From: "~BD~" <BoaterDave@hot.mail.co.uk>
FUD post !
There is NO malware that infects are resides within the; BIOS, Motherboard or Video-card
EEPROM.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
| From: "~BD~" <BoaterDave@hot.mail.co.uk>
| FUD post !
| There is NO malware that infects are resides within the; BIOS, Motherboard or
| Video-card
| EEPROM.
That should have been...
"...that infects or resides within..."
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
David H. Lipman wrote:
> From: "David H. Lipman"<DLipman~nospam~@Verizon.Net>
>
> | From: "~BD~"<BoaterDave@hot.mail.co.uk>
>
> | FUD post !
>
> | There is NO malware that infects are resides within the; BIOS, Motherboard or
> | Video-card
> | EEPROM.
>
>
> That should have been...
> "...that infects or resides within..."
>
>
>
So now we are in a situation where someone (drdos) has posted
information on a well known technical forum saying one thing ....... and
Mr David H Lipman (whoever he may *really* be!) making a post on Usenet
groups claiming that the original poster is wrong.
Take a step outside the box, David.
How could anyone simply 'visiting' these groups have any notion of who
is actually telling the truth?
I am /inclined/ to believe what *you* say - but there is no supporting
evidence to that effect - is there?
Is it reasonable for readers to accept that, as you have made no
disparaging comment to the contrary, that "Most wiping, erasing,
formatting, and partitioning tools will not overwrite logical bad
sectors on the Disk, leaving the Rootkits and their accompanying payload
of malware behind and still active."?
If so, what action would one recommend one takes before reinstalling an
operating system on a previously used disk - Darik's Boot and Nuke?
http://download.cnet.com/Darik-s-Boo...-10151762.html
Or, maybe FDISK will do? http://support.microsoft.com/kb/255867
Or does one simply assume that one's disk is Rootkit free and simply use
a Windows set-up disk and the in-built formatting facility?
--
Dave
~BD~ <BoaterDave@hot.mail.co.uk> wrote in
news:7ridndLhg8MJXkfWnZ2dnUVZ8rqdnZ2d@bt.com:
> David H. Lipman wrote:
>> From: "David H. Lipman"<DLipman~nospam~@Verizon.Net>
>>
>> | From: "~BD~"<BoaterDave@hot.mail.co.uk>
>>
>> | FUD post !
>>
>> | There is NO malware that infects are resides within the; BIOS,
>> | Motherboard or Video-card
>> | EEPROM.
>>
>>
>> That should have been...
>> "...that infects or resides within..."
>>
>>
>>
> So now we are in a situation where someone (drdos) has posted
> information on a well known technical forum saying one thing .......
> and Mr David H Lipman (whoever he may *really* be!) making a post on
> Usenet groups claiming that the original poster is wrong.
If the article claims an infection in the bios or eeprom vs corruption;
then the article is indeed, wrong. BD.
> Take a step outside the box, David.
Google bios and eeproms David. You might find it somewhat enlightening.
> How could anyone simply 'visiting' these groups have any notion of who
> is actually telling the truth?
By doing their own research into the matter?
> I am /inclined/ to believe what *you* say - but there is no supporting
> evidence to that effect - is there?
See above. Google really is your friend.
> Is it reasonable for readers to accept that, as you have made no
> disparaging comment to the contrary, that "Most wiping, erasing,
> formatting, and partitioning tools will not overwrite logical bad
> sectors on the Disk, leaving the Rootkits and their accompanying
> payload of malware behind and still active."?
behind, possibly; active.. no.
> If so, what action would one recommend one takes before reinstalling
> an operating system on a previously used disk - Darik's Boot and Nuke?
> http://download.cnet.com/Darik-s-Boo...-DVD/3000-2094
> _4-10151762.html
If it does sector overwrites (and I believe it can be configured to do
so) yes.
> Or, maybe FDISK will do? http://support.microsoft.com/kb/255867
FDISK is a partitioning tool. it doesn't address sectors marked as bad.
> Or does one simply assume that one's disk is Rootkit free and simply
> use a Windows set-up disk and the in-built formatting facility?
If the system disc is clean and initializes the bootsector with clean
code, bye bye rootkit. Assuming it was an MBR based one.
--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior
Dustin Cook wrote:
>
> If the article claims an infection in the bios or eeprom vs corruption;
> then the article is indeed, wrong. BD.
Thank you, Dustin.
>> Take a step outside the box, David.
>
> Google bios and eeproms David. You might find it somewhat enlightening.
I've done much research!
>> How could anyone simply 'visiting' these groups have any notion of who
>> is actually telling the truth?
>
> By doing their own research into the matter?
On Usenet there is absolutely no way of telling who is telling the truth
AFAICT. I know much about you and, in spite of what you may think I
thought (!) I'm quite sure that you a real young man with a mom and a
family.
I know absolutely *nothing* about David H. Lipman, save for the fact
that he thinks he is God's gift to Usenet and is a contributor at
Malwarebytes forums. His English is poor and he has little understanding
of human nature.
