For reasons too complicated to mention in public, I got portscanned by a freind of a friend on Sunday night, and he concluded that I had been completely hacked and there was evidence of two trojans running on my machine. I’m beginning to think he was wrong, but only after spending almost an entire day stalling, installing, and reinstalling software.
First the stalling. I was supposed to be infected with Netbus and BackOffice, though a complete scan with Panda anti-virus failed to detect any sign of either, and I am thoroughly — I thought — firewalled wth Kerio Personal Firewall. So I bought a copy of F-Secure, which comes very highly recommended, and combines a firewall with an anti-virus. I put that on the laptop. Alas, in my haste to install it, I merely switched off the existing Kerio firewall. I did not uninstall it. So when the machine rebooted, it wouldn’t. The two firewalls stalled each other. Even in safe mode, it would not boot; and Win2k appears to have no equivalent to the Windows 98 feature where you can choose, as it boots, what will load.
Since this is one of the delicious ultra-light Thinkpads, it has no floppy or CD-rom drives. I think I might get an external one after this …
If you can’t boot at all, there is a hidden partition on the hard disk which will reinstall windows and all the IBM gunk from scratch. It takes about half an hour. At the end of that time, you have a nice, clean, formatted disk with Windows 2000 pre-installed. But that’s not secure. Allow another two hours and three reboots to download the 31 critical security patches found by Windows update (this is with a cable modem, of course). Then (or before) install the nice new shiny firewall package; another half hour.
Of course there are other things to do while working on this like cleaning up all the firewall rules on the existing machine so that nothing unauthorised could possibly get through, earning a living, and so on.
ONce the machine is working, and I will say this for Windows, it is no trouble to hook it back onto the network, and start reinstalling all the software from either the “downloads” folder here, or the CD-rom drive. No trouble, of course, but a lto of time, one way or another. After six hours of fairly logical work, I am still without MS Office (+ two service packs). And the new virus scanner is scanning the old machine across the network. very very very very slowly …
Another thing I discovered was the awe-inspiring number of trojans I get mailed. They all get caught by the Bat, and deleted on the spot. But a minor bug means that the infected attachments are not deleted with the mail, so that in the last three months, I find I had been sent 126 viruses of various kinds (all orphaned in the attachments folder) and another five cropped up in Caroline’s mail backups. God knows who sent her those. They all arrived in November some time.
Its enough to drive anyone to sex.
PC-cillin’s v good, Andrew, for catching nasties – and its pattern file update from Trend is about the best there is. And Zone Alarm’s good too.