24 May 2014

Destroy Windows viruses with Linux

While studying at C-DAC, I sometimes needed to take a printout of my project, and when I returned after taking a printout from a nearby shop, I'd find that the pen-drive I took to the shop now had some extra files in it.

These files I found, were viruses which entered my pen drive when I connected it to the computer in the shop, for taking a printout. I was able to see these viruses as normal files, on Linux. Also visible, were the scripts which automatically activated the virus and copied the virus onto any read/write media (pen drive/floppy drive/external hard-disk ) you insert into the computer with a Windows OS. These are viruses that aren't very harmful. About boot sector viruses, I don't know yet. The last time I encountered one was on a floppy, and at that time I didn't have Linux.

Ways to destroy a Windows virus:
[as I discovered by myself and created my own technique at around October 2008. The reason I'm posting this is because I found that not all antiviruses were capable of detecting all viruses. Of course, your best bet is an antivirus and other malware protection tools, but this is one of the ways you can rid yourself of a common annoyance]

  • Access the pen-drive in Linux. Most virus files would be located on the root directory of the pen-drive. You'll recognize these files as files that weren't there initially. Simply right click the file and delete it. You can also disable the virus just by deleting the autorun script that activates it.
  • Sometimes, to see the virus you may need to open up a terminal and type "ls -lrth" or "ls -altr".
  • If you're unable to simply delete the virus, open up a terminal and type "rm -rf virusfilename" (without the quotes of course)
  • If even the "rm" command can't get rid of it, then open up the vi editor by typing "vi virusfilename" or "vim virusfilename" at the terminal and the contents of the virus file will be displayed to you. It's mostly a bunch of junk characters that you'll see. Now simply delete one or more characters in the file, save and exit with the command sequence:  Press the Esc key, then type a colon ":" and then type "wq!". The exclamation mark at the end ensures a force-save, even if the virus file is read-only. And tadaah! the virus is disabled.
Even a disabled virus will be detected and quarantined by a Windows antivirus. Looks like it has a rather prominent virus signature.

Is Linux safe from viruses?
Now, if you've always felt that Linux is safe, think again. Here's how malware can infect Linux: http://en.wikipedia.org/wiki/Linux_malware.

How about the Mac OS?
Same with the Mac. Do a search for Mac antivirus and you'll see.

There was a time when I was in school, that I was quite annoyed with the first virus that infected my PC, and wanted to join an antivirus company to fight off viruses and malware. The mock-antivirus on this page was a fun attempt at that.
Recently Symantec announced that standalone antiviruses are dead. Apparently attackers are finding other ways to bypass security. There is also a research group (had read about it long back but unable to find the page now) that plans to rebuild the internet from scratch, designing the security of the new internet like how a natural body has multiple layers and levels of security. Of course, what needs to be seen is how the market responds to the idea.

No comments: