A road named NoNameUno

As a programmer, often curiosity runs in real-time priority, meaning swapping other things out, and be focused on curiosity. I also heard in my earlier days that Curiosity is good but overly curious is not necessarily good. I did not and still don't know what that tells, but I guess it is basically saying "Need to know...". 

In this case, it was not like that. It is just that I wanted to play around few technologies like: Linux, Mac X, Windows. They all became part of my experience profile over the years. In some area, I'm at starter level, in some other ( well shamelessly) I know enough to do damage :)

One of my machine ( my day to day bread earner ) is Windows 7, x64 bit. It runs the firewall, and it has avast anti-virus. And I see surprising behavior. About a year ago, it was infected with some virus that was eating up random character from my editors buffer. All kinda editors were infected. Having left the security related programming ( needless to say it is a huge area these days) couple years ago, I was kinda hapless and hopeless. I've an antivirus, that runs every night to scan the whole system, and I've a firewall that blocks or supposed to block worms and other stuff. Right? -- Well that is not entirely true. For certain kinda developer, it is essential that we should be logged in as root/admin, that that could come into play when it boils down to dig your own morge. 

Though I would not count myself as an expert, I'd a funny feeling that one type of platform ( Windows, Mac X, Linux) is not good enough to keep things going. Have to have all of them, first for curiosity, second for redundancy. Curiosity I explained, for the other - I need to have things up and running. I should be able to have internet up and running, and I don't really like to be blamed for my kids not submitting the home work ( these days lot of are computer based) in time. I simply can not convince them, why I can not help them. Though there are times I had to take another machine, supposedly not infected, to get the files and have them printed from kinkos.

 Being in the security area, though not involved totally in all sphere of it, it always bugs me about the current state of afairs. So what I did in the past, is to read a lot of books, yes curiosity, and tried to understand what is the scope and/or vastness that one has to conquor. It's huge. And the major steps are --

• prevention
• detection/analysis
• recovery/mitigation

In my case, I tried to prevent, may be not totally by switching off the computers or change to non administrative login. But I can not switch off the machines, it is just like turning off heater in winter of new england. I'm not yet totally sure if I could avoid all the problems by loggin in as non-admin, but again, there are times when I need to be admin. 

Before we go on to the detail of the three major steps, it is essential to understand the scope of these in large scale, since we all are (un)fortunately in the connected world. Our life style has changed. Our economy, our survival, and our prospect all depends on the so-called high-tech. Make no mistakes, there are plenty of examples floating around the internet, that will give anyone an idea about the stakes, their value (material or not ), stake holders' risk.

For me, at a very personal level, I saw that it randomly chewed out lots of files. You would not see them, not even in the recycle bin. I use lot of utilities, that are handy, and got used to them over the years. I've seen Mac X blocked my work like crazy. Same with Linux too. It's very time consuming, even if you turn on wireshark/ethreal to see what is going on, and it is just one part of it that could go wrong. There are other areas, that could be infected/compromised, and I'm doomed to the phrase "I don't know what I don't know"...

tobe continued ...