"Undermining my electoral viability since 2001."

Outlandish Josh

Published on Mon, 2005-01-10 13:47

Killing Word Macro Virus (W97M.Thus.A) On MacOS X

This blog entry contains instructions on how to clean up your system if you have a little outbreak of a Microsoft Word macro virus called W97M.Thus.A. It's also rife with commentary. If you want to skip straight to the step-by-step instructions, click here. Otherwise, read on.

Welcome New Visitors
It seems this post has gotten a kind of second life of sorts. That's cool. I just want to reply to this commentary from my most prodigal new linker: "This ends the myth that switching to MACs will make computing life any easier." I take exception to "any easier." If you meant "completely without hassle or danger," then you'd be right. But I think there's a little hyperbole at work here. Anyway, I'm glad people are finding this information useful. On with the show!

One of the great things about Apple software is its general security. The operating system has always been developed by a tight team of engineers (compared to Microsoft's assembly-line methodology) and now with a firm basis in the UNIX-like BSD system -- Apple's flavor is called Darwin -- the core system code is not only extremely efficient and well-documented, but also highly secure because of the number of people constantly vetting it all over the world.

Also, because the user-base is small compared to Windows, there's not as much incentive to create spyware/malware or viruses. However, the flip side of that is that most Mac users assume they don't need to worry about viruses, and if they do have a problem, not as much is known about how to fix it.

Case in point: sometime over the past year, I picked up the W97M.Thus.A, a macro-virus which uses Microsoft Word's internal scripting language to self propagate. It is harmless on Macs, but it can spread to PCs where it will attempt to delete files every December 13th. Annoying, but I really didn't want to spend $100 on some software just to clean my MS Word files. I don't like MS Word and very rarely use it, so I started looking around for another solution. Here's what I found.

Detection:
Thanks to the aforementioned BSD-base, Mac users and developers can make effective use of the wide world of open source libraries and tools. There's a collaboratively maintained and updated database of virus definitions and engine for checking files called ClamAV. Pretty cool.

Cooler still, British systems analyist Mark Allen has packaged for MacOSX as clamXav. Google eventually brought me that piece of code, which in turn informed me as to the name of the virus I was having problems with.

A little experimentation confirmed that some of the proposal files I was working with were infected with W97M.Thus.A. Since the folks I send these to are often PC users, there's a risk that the virus could negatively impact their system. I'm also asking them to employ me based in part at least on my technological acumen, so sending a virus with my proposal is embarrassing, perhaps livelihood-imperiling.

However, ClamAV/clamXav are virus detection programs. They don't deal with removing the bad stuff. I knew what I had, but not how to get rid of it without dropping ducats on MacAffee or Symantec.

Removal
I figured out that brand new Word files were infected, so I ran clamXav on the application itself, wanting to see if the virus code was somehow inside Word, or maybe living elsewhere. Turns out the only place it appears is in the "Normal" template, which is what all new documents start out as. I deleted the template and relaunched Word, and lo and behold I could create new clean documents. However, as soon as I opened any old infected document, my Normal template was hosed immediately.

Then I discovered through a little more googling that part of the action of the virus is to disable "macro virus protection" within Word. This is a feature that has Word warn you when a macro-embedded document is being opened, and allows you to disable macros while working on it if this is unexpected or suspicious. I was able to turn it back on simply by selecting Preferences from the Word menu and hitting the Enable Macro Virus Protection checkbox.

Now when I open infected files, I can disable macros and prevent my "Normal" template from picking up the bug. All that's left is to clean up the files I'm working on, which becomes as simple as opening them, taking the option to disable macros, selecting all, copying, opening a new document, pasting and saving.

Instructions
So, to bring it all back home, here's what to do if you get people telling you your Word files are infected:

  1. Get a copy of clamXav, and run it on your documents. See what's infected. Maybe move them all into one quarantine folder for the sake of keeping order.
  2. Find your "Normal" template. It's in the Microsoft Office X folder, in the templates sub-folder. Trash it. Word will auto-generate a new one.
  3. Go into your Preferences (in the Word menu) and hit the Enable Macro Virus Protection checkbox.
  4. Go through your infected files. When you open them, accept the option to disable macros. Select all, copy, create a new document, paste and then save the new document wherever you want to start storing clean files.

If you ever get another MS Word document which brings up the bit about macros, odds are you've found or received another infected file. Virtually no one uses Word's macro tools these days. Do not enable macros unless you are expecting a macro-dependent file! This is as basic a precaution as not downloading strange and unexpected email attachments.

Read More

Tags: 
nerding out
Published on Sun, 2005-01-09 11:50

Big Fish To Fry

Zoomin' up to 50,000 feet but still on the topic of "problems in the world," I revisit one of my regular reads which I'm trying to popularize: John Robb's "Global Guerillas". He's got the best take I've seen on the news that John Negroponte -- our man in Iraq -- is considering pulling from his School of the Americas Playbook and revving up the old paramilitary death-squad system.

