Thursday, March 26, 2009

My Tribute to CP / M and Operating Systems


I grew up with Computers! I know a lot of people say that, but really - I grew up with Computers! And Computers grew up with me. It's mostly because of my late dad. My dad was a Manufacturer's Representative back in the 70's for companies like DEC, Lear Siegler, Televideo, Wang, Franklin (the first Apple II clone), Osborne, Kaypro, and TI. My dad took me out of school to accompany him to Trade Shows like Comdex, way back in the late 70's and early 80's! Thanks Dad!

It was a fun time to grow up! The computing and operating systems as well as the Internet developed right in line with the Space Race. There was a lot of similarities! We owe a lot of our Internet to the Space Race along with DARPA, ARPANET, and NSFnet, But what I really want to write about is Operating Systems... You know, like your first girl-friend, you never forget your first one or first time. My first relationship was with CP/M. I got to know her well.

Back in the 70's - it was a time for real Computer Men! We didn't have to mess with wimpy GUI interfaces or have to use a mouse! There was no point and click. No.. We used commands like PIP! If I wanted to send my document to the printer I typed in the following:


C> PIP LST:=A:LETTER.TXT

PIP was a solid manly command! For example, to rename a file: 

C> PIP A:NEW.DAT=A:INFO.DAT


There were also the other commands - DIR, REN, ERA, SAVE, TYPE, and USER.

Do they seem familiar? That's because CP/M was truly the Godfather of DOS or MS-DOS and PCDOS. Back in the day CP/M was THE operating system of choice for Business Applications. Remember Wordstar? and DBASE II, and VISICALC? Basically for personal computers your choices were get a hobby computer like an APPLE II or get a real computer like an Osborne or a Kaypro using CP/M.





The real reason I became familiar with CP/M was becasue my first real computer was a Kaypro II and it ran CP/M. I saved up $900 to buy my first computer when I was 21 years old. I was able to buy it at a discount through my Dad. I made extra money learning all about CP/M and Wordstar and teaching classes part time for my Dad's business. In Wordstar, the first real true Word Processing Application, if you wanted to save a file you typed in CTRL K D or ^K^D. If you wanted to just quit you'd type in ^KQ (that's the way it looked in the manual). The commands are still used today with Linux. If you remember Wordstar commands like, try typing in #joe file.txt in linux and it brings up a similar word processing command that uses the same Wordstar keystrokes. I use JOE a lot instead of VI or VIM. (Yes real computing nerds and manly people still use VI today).

This year we celebrate 40 years of Operating Systems, starting with the Grandfather of them all, Unix! Yes Unix turns 40 this year. I am older than Unix sadly, but my real true first love will always be CP/M!

When I received my Ham Radio Call sign from the FCC guess what it was? KC7CPM. ..and That is not a vanity call sign folks. That's the real honest to goodness call sign randomly picked by the FCC and given and placed in my care.

Is it Karma? Just a coincidence? Well consider this. I worked for Novell for 15 years. Guess what OS they originally designed NetWare on? It was CP/M.

Guess what company designed CP/M? Do you remember? It was Digital Research. Whatever happened to CP/M and Digital Research? It was bought by Novell back in the late 90's. Remember DRDOS 6.0? Remember Novell DOS 7? When I was at Novell, they owned the copyright and rights to CP/M along with DRDOS. Novell eventually sold it to a company called Caldera. Caldera changed their name to SCO Group and decided to wage a war against all Linux companies, the biggest one being Novell over copyrights with Linux from UnixWare that was also sold to Caldera about the same time as DR OSs. But that's another story of irony.

When I worked for Novell a call came in to tech support for CP/M help. Guess who got the call? Yep.. good thing I was there. CP/M - I'll never forget you! I've had other Operating System relationships over the years - Unix, MSDOS, PCDOS, DRDOS, NetWare, UnixWare, MacOS, MP/M, OS/2, AmigaDOS, Windows (3.0, 3.1, 3.11, NT, 2000, 95, 98, XP, Vista, Beta 7) and others, but CP/M - you were always my first!

Here are some cool links







Articles from ComputerWorld:







Monday, March 16, 2009

Nasty Trojan - Spyware Protect 2009

Nasty Trojan - Spyware Protect 2009 on Windows XP SP2

Spyware Protect 2009 comes on a computer with a single purpose: to get your money and possibly hijack your online banking account. SpywareProtect 2009 is presented as anti-spyware as you may guess by reading its name. Spyware Protect 2009 is not anti-spyware although it is able to mimic some actions performed by security applications.

Not sure how this trojan was acquired.

At 2:40 PM local time (the time the HOSTS file was modified) - Backdoor Trogan file captured and modified the following:
1. Placed sysguard in C:\Windows
2. Registered iehelper.dll with the registry and placed in c:\windows\system32\
3. Modified hosts file and added a fake entry.
4. Added registry settings for Browser Helper.

Symptom:
Everytime Windows Explorer or IE would go to website or change folder, the following website would pop up:

http://browser-security.microsoft.com/block.php?r=17.2

I took the following actions:

1. Terminated sysguard out of Tasks List
2. Deleted sysguard.exe out of c:\windows\
3. Deleted iehelper.dll out of c:\windows\system32\

4. Deleted following entry out of HOSTS file c:\windows\system32\drivers\etc\

195.245.119.131 browser-security.microsoft.com

5. Deleted the following registry settings:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}\InProcServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelperObjects\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}


Reference:
http://www.threatexpert.com/report.aspx?md5=f42ecaab6442d21e4beba274875d882b

Rebooted workstation and now verified that all is working.

If the user was running an iMac or Linux this problem wouldn't happen. ;-)