took the file system with it.  My latest
backup was about 6 months old at the time, so I did lose some data...mostly
mail messages.  Luckily, most data was on other drives (not just other
partitions).

My office desktop has never had a virus either...but it has had its
partitions corrupted to the point that NT couldn't boot, and even a
reinstalled NT couldn't read the data partition...though luckily for me,
Linux could, so I recovered everything using Knoppix (a version of Linux
that boots and runs from a CD-ROM, no need to install it at all).  The
partitions got corrupted as a result of a failed Windows Update.  Part way
though the Windows Update the system froze, and rebooting it didn't
work.  In that case our IT folks shipped me a fresh drive with the OS and
all software preinstalled, and I swapped the drives, restored my
Knoppix-saved data, and went on with life.  Only lost two days work.

My laptop has had a virus.  The laptop arrived with XP-Pro on it.  First
thing I did was connect it, and start downloading patches from MicroSoft to
close all the known holes it was shipped with, and Zone Alarm to get a
firewall onto it (this was before the service pack that added one from
MicroSoft, which I'd have had to go online to download anyway).  While
downloading the patches, the laptop got the Welchia Worm.  Luckily, this
thing isn't destructive...it just spends its time trying to infect other
machines on the net...and removing it only required downloading a tool from
Symantec and running it.  It wouldn't have happened if MicroSoft hadn't
shipped XP with all the ports wide open and broken software responding to
input on them.

My Linux machine has had hardware failure (fan died, followed by the
motherboard), but Linux has never had a problem.  My VAXes haven't even had
hardware failure, and no viruses, worms or other forms of inimical software
have gotten into them.  Symantec's site claims that there are no known
viruses for OpenVMS.  Due to its memory architecture, most of the buffer
overrun attacks that are made against Unix systems won't work on OpenVMS,
even when it's running software ported from Unix...you just get a memory
access error and the process exits (code and dynamic data aren't in the
same address ranges and there are usually invalid addresses between
them)...the rest of the machine, especially the OS, keeps going.

The only exception I can remember to that was about 1988 when the Chaos
Computer Club, in Germany, managed to use a flaw in the filesystem of the
version of VMS in use at the time to break into over 100 machines on NASA's
Space Physics Analysis Network.  A data structure wasn't being cleared
between uses by different processes, and so a process could sometimes get
access to files with the privileges owned by whoever had used that
structure before.  The bug was known, and a fix was being worked on, but
one member of the Chaos group was a DEC employee and found out about the
problem in internal mail and exploited it (he spent three years in prison
for it too...the German government called it "Computer Espionage").  As a
result of this break-in, DEC sent the VP of engineering, the Director of
engineering, the leader of the file system group and a couple of others
down to Goddard Space Flight Center to apologize in person, and to ask for
suggestions on how to handle any future problems of this nature (I was in
the meeting with them).  Somehow I don't see Bill Gates doing anything of
the kind for this latest problem his company has caused...or for any of the
others.

>had been then.  Especially because I hadn't made a backup since Philcon --
>another stupid mistake since it would only take about an hour to get an
>external hard drive working long enough to back things up -- so would have
>lost about three weeks of work.

Since my three weeks of recovery work I've set up a better backup system
here so that I'll actually use it.  I used to back up to tapes...which took
hours and was a PITA.  Now I back up the system disk by copying it to
another drive using System Commander's partition copy capability (so
Windows isn't running and no files are open...that way I actually get a
usable backup).  Partition Magic, Ghost, Drive Copy, and other software
would work as well.  This is faster, and cheaper, than backing up to
tapes.  I then remove the copy drive from the system (removable drive bays,
about $20, make this a simple operation taking all of about 5 seconds once
the system is down).  When upgrading the OS, or installing anything
suspicious, I backup, then upgrade or install to the copy...that way I've
always got a good system disk to boot from if anything goes wrong (which it
did when upgrading to Win2k...it didn't like my mother board or one of my
drives...though NT had been running on both for years).

My data drives are backed up to an external USB drive, which is then turned
off (drive is 400 GB, and cost just under $300...there are smaller ones
that are 1/3 that price).  I back up data any time I've done enough work
that I'd be upset if I lost it.  If I was more paranoid, I'd have two
external drives and alternate between using them.  I sometimes back up
project directories to CD-R as well...that not only saves the data, it
gives me access to prior versions in case I go down a deadend or want to
create a variant later...or just want to work on something on another machine.

Most of the forms of attack used by crackers wouldn't be possible on a
properly designed, properly implemented OS.  The rest wouldn't be possible
with properly trained and aware users of such an OS.  Windows is neither
properly designed nor properly implemented and many of its users are fairly
clueless, so pretty much all forms of attack work against it.  Keith
described one common method, getting people to run software by making them
think they are only looking at data, but there are others...some of which
don't require any action at all on the part of the user...such as the ones
based on tricking the system in various ways (DNS spoofing, buffer overruns
in servers, brute force password guessing attacks, etc.).

Perhaps I want things from my OS that others don't, as has been suggested
here.  I do wonder though, why everyone doesn't want the same sort of
things I do, such as it staying up, staying secure, not corrupting or
losing my files, and letting me do the things I want to do with it without
a lot of frustration and effort...but if others don't care about those
things and are happy with what they actually got instead of a good OS, so
be it.  They obviously outnumber me and my kind.  After all, MircoSoft is
still in business, and their stock actually went *UP* 3% after the WMF bug
was made public...

-- Mike B.