Disinfec't
| Desinfec't (formerly Knoppicillin) | |
|---|---|
 c't software collection 5 |
|
| developer | c't editorial team |
| License (s) | proprietary |
| Current version | Desinfec't 2020 (May 22, 2020) |
| Kernel | Linux |
| ancestry |
GNU / Linux ↳ Debian GNU / Linux ↳ Knoppix ↳ Knoppicillin ('04 -'09) ↳ Ubuntu ↳ Disinfec't ('11 –'20) ↳ Red Hat Linux ↳ Fedora ↳ Disinfec't 8 (2010) |
| Architecture (s) | IA-32 ( x86 ) |
| timeline |
CD: Knoppicilli 3 Knoppicilli 4 Knoppicilli 5 u. 5.2 Knoppicilli 6 Knoppicilli 7 Desinfec't 8 DVD: Desinfec't 2011 Desinfec't 2012 Desinfec't 2013 Desinfec't 2014 Desinfec't 2015 Desinfec't 2016 u. 2016-9 Desinfec't 2017 Desinfec't 2017/2018 Desinfec't 2018 Desinfec't 2018/2019 Desinfec't 2019 Download: Desinfec't 2020 |
| compatibility | 32-Bit - or 64-bit - IBM PC compatible with BIOS or UEFI |
| Languages) | German |
| Others | Price: Free of charge without virus scanner (with virus scanner only in one issue) Language: German , and much more. |
| Desinfec't ( heise download ) | |
Desinfec't is a Linux- based live system for disinfecting computer systems after a virus attack . It is published by the c't editorial team as an addition to regular c't editions as well as to c't special issues and is updated at regular intervals. Until 2009 the distribution was called Knoppicillin . Initially it was a CD, from 2011 to 2019 it was a DVD due to the amount of data. Since 2020, Desinfec't is only available as a download and must be transferred to a bootable medium supported by the target system before use .
concept
| Availability | c't Desinfec't 2020 |
| operating system | Ubuntu 18.04.4 LTS |
| Virus scanner | ESET NOD32 Antivirus |
| F-Secure Anti-Virus | |
| Kaspersky Anti-Virus | |
| Sophos | |
| Period for signatures | |
| ISO file size | approx. 5.3 GB |
The concept of starting the virus scanner from a boot CD ensures that the operating system environment of the scanner cannot be contaminated. In this way, malware can neither manipulate the scanner itself nor make itself invisible with the functionality of a rootkit , since its program code was not executed from the hard drive when the system was started. Likewise, it cannot, for example, copy itself into the main memory and infect the system again from there. In addition, it is still possible to boot the system from a live CD if a virus infection prevents this in the normal operating system.
Desinfec't is therefore an effective remedy in the event of an infestation with pests with rootkit properties that cannot be detected with conventional virus scanners - with other rootkits, however (in contrast to conventional viruses and Trojans) it can make sense to have them in the active system because only then can their characteristic properties be recognized.
The modified Linux - distribution contains several partly commercial virus scanners and drivers for all popular file systems . Thus, Desinfec't as its predecessor Knoppicillin able also NTFS - partitions to browse and clean. An update of the virus signatures automatically during the current session on the Internet or manually via floppy disk and USB stick possible, or to create a copy of the CD, integrating equal current virus signatures.
Knoppicillin was based on Knoppix as a distribution, which is where the name is derived from. Desinfec't initially switched to Fedora , but this was not well received by some users. From the second release, version 2011, Desinfec't relies on the Linux distribution Ubuntu .
Because of the licenses of some virus scanners, Desinfec't is only available for a fee, while Knoppicillin cannot be completely downloaded in the rather old version 6.0.2 from 2008 . In addition, some virus scanners can only be updated up to one year after the CD was released, i.e. until the next issue of Desinfec't appears.
