Tuesday, October 18, 2011

Linux to the Rescue... Again

The least favorable job a Linux guy can get is... supporting newbie Windows users. While we live in a virus-free, relatively trojan-less environment, our Windows brethren are waist deep in shady toolbars, gotcha embedded web auto-downloads and the un-safe USB drives. It tickles me to no end when a web pop-up tries to convince me that I am looking at my files in windows explorer..on Linux. And while we may feel smug in the knowledge that our understanding of the underlying technology and Internet services allow us to take the necessary precautions, it is these skills that we are often employed to get Windows users back to being productive in the office.
While Linux-To-The-Rescue meant in the past safe partition resizing courtesy of parted (and later libparted-powered tools), all encompassing backups of partitionimage and harrowing hard disk ER with Photorec and Testdisk,  for a long time, virus and malware recovery work tools were limited to ClamAV, which itself it rather limited and really designed to detect viruses in e-mail.
Boot up screen - Notice the Memtest86+ memory tester
Well, now we have new hero on the block: AVG Rescue CD. I had thought about something along these lines some time ago. With the lawlessness of Windows of a few years ago, between Microsoft threatening to turn it's back on XP one more time (favoring Vista against user's wishes) and the overwhelming rejection of the business community to Vista, viruses and trojans seem to propagate at will; building botnets that continue to be reconstituted past when their mother ship has been detroyed. They were getting wilder too, being able to evade (literally) virus scans or rendering installed (but not updated) virus scanners impotent. I had a talk with friends at PandaSecurity about the viability of building a live cd around their command line scanner version that would mount windows partitions and scan them a few years ago. This is the best time to catch the trojans and virus, knife them when they are asleep. I had a problem with malware on my work PC's Windows partition. I ended up booting up from the Linux partition and trying to find the offending files using Clamav. This was before the age of writable NTFS (courtesy of ntfs-3g). So it was a cycle of scanning on Linux, copying down the location of the infected files, booting into Windows in SafeMode and deleting the file and back to booting on Linux and scanning again. Repeat until ClamAV found no more and then I would boot into Windows properly and run the updated Windows antivirus. It took a course of two days.
Main Menu
I heard nothing back from Panda. But a few months back, Panda also came out with a working LiveCD version that you can boot into and scan the PC with. I've used Panda's and AVG's and for now, I prefer AVG's LiveCD because it is light, works quickly to boot up, easy to update the pattern and program, has a character-based menu driven interface and is compatible with a lot of network hardware. It wasn't as compatible a few versions ago  (not recognizing some on-board NIC), but even then it worked on more computers than the Panda Security version. Panda's LiveCD's  GUI demands, which I think uses direct VESA / framebuffer rendering, makes it incompatible with a lot of PCs I use. AVG also bundles some tools commonly found on standard Linux recovery CDs like, PhotoRec and TestDisk. Both of these solutions read the disk in it's entirety and takes a long time to finish (read: hours). Users can't work on anything while it is running either (although one friend did marvel at what he could do with the Links text-based web browser on the AVG version that supports console switching). Users hate to wait but then again, it's their fault they run Windows. :)

  1. Anonymous3:50 AM

    kaspersky has rescue disk too. :D


