Windows Malware: The final straw that broke the penguin's back
It was simply a matter of time before Linux became my primary operating system. My most recent malware incident was the final straw that sent me into the safe haven of Ubuntu.
Suffice it to say that last week was a pretty crappy one for me. My FaceBook account was somehow compromised, causing untold amounts of my friends to receive a spammed invite to some sort of diet seminar scam event and then having to endure the embarrassment that accompanied it.
Click on the "Read the rest of this entry" link below for more.
The compromise itself was easily rectified, I had to reset all of my core passwords -- FaceBook, GMail, blogs, et cetera. Then I proceeded to sweep malware from my various Windows systems in my house -- my primary Windows 7 testing workstation, my wife's Windows 7 office PC, my Windows XP virtual machines, and our shared recreational Windows 7 laptop.
Fortunately, my testing Windows 2008R2 servers that run my other Windows virtual machines hadn't been powered on for a few weeks, and I don't do any browsing on them, so those were unaffected.
I ran Avast! Free, a pretty decent antivirus program on all of my Windows systems save for my work Windows XP VM, which runs a corporate-licensed instance of Symantec Antivirus. I also kept my FaceBook account from being linked to as few applications as possible, and I never let anyone with a USB drive near my home computers.
For my primary browsers I use Google Chrome and Firefox, with various script-blocking extensions running. I only use Internet Explorer when I absolutely have to, such as when I am doing MSDN downloads. I also ran antispyware sweeps with Spybot Search & Destroy on all my Windows systems automatically several times a week. It was a routine that worked, for several years, and it kept me out of trouble for a long time.
To this day I still have no idea what whacked me. Our ZDNet Zero Day security blogger, Ryan Naraine, suggested that I might have been hit with some weird variant of Koobface, and that I try a more comprehensive virus and malware scanner than what I was using -- Kaspersky.
[UPDATE 1: It appears over 1.5 million FaceBook accounts have been compromised via a Russian hacker. While I can't rule out that a direct account compromise via brute force password attack rather than a Windows trojan was the culprit, I'm not going to assume up front I was part of this site-wide compromise. If FaceBook itself isn't encrypting its main password database we've got even bigger problems than one blogger's PC to deal with.]
[UPDATE 2: Naraine, who works as a security consultant for Kaspersky, believed that this was Windows malware versus some sort of cross-site scripting attack (as my ZDNet colleagues Adrian Kingsley-Hughes and Zack Whittaker have suggested this morning) because as we were discussing the subject on IM, and had me diagnose some things on the phone, he got hit with the spam, which led him to believe at the time the machine itself was compromised and not the sites. This may be have been a co-incidence, as Naraine was already a friend of mine on FaceBook, but at the time, we weren't going to take any chances]
I also had about 100GB of "Junk" data on my main system, so I trashed all of that, then ran a full Kaspersky 2010 scan -- which took hours even after I did a spring cleaning and trashed all the garbage -- and came up with absolutely nothing.
My other two light-use Windows PCs and my primary XP VM on which I ran other scans also came up with nothing. Spybot yielded a bunch of minor malware tracking cookies, but nothing that would raise my eyebrows such as a well-known trojan.
As some of my colleagues note, It's certainly possible that the compromise occurred on another system that I had used to log into FaceBook, such on a friend's or a family member's computer that got infected which had my login credentials cached.
It's unlikely since I always run something like CCleaner to wipe out all traces before leaving a PC that I had used, since all of my family's systems are inspected for anti-malware capability before I use them and are scanned automatically, but I won't rule it out. The bottom line, however, is that I suffered this compromise because I used Windows. If I had been using any other operating system, it probably wouldn't have happened.
Also Read: Why I Can Never Be Exclusive to Linux and Open Source on the Desktop
Using Windows and Microsoft software is something I cannot get away from. I still need to use Office and any number of Windows programs in my personal and professional life. However, I'm no longer willing to babysit all my my systems due to the constant threat of malware. This last incident has left a massively dirty taste in my mouth and I'm not about to let this sort of thing happen again.At work, I already run Linux as my primary operating system. My IBM ThinkPad runs Ubuntu Karmic Koala 9.10, with the Linux native version of IBM Lotus Notes 8.5 and a myriad of other native Linux applications including IBM Lotus Symphony 3 and various Java-based stuff and Intranet things that I need to do my day job.
Also Read: Who is a Candidate for Desktop Linux?