The problems with this decentralization strategy are legion. A major one is that the target minority (religion and ethnicity) isn't an isolated powerless subset, rather it is part of a larger majority in the Middle East and an ascendent revisionist movement. The second major problem is that the US will puncture any remaining claim to moral superiority (see the brief on Boyd for more).

I appreciate the kind of analysis Robb provides on the news of the day. It embraces and explores the moral dimensions of our current wars, but doesn't get carried away. Seems like analysis I can use. For contrast, the Kossack commentary is a somewhat less helpful "How evil do you have to be to even consider this option?" I can appreciate the sentiment, but I believe I'm past the usefulness of a sympathy circle.

Anway, following my Sunday whimsy, I clicked the Boyd link and then trackback, and ended up on another good bit of writing from during the election cycle, but still prescient: Are We All Fundamentalists Now? by Jason Lefkowitz --

Strategist John Boyd defined an approach to war in which you attempt to isolate your opponent along three axes: the physical, the mental, and the moral. We are currently suffering from a Boydian moral isolation, brought on in large part because the world doesn't believe that our fight in Iraq is a fight of fundamentalism against rationalism. Instead, they see it almost as two different fundamentalist sects taking each other on -- which leaves rational third parties with no place to put their allegiance, except in their own self-interest.

Never looked at it this way in terms of allied reactions, but it makes a certain kind of sense. It also gives a good pseudopsychological rationale for some people's virtolic reaction to the ambivalence of our traditional allies in this conflict. Very little pisses people off more than telling them you think their god is bullshit.

This also sparks some thoughts on the nature of political fundimentalism vis-a-vis the commentary on the Kos thread, but that's a whole other blog entry, and one I'd have to think through somewhat further.

The point is that the ability to loose perspective by assuming the mantle of moral superiority is universal. It's a colliary no doubt to the corrupting nature of power. Those who place themselves within the sphere of moral conflict without the ability to question their own perspective -- checks and balances, if you will -- are at a serious long-run strategic disadvantage. The absolute power represented by moral certainty will take you places fast, but it'll catch up with you. Jessie Taylor of Pandagon brings it all back home, with his commentary on torture apoligists:

The torture brigade isn't really concerned about winning the war. They're playing a videogame in which they don't realize that they may never run out of bullets, but as long as they keep doing what they're doing, they're never going to run out of enemies. The strategy, however, will never change, as they can point to their score and the corpses on the ground and declare that victory is almost around the corner.

Sooner or later though, the dollar cost and body count will get high enough that we'll disengage. At some point you get tired of trying to "beat the game," (which would mean what? genocide?) and quit shoveling quarters in. In the meantime, you haven't done your homework, and you're broke, out of shape, and have no friends. Payback's a bitch.

I had some hopes that after these proposed end-of-month elections, Bush might take the advantage and bail. It's looking less likely judging by the political winds, which is really too bad. Without a major change in focus soon, we're going to reap the whirlwind of our declining social capital and our junk-bonded diplomatic/moral status. It would appear that Bush is back to writing his legacy. Stupid, Broke, Fat and Alone: The 21st Century Decline Of The United States.

Read More

Tags: 
politics
Published on Sun, 2005-01-09 11:15

Upsy Downsey

I'm back in hometown Eugene; the Willamette valley gives me peace. Waking up earily after a late fun night in SF, coffee, BART (where a really friendly mildly retarded woman and husband and I had something aproxomating a conversation), iPod, short United flight, PDX Light Rail (more and more hip-hop heads in Portland; interesting cultural shift), Amtrak (ticket counter guy still referencing 9/11 to old ladies at the counter; wtf?)... finally the observation car. There's a kind of green here that's unique. You forget about it when you're away, but then you remember. It goes well with the clean smell of the air, and the comforts of home wash over you.

But, unfortunately, there's also a flipside. I get mail from the IRS at my mother's house, and apparently I owe them a fair chunk of change. I may have been 21, just out of college, scraping by, and then -- here's my own sucker bit to leech off tragegy -- thrown into near-destitution by 9/11's impact on the NY economy, but they want what I owe them from 2001, plus penalties and interest. Which I suppose is fair, and to be expected really.

So I'll need to start looking around for more income, and going back on my austerity budget. That's ok. I needed focus anyway, and better to be spurred to action by taxes as than by death. Thanks Uncle Sam?

Read More

Tags: 
General
Published on Fri, 2005-01-07 12:01

Vagabender -- DIYUSA

So this summer road trip thing is getting more and more real. I just bought two domains for it:

diyusa.org: I'm thinking the .org part of the trip is propaganda, people, the Big Ideas and stuff.

vagabender.com: The .com seems like maybe the place to promote outcomes, like the film we intend to make.

Woo!

Read More

Tags: 
General

Authentic Experience

more

Nerding Out

more