There is the american saying "some days you're a bug, and some days you're the windshield." Well, the last couple of days i was more of a bug.
I switched my ISP on Tuesday and instead of the DSL router I wanted they sent me a modem. It's a ADSL2+ connection so I could not use my old router any more. I phoned them to send me a router which they promised.
On Wednesday, record time, the router arrived. It was 5 minutes to set it up and configure it. No problems, I was happy.
On Thursday I gave my Macbook into repair (the anti-whining part had been order) and got it back in the evening. When i arrived at home, the keyboard stopped working on the Book. Just dead. The computer is running and I now type this on a USB keyboard.
The same day on my PC (mainly used for gaming) I noticed heavy packet loss. Was the new ISP not keeping up its promise? I did some pings and traces and the ISP seemed to be ok. A look on my router showed a very busy LAN. And netstat revealed the misery: a process on my PC hat tons of connections to the net. My PC was hijacked!
A really nasty piece of software had gotten on my Windows system. It was a bot worm, remote controlled and now apparently used for some DOS attacks somewhere. It had two processes which restarted each other so fast, that the task manager was no help. It was monitoring the connections on all browsers and immediately shut down the browser when you tried to navigate to a known anti virus site. It closed regedit when you started it.
I finally with the help of cygwin managed to shut down the two processes and downloaded an anti virus application. The download was infected before it was complete. I started a new one. This one went through, but on running the setup, it detected that it had been tampered with and did not finish installation. I digged for a removal tool, had one scanning my disk during the night, and found in the morning that I had gotten the tool for another virus and it could not find the one it was looking for.
It was time to give up. On Friday I wiped the PC and reinstalled everything. I also visited the Apple shop where they apologized and told me they would order a new top casing which usually fixes the problems of a dead keyboard and mouse pad.
Today I feel a bit tired. I have the PC working again, I can use my laptop in a sort of way. It's now time to think things over and see what I can learn from that whole experience.
- The obvious thing is: never connect a desktop machine directly to the net. My PC was fully patched according to windows update. It was one evening of maybe 4-5 hours online that it needed to infect it. Partly I am to blame for this since I did not really put a lot of work into securing it. It was sitting behind a router for over a year and everything was fine. When I hooked up the modem, the SQL server port may have been open for example. Hard to say. I don't like Windows, but to be fair, any other OS with the same market share would have a hard time as well.
- Windows ACLs are beyond my understanding. I am sure there are people in the world who understand them, but I don't. When reinstalling the PC, I left a data partition intact and then tried to copy some files over to the new partition. Windows did not allow this for some files. Thing is, the old files still belonged to the no longer existing user account (the one on the shredded installation). The new installation had new UUIDs for its users. I gave the new user full permission on the old files and even made him owner, but Windows still refused. It is way to complex for the task of protecting file access on a desktop machine.
- I lost a couple of minor things, nothing important. But I am considering getting some net storage box now. A silent thing to install a ssh demon on to use rsync with. There are a couple of system at a good price to be had. My fondness for Macs would make a Mac mini an option, if it came with larger disks. I also thought about Amazon S3, but old-fashioned me wants to get his data also when offline. Maybe it could be backup for the net storage box...
- The only data I feel good about is the one I have in a repository on a server somewhere else. I think I will do that for more files now. Not only can it serve as backup, but it allows use and modification on several machines. Some kind of repository on top of S3 maybe? If all of it were public I could start my own open source project on sourceforge or google. The stefansvitaldata project...
- Last but not least: giving DSL modems to subscribers per default should be banned. The average PC will not survive it and ISPs should know better. I can understand the economics for them in a cost driven market, so some government regulation would be in order here.