The Trojan War Ended Not With A Bang, But A Whinny.

[alexandraerin]

My E key came off my laptop the other day. I managed to get it back on. It's loose but doesn't appear to be completely broken. I have to be careful how I hit it, which is annoying because it's a fairly popular letter and when I'm writing "in the zone" (which is how I do both my best and my fastest work) my fingers are pretty much flying and hitting the keys like flying jackhammers that fly at the keys and hit them.

The long term solution is to get a better laptop. I think the medium term solution is going to involve superglue, but I've got a feeling I'm going to have to be careful about how I do that.

So, motivated in part by that, I've been kind of single-mindedly focused on de-crappifying my compy for the past several days, but I believe it's paid off... yesterday I found a program that could identify the main backdoor trojan that was still bedeviling me (and letting everything else come creeping back in whenever I dared connect to the internet), and then I was able to find manual removal instructions. After much work, today I was finally able to get Windows to download and install updates. It was being blocked in multiple ways, so I had to keep Microsoft's knowledge base open on my lappy while I was working my way through the error messages.

I've left the computer connected to the internet since I fixed it around 4:00 and I haven't had any pop-ups with threat warnings from AVG (or spurious "OMGZ U NEED R PRODUCT NAO!" warnings from fraudulent spyware removal programs)... previously fresh disaster would strike within an hour of connecting, and often much sooner. I'm going to leave it running overnight, check in the morning, and then let it run fresh scans just to be sure, but I think it's well and truly done.

Considering that this weekend was WisCon, which I almost attended (and which many of my dearest, distantest friends did), it was kind of a bummer... but it was also good to have something to keep my mind off that. Luckily, my air conditioner got fixed on Friday or it would have been pretty bad. Though now that I have working AC, we've been getting some rain and clouds to cool us off... meh. Oh, well. Can't complain too much. I've been really paranoid about opening my email and doing other even remotely sensitive things until the problem was solved, but my project for tomorrow night is going to be to tabulate all the new sponsors and get them added to the lists. Didn't think it would take a week to get this thing cleaned off, so it'll be interesting to see how many there are.

Happily enough, it looked like a couple of people upgraded themselves from lower sponsorships to the five dollar level today. I especially thank everybody for supporting me even when things are distracting/detracting from the writing. I guess people feel comfortable doing that since I've proven that I'm in this for the long haul. I like to think... and I've been told by several of you that you do, too... that my work's been improving in quality, which I'm sure helps.

In the unhappy event that I wake up tomorrow to find that my system is infected again/still, I'm going to give it up for a lost cause... get somebody to help me back up my files and reinstall Windows. (I don't think I even have the CD anymore.) rather than losing more time to it. I can't say why I was driven to fix it myself in the first place... it's probably the same reason I try to do everything myself, though. The fact that I used to troubleshoot computers for a living doesn't help. I used to be better at this stuff. But I wasn't writing anything at that time... it's like a whole different frame of mind for me. More than that, it's like a whole different mind. Tech AE is not writer AE.

Comments

[the-leaking-pen.livejournal.com]

laptop keyboards do that. period, no matter how good of a laptop. keyboards wear out. Id suggest an external keyboard, say, usb.

[lizkayl.livejournal.com]

I second this. When I played computer games on my laptop, I always plugged in the external keyboard.

compromised

[penwis.livejournal.com]

Once a system is compromised, the only way to disinfect it is to reinstall from scratch.

Re: compromised

[stormcaller3801.livejournal.com]

1) That depends entirely upon the infection.

2) Reinstalling doesn't always work, either.

Re: compromised

[penwis.livejournal.com]

1) If you omniscient and knew exactly what had been infected then yes you could clear the computer. But you can never be sure you got everything. So we're back to the original statement that the only way to disinfect is the reinstall from scratch. If you try to just purge the infections then you can never be sure you got everything, and in my experience most people who think they did get everything are wrong.

2) That would be a neat trick for some malware to persist trough a wipe of the hard drive and clean reinstall. Is magic involved?

Re: compromised

[stormcaller3801.livejournal.com]

So in actuality it's not that the only way to disinfect something is to do a clean install, in your opinion, but the only way to know for sure that you got it is to wipe the hard drive and start over.

Which, incidentally, is entirely different from reinstalling.

And no, magic is not involved. But there are nasty little things that like to do tricks like hopping from partition to partition, or simply hiding in the boot sector if you're not doing a high level format.

Re: compromised

[penwis.livejournal.com]

"Reinstall from scratch" is what I originally said: force boot from CD, format drive, install OS. If done properly there is no chance for something to hide.

Anyhow, I agree with the following: "the only way to know for sure that you got it is to wipe the hard drive and start over."

If you want to be unsure you got everything then that's your call. My experience is that if one is unsure then one is probably wrong. But it's your computer so obviously you should do as you please and regard my comments as nothing more than unsolicited advice.

Re: compromised

[alexandraerin.livejournal.com]

"My experience is that if one is unsure then one is probably wrong."

Socrates is turning around in his grave.

Re: compromised

[stormcaller3801.livejournal.com]

My experience is that when it comes to computer security, there's two principles that apply. The first is risk value, and the second is making 100% secure.

Risk value basically states that you should never put more resources into security than the value of what you're securing. That's really the simplified version, as you also have to factor in various unknowns, such as figuring out the likelihood of a given attack versus the potential value of the damages that would be caused.