| version | Linux - | medium | Virus scanner (annual license) | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| designation | year | distribution | Kernel | CD | DVD | Download | Avira | Bitdefender | ClamAV | ESET | F-Secure | Kaspersky Lab | Sophos |
| Knoppicillin 3 | 2004 | Knoppix |
|
|
|
|
|
|
|
|
|
||
| Knoppicillin 4 | 2005 | Knoppix |
|
|
|
|
|
|
|
|
|
||
| Knoppicillin 5 | 2006/2007 | Knoppix |
|
|
|
|
|
|
|
|
|
||
| Knoppicillin 6 | 2007 | Knoppix |
|
|
|
|
|
|
|
|
|
||
| Knoppicillin 7 | 2008/2009 | Knoppix |
|
|
|
|
|
|
|
|
|
||
| Disinfec't 8 | 2010 | Fedora 12 |
|
|
|||||||||
| Disinfec't 2011 | Ubuntu 10.10 |
|
|
|
|
|
|
|
|
|
|||
| Disinfec't 2012 | Ubuntu 11.10 |
|
|
|
|
|
|
|
|
|
|||
| Disinfec't 2013 | Ubuntu 04/12/02 LTS |
|
|
|
|
|
|
|
|
|
|||
| Disinfec't 2014 | Ubuntu 04/12/04 LTS |
|
|
|
|
|
|
|
|
|
|||
| Disinfec't 2015 | Ubuntu 14.04 LTS |
|
|
|
|
|
|
|
|
|
|||
| Disinfec't 2016 | Ubuntu 14.04 LTS |
|
|
|
|
|
|
|
|
|
|||
| Disinfec't 2017 | Ubuntu |
|
|
|
|
|
|
|
|
|
|||
| Disinfec't 2017/2018 | Ubuntu 16.04 LTS |
|
|
|
|
|
|
|
|
|
|||
| Disinfec't 2018 | Ubuntu 16.04.2 LTS |
|
|
|
|
|
|
|
|
|
|||
| Disinfec't 2018/2019 | Ubuntu 18.04.1 LTS |
|
|
|
|
|
|
|
|
|
|||
| Disinfec't 2019 | Ubuntu 18.04.2 LTS |
|
|
|
|
|
|
|
|
|
|
||
| Disinfec't 2020 | Ubuntu 18.04.4 LTS |
|
|
|
|
|
|
|
|
|
|
||
history
Knoppicillin
Version 3
Knoppicillin 3, published in issue 20/2004, contains the three virus scanners from F-Secure , Sophos and Kaspersky Lab . The proprietary driver from Paragon provides access to NTFS partitions.
An error had crept in during the production of the CDs, which was only discovered shortly before the turn of the year 2004/2005 and which meant that the signature files for the Sophos virus scanner could no longer be updated.
The c't editors may not provide a complete ISO image of Knoppicillin Version 3.1 for download on the Internet because of the proprietary software it contains , but they have created an update which also contains updated virus signatures from January 2005.
Your own Knoppicillin CD, updated to version 3.1, can be produced using the Jigdo software and the original CD software collection 5 .
Version 4
The updated Knoppicillin 4 was included on CD with issue 23/2005, which contains the virus scanners from Kaspersky Lab and Sophos including the corresponding update authorization for one year. NTFS partitions are addressed using the libntfs library; although this does not yet allow full write access, it is sufficient for the secure deletion of infected files.
Version 5
The updated Knoppicillin 5 was published in issue 21/2006, which contains the virus scanners from Bitdefender Antivirus Scanner, F-Secure Anti-Virus and Sophos SAVScan, including the corresponding update authorization for one year. The c't special “Security” in March 2007 contains an updated version 5.2 . After the data format was changed in Sophos 2007, this scanner can no longer be used with current signatures.
Version 5.2
Version 5.2 appeared with the special issue c't special 03/2007 with the title "Security".
Version 6
Version 6 appeared with issue 26/2007 in December 2007. It contains the virus scanners from Avira AntiVir and Bitdefender with update authorization for one year.
Version 7
Version 7 was published with issue 26/08 of the c't. On x86 Apple computers with several boot partitions, data partitions in the HFS Plus format are now also mounted and scanned, unless they are explicitly deselected in the Knoppicillin wizard. However, some users report that the CD does not boot on their machines. This behavior is attributed to an incompatibility with the Award BIOS and can only be avoided by changing the contents of the CD. The c't has made a patch program available for this.
With the “c't compact Security” magazine published in mid-September 2009, there was a newer version, but it was also called Knoppicillin 7.