For those Windows things I still absolutely need that Linux doesn't do, I use VirtualBox and Windows XP running in a virtual machine. For the most part, this hybridized approach has worked out for me just fine. My work computing environment is stable and for the most part, problem-free. It's never been compromised.Why? I don't use my business computing asset for personal stuff, such as for researching ZDNet articles and reviewing and testing software. I don't do my casual browsing on it. I don't watch goofy videos that people email me and I don't tweet with it. I don't audio edit my podcasts with it or do anything else that would be considered non-work related.
For that, I have a powerful desktop workstation -- "Der Frankenputer", a dual Quad-Core Opteron system with 16GB of RAM that up until this last weekend has run Windows 7 64-Bit Ultimate Edition as its primary operating system.
It occurred to me that if I can survive at work with Ubuntu and a Windows VM on a Core Duo 2GB laptop, there's no reason why at home I can't do the same thing with a much more powerful box. I could use Ubuntu Lucid Lynx as my primary OS to do secure browsing and other Internet-related activities, and run my personal, non-business Windows 7 environment in a virtual machine using VirtualBox.
So this weekend, I popped in a brand-new 500GB hard drive, and installed the Ubuntu Lucid Lynx 10.04 release candidate, and never looked back. I copied in all of my personal data from my Windows 7 drive and installed a fresh copy of Windows 7 in VirtualBox. My love affair with Windows as my primary operating system is over.
I then took stock of all the apps I use and tried to identify any gaps in functionality I might have to deal with in Linux that would have to be addressed in the Windows 7 VM. Audacity, the program I use for podcast editing runs native in Linux, as does Chrome and Firefox 3.6. For my digital photo editing needs, Picasa seems to run decent enough on Linux in an optimized WINE binary and I'm already an avid GIMP user. So that takes care of most of my creative content stuff.
Also Read: Ubuntu Lucid Lynx 10.04 Sneak Preview
Skype is a bit back-revved on Linux and the VOIP recording solution isn't as nice as the Windows stuff I have, so that as well as anything else I do with my webcam or headset will have to run virtualized. iTunes will also have to run in Windows if I want to transfer data directly from the PC to my iPad. That's no biggie, as VirtualBox supports USB 2.0 so all my peripherals will work fine.I'll definitely have to throw a decent amount of memory and vCPUs at the Windows 7 VM to get decent performance, but I'm willing to put up with it. I've also got several Windows 7 VMs running on my beefier Windows 2008R2 Hyper-V and VMWare ESXi servers if the Windows vritual instance on my "monster" workstation doesn't cut the mustard.
Windows 7 is now on double secret virtual probation. Like a misbehaving child, it's being given a permanent Time Out from the Internet. No more browsing with it, period. It's strictly relegated to running apps that don't have Linux equivalents or functionality, and the network ports the applications need to use will be closely monitored by a UTM firewall which will notify me the second something funky happens. For browsing and general system tasks, Linux will be my safe haven from now on.
I'm not the only one in the household who's just been Linuxed this weekend. My wife is a browsing junkie and is even more addicted to FaceBook than I am. Since all she does on her laptop is browse the web, watch web videos, use FaceBook and play Flash games like Lexulous, Scrabble and Uno, she doesn't need Windows on that system and its one less computer on my home network I need to worry about being a potential security hole. So now she's using Lucid Lynx too.
After a short training session where I showed her where all her icons were and demonstrated that all her sites and programs worked normally, she's happy as a clam.
I myself was particularly impressed that her Dell Studio 1550 64-bit Core Duo, which has an integrated Wireless-N chipset, worked absolutely flawlessly without having to do any sort of driver tweaking. Right after installation the system prompted me to enable the ATI proprietary accelerated video driver for best performance, and with a single mouse click and a short automated download it was done. Stuff Just Worked. No doubt about it -- Linux has definitely come of age for end-users with Ubuntu 10.04.
I thought I would be happy with Windows 7 as my primary OS, and that the security problems that plagued Windows XP and Vista would largely be a thing of the past. Indeed, Microsoft has made some nice improvements in security with Windows 7 and they've been much more vigilant about updates.
That being said, with malware getting more and more sophisticated and with Windows still being the primary target of these attacks, I'm just not willing to take that sort of chance and risking another malware attack like what happened to me last week anymore.
I'm still going to use Windows and Microsoft programs, but they won't get unrestricted access to my systems like it used to. Like any unpredictable and potentially dangerous animal, it will be contained and controlled -- and in a Linux virtual cage.
I can't say this approach with work for everyone -- but with the huge level of exposure I now have working for a large technology company and being a fairly well-known technology blogger, I have the luxury of making the problem go away with any enabling technology at my disposal. That means goodbye, Windows 7 and Hello Ubuntu.
Have you used Linux and virtualization to make your Windows malware problems "Just Go Away?" Talk Back and Let Me Know.