Saturday, September 18, 2004

Through the looking glass

A friend asked me whether I had Knoppix. I was happy to hand over an ever-present copy. Knoppix is something I keep around in case someone wants to try Linux out. But it that was not the case this time. Apparently, someone told him that a problem he has could be fixed using Knoppix. A problem with Windows XP Pro.

Intrigued, I sat down to look at it. After a while I figured that he probably got hit by the Sasser virus and it was now preventing him from logging in and rebooting every time he pressed OK at an error message box. Not good. One of the fixes mentioned on the Internet involved replacing corrupted config files with a copy made automatically by Windows.

So I have this laptop physically in front of me and all I had to do was go in a replace a couple a files. Piece of cake. Cake on my face was more like it as the hours passed. The first problem was getting read access to the hard disk. Knoppix gave me that capability via Captive. But it needed to access the Internet and Knoppix didn't detect the laptop's network card. At this point I could have slaved to get Knoppix to detect the card because I had Mandrake 10 running on the exact model elsewhere and it detected the network card. Just a matter of figuring out which module to load.

Then it struck me, what if I didn't have Knoppix? What options do I have? Quite a few. A few solutions involved booting from floppies to get to a command prompt. Nothing beats command line when it comes to fixing a broken OS. Although this was the best way, it involved a purchase. Booting from the XP CD allowed me to go into a "repair mode" which essentially was a command line. But that required the Administrator's password. Despite my friend's assurance, the password he gave me didn't allow me in. I didn't say it was wrong. Since the problem involved corruption at the login process, it was a possiblity that access to the password database was corrupted.
As I sat and thought about the problem, I realised how different would this be if I was looking at Linux. I don't want to alarm people but in the Linux world (or even the Unix world), physical access security is everything. The logic is probably that there is no use for all the fancy network security filtering masqing proxying thingamajig if someone can run away with your hard disk. Or CPU unit. The security experts will tell you that no matter what encryption you put on that hard disk, with enough time and money, it will be cracked. So the moral is don't let someone steal your server or hard disk. Unless you are one of those people who Lojack your hard disk. Hmm.... there's an idea.

With Windows XP Pro, it makes it so hard for a technician (me) sitting right there in front of it to crack through the system to fix it. In fact, it was probably easier to break it from remote than to break it right there. Where is the logic in that? Lock the doors to your house and forget the key will keep you out of it but not the people who can stream in through the subway entrance in your house?

With Linux, there is a lot of emphasis on security with regards to network access. For a good reason. My friend's problem? It still isn't fixed because I had to go do other things but I'm going back to the Knoppix solution.

Recently Popular