I don't get it.

I'm back on Linux again... Because it seems that my Windows install got rooted.

I don't understand how it happens. I surf safely, never use pirated software, use HIPS and sandboxing and a good firewall... And I don't get a single bad notification from anything in my security setup. Yet when I do a normal sweep for junk files with Glary Utilities, what do I find but two "zero-byte" driver files with random names that can't be deleted?

It's not another infected machine on the home network. I'm pretty sure none of my CDs nor my USB stick are infected, nor the wireless at work... But either I am seeing things or something is slipping past my guard, even while others surf around the dark parts of the web with no more protection than XP firewall and an AV and come out unscathed.

Could it just be my lack of knowledge of Windows? Does XP normally produce tiny randomly-named driver files out of nowhere? Is this a PEBKAC situation? Or is there something sinister going on here?

 

2 zero byte files made you think the machine was rooted? what and where were they?
from what you are saying you have implemented i think it unlikely something slipped your guard

 

They were randomly named .sys files in C:\Windows\system32 IIRC.

And yes, I admit it... This could just be a combination of my innate software paranoia and my relative newbiness regarding Windows.

 

Why would you want to use Windows when you are familiar with Linux? It's like choosing between a Pinto and a Benz.

 

Because Linux is sluggish and unstable. There are workarounds for Windows XP's lack of security (supposedly anyway), but there are none for Linux's lack of stability; at least, not on a netbook which requires the latest and greatest kernel for the ethernet to work right.

(Plug in a monitor. Crash. Close VLC. Crash. Lock the screen. Crash. And of course lose all your data in the process. None of this on Windows, mind, whereas on Linux I've experienced unrecoverable more crashes in the last three years than I did in 3 years of Windows 98.)

 

Not to get off-topic here (as this is probably better suited for the Unix forum), but what distro are you using? Have you tried UNR? You shouldn't be seeing that kind of crashing unless perhaps you are using BETA distros or something.

 

Tried UNR, that was the one that crashed when I tried to plug in an external monitor. Yes, with default settings.

Anyway I've tried all sorts of distros, from Arch to Debian (Testing) to Mandriva to OpenSuSE, and all of them have had stability issues. I would be using Debian Stable or CentOS or such, but that is impractical because of the netbook's ethernet card, which is not supported properly by kernels < 2.6.31.

 

It could easily be that some legit software you've installed is creating those drivers. Could be an anti-rootkit scanner, a DRM protection software like Securom or Safedisc, virtual drive software like Alcohol or Daemon Tools or any of the zillion other possibilities. Or it could be just that Glary Utilities is messed up and seeing things. There's really no point in assuming you're rooted just because some "cleaner" software finds a couple of strange files. Especially when only a few months back, the cleaner software in question came infected with the Induc virus - some serious security issues in the development environment of the Glary Utilities coders.

Can you actually see the driver files in the file system? If you boot to a clean environment (use a Linux disc if you wish), can you see the files? If you can, peek inside with a hex editor and see if you can find any clues on what they might be. You could also just delete them, and then experiment to see what will recreate them. You could use Process Monitor's boot logging, for example, to try to see what's touching those drivers and perhaps catch what's creating them.

That sounds like Linux really doesn't like your hardware, or you've got some faulty driver (display drivers are always favourites) causing stability issues.

 

Well, the above is a pure and complete FUD, please move such nonsense out of this forums. You know, it's supposed to be kinda serious stuff here.

Also, check you RAM with something like memtest, check that your CPU is not smoking and in general avoid buying broken "cheap" HW. And yeah, broken binary drivers from nVidia/ATI.

 

I... didn't even check. I guess I panicked a bit.

I had issues like that on my last laptop too, whenever I used a non-stable/LTS distribution. Which is why the laptop now runs Ubuntu LTS.

It's not FUD, just my own experience as a Linux user.

CPU isn't smoking, hardware isn't broken (as I said, works fine with XP and 7). Might be a good idea to run Memtest though, I hadn't thought of that.

Re nVidia/ATI: I have heard many a horror story about ATI, especially the OSS drivers (which got kind of broken when KMS was implemented). However, at work I'm installing Linux on machines with nVidia cards fairly regularly, using the nVidia binary drivers... And they work great, not a hitch with the drivers themselves on any machine so far.

(I say "with the drivers themselves" because Fedora requires you to blacklist the nouveau driver first, otherwise X will crash.)

 

Back on topic here, also some SysInternals utilities try to install randomly named drivers (stuff like PageDefrag etc.)

 

Hmm. Maybe it was PrivateFirewall? I've heard some HIPS programs do similar stuff.

 

You know, this is the sort of attitude that I don't like from some people here. Just because YOU haven't seen these issues, doesn't mean they don't exist. Why don't you move your attitude from this forum instead?

