Monday, July 17, 2006

Viruses

Update #1
Update #2

Oh... my... god.

Those who know me know that I am, at least in theory, a computer security dude. They also know that one of my passions, if you will, is to educate the common person about issues of computer security, because I strongly believe that it doesn't have to be rocket science, at least not for most people.

One of the questions I always get asked is "how do I catch viruses? in real life, how does it happen?" and I generally explain the common methods (downloading files without following common sense, having a non-current anti-virus software, etc). But today I encountered one that just takes the biscuit. Actually, I can't really say "today", as it has been a week and a half. But let me tell you my story.

About two weeks ago, my wife's laptop, a Gateway M460, croaked. For whatever reason, the OS (XP, what else?) lost its marbles, and had to be reinstalled. Well, after backing up her data, I went into the recovery mode - only to find out that the recovery partition was never completed, and that it needs a CD that I was never provided by the seller of the PC (a legitimate store, again in theory; don't buy computers from RecoupIT is now a new recommendation).

Oh well, I thought. I hate XP anyway, let's put Win2K on. Did that, only to find that there are no hardware drivers available for Win2K. Alright, then. Back to XP. I call Gateway, pay them the $35+shipping to get the recovery CD (or DVD) sent to me, and wait.

The disc arrives - and is defective, certain files would not be copied as part of the recovery process. Two obvious and pretty scratches on the disc surface later, I call Gateway again and ask them to resend the disc, which they do.

Fast forward to today. I get the disc. I use it to recover the machine - remember, the drive has been already low-level formatted, reinstalled with a different OS, then formatted again before the show begins. There is no trace of anything on it.

PC hums along nicely, and about 45 minutes later, the OS is reinstalled. I go about copying her old data onto the new machine, including installation files for things like AVG (my favorite anti-virus software), which I promptly run. Oops! It discovers a bunch of virus infections, including in itself. "Ah!" I say, reaching the obvious conclusion. Her PC must have croaked because it was infected with a virus; it infected these executables before I backed them up. No biggie; I can always download those softwares again from their respective providers.

So I start over, format the drive, then run the recovery disc again. When it's ready, I download the first two important applications - Firefox and AVG. I install the first, then the second. WHOA! How on EARTH did the computer get infected again?

Hold on. Back to square one. I pull out the disc - remember, this is the recovery disc used to rebuild a machine from scratch - and put in my machine, the one I use for my work in the security field. Then I scan it.

Voila! It's the frigging recovery disc that includes the virus!

Let me repeat that, in case you didn't quite catch it.

THE RECOVERY CD/DVD SENT ME BY GATEWAY TO USE IN ORDER TO REBUILD THE FAILED GATEWAY LAPTOP FROM SCRATCH COMES WITH A VIRUS "BUILT-IN". It's in the bundled applications (if you care, its under I386/Apps/07192 - the bundled googledesktop and googletoolbar apps).

Now that's one for the record books. Really not a huge deal - I download and run vdcleaner, which takes care of the nuisance (the virus is hidrag.A, a parasitic but for the most part non-destructive virus), and keep going. Takes an extra 10 minutes during the installation process once you know it needs to be done.

But I can't help but think about all those poor Gateway customers who use this disc without knowing what hit them. I mean, the one piece of software you would trust is the bloody recovery disc provided with the PC, right? Wrong. I just wonder which poor sod at the Gateway lab is responsible for this particular piece of stupidity.

The fun never ends.

0 Comments:

Post a Comment

<< Home