Content:
- Linux kernel 2.6.27.5
- Avira AntiVir 7.9.1.3/2.1.12-193
- Bitdefender AntiVirus Scanner 7.60825
- Kaspersky Anti-Virus 5.7.20
- Knoppicillin Updater 1.1 for Windows
- Iceweasel / Firefox 3.6
- Xorg 7.3 and IceWM
- Midnight Commander , MyBashBurn and vsftpd
Disinfec't
Version 8
The successor to version 7 is now called Desinfec't, has version number 8 and was published with issue 2/10 of c't (date of publication: January 4th, 2010).
While Knoppicillin was still based on a Knoppix live distribution, Desinfec't relies on a Fedora 12 live CD as a substructure. As can be seen in the forum on the official project page, some users were not satisfied with this changeover. In some posts it is about the fact that several new bugs occurred with version 8 that were not present in Knoppicillin version 7. The last time a CD is used as a medium, all subsequent versions must appear on DVD due to the increased amount of data.
Version 2011
Desinfec't 2011 is included with c't edition 8/11, which will be available from March 26, 2011. It now uses an Ubuntu -10.10 live CD as a substructure. The commercial virus scanners from Avira, Bitdefender and Kaspersky as well as the free ClamAV are again included . For the first time, the distribution can be transferred to a USB stick using the Desinfec't DVD as a starting point and then made bootable. This gives you the advantage of having a boot medium on which you can keep the virus definitions up-to-date and, if necessary, back up important files. However, Live Linux in this form can be compromised if a USB stick without a write protection switch is used.
In addition to the actual Desinfec't, the software collection 2/2011 is also on the DVD, which is therefore 2.1 GB in size.
Version 2012
The c't edition 9/12 with the date April 10, 2012 is included with Desinfec't 2012. Compared to Desinfec't 2011, mainly the usability has been improved. Like the previous version, it is based on Ubuntu, this time on the 11.10 “Oneiric Ocelot” live system . It contains one-year subscriptions for the virus scanners Avira AntiVir, Bitdefender and Kaspersky Anti-Virus, so that their virus definitions can be updated free of charge via an Internet connection within this period. The free ClamAV is also included again. A new option is to encrypt virus finds with a standard password so that a virus scanner does not mistakenly detect the renamed file a second time. This ensures that important content can be restored and, at the same time, a system can be confirmed as clean.
The DVD, entitled Software Collection 2/2012 , is 1.7 GB in size.
Version 2013
Desinfec't 2013 is included in the c't edition 10/13 with the date April 22, 2013. It is based on Ubuntu 04/12/02 Long Term Support and can therefore also deal with UEFI . It again includes one-year subscriptions for the virus scanners from Avira, Bitdefender and Kaspersky as well as the free ClamAV . As a big innovation, Desinfec't now contains a ready-to-start version of TeamViewer , which enables remote maintenance and help e.g. B. should make it much easier for family members. The Windows version of TeamViewer Portable is also on the medium. For licensing reasons, Truecrypt is no longer part of the 2013 version, but can be installed later. Transfer to a USB stick is also planned again. Starting in UEFI mode is even possible with the Secure Boot switched on thanks to Ubuntu . In individual cases, however, it can happen that you have to switch off Secure Boot and possibly even the UEFI mode in order to start in BIOS mode for it to work. With Windows 8 , however, the operating system must be shut down completely before Desinfec't starts, otherwise Windows 8 is normally in hyperboot mode and writing to the NTFS file system in this mode would lead to data loss. A script for completely shutting down Windows 8 is on the Disinfec't medium (" shutdown"). The DVD labeled Software Collection 2 is 1.2 GiB.
Version 2014
The version of Desinfec't 2014 enclosed with c't issue 12 from 2014 (May 19, 2014) is referred to by the editors in the associated issue article as model maintenance. It therefore builds on what has already been tried and tested and mainly brings updates and minor improvements. Ubuntu Linux 12.04.4 LTS (February 2014) serves as the basis, so that there is better hardware support compared to the previous version Desinfec't 2013; It also fixes some bugs in Ubuntu at the same time. The new function is to upload virus finds directly to Virustotal, which should facilitate the identification and evaluation of virus finds. The DVD labeled Software Collection 2 is 1.4 GiB.
