Six hundred miles by car in ten hours with a five year old
They said it couldn’t (shouldn’t) be done, but we made it! I can’t believe how well Nate behaved. I’ve done road trips with adults who were more difficult companions.
View Larger Map
I bet you know these people too
The other day, I was involved in on-call, Maria was wrapping gifts and Nate was doing his best to annoy both of us. So I ordered him downstairs and put on a tivo-ed cartoon. I then walked into Maria’s office and said, “We used to know a young couple who said that they would never use the television as a baby-sitter. I wonder what ever happened to them.”
To my family and friends running Windows...
I regularly get questions about the virii, worms, trojans and other malware infecting Windows. Lately a very convincing and hard to clean piece of malware is making the rounds so I decided to write up several previous discussions to get all this in one place.
First, let’s be clear: I don’t manage or run Windows systems at work anymore and have not in several years. I spend most of my time in Unix; I’m an occasional user of a managed corporate Windows deployment and someone else worries about all this. When I do need to run Windows at home, it runs on a Mac inside a VMWare Fusion virtual machine or under FreeBSD or Linux using Virtual Box. I take snapshots of the virtual machine and restore it when I’m done. If that made no sense then detailing what I do for myself is probably not going to work for you, but I’ll try to offer some advice on cleaning up and avoiding some of these problems.
The procedure for cleaning up is simple, in theory:
- Take the machine off the network, preventing reinfection and the spread of the existing infection.
- Get the host to a state where important files (documents, pictures, music, etc.) can be backed up. If you do not have a backup device, improvise by burning to CD or DVD or use a USB stick.
- Use the original installation or recovery disk from the vendor to “nuke and pave” (wipe clean and reinstall) the box returning it to an original pristine state.
- Restore your data.
- Prevent reoccurrence.
In practice, it’s not so simple. Skim the longer explanation below. Don’t panic. If it sounds like more than you can do, spend the $250 for your local computer shop or the Geek Squad (Best Buy) to handle it.
Before getting into the malware, some comments on network hygiene. If the box is connected directly to the internet via a cable modem, it’s probably infected whether you know it or not. See this article Unpatched PC Survival Time Just 16 Minutes which was true in 2004 and still applies today. If you have DSL or FiOS with a company-supplied router (not a bridge) or have a router or wireless base that you supplied (like one of these from Linksys or Belkin among several makers) then you might have a small barrier between your machines and whatever comes knocking from the outside world. If you don’t have one, get one before you begin or you’re wasting your time. Be sure to update to the latest firmware and change the default password.
Next a comment on the behavior of malware, if the box is infected with one piece of malware it probably has more. Disconnect it from the network and leave it off until you can deal with it for a few hours uninterrupted. Many pieces of malware scan the local network or present fake services or subvert them (for example, DHCP which is used to dynamically assign an IP address) to infect other hosts. These can spread over a wireless network, too. Trojans often require someone to do something- accept a pop-up, run a game, load a program, play a video- as a means of getting their foot in the door. Worms and self-propagating nasty things don’t need help. Plan to spend time checking and cleaning any other computers on your home network.
Using a different, uninfected machine download fresh copies of Avast! (anti-virus), Ad-Aware (malware cleaner), Malwarebytes (another malware cleaner), and Spybot Search & Destroy (yet another malware cleaner) and burn them to a CD. The free versions are fine for this purpose. Be sure to only use the official releases linked above as there are a bunch of fakes circulating with trojans in them. Last download the complete Microsoft IE and Windows updates and burn those to a CD. You’ll need all of these to remove the initial infection or reinstall.
If you have a full-system backup, stop. Your backup is probably infected too. If you’ve made an ad hoc backup using a CD, DVD or memory stick assume it is infected but go ahead and make a second one now. Trying to save your applications and settings is usually a lost cause so focus on the data. If the machine is somewhat usable (ex, pop-ups, fake blue screen, etc.), try to install the new copies of the programs above then run them to clean out the system. If this fails or you can not install and clean you are at serious risk of losing your data. As a last ditch effort where you can not get one-on-one professional help, you might try creating a boot disk on another machine and copying off the files by hand or installing a second minimal copy of the original operating system in a second directory or on a different harddisk. If your machine is recent and can boot from USB, there are commercial and non-commercial (ex. Bart’s PE Builder) ways to build a bootable Windows image on a flash drive but if you can do that, you probably don’t need my help and would not be in this mess. Understand that even if you succeed in retaking the machine, the software on it is not trustworthy. The point is that you should be able to back up your data.
