Previous Section  < Day Day Up >  Next Section

Recipe 13.13. Virus-Scanning Windows PCs with Knoppix

13.13.1 Problem

You want a quick, inexpensive method for running virus scans on Windows, indepent of the operating system. You know that the installation disks for commercial antivirus productes, like Symantec and McAfee, can be used to run a preinstallation virus scan, but the virus definitions are going to be months out of date.

13.13.2 Solution

Get yourself a copy of Knoppix 3.4 or newer. You'll need Internet connectivity to download fresh virus definitions. You can either run a scan-only or a scan-and-disinfect on Windows partitions with FAT16/32. On NTFS filesystems, you can only run a scan because write support for NTFS is still unreliable in Linux.

Boot up Knoppix. Go to KNOPPIX Utilities Install software. This brings up a menu of available packages to install; check f-prot.

After f-prot is installed, select KNOPPIX Extra Software f-prot. This brings up the f-prot menu; the first thing you want to do is 4, "Online Update."

After the new virus defintions are downloaded, select partitions or directories to scan. Knoppix automatically mounts all partitions on your system, so you can easily select the ones you want. To run a scan-only, hit the "scan" button—and go find something to do, because it will take awhile. When it's finished, you'll see a report showing the results of the scan.

To scan and disinfect, run f-prot from the command line instead of the graphical menu. First, make sure the partition is mounted read/write; simply right-click on the icon for the drive, which is on your Knoppix desktop, and left-click Actions Change read/write mode.

Next, open a command shell and run this command, naming the partition you want scanned:

$ f-prot -disinf -list /mnt/hda1

The -list option shows the scan's progress and the -disinf option will disinfect the system. That's all there is to it.

13.13.3 Discussion

This approach has a number of advantages:

  • You are working from a guaranteed clean operating system—and since it's on a nonwritable disk, it's impossible to compromise.

  • Because you must power down the PC to boot Knoppix, any memory-resident nasties are evicted.

  • It's free—so you can burn masses of disks and go on a virus-scanning spree.

f-prot has a Windows edition for $29, and liberal licensing terms for home users; it covers all your home computers. There is also a free Linux workstation edition; sure, we can mock and abuse Microsoft all we want, but all it would take is one evil genius writing a lethal Linux exploit and hordes of happy script kiddies distributing it all over the planet in a heartbeat, and we wouldn't be laughing anymore.

13.13.4 See Also

    Previous Section  < Day Day Up >  Next Section