French fighters grounded due to Windows virus

They may well be carrying flight plans and other planning stuff from insecure computers to secure systems. It is almost de rigeur that security is increased until people can't perform their daily work without breaching the security system in some way. Everybody thinks they have done such a GREAT job securing everything, and then all hell breaks loose when they find out that general users have been moving stuff around on floppies, CDs, thumb drives, or whatever the latest technical wrinkle is, and voiding all the careful security procedures. Sometimes it makes such a big mess it winds up in the papers. I'll bet this was the same thing, the security honchos thought there was no need to mess with mandatory security upgrades, as there was "no way" any viri could find their way into the secure inner sanctum of their network. Ho ho ho!

Jon

nd the restriction

The latest Ubuntu is designed for it. I haven't tried it yet but I just got an 8G thumb drive from Walmart to play with it. Karl

Ubuntu 8 doesn't see the hidden Dell utility partition. I used Knoppix to delete the automatic reboot from its autoexec.bat and open it up as a DOS 7 partition so I can program the serial and parallel ports and attached homebrew hardware. Windows and Visual Basic took low level hardware access away.

It's amazing how quickly a 2.2GHz PC boots DOS, 10 Sec from power-on to C:\>.

Jim Wilkins

I have been involved in such things. It very much is a balance between risk from inadequately tested updates and day-zero exploits.

A better question is why Windows was used at all. Any Unix (including Linux) would have made this a non-problem.

Joe Gwinn

Yes, it is not an easy one.

The French are moving towards using Linux, as far as I heard, their parliament switched to Linux and they are deploying it in some schools. In large deployments it is more or less always a good idea. Saves money and a lot of admin costs.

WWIII will commence on patch Tuesday.

> >

Umm. You can boot an entire Linux system off a USB key.

Have you (or one of yor kids) ever logged on to the Internet and downloaded some kewl new application? Its possible that this app is quietly watching your every keystroke while you are on the corporate VPN and phoning home with the data whenever the system goes back on the web.

I have AVG, Spybot and AdAware watching for that, plus ZoneAlarm reporting and blocking Internet access attempts, and ProcessExplorer and HiJackThis to identify running processes and registry malware. All are freeware and they play well together. That may be excessive for a new PC but I buy them used in questionable condition, and have to patch up outdated office machines to use in the lab sometimes on contract jobs. If a PC is really dirty I put its C: drive on a USB adapter to virus-check it.

This PC is physically isolated from my newer one and is used only for the Net and unimportant tasks. Before loading new programs I back up the C: drive with Seagate Disk Wizard, which saves and restores a complete running OS as long as you have a Seagate or Maxtor drive somewhere. It worked for me with a Western Digital C: drive and a Maxtor on USB. The manual is incomplete; you need to make the DVD bootable and add the program before backing up a disk image.

BTW OpenOffice installs on C: but runs fine if you copy it to another drive and change the desktop icon links. I try to keep C: small enough that the SDW backup fits on one DVD.

The only real problem is companies that won't take a phone order and check payment, for instance Newegg and Microsoft. I can't get the XP SP3 CD without a credit card number.

Jim Wilkins

> > >

How useful... not...

No. I don't pirate music or run random garbage software.

Nope. If I'm on the corporate VPN, I'm on the corporate machine and the traffic is going through the corporate firewalls. If I'm accessing something on my home machines it's again from the corporate machine through the corporate firewalls.

2009

AdAware detected 13 tracking cookies this morning from sources like telegraph.co.uk. Most had "ad" somewhere in the name. I added them to the InternetProperties/Privacy/Blocked list.

jw

One of the best/secure one I know of is the IronKey.

10 bad password guesses, (or attempts to open the case) and the device erased all of memory using a built-in battery.

And it's not a software loop. It used a propritary mechanism to zero memory using hardware.

Besides storing of secure information in a thumb drive, it has other features. There are three flavors of IronKey. One has a password management, and anonymous browser setup (using TOR).

The information in the key may be safe, but can the user still plug in their own Sandisk?

Ironkey is a flash drive.

There was a famous security audit carried out a few years ago, in which the auditors scattered thumb drives in the parking lot of the client they were auditing.

By noon, 15/20 of the drives had been plugged into computers by employees curious to see what was on them, and the enclosed autorun scripts had reported in.

And the employees *knew* a security audit was being conducted.

Other than holding down the shift key, is there a way to permanently disable autoruns?

YES!

Do a google with your particular OS and that question. It is actually a registry change/entry, but there are prebuilt regs files around for it. I believe TweakUI can do it too, but again, make sure you get the version to go along with your OS.

Thanks. Microsoft was 404 so I downloaded TweakUI for Win2K from HelpWithWindows.com and tried it. The tab Paranoia

see flash drives. I checked it but a Ubuntu CD still auto-runs, and I lost access to the modem.

So I reinstalled the previous hard drive, swapped out yesterday.

Jim Wilkins

Try looking over this web page:

From what I could tell via a quick read, there have been some bug fixes addressing your issues for Win2K. I'm using old NT4, so my settings are a bit different.

I suspect some direct editing in the registry will be the way to go. After all that is all TweakUI does. Hacking around in the registry isn't all that difficult. Save the section/item first to a ".reg" file and then you can put it back like it was later on by merging it. Or you can just write down some notes, screen shot...

If I lived close by, I would stop in and we would probably waste several hours time with this & that :)

Thanks, that helps a lot.

"regedit" is one of the reasons I back up the system to DVD and clone the hard disk.

Jim Wilkins