At this point, if it’s not obvious where I’m heading, I recommend wiping the machine entirely and reinstalling from scratch before you connect to the network. Apply the patches you downloaded above for Windows and Internet Explorer. Now that you have a clean machine, install the anti-virus and anti-spyware mentioned above. Do not restore your files from backup yet! All updates need to be done before putting the box back on the network or you’ll simply get reinfected. You should have that hardware device (router, access point, etc.) I mentioned earlier between you and the cable or DSL.
Do not restore your backups and reinstall your apps. Seriously. Scan them with the anti-virus and anti-spyware first. If you’ve taken full system backups, you are going to restore only the data (MyDocuments, etc.). Do not restore the whole system and overwrite what you just cleaned up. Restore this subset of the backup to a new folder and scan it. If you work with an ad hoc backup, copy the data to a new folder and scan it. Next move on to applications. Only install ones for which you have the original disk or trust the download site. Do not trust C|Net, download.com or any of the other sites that track software they didn’t write. Only install from the original vendor or author. Do not install any “free” games, screen-savers, plugins or video codecs. It’s okay to install Adobe Flash and Shockwave and the Apple Quicktime Player. When you are done, take a full system backup and create a “Restore Point” using the Microsoft System Restore tool. This will be the reference copy if you ever need to do it again.
Finally, to prevent reinfection you need to change habits:
- Don’t run or double-click anything you download that isn’t vetted first. This means no solitaire games, toolbars, screensavers, browser plugins or other gadgets. It also means no email attachments and documents. Be paranoid.
- Don’t click on pop-ups or click “Okay” until you know what the message means.
- Don’t use file-sharing networks and peer-to-peer software. It encourages you to run software you haven’t vetted and to open files from untrusted sources.
- Install anti-virus and keep it updated. Pay for the subscription.
- Install anti-spyware, keep it updated and run it regularly. Pay for the subscription.
- Use a white-list only firewall. Only permit the traffic you want to and from your PC. Microsoft ships one built in and I’ve heard that Comodo is good and Norton is acceptable. Pay for the subscription. Either way, pay attention to the pop-ups from it.
- Use a different browser. I suggest Firefox instead of Internet Explorer. It’s generally better and presents a smaller target.
- Disable or restrict ActiveX, Javascript, Flash, Java and every other plugin. For Firefox users this is best achieved using the NoScript Plugin and only permitting trusted sites to execute scripts.
- Run a filtering proxy and configure your browsers to use it. The open source Privoxy can help you screen out junk. Download Privoxy for Win32 from sourceforge.
- Don’t use Outlook or Outlook Express for email. Their previewing of attachments is a opportunity for infection. Try Thunderbird instead.
- Don’t use AOL chat or any other branded chat clients. If you have to use a chat client try Pidgin.
- Take regular full backups. An external hard drive and the commercial Novastor or the open source Areca will do.
- Make regular ad hoc backups of your data. Burning to DVD is an easy and reliable method.
- Make a recovery disk, ideally a recovery USB stick, and keep it updated.
I know no one is going to follow that list until they get burned for the second time.
Happy birthday Nate
Four years old. Monday night we wrapped and set out presents and Maria put the big red birthday plate and a party hat at his seat at the dinner table so he would find it at breakfast. I think we were more excited than he was until he unwrapped the gifts from his uncles Joe and Stephen (no longer pronounced “the uggles”) and found “Krypto, the Super Dog” videos and books. It’s all super dog and space aliens with him lately, with his serious-voiced emphasis on how the latter are “not too scary.” This weekend we’ll have his birthday party, the third celebration of it, actually, after having cake for the kids at school and another cake at our Fourth of July party. It’s good.
The questions he asks
I used to think it was a joke but as the parent of a three and a half year-old, I know first hand that kids endlessly ask questions. What’s interesting is the evidence of his developing awareness:
- Why does the moon follow us?
- Where do birds go at night?
- Why do some people have dark skin?
- Where do cars come from?
- Why is there fighting in Israel? (After hearing NPR while I drove him to daycare)
- Where do boo-boo’s go?
- Can I see the bones inside me? (After finding my medical text on anatomy)
- Are pirates bad guys? (I’m guessing more NPR…)
- Do crows eat garbage? (The Hudson valley has a lot of crows)
But just the other day after reading the children’s book [What Pet to Get](http://www.amazon.com/What-Pet-Get-Emma-Dodd/dp/0545035708), the questions got harder. In the story the little boy suggests a dinosaur as a pet, the mother says that they’re “extinct”. We explained what extinct means.
Nate asked “Dinosaurs are extinct?” Then he volunteered, “There’s nothing but bones left?”
“Yes.”
“Is the mastodon extinct?” He loves the Cohoes Mastodon [exhibit at the New York State museum](http://www.nysm.nysed.gov/exhibits/longterm/mastodon/index.html).