>> I am /inclined/ to believe what *you* say - but there is no supporting
>> evidence to that effect - is there?
>
> See above. Google really is your friend.
I find nothing about the personal/professional life of Mr Lipman.
Quote:
1. The "False Authority Syndrome"
Don't believe everything. Some people talk or write about viruses as if
they were an authority in this field, but in fact they are often not.
Ref: http://www.claymania.com/info-fas.html
>> Is it reasonable for readers to accept that, as you have made no
>> disparaging comment to the contrary, that "Most wiping, erasing,
>> formatting, and partitioning tools will not overwrite logical bad
>> sectors on the Disk, leaving the Rootkits and their accompanying
>> payload of malware behind and still active."?
>
> behind, possibly; active.. no.
OK - possible to be reactivated once back on-line?
>> If so, what action would one recommend one takes before reinstalling
>> an operating system on a previously used disk - Darik's Boot and Nuke?
>> http://download.cnet.com/Darik-s-Boo...-DVD/3000-2094
>> _4-10151762.html
>
> If it does sector overwrites (and I believe it can be configured to do
> so) yes.
That was my understanding. Thanks.
>> Or, maybe FDISK will do? http://support.microsoft.com/kb/255867
>
> FDISK is a partitioning tool. it doesn't address sectors marked as bad.
At that link it says - quote:-
"When you run the fdisk command to create, delete, or change a
partition, all of the data on that partition is permanently deleted".
I've always understood that to mean that any malware would be destroyed
too!
>> Or does one simply assume that one's disk is Rootkit free and simply
>> use a Windows set-up disk and the in-built formatting facility?
>
> If the system disc is clean
How can one be sure that it *is* clean?!!!
> and initializes the bootsector with clean
> code, bye bye rootkit. Assuming it was an MBR based one.
That is my understanding too. My niggling concern has always been that
malware (call it what you will) might remain 'somewhere' within a box
ready to continue with it's malicious activity even though it's been
flattened and windows reinstalled (or even if a *new* hard disk has been
installed!).
I suspect such thoughts came about from my contact and discussion with
our then High Tech Crime Unit - who recommended that I *destroy/trash*
the machine involved in my identity theft encounter. The implication was
that there is much more going on 'behind the scenes'- things that the
authorities do not want the public to know about!
As I'm sure you have gathered, I prefer honesty and openness!
--
Dave
"~BD~" wrote:
> 1. The "False Authority Syndrome"
>
> Don't believe everything. Some people talk or write about viruses as if
> they were an authority in this field, but in fact they are often not.
>
> Ref: http://www.claymania.com/info-fas.html
The link to vmyths (for more about FAS) on that page is out of date.
Use this: http://vmyths.com/fas/ which redirects to a PDF written by
Rob Rosenberger. It's a bit dated now, talking about old msdos viruses
and bulletin boards, but the wisdom is still sound.
"The U.S. Air Force highlights the concept of False Authority Syndrome
in Tongue & Quill, their official publication on effective writing:
Nonexpert opinion or assumed authority - Don't be swayed (or try to
sway someone else) based on the opinion of an unqualified authority.
The Air Force is chock-full of people who, because of their position
or authority in one field, are quoted on subjects in other fields
for which they have limited or no experience.
(As this Air Force publication notes, False Authority Syndrome can
attack people in all fields of expertise.)".
> My niggling concern has always been that
> malware (call it what you will) might remain 'somewhere' within a box
> ready to continue with it's malicious activity even though it's been
> flattened and windows reinstalled (or even if a *new* hard disk has been
> installed!).
>
> I suspect such thoughts came about from my contact and discussion with
> our then High Tech Crime Unit - who recommended that I *destroy/trash*
> the machine involved in my identity theft encounter.
See the quote above. Police units dealing with computer crime are not
authorities on malware. Their expertise is in gathering evidence
(computer forensics) for possible prosecutions. They need to know
where and what to look for on the system and, before they start, how
to preserve or not corrupt that information. Sure, they may employ or
consult experts who know something about particular malware in certain
cases but did you communicate with one of these experts? More likely
it was some desk sergeant or other front man whose job is not to
educate the public about the finer points of fraudulent or malicious
software but simply to give the safest and most general advice; i.e.
trash the machine. In fact, that sounds like pretty dumb advice from
anyone claiming to be an expert on malware.
> The implication was
> that there is much more going on 'behind the scenes'- things that the
> authorities do not want the public to know about!
There's no such implication - just your paranoid fantasies and
conspiracy theories at work.
From: "Ant" <not@home.today>
| "~BD~" wrote:
>> 1. The "False Authority Syndrome"
>> Don't believe everything. Some people talk or write about viruses as if
>> they were an authority in this field, but in fact they are often not.
>> Ref: http://www.claymania.com/info-fas.html
| The link to vmyths (for more about FAS) on that page is out of date.
| Use this: http://vmyths.com/fas/ which redirects to a PDF written by
| Rob Rosenberger. It's a bit dated now, talking about old msdos viruses
| and bulletin boards, but the wisdom is still sound.
