Focus on Microsoft
More along the lines of malware disinfection Mar 18 2008 01:33PM
Mike Moratz-Coppins (mike mikeymike org uk) (3 replies)
RE: More along the lines of malware disinfection Mar 18 2008 06:08PM
Express Web Systems, Inc. (mailinglist expresshosting net) (1 replies)
Re: More along the lines of malware disinfection Mar 18 2008 06:28PM
Mike Moratz-Coppins (mike mikeymike org uk) (1 replies)
RE: More along the lines of malware disinfection Mar 28 2008 01:46AM
Murda Mcloud (murdamcloud bigpond com)
RE: More along the lines of malware disinfection Mar 18 2008 05:46PM
Devin Ganger (DevinG 3sharp com)
Re: More along the lines of malware disinfection Mar 18 2008 05:46PM
Jon R. Kibler (Jon Kibler aset com) (3 replies)
RE: More along the lines of malware disinfection Mar 18 2008 07:57PM
Wayne S. Anderson (wfrazee wynweb net) (2 replies)
RE: More along the lines of malware disinfection Mar 18 2008 09:07PM
Monahan, Jim (MONAHAJ ccf org)
Re: More along the lines of malware disinfection Mar 18 2008 08:56PM
Mike Moratz-Coppins (mike mikeymike org uk) (3 replies)
Re: More along the lines of malware disinfection Mar 19 2008 04:03PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (1 replies)
Re: More along the lines of malware disinfection Mar 19 2008 05:31PM
Mike Moratz-Coppins (mike mikeymike org uk) (2 replies)
Re: More along the lines of malware disinfection Mar 20 2008 09:21AM
Vincent Archer (archer tms frmug org)
Re: More along the lines of malware disinfection Mar 19 2008 08:33PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (2 replies)
RE: More along the lines of malware disinfection Mar 19 2008 11:21PM
Mark Brunner (mark_brunner hotmail com) (1 replies)
RE: More along the lines of malware disinfection Mar 28 2008 02:22AM
Murda Mcloud (murdamcloud bigpond com)
Re: More along the lines of malware disinfection Mar 19 2008 09:12PM
Mike Moratz-Coppins (mike mikeymike org uk) (3 replies)
Re: More along the lines of malware disinfection Mar 23 2008 01:06AM
pinowudi (pinowudi gmail com)
RE: More along the lines of malware disinfection Mar 20 2008 08:34AM
John Lightfoot (jlightfoot gmail com) (1 replies)
Re: More along the lines of malware disinfection Mar 20 2008 04:54PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (1 replies)
Re: More along the lines of malware disinfection Mar 23 2008 04:26AM
pinowudi (pinowudi gmail com)
Re: More along the lines of malware disinfection Mar 20 2008 12:41AM
Geekwench (geekwench hotmail com)
RE: More along the lines of malware disinfection Mar 18 2008 11:55PM
Devin Ganger (DevinG 3sharp com)
RE: More along the lines of malware disinfection Mar 18 2008 11:31PM
Wayne S. Anderson (wfrazee wynweb net)
Re: More along the lines of malware disinfection Mar 18 2008 07:26PM
M Lists (m-lists lucretia ca)
Re: More along the lines of malware disinfection Mar 18 2008 06:26PM
Mike Moratz-Coppins (mike mikeymike org uk) (2 replies)
Jon R. Kibler wrote:
> IMHO, anytime, repeat ANYTIME, you have an infected box, it is < 0%
> trustworthy. You can remove the malware, but how do you know that
> you found everything? You don't. Especially if the malware is some
> sort of downloader or spyware.
>
> Infected system? Back up the data, and ONLY the data, then (to quote
> Microsoft from RSA a couple of years ago) "Nuke it from space!".
>
> Bottom line: It is impossible to give any reasonable assurance that
> a box that was infected has been cleaned. Best solution: Never store
> use data on a client system (so you have nothing to back up) and
> simply reimage any suspect system (ZenWorks, Ghost, etc.). I have
> some clients that reimage every desktop every weekend just for good
> measure.

Purely monetarily speaking, I love the idea of reinstalling every
machine that gets a virus. I might have earnt about 4 times more money
than I have to date running my business, however I don't think customers
would appreciate their computer install being nuked every time they have
a malware issue. I would say that so far I've done about 50 installs of
Windows (computer building aside) whereas I have attended about 200
appointments where I have removed some form of malware from a computer.

Sure, you can't be absolutely 100% sure that a machine is 100% clean,
but quite frankly you can't be 100% sure that a cleanly-installed,
patched up-to-date machine hasn't somehow been compromised by a 100%
undetectable rootkit. When I go to an appointment, I check the usual
sources of 'programs being run on startup' registry entries that I'm
aware of, I check the process list, and I investigate further if I
observe any sign of a machine acting not 100% normal.

Computer fixing is rarely about 100% security (or anywhere near that),
as 100% security means "not usable".

--
Mike Moratz-Coppins
mike (at) mikeymike.org (dot) uk [email concealed]
http://www.mikeymike.org.uk/

[ reply ]
RE: More along the lines of malware disinfection Mar 19 2008 01:39PM
Devin Ganger (DevinG 3sharp com)
Re: More along the lines of malware disinfection Mar 18 2008 09:51PM
Colin Copley (colin 75 btinternet com) (1 replies)
RE: More along the lines of malware disinfection Mar 28 2008 01:55AM
Murda Mcloud (murdamcloud bigpond com)


 

Privacy Statement
Copyright 2010, SecurityFocus