“Yes.”
“Extinct things are not alive anymore?”
“Yes.”
“They’re dead?”
“Yes… why do you ask?” Uh, oh. Maria laughed at me.
“Will Knuckles be extinct?” Knuckles is our cat.
“Not extinct, he’s going to be alive for a long time. Cats can live to be 20 years old. You’re three so it’s a long time.”
“Will Brandy be extinct?” Oh, boy. Brandy is his grandparents’ dog.
“She’s old, but not extinct,” I pause. “Extinct means there’s no more of that kind of animal.”
“Oh.”
You could see the gears turning. The next questions are not going to be easy.
Happy Third Birthday Nathan
July 7th 2005 was more than a little important but I remember things in clipped scenes, very clearly, slightly unreal, not quite my life. I remember the waiting, how our baby was weeks late, Maria in labor, the doctor beaming confidence, the midwives, the electronic fetal monitor, the ob residents ducking in for a peek, Maria stunning them and the doc with a well-timed joke, surgery, recovery room, natural childbirth that didn’t work out as planned, healthy baby boy big and pink, a grub in blue and white swaddling, the worried-relieved faces of her parents, our friends, the nice nurse, the mean nurse, how the hospital wouldn’t let me sleep in the chair next to her, driving myself across Brooklyn, not knowing how I got home, leaving an incomprehensible outgoing message on our answering machine. If I had any thoughts that morning, I couldn’t remember them that night let alone three years later.
We went swimming after an early dinner and tonight, like every night, we read stories on the chair and a half then went upstairs to get ready for bed. Like every Sunday, I gave Nate a bath. I dressed him for bed, closed the shades, pulled up the covers, turned on the fan, recited a litany of stay in bed and don’t get up too early and we love you that takes the form of a call and response. Settled him back to bed and repeated the exchange when he woke to use the potty. There’s a daily routine made up of little routines. Tomorrow he will be three years old. When he’s six I probably won’t remember what I was thinking about tonight. The routines will be different. The mental scrapbook full of what he said and did, that like every parent I say I should write down, or video, so that I won’t forget but don’t, dog-eared and faded next to a stack of crisp postcard memories from a very long day in summer 2005.
Happy third birthday Nathan.
Happy New Year
Happy New Year!
It’s a bit different already. For one, it started three hours fifty minutes after some student renters down the block woke us by ringing in the day with hollering in the street and shooting off bottle-rockets when Nate woke up, jiggled open his door and came upstairs to tell us he was awake by climbing into our bed. Maria finally got him to settle down at five and then he woke at seven to really start the day. I let her sleep and took a nap when he did. For another, I had been up for almost six hours, vacuumed the rugs, dragged the xmas tree to the curb, shovelled the walks, tried to build a snowman with Nate and was watching him play in the snow when a couple of twenty-something guys walked by looking very lost and I overhead one of them say to the other, “Yeaaah! And that’s when you came out in your underwear!” It’s different.
"Nups"
My son already renamed the cat, now he’s renamed his paternal grandfather. We’ve been using the titles “Gramps” and “Nanna” that my folks chose for themselves and Nate went along, but while driving from the airport to their house he decided that “Gramps” is better called “Nups”. He has no problem saying “Gramps” or making any of the sounds so the reason is all his own. He won’t explain and he pays no attention when I correct him. Dad thinks it’s funny so “Nups” it is.
Cat, renamed
Nathan has given the cat a new name: “Knuckles”.
Why? I don’t know. He says, “Knuckles! Cat!” and giggles. Then he tries to give it a big hug around its rump, which it tolerates but doesn’t work out so well in practice. Why? I don’t know. The cat, back to his fighting weight after sixty days of on-demand dry food and a strenuous regimen of sleeping on chairs and lazing near sunny windows, is non-plussed.
New cat, mostly unseen
We adopted a cat over the weekend from the local shelter, an affectionate neutered three-year-old tom named “Garfield”, owing to his orange tabby coloring and his previous owner’s lack of imagination. Owing to our lack of foresight, he found the cat door into the basement and spent his first twenty-four hours hiding between the joists. We planned to put his litter box down there but didn’t anticipate the cat seeing it as an escape hatch from his new digs. Last night we coaxed him into the cat carrier and brought him upstairs to his fleece bed, locking the cat door behind us. Today he’s spending most of his time getting acclimated by hiding under beds and behind chairs with forays out for exploration and some head-scratching, chest-rubbing purring with adults. He is tolerant of Nathan and Nathan is gentle but the boy is still a two-year-old and his jumping, running, yelling, loud playing with toys, what-not racket sends Garfield off to quieter rooms.
Ross Lonstein
