Pular para o conteúdo principal

Rescue CDs: Tips for fighting malware

Rescue CDs: Tips for fighting malware: "
Using rescue CDs to ferret out malware is a great idea, in theory at least. Getting them to actually work is another story. Don’t make the same mistakes I did.

—————————————————————————————–

Malware is sophisticated enough to manipulate the host computer’s operating system to help it hide. That’s why rescue CDs are becoming the go-to malware detection and removal technology.



What is a rescue CD



Anti-malware rescue CDs are bootable operating systems that take control of a computer’s hardware. Since the computer’s operating system is inactive, so is any installed malware. That’s where we get the upper hand; malware can’t activate any defense to avoid being detected by the anti-malware program installed on the rescue CD.

A stumbling block

Before, I present the rescue CDs I reviewed, I want to point out some mistakes I made when using rescue CDs. One embarrassing mistake happened during a visit to a client. It was the wrong time for me to realize that certain versions of rescue CDs require a new .iso file to get the latest signature definitions.

After that oops, I made sure I used rescue-CD applications that can download and incorporate the latest signature files without needing to rebuild the CD.

That brings me to my next mistake. I typically don’t give much thought to whether the network connection is hard-wired or Wi-Fi. I assumed rescue CDs would be able to update using either. That’s not always true. In some cases, rescue-CD apps will not recognize the wireless network adapter.

Here they are

The following rescue-CD applications always get good reviews and do well in independent testing. And, they are all capable of updating their signature database via an Internet connection:

AVG Rescue CD

Base: Linux (77 MB)

Configured to create either a bootable CD or USB drive

Signature Update: Online update or downloaded signature file

Avira AntiVir Rescue System

Base: Linux (47 MB)

Signature Update: Downloaded signature file

BitDefender Rescue CD

Base: Linux (228 MB)

Signature Update: Online update or downloaded signature file

Dr.Web LiveCD

Base: Linux (65 MB)

Signature Update: Online update

F-Secure Rescue CD

Base: Linux (155 MB)

Signature Update: Online update or downloaded signature file.

Kaspersky Rescue CD

Base: Linux (103 MB)

Signature Update: Online update

Norton Recovery Tool

Base: Windows Vista PE (241 MB)

Signature Update: Online update

Best at detecting malware

Avira’s AntiVir Rescue System is consistently on top when it comes to malware detection. Virus Bulletin is a well-known test house for anti-malware, and they place AntiVir Rescue System first (registration is required).

A close second is BitDefender Rescue CD. To many system admins being second is not an issue. That’s because BitDefender Rescue CD has many attributes that make their job easier.

Most features



BitDefender Rescue CD outclasses the entire group when it comes to features. That’s in large part due to BitDefender using Knoppix, a well-thought-out Linux distro. It has many third-party apps such as ChkRootKit, Nessus Network Scanner, Partition Image, and GtkRecover. One additional convenient feature is the inclusion of the Firefox Web browser.



Create a rescue flash drive

Most rescue CD applications require converting an .iso file to make a bootable CD. If that seems confusing, this link to the Petri Web site will help explain. With netbooks becoming popular, using a rescue CD isn’t an option. One way to resolve that is to use UNetbootin. It is an application that will create a bootable flash drive from any of the above rescue-CD .iso files. I have to admit though, it’s a cumbersome process.

Thankfully, AVG Rescue CD has an alternative answer. Simply download the rescue file specifically developed for flash drives, extract the contents of the file to the flash drive, and click on makeboot.bat. That’s it. You now have an AVG Rescue Flash Drive.

OS boot sequence

One other consideration that needs to be addressed is the boot sequence of the computer being worked on. If you are using a rescue CD, the CD drive has to be moved to the top of the list. If you are using a netbook, more than likely the USB drive will already be first on the list and not a problem.

My rescue-CD wish list

Many things have to go right for rescue CDs to work. It doesn’t have to be that way. All it would take is the following:

  • Make it simple to create “rescue flash drives.” Why? They can be easily updated without involving access to the computer’s operating system or having to recreate the CD.
  • Make sure the BIOS software recognizes USB drives in their boot sequences.

Final thoughts

Rescue CDs and rescue flash drives will become more important as malware writers figure out better ways to obfuscate their code. Rootkits come to mind as they are the forerunners of deception.

If you prefer a rescue-CD application not listed here, I would appreciate learning about your experience.




"

Comentários

Postagens mais visitadas deste blog

Favigen, Favicon Generator

Favigen, Favicon Generator : " Favicons are small icons that help identify websites. They are used as a visual representation of a website both in the web browser and at many online services. The three most prominent locations of favicons are the browser’s address bar, the tabbar and the bookmarks folder. Many webmasters like to create custom favicons to add that custom identifier to their website. Favicons can be created in many image and icon editors, but also online. Favigen is a straightforward favicon generator that can turn an image into a favicon. All that it takes is to pick an image from the local hard drive first, select the dimensions of the favicon and click the submit button to make the service generate the favicon. Favigen supports several image formats, including jpg and png, and it does not seem to have size restrictions either. Available image dimensions range are 16×16, 32×32 and 64×64. The generated favicon is displayed directly on the page. A click on do...

A simple rsync script to back up your home directory

A simple rsync script to back up your home directory : " Backing up important data is obviously something we should all do. Unfortunately, it is not always easy to make it happen. We get lazy; we do not have the additional hardware for a backup server; it takes a long time and a lot of CDs to back up to optical media; we do not trust online backup services; backup schemes are difficult to set up and use — any of dozens of reasons can stand in our way. Still, we know we should be backing up our important data. Modern open source Unix-like operating systems offer a plethora of options for incredibly simple, effective backup schemes, however. If the problem is figuring out how to set one up, a simple rsync solution may be exactly what you need. The rsync utility is used to synchronize files between two systems. It does so by way of incremental copies, only copying from the source to the destination what has not already been copied there, saving time, network bandwidth, and syst...

Google Wave now open to the public: faster, Robots and Gadgets aplenty!

Google Wave now open to the public: faster, Robots and Gadgets aplenty! : " Filed under: Internet , Google If you somehow missed it, Google Wave is now a bonafide Labs project: rather than being an invite-only alpha, it's now a public beta test! If you don't already have an account, just head on over to Wave and use your regular Google login details. If you've not seen any of the Google Wave introductory videos , you should check them out -- they explain the whole thing a lot more succinctly than I ever could. Wave has also been enabled for Google Apps domains -- businesses could convert their internal communication to Waves today! Leading up to this public release there have a lot of changes. It's by no means finished, but Google Wave is now a lot faster . It's also more intuitive -- more useful -- and given the large number of Robots and Gadgets now reaching prime-time readiness, it feels like the mass adoption of Wave is imminent. Also, if you're an ol...