I am constantly helping friends of mine, who use various flavors of Windows, to disinfect their PC's. This usually requires using Windows based tools to scan for Viruses, Spy/Mal/Ad Ware, Trojans, and so forth.

What I was thinking was "What if I could use a Live CD Linux distro that has Linux based tools to detect Windows security risks".

I did some searches on Google and did not find what I was looking for, so I was wondering if anyone here may have some experience/suggestions.

Here's what I am looking for:

A Linux distro that allows me to boot from CD and include other packages in the setup. The distro would need to be capable of mounting the Windows harddrives and, preferably, see the partitions and mount them automatically.

A Linux based package that could be added to the above distro which would allow me to scan the Windows partitions for security risks and give a report outlining the viruses, Spy/Mal/Ad ware, etc that it finds.

Actually removing these threats would be nice, but not required. As far as I know, many Linux distros still have problems doing anything but reading from NTFS based partitions.

Thanks in advance for any suggestions.

Clamav is a free linux based antivirus program that can scan a windows partition for viruses. I believe it's included in knoppix and kannotix and probably more.

kilgoretrout,

Thanks for the reply, that's good to know. Believe it or not, Knoppix is one of the Distros that I have not yet tried. This sounds though as if it is just Viruses. Are there any *Ware scanner available for Linux that would scan the Windows partitions? I still haven't been able to find any through google. The closest I have come are some of the online scanners, but they all require ActiveX which, to the best of my knowledge, will not run under Linux. Is that correct?

That's correct. ActiveX is a windows abomination and the main reason people have so much spyware in the first place. It allows code to be installed on the user's system through IE without any intervention from the user. One of the worst security blunders that MS ever made IMHO.
I know of no spyware scanners for linux, i.e. a linux app that can scan windows for spyware. You might try running a windows spyware removal app in linux under wine but I doubt that would work.

Here's another nice livecd with clamav called Insert:

http://www.inside-security.de/insert_en.html

It's only about 50MB and has some very handy apps.

Hey kilgoretrout,

Thanks again. I will try both of those distros and see which works. I came across an online scanner from Trend-Micro that uses Java rather than ActiveX to operate, so I'm going to see what happens if I try to run that from a Live CD distro.

Would you be interested in the results?

Sure. Good luck.

maybe you could get windows-based anti-spyware programs to run on a linux live cd by using Wine?? anyways, it's just a thought...

I'm still working on this. The Trend-Micro scanner has not worked yet because it says it does not yet work with Multi-Byte addresses. I'm still looking into what I can do about that.

As for using WINE, I know a lot of people have tried it and liked it, but I have never gotten it to work right for me.

I found some programs called Ultimate Boot CD that you can get for free and boot either Windows or DOS with programs embedded on the CD for recovery purposes. The DOS are complete, as they come with FreeDOS. For the Windows version you have to have your own copy of Windows to add into the CD with the Utils. I have tried them however, and they do work.

FYI...Knoppix DVD version comes with the ClamAV Anti-Virus, but the CD version does not. I'm still working with the Inside Security package to see what may work.

Later.

I'm not sure how to help you with scanning from linux but your friends should not have problems with this kind of stuff. Let's say that I personally had no spyware or virus for last one year on my win partition. The combination I use is winupdate,spybot search&destroy, nod32 and a firewall that came with SP2..So far so good..So give it a try