@Gullible: It's quite likely some security software installed these files, or, as said, some other harmless software did it. If you were infected and you had a good security scanner/protection onboard, it would have most likely sounded an alarm. As far as Linux, no, you're not spouting "FUD", which, by the way, some people need to understand what the term means before they open their mouth and accuse others. A LOT of people have issues with Linux. My old system did as well. Not that long ago, if anything made by ATI or Creative was in your system, chances were good Linux was going to throw a fit. Linux STILL has issues with hardware and drivers not being compatible, and it isn't the fault of Linux, it's vendors.

I'm not surprised at all you had issues. It sounds like you just have one of those unlucky systems, and not much can be done outside of picking parts yourself. It's getting better, but Linux is still a no-go for far more people than is realized, due to hardware/software.

 

Similar issues are NOT caused by Linux. They are caused by broken HW and/or broken drivers. Statements like "Linux is sluggish and unstable" or "Plug in a monitor. Crash. Close VLC. Crash. Lock the screen. Crash. And of course lose all your data in the process" are pure FUD that doesn't reflect reality in the least. That's my knowledge as a Linux user since ~ RedHat 5 and as a Linux developer for a couple of years. Linux is not Windows ME to crash like this; if it does for you, then you have a serious problem in HW department. That problem needs to be diagnosed and fixed, either by replacing the faulty HW or by fixing the faulty driver. And the loss of all data on a netbook w/ a battery begs for asking what kind of filesystem is the OP running, must be tmpfs in RAM I guess.

 

If it is a dirver issue then it is a Linux Developer issue. Linux Developer designed some faulty driver code.

Why are distros providing specific support for netbooks?
For instance, a netbook hardware compatiblity wiki, Mint and Ubuntu.
Because there isn't universal support for netbooks and their hardware.

Why are there distros for certain netbooks?
Because.
Because, because.

As for those zero byte files, I can only offer an opinion.
With everything you can, scan those files. If you did, scan them again, we'll teach those files.

 

Sigh. For nVidia/ATI binary drivers, go to nVidia / AMD with your complaints. For pretty much anything else - go to the manufacturer. Unless the vendor provides specifications for their HW, you are left with reverse engineering the thing. Takes some time, as you can imagine. Then there are this netbook/notebook specific issues like turning on the wireless/bluetooth via the special keys which are implement in a broken way and return no scancode at all. Same thing for the related LEDs. Then there are these wireless drivers - the HW tends to be cheapo broken piece of junk with lacking documentation and relying on binary firmware blob. I'd rather not mention the notoriously broken BIOS implementations.


Anyway, using a "normal" distribution on a netbook won't "crash all the time" as was claimed here. I will simply mean that some of your HW will not work (such as the wifi thing). If you want to debate this, move to the appropriate forum. Getting completely OT here.

 

They'd have an easier time of things if Linux had a stable driver API.

I do concede that point... However, most of my issues have been with the Intel video drivers, and AFAIK Intel does provide specifications for those. (And I'm pretty sure ATI/AMD provides specifications for Radeon cards, despite the fact that the OSS drivers frankly suck.) And there's also a lot of bugged stuff that has nothing to do with the hardware, e.g. the PulseAudio mess.

Then why bother supporting that stuff? It's convenient, sure, but it's not essential, at least for the vast majority of laptops and netbooks. I don't care if my LEDs and hotkeys work right; I care that my wireless works, and that XOrg doesn't crash all the time and lose the data for every freaking application I had open when it does.

Again, it would help for Linux to have a stable driver API so that binary blobs could be depended on. Yes, I know, nobody likes blobs - but unfortunately proprietary software is here to stay, and developers have to deal with it.

(You are right about the broken BIOS implementations though. I have had plenty an issue with buggy ACPI implementations on *BSD.)

Perhaps I'll start a new topic, then. See you there.

 

Linux kernel never claimed to have one and never will have one. It'd be easier if they provided source code w/ their drivers, or at least the specs and documentation.

That's nice, however some portable computers have no other option to get the HW activated but those broken hotkeys. And people want their LEDs.

Yeah, good idea.

 

Hey Gullible,

Were you using any software like Alcohol/Daemon tools ?

The reason asked as rootkits are not necessarily the remit of malicious code....

 

Nope, neither of those, and no software containing DRM or copy protection measures.

 

That's bull. Linux works better OOTB than Windows does because it has more drivers. When I install a Linux distro, I don't have to do anything -- everything works -- sound, video, 3d compositing, USB devices, CD/DVD, everything. Most people have the same experience as me. This guy is an anomaly, not the norm.

The big lie is that Windows "just works" and Linux doesn't. The facts don't bear that out. Show me a person who installs Windows and doesn't have to go searching for all his old driver disks once done. I never have to do this on Linux.

 

I've installed Windows 7 32-bit and 64-bit versions on several systems and have not once had to search for old driver disks, etc., like I had to with XP.

 

on both my systems running windows 7 they both need drivers from a disc.
for my laptop its the microphone part of the sound. the rest of the sound is installed just not the mic.

for my desktop its my soundcard (creative x-fi) and wireless (realtek chipset)

recent inux distros detect all the hardware on both machines OOTB.