LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Found an interesting use for Linux recently using Slackware. (http://www.linuxquestions.org/questions/slackware-14/found-an-interesting-use-for-linux-recently-using-slackware-4175433108/)

ReaperX7 10-19-2012 03:25 PM

Found an interesting use for Linux recently using Slackware.
 
Normally in my field of PC system repairs I never really use Linux as most of my customers use Windows, but I recently have found a usage for Linux in mainstream outside the norm using Slackware.

Basically I create a small 20 GB partition, install Slackware, then I do not install any bootloader and use the DVD to boot from. I install services like ClamAV, RKHunter, CHRootkit, etc. basically as many antivirus and antimalware tools as possible and then leave the Linux partition as a ghost in the machine.

If a customer gets hit by a virus or other form of malware, I can boot to Linux using the DVD, perform a scan of the system, remove any malware with the tools, then reboot with a Windows Repair Disk, have it repair what's damaged, then boot the system back as normal, and finish up any remaining work internally.

It's not the most glamorous usage of Linux, but it proves that Linux can be useful in any situation the person using it can be creative with using some ingenuity, and thinking outside the box.... and that Slackware can be set up to require a bootdisk without LILO, GRUB, etc. which is a great +1.

D1ver 10-19-2012 05:58 PM

Isn't it possible to do the same thing with a live cd like Knoppix? That wouldn't require you unknowingly use 20gigs of the customers drive?

jtsn 10-19-2012 06:33 PM

Quote:

Originally Posted by ReaperX7 (Post 4810218)
If a customer gets hit by a virus or other form of malware, I can boot to Linux using the DVD, perform a scan of the system, remove any malware with the tools,

The right strategy in dealing with a compromised system is to wipe it and restore from a known-good backup. Scanners don't work in real world scenarios and these removal tools tend to catch only weak malwares.

So a "cleaned" system is still compromised. By removing clumsy crash-prone malware written by beginners you breed the stealthy undetectable rootkits, which came through the same door (survival of the fittest). Such installations tend to break down years later by the deployment of a random hotfix or a service pack. Very often the OS vendor is blamed for it.

Woodsman 10-19-2012 11:37 PM

Many people would not call 20GB "small." :)

Are your customers fully informed you are doing this and have they provided you permission?

SqdnGuns 10-20-2012 01:29 AM

Been doing this with Slax for years................

commandlinegamer 10-20-2012 06:05 AM

Quote:

Originally Posted by jtsn (Post 4810322)
The right strategy in dealing with a compromised system is to wipe it and restore from a known-good backup. Scanners don't work in real world scenarios and these removal tools tend to catch only weak malwares.

Real-world scenarios often involve customers (especially home users) who don't backup data and who don't have keep copies of programs either. Wiping a machine is sometimes the only option, but in my experience, disinfection does work the majority of the time.

Changing people's behaviour is the hard part, though.

cfdisk 10-20-2012 06:41 AM

IMHO, OP reinvented a 20 GB wheel.

There are distros which exist specifically to deal with Windows systems, the most comprehensive of which is the Trinity Rescue kit.

dwblas 10-20-2012 12:29 PM

Quote:

Originally Posted by ReaperX7 (Post 4810218)
Basically I create a small 20 GB partition, install Slackware, then I do not install any bootloader and use the DVD to boot from.

You could do the same thing installing slackware to a USB drive or CD/DVD and then could do this without installing anything, plus when you update to newer versions it would be update once, use many.

RJwen 10-20-2012 02:04 PM

Nice....

But the coming "UEFI secure boot" thingy might makes things more difficult though...

Cheers...

RJ

ottavio 10-22-2012 01:57 PM

Quote:

Originally Posted by Woodsman (Post 4810472)
Many people would not call 20GB "small." :)

Are your customers fully informed you are doing this and have they provided you permission?

Most customers are not even informed that their PC come with hidden recovery partitions and legit corporate malware, so I haven't got a problem with this.

I don't understand why you are all so negative about it. I think it's a brilliant idea.

Woodsman 10-22-2012 03:43 PM

Where did I write that I was negative? I only asked whether customers are being fully informed.

The hidden recovery partition is part of the upstream Windows installation. Whether most users are aware of that partition is irrelevant. The respective software license allows for that partition. Such disclosure provides evidence of dealing with the licensee of fully informing the licensee and in good faith. Whether the licensee reads the license is irrelevant. The licensor has ample evidence of dealing in good faith and providing disclosure.

Adding a maintenance partition in a user's hard drive after the fact is not part of any software license. If ReaperX7's service contract allows installing such partitions then all is well. If not then modifications are being made to the hard drive that would be considered by many people, including most lawyers and judges, as a trespass of property rights, no different in theory or application of how black hats install malware. Good intentions are immaterial.

In legal theory these concepts are called being fully informed, providing full disclosure, and dealing with all parties in good faith. These concepts are fundamental to contracts and property rights.

Fully informed parties have less standing to file complaints because they are informed. Introducing evidence of not being fully informed and not dealing in good faith provides standing to file a complaint. Not being fully informed taints the contractual relationship because the offending party has not dealt with property owner in good faith. Evidence of not dealing in good faith are classic reasons for persuading judges to render judgments in favor of the complainant.

These concepts are fundamental to basic property rights.

Hence my simple question: "Are your customers fully informed you are doing this and have they provided you permission?"

I offered no judgment in the question or post. :)

ReaperX7 10-22-2012 09:18 PM

I do inform them that they do have a maintenance partition on their PC and it's for emergency usage only and doesn't affect or harm their systems. I have gotten into a habit of doing this because often Disinfecting a system is less time consuming than reformatting and reinstalling everything from scratch which is often unnecessary and time consuming.

When I have to completely nuke a system and format the drive it takes me anywhere from 7-8 hours to completely get everything reinstalled, updated, tweaked, etc. Yes that's good money, but honestly it's not saving my customers money.

In the time it takes to do a disinfecting it takes about 1-4 hours. Plus I use a Windows Repair Disk to fix up anything remaining, and then rescan with the native anti-virus tools and see if they are updated or need replacing. This doesn't even take long.

And as far as UEFI, a bootable disk will work with UEFI. I've already used this on a few PCs using UEFI with success. This isn't like using LILO or GRUB.

Woodsman 10-22-2012 10:14 PM

That's good to know. My simple was not to doubt the merits of the practice, only to help ensure you stay out of hot water. I hope you construed the question in that manner. :)

ReaperX7 10-23-2012 12:13 AM

Sometimes that hot water feels nice on the old bones. :D

bobzilla 10-23-2012 03:50 AM

Why 20 gb? What do you install? Which Slack packages? I like the idea, but I would put 1-2 GB at most. This isn't much even for older systems. Another thing that I would (at least try to) do is add this recovery option to Windows boot menu. This is simple with Windows XP and earlier, but I haven't really tried with Vista and 7. Boot CD/USB would be needed only if boot sector is messed up too.


All times are GMT -5. The time now is 03:50 AM.