Leland, I get what you're saying, but all of the products I use are standard and popular Windows apps, deliberately so because they are the apps my customers are most likely to use, not necessarily because I myself prefer them.
I do appreciate the usefulness of Linux for servers, and in fact do use it on the server side, but I think it's going to be some time before Linux replaces Windows on our customer's desktops. Thus I'm reluctant to go any further with it at this time. >From this standpoint, I'm thinking a minimal but effective VM solution is all I need. You don't mention why you moved from VMWare workstation ? I realize this matter, these attacks, are bigger then any one of us, so whatever I say or do isn't going to matter. This problem isn't even going to be stood up to until a whole lot of people decide to take action. One useful step is to stop calling them something they aren't. Bill I've had good luck running Sun's Virtualbox. I switched to Virtualbox after using VMWARE Workstation for a number of years. The joker in my deck of cards right now is Oracle's acquisition of Sun, and what effect that might have on products previously owned by Sun, like MySQL, and Virtualbox. I use PostgreSQL as my database, so I'm not so worried about MySQL's fate. I host Virtualbox in Linux, (eg Fedora 11), and I have SELinux enabled. I run XP Pro as a guest OS of Virtualbox, but I only use XP Pro as necessary. I don't allow XP Pro to be used to browse the internet or run any email clients. All browsing of the internet and email clients are run in the home directory of the user, (eg Firefox, Thunderbird, Squirrelmail, etc.) in Fedora. This limits exposure to viruses, malware, spyware, etc in Windows XP Pro, where such dangerous apps are so prevalent. Since each VM running in Virtualbox is self contained within its own folder, it's easy to backup. All you need to do is copy and paste the folder. Also, you could clone an OS and use the close as a backup that could eventually become the primary OS in an emergency, and Virtualbox also supports snapshots. Since the apps that expose me to the majority of risk from attack from the internet are running under Linux with the protection of SELinux, my Linux and XP Pro OS(s) are both pretty well protected. Still I'm running a virus scanner in Fedora called "Clamtk 4.10" to scan anything downloaded from the internet, before I install or run the downloads. I think it would be a good idea to have software in place to protect any window OS, even when running the Window OS within a VM; although, I'm not currently doing so. The disadvantage of this approach is the learning curve for those who have little or no exposure to the Linux OS. Regards, LelandJ > > I don't think this was a drive-by. It's software running IP ranges, > probably 24x7. And there's more then 1 group of these bastards out > there. It's even possible to write programs that generate unique > programs that do the same thing, so the number of attackers and > machines compromised must already be in the stratosophere. They know, > as we do, that they don't have to put something on the screen when > they attack - that's just taunting us - once they've got control they > can do anything they want to, and the possibilities are seemingly > endless. > > It has crossed my mind that's gold in being able to "protect and > recover" machines, but I want no part of any of it. The solution is to > fix the problem at it's root, which is serious gov't pressure on MS > and the ISP's, and tracking down the bastards behind it. Considering > the scale of it, and the trajectory, this is a really big thing. Yet > it seems not to be registering anywhere. > > I hate to suggest that the Internet be controlled, but to a large > extent it already is. For example, I've no doubt that the > CIA/FBI/KBG/et al know exactly how to pinpoint the source and target > of any traffic sent over the net. > > > Bill > > >> It's a never-ending battle. >> >> --- On Sun, 1/10/10, Bill Arnold <[email protected]> >> wrote: >> >>> From: Bill Arnold<[email protected]> >>> Subject: RE: [NF] An email was sent using my yahoo address >> book,but no virusfound. >>> To: [email protected] >>> Date: Sunday, January 10, 2010, 11:58 PM >>> Jim, >>> >>> Here's another note on the subject of "attacks" just received. >>> Everyone has their own combination of what works. If's a freaking >>> career. >>> >>> And then tomorrow the mouse types a few lines to change the code, >>> and the cycle repeats. >>> >>> >>> Bill >>> >>> >>>> -----Original Message----- >>>> From: [email protected] >>> >>>> [mailto:[email protected]] >>> On Behalf Of Nicholas Geti >>>> Sent: Sunday, January 10, 2010 10:08 PM >>>> To: [email protected] >>>> Subject: Re: [NF] An email was sent using my yahoo >>> address >>>> book,but no virusfound. >>>> >>>> >>>> That package is incredibly powerful. It has worked >>> everytime for me. >>>> However, you should run Malwarebytes and Spybot >>> afterwards. Then run >>>> combofix again. >>>> >>>> >>>> ----- Original Message ----- >>>> From: "Michael Madigan"<[email protected]> >>>> To: "ProFox Email List"<[email protected]> >>>> Sent: Sunday, January 10, 2010 1:00 PM >>>> Subject: Re: [NF] An email was sent using my yahoo >>> address >>>> book,but no virus >>>> found. >>>> >>>> >>>>> It looks like combofix may have fixed the >>> problem. There >>>> was no spam sent >>>>> in my name since the last time, over 24 hours. >>>>> [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/73740bc915db4b6488a2a4d53d1ab...@bills ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
