WinXP nailed by THREE trojanvirus when reinstalling to make room for Linux 8986

In comp.os.linux.advocacy, Lobo wrote on Fri, 17 Feb 2006 01:23:46 GMT

Linux has no problems reading NTFS. Writing it, of course, has issues, and in fact the write code was largely eviscerated, presumably because of damage to NTFS disks. Of course NTFS isn't exactly standard, which leads to problems.

I'll admit to wondering the best course here; the simplest would have probably been a drive swap but that tends to confuse things (I know certain older games on Win98 need to have a registry entry indicating which drive letter has the CD-ROM.)

OK.

Ugh.

One wonders if Windows-mod detected the installation attempt and sabotaged it, or if the firewall simply left that port open by accident. I suspect the former; those virus writers are damned clever.

As a side project, I've been monitoring my system's logs (my firewall sends an SNMP trap for every attempted access; it's a separate box).

It's ugly out there. I get over 5,000 hits a week normally. I get 3000-5000 hits on port 445 alone, though it's apparently decreasing.

5000 hits per week = almost 30 per hour or 1 every 2 minutes. Small wonder you got infected, and it's unfortunate to have to worry about downloading stuff from the Internet to secure a brand-new system.

(Very bad engineering, that.)

Yes, though it's far less likely. The main defenses are:

1 There are fewer holes to begin with. (The reasons are many.) 2 Most Linux distros start with no services enabled by default; one has to explicitly enable them. 3 Most services don't run as root. Apache in particular runs as user 'apache', which has no real special privileges. named (bind) runs as user 'named', and is probably not something single-node networks need anyway. The X Server doesn't even open an Internet socket unless one overrides a setting. 4 Trojans and worms don't have much of a chance as the E-mail software on Linux doesn't do "one-click execute" (though it knows what to do with an image file).

Of course, there's no guarantees in this world. The IM bug that's plaguing Mac OSX (actually, the iLife IM client, presumably) might have a Linux variant that could propagate; the main issue is getting the address list and then opening ports to one's buddies.

Netstat is available for Linux; its primary purpose is to show what ports are open. I'm not sure if you're just looking for that or want to actually monitor network traffic (in which case different utilities might also be of interest).

The built-in iptables isn't too hard to set up, though there's no GUI that I know of (but I've not looked, either). One can also use products such as Smoothwall, which I've heard about but not used. Others might recommend additional solutions.

chkrootkit is available.

I'm not sure your question is sufficiently clear, but 10 Gb-distro should be plenty, at least for initial installation. I have ausr parbreastion of 6.5 GB on my one drive and it's about 41% full, and that's with quite a bit of stuff thereon (including OpenOffice, UT2004, a bunch of other games, etc.

Doesn't matter, as long as Parbreastion Magic has half a clue. I'll admit I've not used PM so don't know how much of a clue it has.

Good luck and welcome to the world of the Penguin! :-)

-- It's still legal to go .sigless.