< snip >
You don't see Robin on Usenet as much lately. For a short while he was posting malware
humour.
I was communicating with him offline not too long ago and I was pleasingly surprised that
Robin and I have something in common.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Ant wrote:
> "~BD~" wrote:
>> 1. The "False Authority Syndrome"
>>
>> Don't believe everything. Some people talk or write about viruses as if
>> they were an authority in this field, but in fact they are often not.
>>
>> Ref: http://www.claymania.com/info-fas.html
>
> The link to vmyths (for more about FAS) on that page is out of date.
> Use this: http://vmyths.com/fas/ which redirects to a PDF written by
> Rob Rosenberger. It's a bit dated now, talking about old msdos viruses
> and bulletin boards, but the wisdom is still sound.
>
> "The U.S. Air Force highlights the concept of False Authority Syndrome
> in Tongue& Quill, their official publication on effective writing:
>
> Nonexpert opinion or assumed authority - Don't be swayed (or try to
> sway someone else) based on the opinion of an unqualified authority.
> The Air Force is chock-full of people who, because of their position
> or authority in one field, are quoted on subjects in other fields
> for which they have limited or no experience.
>
> (As this Air Force publication notes, False Authority Syndrome can
> attack people in all fields of expertise.)".
Thank you for the revision, Ant. The Conclusion in that document says,
quote:-
"I DON’T WANT to dispel any particular computer virus myths someone may
have told you — that’s not my goal here. Rather, I want you to question
a person’s expertise if he or she claims to speak with authority on
computer viruses."
>> My niggling concern has always been that
>> malware (call it what you will) might remain 'somewhere' within a box
>> ready to continue with it's malicious activity even though it's been
>> flattened and windows reinstalled (or even if a *new* hard disk has been
>> installed!).
>>
>> I suspect such thoughts came about from my contact and discussion with
>> our then High Tech Crime Unit - who recommended that I *destroy/trash*
>> the machine involved in my identity theft encounter.
>
> See the quote above. Police units dealing with computer crime are not
> authorities on malware. Their expertise is in gathering evidence
> (computer forensics) for possible prosecutions. They need to know
> where and what to look for on the system and, before they start, how
> to preserve or not corrupt that information. Sure, they may employ or
> consult experts who know something about particular malware in certain
> cases but did you communicate with one of these experts? More likely
> it was some desk sergeant or other front man whose job is not to
> educate the public about the finer points of fraudulent or malicious
> software but simply to give the safest and most general advice; i.e.
> trash the machine. In fact, that sounds like pretty dumb advice from
> anyone claiming to be an expert on malware.
You may well be right!
>> The implication was
>> that there is much more going on 'behind the scenes'- things that the
>> authorities do not want the public to know about!
>
> There's no such implication - just your paranoid fantasies and
> conspiracy theories at work.
Maybe so. Tell me, then, about the expertise and 'qualifications' of Mr
Lipman. I suspect that he's a 'professional' but seems reluctant to say
so. You talk as if you *know* him!
--
Dave
On 5/1/2010 7:19 AM, ~BD~ wrote:
> Dustin Cook wrote:
>>
>> If the article claims an infection in the bios or eeprom vs corruption;
>> then the article is indeed, wrong. BD.
>
> Thank you, Dustin.
>
>>> Take a step outside the box, David.
>>
>> Google bios and eeproms David. You might find it somewhat enlightening.
>
> I've done much research!
>
So ask specific questions based on your research, if you post links to
where the information was obtained folks can look at the original material.
Many folks have told you that in their opinion, and experience this
behavior has not been observed in the wild.
If you don't want the opinion of folks in the newgroup why would you
continue to ask for it?
John
"~BD~" <BoaterDave@hot.mail.co.uk> wrote in message
news:JOSdndli_pDIk0HWnZ2dnUVZ8vqdnZ2d@bt.com...
[...]
> At that link it says - quote:-
>
> "When you run the fdisk command to create, delete, or change a
> partition, all of the data on that partition is permanently deleted".
>
> I've always understood that to mean that any malware would be
> destroyed too!
Bad sectors (or sectors *marked* as bad) in this case might be
considered "outside" any partition.
[...]
> That is my understanding too. My niggling concern has always been that
> malware (call it what you will) might remain 'somewhere' within a box
> ready to continue with it's malicious activity even though it's been
> flattened and windows reinstalled (or even if a *new* hard disk has
> been installed!).
Warning - - an analogy follows:
Some vaguely described monster has finally been *killed* by the monster
hunter and you have an uneasy feeling that the monster can rise from the
blood at the scene of the killing. Well, it ain't gonna happen, but when
you asked an expert if an entity like that could be resurrected from its
blood - he said yes and told you about DNA and sheep, cats, etc...
The thing is, the expert wasn't asked if the entity could self-resurrect
from the blood left behind after the killing of the monster.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote