Must’ve touched a nerve or something…

Add comments

So I get this thing sent to me a while ago, and didn’t read through it until today.

>”S” says:how goes

>”K” says:meh. same as always.

{What a happy camper.}

>”S” says:i got a question for ya
>”S” says:what is your favorite way to do a low level format on a
>drive that has no os on it, just sitting in a box
>”S” says:i use to use win 98 boot disk

>”K” says:why do you need to do a low-level format? are you
>going to put 98 back on it?

{Huh?}

>”S” says:just tried dos 6.21, f3’d out leaving it in dos, but
>can’t go to c:
>”S” says:2k, and I did, but there are a shit load of viri on here,
>and they need to written over. I reinstalled 2k on the drive, and
>norton’s found the binary to the viri again, admittedly, it is not in
>the index of the drive, but the binary is still there

>”K” says:then you’re doing something wrong. A hdd formatted
>via NTFS overwrites everything. There is no bootsector for NTFS, it
>doesnt work that way

>”S” says:nope, not a normal format, like the one on the 2k
>install, it only deletes the list to the drive

>”K” says:look, if you have all the answers, why ask me? Im
>telling you point blank, do an NTFS format, no virus will survive
>unless it resides on an untouched partition.

{Mr. Personality strikes yet again.}

>So is he full of it, am I? I use to know what the boot sectors were in
>98, fat32, and I even edited a few. Haven’t done anything like that
>since 2k and Xp. I would just reinstall before trying that shit again.
>But as far as I know, isn’t the drive one big primary dos partition,
>then there is the active main partition, with extended partitions after that.

And then something in my head burst, and this is what spewed out:
Names have been changed to protect… uh… nobody in particular.

1. You’re both on crack, essentially. The difference was that one of you was misunderstanding a term, I think, and the other was being a flippant goof. I suspect the machine in question was being reinfected “on the fly” during the time it took for your first boot, and the WindowsUpdate or Norton LiveUpdates. If that thing had a live IP on the ‘net, it could be hit in under a minute. The MSBlaster and its family move fast & furiously. On our network, we *STILL* have a machine or two (usually laptops) that are infected, and EVERY SINGLE WORKSTATION that we build will be hit by the Nachi worm before you have a chance to patch. We now carry little USB thingies with the patches on them when working with less-common Ghost images. We ghost ’em, unplug ’em from the network, patch ’em, and then plug ’em in again. The average machine “in the wild” (without a firewall or something) will get hit by Blaster or Nachi (the anti-Blaster virus) in seconds by one of your DSL/Cable neighbours.

1a. Norton was doing exactly what it’s supposed to be doing. You updated it, and suddenly it could see a virus. Chances are pretty good that you actually did have a virus. MSBlaster is the base infector, which will then download another trojan/virus app via an TFTP client, which will then drop a keycapture application, and (under the right conditions) connect to an IRC channel for more abuse. Win2k & WinXP are susceptible out of the box. Cheap like borscht. Bada-bing, bada-blaster!
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

2. I *think* what you two were talking about is a “Quick Format” which does just blow away the FAT (which is not a FAT32 vs. NTFS thing, I’m talking about the File Allocation Table), which does just scrub the “table of contents.” A virus can’t make it through that either, but if you want to be sure, there many many many ways to do that. The better/faster way to make sure a drive is really wiped is to delete the *PARTITION* and then create a new one (doesn’t matter whether it’s FAT/NTFS) and then format that with either Quick or Full format. Full doesn’t zero-fill the drive, it just erases the volume and does a bad sector check (which is what takes so freakin’ long). Zero-filling doesn’t do a damn thing when it comes to formatting a volume. Formatted is formatted is formatted, no matter how long it took. Emp-a-tee… http://support.microsoft.com/default.aspx?scid=kb;en-us;302686

