The holiday season served me a nice slice of humble pie this year. A friend wanted to send some confidential information and my encryption tools were out of date. But as soon as I updated them, my firewall essentially fell over, complaining that the new application - one normally relegated to local file-based activities - was attempting numerous outbound connections. "0wn3d," as the kids would say, I pulled the plug and shut down to ponder the error of my ways.
"You've been had!"
Though it would not have prevented the incident, my first mistake, I decided, was not checking the digital signature of the downloaded binary instead of just the hash that showed the file was undamaged. I started digging to see what else might have been wrong with the software or on the system to trigger the activity connected with the software.
I found the real culprit in the system and recent changes, and had a short dialogue with the software's author. It seemed that either the application's code repository was breached or some resident malware already on my system targeted that specific software.
I rebooted the system to its alternate Linux partition, mounted the Windows C: drive, and had a look at the offending software and related data. (Those without a dual-boot setup could do the equivalent with a bootable security-focused Linux distribution - an excellent one that includes forensic tools is BackTrack, the Slackware-based union of the older WHAX and Auditor projects).
However, what I found was less than informative, since virtually every avenue led to potentially infected operating system components with little or no documentation - and no way to manually verify binaries without long and potentially licence-violating duplication or downloading of code.
Without more information regarding operating system components, I was out of luck. After poking at the damaged Windows system and looking at various pieces of dormant code and recent system changes, it became clear that the effect of a mixed open-source and closed-source system was to increase my risk.
Meanwhile, work called, and the philosophical aspects of this logic puzzle fell by the wayside. The path of least resistance was to blow off some of the dust in the Ubuntu partition, catch up with updates I'd deferred and get on with my life. Within a week, I decided to make it permanent: I'm done with Windows as a base operating system.
Cracked foundation, broken Windows
That's not to say that I'm jumping on an anti-Windows bandwagon - just recognising what a tool's good for and when to set it down.
Here's a non-digital example. The folks at Stanley Works make a multipurpose demolition tool called the "Fat Max Fubar" (allegedly the "Functional Utility Bar") that does the work of a half-dozen other tools. It feels good in your hand when you're being hostile to inanimate objects, but it's no good for installing a sink or hanging a picture - even if it does make a decent framing hammer.