Version 2015
In issue 14 of 2015 (June 13, 2015) the Desinfec't 2015 was included. It is based on Ubuntu 14.04 LTS and contains virus scanners from Avira, Bitdefender, ClamAV and Kaspersky. A new addition is the Easy Scan mode, which is supposed to make the search even easier. Signature updates are automatically downloaded here if there is an Internet connection. All Windows drives are then scanned by the Avira scanner.
When installing on a USB stick, free space is used for swap files and log files.
"Expert" tools such as B. a registry editor, Kaspersky Windows Unlocker or a script to remove a Windows password.
Version 2016
Issue 12 of 2016 (May 28, 2016) included the updated version of Desinfec't 2016 on DVD. It is based on Ubuntu 14.04 LTS. Instead of Bitdefender, this version contains ESET NOD32 Antivirus as a scanner.
Version 2016-9
The special issue c't Security from 2016-09 (2016-09-19) contains an updated version of the Desinfec't.
Version 2017
This version has been available since May 27, 2017. The virus scanners included are from Avira , ESET , F-Secure and Sophos . It is again based on a current Ubuntu version.
Version 2017/2018
This version has been available since October 24, 2017. The virus scanners included are from Avira , ESET , F-Secure and Sophos . The current Ubuntu version 16.04 LTS serves as the basis .
Version 2018
This version has been available since May 26, 2018. The virus scanners included are from Avira , ESET , F-Secure and Sophos . The current Ubuntu version 16.04.2 LTS serves as the basis .
Version 2018/2019
This version has been available since September 26, 2018. The virus scanners included are from Avira , ESET , F-Secure and Sophos . The current Ubuntu version 18.04.1 LTS (Kernel 4.15.0) serves as the basis .
Version 2019
This version has been available since May 25, 2019. The virus scanners included are from ESET , F-Secure , Kaspersky and Sophos . The current Ubuntu version 18.04.2 LTS serves as the basis .
Version 2020
This version has been available since May 22, 2020. It is the first version that is no longer included with the magazine on DVD; it can be downloaded by buyers and subscribers. The ISO image can either be on a USB stick transfer or a dual-layer - DVD ± R (W) are fired. The virus scanners included are from ESET , F-Secure , Kaspersky and Sophos , and for the first time an open threat scanner based on Yara with anti-malware lists from abuse.ch comes with it. The current Ubuntu version 18.04.4 LTS serves as the basis .
Others
The concept of booting a computer from a sterile medium for the purpose of forensic examinations is neither new nor introduced with Knoppicillin. In the past, write-protected floppy disks were common for this purpose, but these no longer meet today's requirements in terms of storage capacity.
Because of the licenses associated with the scanners included, Knoppicillin and Desinfec't are tied to the purchase of a copy of the c't, while in the course of time, in addition to commercial products, free ones that serve this purpose and are based on DOS / Windows or Linux derivatives were created bootable CDs appeared such as B. UBCD or Helix. In addition to other forensic tools, virus scanners are often included, which are either completely free or at least free for non-commercial use.
Virus scanners have also been included on various versions of the Knoppix Live CD / DVD, the concept of which Knoppicillin is based on. B. F-Prot from F-Secure (originally from FRISK Software from Iceland ) or ClamAV . In addition, some manufacturers also offer their own rescue CDs for free download, e.g. B. Avira Rescue System (which is also based on Ubuntu), Bitdefender Rescue CD, Kaspersky Rescue Disk.
Web links
- On the hunt for viruses with Knoppicillin - Official Knoppicillin project page from Heise.de
- Hunt for viruses with Desinfec't - Official Desinfec't project page from Heise.de
- Working with Knoppicillin - Introduction of the State Academy for Further Education and Personnel Development at schools in the state of Baden-Württemberg
- Desinfec't 2013 in practice - specialist articles and practical experience
Individual evidence
- ↑ Heise online forum: Emergency CD does not boot , December 6, 2008.
- ↑ Heise online forum: Boot problems with the emergency CD in issue 26 , Christiane Rütten, December 8, 2008.
- ^ A b Christiane Rütten: On the hunt for viruses with Knoppicillin. In: Heise online . December 6, 2008 ( ctpatcher.zip ). Retrieved March 10, 2016.
- ↑ Jürgen Schmidt: Virus hunt with comfort - Disinfec't now easier from the stick and with remote maintenance. In: Heise online . April 20, 2013 (Desinfec't 2013). Retrieved April 22, 2013.