"Linux Gazette...making Linux just a little more fun!"


The Answer Guy


By James T. Dennis, tag@lists.linuxgazette.net
Starshine Technical Services, https://www.starshine.org/


(?)Removing Lilo from a multi-boot machine

From Samuel Posten on 20 May 1998

could you please point me to some references regarding removal of LILO from a machine that has been set up to run both win 95 and Linux, preferably without losing any of the Win 95 partitions.

(!) Boot up a copy of DOS (from a floppy). Any copy of DOS later than 5.0 will do. Type FDISK /MBR.

That's the short form. There are some special situations which might require special handling --- but they are increasingly rare (special boot sectors used to be used for large (greater than 32Mb!) drives to replace the INT 13H calls that are normally handled by the BIOS for all (real mode) disk handling.

(You might boot from your original Win '95 setup diskette and exit out of the installation program --- I think that trick still works). You should definitely create a bootable DOS diskette (that would be MS-DOS 7.0 --- the real OS that's hidden under Win '95's interface/GUI).

It used to simply be a matter of running the command: FORMAT A: /S and copying COMMAND.COM unto a floppy --- but MS has probably made it much more complicated these days. I honestly haven't used '95 enough to know.

(?) If this can't be done, I'll just have to stick with running LILO, no big deal, but its a pain to have to tell it to boot Win 95 each time, as it defaults to the Linux system that no longer exists (I wiped those partitions and had to make them Win 95 devices.

(!) Sorry to lose another Linux user. However, if MS keeps on their current course --- you may be back before you know it.

(?) Any help would be appreciated!

(!) This is an alarmingly common question. I've copied Werner Almesberger to ask him to consider adding this as a note in the lilo 'man page' and to the authors of the Installation-HOWTO (although, Custom LILO Configuration is worth a look -- it's possible to have LILO point at another OS' partition) and the "Linux Installation and Getting Started Guide" (the key part of the LDP -- the Linux Documentation Project).

I can't promise anything --- but I think (after the countless times that I've answered this and seen it answered in the newsgroups) that we should include a little section --- one paragraph in most cases about uninstalling LILO (and a whole section in LIGS about uninstalling all of Linux). We're not trying to trap people into being "stuck" with our software and it's merely a bit of documentation.

The problem is that it's the sort of thing that most of us old DOS hacks take for granted (I spent years doing tech support and repairing MBR's from PC viruses and rebuilding partition tables with Norton's DiskEdit).

So, let's hope that Matt, Eric, and Werner will consider adding this little tidbit to their docs --- and let's hope even more fervently that a few of the users out there will look at the docs for LILO, and will actually read some HOWTO's and guides as they consider installing (or uninstalling) Linux.

(I supposed we could also contact Red Hat, Debian, S.u.S.E., Caldera and the others to suggest that they all add an "Un-install" (Remove) option to their boot/setup tools).

(?) Sam Posten


(?)Another reason for Removing Lilo...

From Sam Posten on 26 May 1998


>> It depends on the nature of the BS virus. Some of them encrypte the logical boot record or cross-link the FAT's against their code, or play other games. In those cases just blowing away the virus locks you out of your system.
Hmm, its been a while since I've researched virii. Having Viruscan running full time has made me lazy I guess!

(!) I used to work for McAfee, and for Norton before them. So I have considerable professional experience with the critters. Running a good scanner is a good idea. (VirusScan is good, FProt and Thunderbyte used to be pretty good, as well. The latter two were sometimes on the leading edge and sometimes just neck-and-neck with McAfee).

Since I've left McAfee (now called Network Associates) I have no idea how their anti-virus products stack up. When I left I'd been their Unix sysadmin for over a year so I was a little out of the loop by then. Now I use Linux/Unix exclusively and haven't dealt with any real virus infections for a few years.

Actually there was the issue of the "Bliss" virus for Linux. This was apparently a "lab strain" that "got out" into "the wild." (Yes, these terms are all used by computer virus researchers, as rather obvious analogues to their biological counterparts).

In the case of "Bliss" there were a few people who did catch this virus. Naturally they were running this new program as 'root' (breaking the cardinal rule of systems administration) and the program went and modified some other programs.

At the time one of my buddies from McAfee was staying with me (he lives down in L.A. and stays up here during part of most weeks). He's the head of their AV research department. So he and I chatted about it for a couple of minutes and concluded that McAfee's existing virus scanner for Linux could be updated to detect "Bliss" and he assigned one of his AV researchers (also a former housemate of ours) to the job and they updated their signature file (.DAT). I don't recall that any changes were needed for the engine (the .EXE).

This was heralded by McAfee's marketing team as the "first live, wild virus incident under Unix." There ensued the usual flamefest on USENet (comp.virus) which argued that this wasn't "really a virus" and that McAfee's Associates were hyping it up and taking advantage of the situation, etc.

"Bliss" did have a command line option to uninstall itself. It did, however, modify other programs to link its own code into them (which is the definition of a computer virus). McAfee did take advantage of the opportunity to tout its own horn. The people who caught "Bliss" did display gross ignorance of proper system administration practice (or, in at least one case, foolhardy disregard for it).

The bottom line is that a properly administered Linux system is a very poor host for virus transmission.
(?)
>> In short, stick with Unix/Linux. Using these with any modicum of proper system administration practices will very likely be the end of your virus hunting days.

Gotta use the best tools for each job, and right now that means I gotta do windoze at home, at least part of the time. Thanks for the insight.

Sam

(!) Naturally it does come down to requirements analysis and the availability of packages that meet those requirements. StarOffice, Applixware, and Corel all seem to be producing personal productivity suites for Linux that either rival, MS Office, or soon will.

However, you define the criteria for "best" when it comes to your jobs. It sounds like you're going to keep your eyes on the Linux market, and you may find at some point in the near future that you do have a choice for your applications.

It's also important for you to supply your software vendor with feedback. If the primary reason you're running Windows is to support QuickBooks, call Intuit and let them know. If you need access to some reference CD's (Grolier's Encyclopedia, some electronic dictionary, whatever) let the publishers know that you need cross-OS support.

(Those CD books are one of the first places in the retail, shrinkwrapped software market where I hope to see Java take over).


Copyright © 1998, James T. Dennis
Published in Linux Gazette Issue 29 June 1998


[ Answer Guy Index ]
versions lilo virtdom kernel winmodem basicmail betterbak
shadow dell dumbterm whylinux redhat netcard macrovir
newlook tacacs sendmail dialdppp ppp233 msmail procmail


[ Table Of Contents ] [ Front Page ] [ Previous Section ] [ Next Section ]