December 27, 2003

Linux evangelism opportunity from Microsoft worm/virus web woes

[I wrote this in reply to the message message on Dave Farber's list about not being able to connect unpatched Windows PCs to the net because they instantly get infected by Microsoft worms. But it apparently didn't make the cut]

Subject: Re: [IP] Microsoft's festive advice: Don't plug our PCs into the Web
> But as Simon Moores, an internet consultant, pointed out yesterday, the
> software giant's admonitions "place the world in a catch-22: you can't be
> sure that it's safe to go online unless you connect to the internet and get
> a huge file of security updates from Microsoft, and new anti-virus files -
> which are also only available online".

Every time I see something like this, I think there is a great evangelism opportunity in having a bootable Linux CD which is optimized for naive users to use to go online to download fixes and updates from Microsoft. Take the idea of a "rescue" disk, and expand it to "rescue-from-Microsoft" CD.

I can see it now: "Oh, you have a new PC - here, take this "rescue-from-Microsoft" disk. You'll need it to go online without being infected by Microsoft viruses in the first place. Why do you need it? Well, let me tell you a story ..."

[I had cc'ed this to someone, and they asked if it was in fact feasible. I replied per below]

I believe so. Bootable Linux CD-ROMs have been around for ages, and then one would have to apply all the work which has gone into automatic configuration. It probably wouldn't work for every conceivable PC. But I think it should be do-able for the mass-market machines. Take a look at the "Linux Bootable Business Card":

The LNX-BBC is a mini Linux-distribution, small enough to fit on a CD-ROM that has been cut, pressed, or molded to the size and shape of a business card.

LNX-BBCs can be used to rescue ailing machines, perform intrusion post-mortems, act as a temporary workstation, and perform many other tasks that we haven't yet imagined.

It would seem to be a straightforward step to adapt this to something optimized for downloading Microsoft updates for new PC's.

By Seth Finkelstein | posted in security | on December 27, 2003 11:17 PM (Infothought permalink) | Followups
Seth Finkelstein's Infothought blog (Wikipedia, Google, censorware, and an inside view of net-politics) - Syndicate site (subscribe, RSS)

Subscribe with Bloglines      Subscribe in NewsGator Online  Google Reader or Homepage


I'd recommend making building it around Knoppix - it's a fairly good CD-based Linux distribution that has fairly up-to-date software and is pretty good about figuring out hardware.

Posted by: Ravi Nanavati at December 28, 2003 02:45 PM

It's a good idea - but - the 2.4 Linux Kernel can't write to HPFS file systems. If they put a 2.6 kernel on it then that might work.

Posted by: Marc Perkel at December 28, 2003 03:43 PM

It's a nice idea but I suspect that Microsoft will be spurred on to release their security CD first. It's a little overdue now to say the least
Simon Moores

Posted by: Simon Moores at January 2, 2004 11:11 AM