2a. A “low-level” format was only for very very old drives, and would be performed by the BIOS itself, sending direct hardware commands to the drive, which in the pre-540MB drive days, could result in permanently hooping your drive if your C/H/S settings were even slightly wrong (or had been translated). If “K” is so freakin’ up on his technology, why doesn’t he know the definition of “Low Level” format, which is not possible from a boot disk (or bootable CD, either). There are *SOME* hard drive utilities that will attempt a “low level” format, but it’s usually only done by the drive manufacturer. First hit on Google for “low level format” http://www.pcguide.com/ref/hdd/geom/formatUtilities-c.html

3. “K” went from zero to asshole in two questions. No wonder he’s having trouble finding work. He’s welcome to apply to Xxxxxxx, but if he ever asks me for a job at Xxx, I’m laughing in his face. He’s more highly certified than I am with his MCSE, but he’s an insufferable prick whenever I’ve heard about him doing anything that has anything to do with technology. As my manager Xxxxxxx likes to say:

“You can teach just about anyone just about anything, except how NOT to be an asshole.”

4. Without knowing what virus we were talking about, I can’t really tell you much more about what may or may not have been possible given a particular type of partition (NTFS or FAT32). I have no idea why “K” would tell you to format with NTFS in order to get rid of a virus. You can delete and then create new partitions from within the installation for Win2k or XP, there’s no need to do it from a boot disk under a different version of Dos.

The whole driving force for knowing this stuff should be for the purposes of solving problems and/or helping people use technology. If you’re in it for the “glory of knowing more than the next guy,” you’ve picked the wrong career. Sooner or later, there’s going to be someone who knows more than you do, and how stupid you end up looking is based entirely on how you acted when you didn’t think the other guy knew, either.

And hey, I’m not perfect, not by a long shot. I’ve “yeah, sure”d my way through more than my fair share of conversations that were going way over my head. Being “in computers” is kinda like being “in science:” it’s freakin’ HUGE. There’s SO much to learn that there’s really no point in burning bridges with “if you know all the answers” sorts of responses. I might have thought of someone like “K” as a trained guy who I could bounce things off of from time to time, except for the simple fact that he would be a jerk about it. He’d either lie about knowing, and then say a bunch of stuff that doesn’t make sense, or he’d under-explain his answer to intentionally make it look like this should be simple, unless you’re retarded.

Left you wondering about your skillset, didn’t it? Belittling, and demeaning. For what? What’s the point of that? I hate that attitude, and all the snivelling worms like him that I run into again and again over the years. They’re always looking for work somewhere, ’cause they can’t manage to figure out that being a schmuck doesn’t equal job security. Sooner or later, they get caught out not knowing something, and then they freak out and embarrass themselves, their department, and more often than not, their company.

Besides, you never know when you’re going to meet your next boss. Being hunted by XX taught me that more surely than just about any other hiring process I’ve ever been through. The “friend of a friend” network is really tight in Xxxxxxxxx, and it often works very well.

There’s no such tag as but there should be.

Posted on November 17th 2003 in People

2 Responses to “Must’ve touched a nerve or something…”

  1. 6ULDV8 Says:

    i DISSAGREE THAT ZERO FILLING DOES NOTHING. if u format a drive or delete the partition and then re format it you can still recover the data that was deleted in the format (if u have the tools and know how). A zero fill overwrites the data on the drive with 000000000 which is of no use to anyone. A format mearly erases the visability of the files but untill u actually write something over top of what u have deleted then it is still actually there. Zero fill is only really any good for if u have personal docs on a drive and u wish 2 give that drive to somone else but dont want the possability of your personal data being read. So zero filling does have a purpose and it does do something that i believe is of great service.

  2. zenrender Says:

    Agreed, but if you’d read the rest of the post, you’d know that the whole point was whether or not the virus that “kept showing up” was going to be wiped out by a format. What was happening was that the virus was re-infecting at boot time, due to a vulnerability in the OS on first boot, because my friend was attached to the internet (and not behind a firewall)…

    Wow, can’t believe someone actually went out and found this based on the content of this post.

    Too bad they didn’t actually *READ* the freakin’ thing.

    JB

Leave a Reply

Copyright © 2019 Gecko Bloggle