100% secure things do not exist. This is true for computers and it's true for every other security measure. If someone is utterly determined to break into your house, they will- no matter what you do. You can never make anything 100% secure, and you can never be 100% certain of that security.

Between the two of these ideas, you ultimately reach a point where you have to say that things are good enough- the risk is low enough, the value is not worth the additional time, and ultimately, there's no way to reach a point of complete safety. Even wiping the drive might not be enough- both because it can be evaded, and because that doesn't prevent you from being attacked again.

In the case of something like this, once you run several different programs by several different vendors, the likelihood of an infection remaining and being unseen is at best remote. Particularly if the computer is running without any sort of errors or other problems. And at that point, you accept it and move on.

Re: compromised

[penwis.livejournal.com]

Judging from the post here and lack of MU posts, I'd have to conclude that this exercise of disinfection took longer than reinstalling. It normally takes me less than an afternoon to do a fresh install (ie new computer or reformat). One way to facilitate this is to keep a text file with a list of the software you have installed so you just go down the list. So IMO "risk value" would favor a reinstall as both safer and easier.

Anyhow, it's pointless to go back and forth. So if AE is happy with the computer and is back to writing then that really what I care about. Your thoughts on security are not of great interest to me. (Hmm that sounds deliciously haughty, but really I don't see a point in arguing.)

[akailaughingman.livejournal.com]

there are ways to be 100% secure. they do not involve the internet. they involve bunkers, and 24-7 maintenance by non-bored guards. Child labor laws render them illegal ;-)

Re: compromised

[alexandraerin.livejournal.com]

1) None of which makes what you said actually true. It's a perfectly valid approach to computer safety and is certainly a more thorough one, but it's rooted in an assumption that's just plain false.

That's not a criticism of it. In many ways, it's a more reasonable approach to take than the one I did. I mean, "Assume every gun is loaded." is still a valid safety tip, even though it's rooted in a false assumption.

Re: compromised

[penwis.livejournal.com]

1- Please see the reply to stormcaller3801 above.

2 - By explicitly saying that we should make an assumption I am saying that something may or may not be true and that for some reason we should nevertheless act as if it were true. A false assumption is normally something that we implicitly presumed to be true but is in fact not always true.

Assume the gun is loaded -- yes I know it's probably not loaded because you remember unloading it be fore you put it away, but assume it's loaded anyhow because there is some tiny chance that gremlins reloaded it and you really don't want to shoot yourself.

So it's ok to let the president of the US do whatever he wants because he has the good of the people at heart -- yeah, I think you are assuming only saints become president and I'm not sure how valid and assumption that is, you're also assuming the president always knows best and again that's a questionable assumption.

Re: compromised

[alexandraerin.livejournal.com]

The reason you assume a gun is loaded isn't because you believe in the spontaneous generation of bullets... it's because that people can be wrong and if you do something with a gun that is predicated on the belief that it's unloaded and you're wrong, the consequences are likely to be horrific and irrevocable. For instance, if you pick up a gun at point at somebody and then because you're sure it's unloaded you pull the trigger just to be funny, no amount of your confidence in your memory is going to bring them back if you're wrong. So the solution is to not do that. Given the huge risk, the tiny benefit, and the odds of being wrong in a given circumstance don't merit it.

But this is just a computer. Picking the "safe" assumption as the default and slavishly adhering to it is not warranted because life and death are not at stake. If I'm wrong, I still have the option to reinstall and start over. If you pick wrong with the gun, there's no edit-undo.

And besides of which, the chances of disinfecting an infected computer are much higher than that of death by bullet-gremlin. It has happened. It might not happen in this case because my computer was highly compromised, but I've seen it happen. Not every bit of malware out there is equally sophisticate or pernicious. Some depend on holes that can be plugged fairly easily.

Really, you've got a perfectly sound and reasonable strategy, but by phrasing it as an absolute, you come off as being much less reasonable.

Re: compromised

[penwis.livejournal.com]

Ok, it's you're computer and if you're happy then you're happy.

As for edit-undo, just make sure you back up your stuff.

not too hard...

[akailaughingman.livejournal.com]

there are other residences for code than the hard drive. consider the bios, for example.

[hnmic.livejournal.com]

One day I will be expansively rich, and let you have a piece of my trust fund for living allowance, I swear I will.

[alexandraerin.livejournal.com]

Just don't be expensively rich. That's self-defeating.

[hnmic.livejournal.com]

of course not! I'll have a modest house and drive a modest car (most days) and live a modest life,... and provide living allowances for my friends.

[alexandraerin.livejournal.com]

I've always thought that if I win the proverbial or literal lottery, I'd buy a bunch of acres out somewhere where it's cheap and set up a bunch of cozy little housing and create an artist's commune/retreat.

[hnmic.livejournal.com]

Administration of a commune/retreat is not something I think I'd be up to... I suppose If I was that rich though I could pay someone else to manage it.

I've always just wanted a nice tract of land (a mountain) with a nice little place on it and the ability to subsidize the living cost of so many of my friends who create for a living, starting with s00j and getting on to you eventually. /grin

WisCon

[digitalxero.livejournal.com]

Too bad you didnt make it, was tons of fun and woulda been nice to meet you IRL since I couldnt do the train thing.