I like to write about two things, politics and writing. I really don't have any ideas for either topic, but there is something technical that I can rant about while I'm my desktop is occupied and currently unusable. Right now, I have a hardware virtualizer called QEMU running on my XP SP2 desktop, and within it, I am installing another copy of XP to play around with as the 'guest OS'. I also have a fully functional (sans networking) image of Slackware 9 laying around. The reason I have the Linux image is simple and precise: there is only one program for writing scripts in Linux that runs natively, and I don't much care for it. This is a big deal for me, because I am *not* upgrading to Windows Vista under any circumstances and will have to switch to Linux at some point in the future, and as I said, there is only one program for Linux that does the job. Once XP has outlived its usefulness, I'll take the Slackware 'image' I have set to my liking, and just copy the sucker to the hard drive, and be done with it. It will pay to get it setup now rather than later, so I can just start using it whenever. Inside the virtualizer, I can do that without repartitioning my machine or getting another hard drive.
This whole virtualization thing is pretty slick stuff. A program like any other, except it emulates a PC, allowing you to run another OS inside it while your host OS is still running. What this will allow me to do in the future is run Linux as my desktop operating system, and when I need to, start QEMU and boot up Windows XP, and finally run Final Draft, my choice in script writing software. No having to dual-boot, no having to keep an extra PC around just for that. My only concern is that I'll be using FD every single day, and as slick as the solution is, it most certainly will become tedious. I'll just have to try it out and see how it goes.
I've seen people talking about how virtualization technology combined with rootkits could make a rootkit that's undetectable by the host operating system. Makes sense, and sounds at first like a really bad thing that we're all going to have to deal with eventually, so why not deal with it right now?
There are some very stubborn pieces of malware out there that hook into every running process on a system, safe mode or not, and can't be removed from the system while it's running. The only solutions are to boot off a CD (assuming you can still access the system, which is not likely without a specialized live/Linux distribution that supports writing to NTFS,) or taking out the hard drive and installing it into another machine as a slave. I did the later recently, and while I nailed the malware that was hooking processes (when I said everything, I mean everything. It hooked explorer, so I killed explorer and launched cmd.com via task manager, and so it just hooked cmd.com,) a full scan with AVG and Ad-Aware didn't even come close to cleaning the entire system.
This got me to thinking about how you could have an anti-virus/malware application would be immune to the hide-and-seek game with rootkits, and access denied games with process-hooking malware. While a bootable CD-ROM based suite of software can get the job done, that's still a bit of a kludge. How about putting the security software where it can't be touched and can be run without restarting the system? The trend toward giving the BIOS more OS-like features has already started, and the first step should be placing the malware/virus fighting software directly inside it. No rootkit, malware, or virtualization software can hide from the BIOS, and that kind of software needed to stop being run from the application/system space a long time ago anyway.
Well, my QEMU VM just rebooted, and it appears I have a copy of Windows XP w/SP1 ready to play with in a pristine clean room state. Not really sure what I'll do with it, but it works.
My latest and last SGA spec script, Exile, is coming along nicely, and I should have been working on it instead of messing around with this QEMU crap. Truth is, I knew it was going to take a long time to get XP installed under it since free virtualization is almost always dog-ass slow, and Final Draft just runs way too slowly on my laptop to do anything with it. But that's done now, so I'm going back to work. I wrote the entire first act in like a four hour stretch recently, so at least I'm getting faster at this. It still intimidates the hell out of me that people have to write these things in three days.
Like this post? Subscribe to RSS, or get daily emails:
Got something to say? Post a Comment. Got a question or a tip? Send it to me. If all else fails, you can return to the home page.