01 December 2005

Lest we forget

I plonked down a Linux workstation in an all-MS-Windows (workstations, anyway) site yesterday, and it really did show to me all of the myriad ways that MS-Windows wears you down. It felt so strange to think, “Oh, yes, I can swipe-and-middle-click to paste” and “Oh, yes, I can just run this program on the remote machine and it will all Just Work™” (not to mention “Oh, yes, ‘man:programname’ works in this browser”) and so on.

Normally, I feel a little like this when I get home from work, but the feeling is really emphasised by association — everything in my environment reminded me that I was working in a handicapped (MS-Windows) situation and highlighted the differences between them.

However, the big reminder came from one of the users’ workstations suddenly spitting a flock of warnings from Symantec’s email proxy. The user’s virus updates had slipped by one week, they’d been canvassed by some infected spam about the possibility of turning to the dark side of the internet, and MS-Lookout-Express had kindly said “Yes” on their behalf. Seven hours, three viruses and thirty-eight pieces of spyware later, I managed to fight the machine back to a position where the remaining three pieces of firmly entrenched spyware (including variants of SpySherrif and ICannNews which were working together to make SpySweeper’s job impossible) weren’t bringing the machine to its knees within seconds of startup completing.

When I explained (and showed) this to the machine’s user, he backed up his files, email and bookmarks, then went and got a Mac. He is now a very happy ThunderBird (“Reclaim your Inbox!”) user, and the experience prompted two other users (out of 30) in the office to drop LookOut in favour of it.

Another user switched on Monday after Sober.X got him. The virus updater had stopped working and would not say why, so I whomped up a script to “manually” pull down the updates, and included running them in each machine’s startup ritual. Yesterday’s machine got hit in spite of no less than three virus scanners and a spyware blocker.

On Linux, none of this has ever been necessary, and nor has the fear and uncertainty entrained by it.

Also, the tools to work around it are just scattered about underfoot, one doesn’t have to troll the ’net looking for them or hope that none of the “tools” you’re downloading are also trojans or infected. Yes, I am preaching to the choir — they could always be more evangelical. (-:

It’s worth pointing out that the remaining trojans were (are) not even detected by AdAware, SpyBot, Symantec’s virus scanners, Microsoft's antispyware kit, ClamAV, Sophos Sweep or Stinger. To zap the last three nasties, and presuming that there’s nothing else hiding on the drive that SpyScanner didn’t pick up either, I’d have to pull the drive out, delete the files using another machine, reinstall it, and run the system repair thingy. We’re not going to bother. I’ll boot a Mandrake installer CD and do a dd if=/dev/zero of=/dev/hda today, then their resident tech dude will reinstall the machine. Modulo two specific vertical-market WINE-hostile apps, they’d have been running Linux on 22 out of 28 workstations by the end of the week.

Cognitive dissonance will eventually erase the ugly experience of having your files wiped, your machine trashed, and your IP address SORBS-listed, so it’s worth asking people about their experiences from time to time, just to keep the memory fresh and motivating, lest we forget.

1 comment:

M said...

Get even more painful when trying to intergrate a Linux box into a WinXP/2k3 Domain :-|