(I've installed XP via Restore - a couple times; working next on XP-Pro, with variant partition-sizes. She has - a half-dozen times - but not generic.)
Continuation of previous, yes. I'm taking it-all as Comedy though; am willing to kinda kibitz and guide "a dedicated party's" doing most of the tedious on-line sleuthing, assimilating, note-taking.
Meanwhile - I'm experimenting on the notebook (now undergoing a second repartitioning - to see if.. once merely partitioned -still NTFS- but Not reformatted via fdisk: my assigned Extended Partition space (for dual-boot, natch) shall not be auto-wiped by the single-minded Restore set / on This try.
Having seen the log printouts, I see the script Kiddie's methodical creation of groups, permissions, then closing off possible avenues of rectification: by setting Their PWs and accessibility (like 'Guest', for ex.). Lots of typing to create all those HKEYS - there simply has to be a comparable script for fixing a Wide-Open new install - - as follows a similar drill: for Defense.
(The world of computer users and fixers is an even more stupid-stupid place, if this obvious ploy re XP Hasn't been accomplished) - I must assume I just haven't found one yet, in whatever cockamamie Doze script-language is used for Corp mass-installs -- and then The TEMPLATE for this purpose.
And yes, I grok that every bug is an ap, is somewhere an .exe (starts with MZ) and is a sequence therefore, of bytes. Alex's link confirms that at least one BIOS bug reached circulation: that answers one of my queries. I'd have thought that such a virus would manifest during boot, alter MBR content (or at least interpretation) - but would need some stub hidden in Registry.?. or something like that.
A DOD-wiped, repartitioned HD Cannot contain disk-editor-accessible code for pattern-recognition by say, a subsequent (Part-II for Second Attack?) piece of nastiness -- that is what I supposed and still do.
(She can do an RR in sleep now - and my only denying force is waiting for #$^*%# fdisk to insist on a Diosk Test at every single step of repartitioning.)
Appreciate that a disk inventory via *nix would evade the interference with APIs that mask display of any file manager trying to operate in a diseased, well.. further-diseased than normal - Doze box. Not that agile yet w/ Linux.
I think if you're depending on being able to run update scripts before an unpatched, networked XP box gets infected or compromised, I think you're fighting a losing battle. The way to update a new XP install is to install the OS, install updates from a CD, and install an antivirus and antispyware package before it's hooked up to the Internet. At that point, you can turn off services, etc., before your friends start browsing the virus sites. :-)Nope, we're following that sequence commencing with DL'd fixpacks, via Apple, yet! (surprised Beast would talk to an Apple..) - finding out next how to get cumulative patches (for all-at-once install.)
She was smart - paid real$ to get router setup properly and XP sanitized = 3 house calls; two after the invasion. They did none of the things right, even after two tries at unnecessary bug-fixing: it was already RRR'd! They wasted her time and $ (there was no data to be 'recovered'.) The evidence is there / documented. Court will be coming up unless reimbursement, also for a % of the pain/suffering. I wouldn't miss that show for anything - may post the terse opening allegation, excerpts from the appendix, rebuttal and evidence to be presented.
The 'script' I'm looking for is simply for lock-down;
this tedious task can use some automation (at least as efficiently as do the Kiddies - while undoing your barriers.) As for whether the gaggle of SpyBot clones find most-all .?. remember Post 198346 - Andrew's pretty detailed bug-hunt saga on a Vaio?
Then too, after this worm/trapdoor/whatever finished its methodical reconfig: SpyBot, AdAware would take all of a second to return "finished scan: OK". AVG flailed and died. I saw that on my infected notebook, before I wiped it. (I've also - earlier, elsewhere - seen ZA True Vector trashed.)
These are the reasons she is not relying on anything less than a careful litany of turn-offs AND all the usual nostrums AND double-firewall: ZA-Pro + Linksys buttoned down - with attacks, at each phase:
(ie. turn off router firewall! and hammer poor paraplegic XP, with only ZA to intervene. Pass that? Router back on. Test for "phoning-out" from within: is ZA doing its job of Alerts re inner activity? There are test-virii for this; are we having fun yet?)
Just maybe it will then run unscathed until the next New bug makes the rounds - gets in before the patches arrive: always days later. Wash, rinse. See? that's Why a script is needed:
When you expect this suppurating POS to go belly-up periodically - RRR is trivial compared with time for manually FIXING the out-of-box Experience. One More Time. That will be my attitude too, as I run Ex Pee on mine - (until I can find the 98 drivers.) But then, I'm on dialup: clearly less hazardous than her fire-hose hi-speed.
Anyway - it's fun so far, though it takes time away from the *nix Project and those other things in Real life.. Just a variant on NY Times Saturday Crossword :-)
Cheers,
moi