Normally in my field of PC system repairs I never really use Linux as most of my customers use Windows, but I recently have found a usage for Linux in mainstream outside the norm using Slackware.

Basically I create a small 20 GB partition, install Slackware, then I do not install any bootloader and use the DVD to boot from. I install services like ClamAV, RKHunter, CHRootkit, etc. basically as many antivirus and antimalware tools as possible and then leave the Linux partition as a ghost in the machine.

If a customer gets hit by a virus or other form of malware, I can boot to Linux using the DVD, perform a scan of the system, remove any malware with the tools, then reboot with a Windows Repair Disk, have it repair what's damaged, then boot the system back as normal, and finish up any remaining work internally.

It's not the most glamorous usage of Linux, but it proves that Linux can be useful in any situation the person using it can be creative with using some ingenuity, and thinking outside the box.... and that Slackware can be set up to require a bootdisk without LILO, GRUB, etc. which is a great +1.

Isn't it possible to do the same thing with a live cd like Knoppix? That wouldn't require you unknowingly use 20gigs of the customers drive?

The right strategy in dealing with a compromised system is to wipe it and restore from a known-good backup. Scanners don't work in real world scenarios and these removal tools tend to catch only weak malwares.

So a "cleaned" system is still compromised. By removing clumsy crash-prone malware written by beginners you breed the stealthy undetectable rootkits, which came through the same door (survival of the fittest). Such installations tend to break down years later by the deployment of a random hotfix or a service pack. Very often the OS vendor is blamed for it.

Many people would not call 20GB "small."

Are your customers fully informed you are doing this and have they provided you permission?

Been doing this with Slax for years................

Real-world scenarios often involve customers (especially home users) who don't backup data and who don't have keep copies of programs either. Wiping a machine is sometimes the only option, but in my experience, disinfection does work the majority of the time.

Changing people's behaviour is the hard part, though.

IMHO, OP reinvented a 20 GB wheel.

There are distros which exist specifically to deal with Windows systems, the most comprehensive of which is the Trinity Rescue kit.

You could do the same thing installing slackware to a USB drive or CD/DVD and then could do this without installing anything, plus when you update to newer versions it would be update once, use many.

Nice....

But the coming "UEFI secure boot" thingy might makes things more difficult though...

Cheers...

RJ

Most customers are not even informed that their PC come with hidden recovery partitions and legit corporate malware, so I haven't got a problem with this.

I don't understand why you are all so negative about it. I think it's a brilliant idea.

Where did I write that I was negative? I only asked whether customers are being fully informed.

The hidden recovery partition is part of the upstream Windows installation. Whether most users are aware of that partition is irrelevant. The respective software license allows for that partition. Such disclosure provides evidence of dealing with the licensee of fully informing the licensee and in good faith. Whether the licensee reads the license is irrelevant. The licensor has ample evidence of dealing in good faith and providing disclosure.

Adding a maintenance partition in a user's hard drive after the fact is not part of any software license. If ReaperX7's service contract allows installing such partitions then all is well. If not then modifications are being made to the hard drive that would be considered by many people, including most lawyers and judges, as a trespass of property rights, no different in theory or application of how black hats install malware. Good intentions are immaterial.

In legal theory these concepts are called being fully informed, providing full disclosure, and dealing with all parties in good faith. These concepts are fundamental to contracts and property rights.

Fully informed parties have less standing to file complaints because they are informed. Introducing evidence of not being fully informed and not dealing in good faith provides standing to file a complaint. Not being fully informed taints the contractual relationship because the offending party has not dealt with property owner in good faith. Evidence of not dealing in good faith are classic reasons for persuading judges to render judgments in favor of the complainant.

These concepts are fundamental to basic property rights.

Hence my simple question: "Are your customers fully informed you are doing this and have they provided you permission?"

I offered no judgment in the question or post.

1 members found this post helpful.

I do inform them that they do have a maintenance partition on their PC and it's for emergency usage only and doesn't affect or harm their systems. I have gotten into a habit of doing this because often Disinfecting a system is less time consuming than reformatting and reinstalling everything from scratch which is often unnecessary and time consuming.

When I have to completely nuke a system and format the drive it takes me anywhere from 7-8 hours to completely get everything reinstalled, updated, tweaked, etc. Yes that's good money, but honestly it's not saving my customers money.

In the time it takes to do a disinfecting it takes about 1-4 hours. Plus I use a Windows Repair Disk to fix up anything remaining, and then rescan with the native anti-virus tools and see if they are updated or need replacing. This doesn't even take long.

And as far as UEFI, a bootable disk will work with UEFI. I've already used this on a few PCs using UEFI with success. This isn't like using LILO or GRUB.

That's good to know. My simple was not to doubt the merits of the practice, only to help ensure you stay out of hot water. I hope you construed the question in that manner.

Sometimes that hot water feels nice on the old bones.

Why 20 gb? What do you install? Which Slack packages? I like the idea, but I would put 1-2 GB at most. This isn't much even for older systems. Another thing that I would (at least try to) do is add this recovery option to Windows boot menu. This is simple with Windows XP and earlier, but I haven't really tried with Vista and 7. Boot CD/USB would be needed only if boot sector is messed up too.