Focus on Microsoft
More along the lines of malware disinfection Mar 18 2008 01:33PM
Mike Moratz-Coppins (mike mikeymike org uk) (3 replies)
RE: More along the lines of malware disinfection Mar 18 2008 06:08PM
Express Web Systems, Inc. (mailinglist expresshosting net) (1 replies)
Re: More along the lines of malware disinfection Mar 18 2008 06:28PM
Mike Moratz-Coppins (mike mikeymike org uk) (1 replies)
RE: More along the lines of malware disinfection Mar 28 2008 01:46AM
Murda Mcloud (murdamcloud bigpond com)
RE: More along the lines of malware disinfection Mar 18 2008 05:46PM
Devin Ganger (DevinG 3sharp com)
Re: More along the lines of malware disinfection Mar 18 2008 05:46PM
Jon R. Kibler (Jon Kibler aset com) (3 replies)
RE: More along the lines of malware disinfection Mar 18 2008 07:57PM
Wayne S. Anderson (wfrazee wynweb net) (2 replies)
RE: More along the lines of malware disinfection Mar 18 2008 09:07PM
Monahan, Jim (MONAHAJ ccf org)
Re: More along the lines of malware disinfection Mar 18 2008 08:56PM
Mike Moratz-Coppins (mike mikeymike org uk) (3 replies)
I should point out one factor which I think makes a large difference in
the approach that one might take in encountering a security issue - the
vast majority of my customers are home users who just casually use their
machine. In a hypothetical situation of me being called in to analyse a
security compromise of a medium-sized business's system(s), my strategy
definitely would not factor in "can I fix this in under 3 hours".

Wayne S. Anderson wrote:
> You know, I want to point out to folks on this list that this is NOT an
> either/or situation. Much like any time we engage in computer forensics,
> there are processes we can institute as security professionals that allow
> for the removal of untrusted components via a clean install without complete
> loss of data.
>
> 1) Recognize that a system is compromised if it is infected with anything
> more than an embedded 'exploit'. (E.g. Email comes through that has HTML or
> something which is temporarily copied to a local cache when the email loads
> in the application. This is easy to fix. Any true "virus" which infects
> the host system at deeper than an individual application level is taboo.
> Toast.)

I used the term 'malware' because I believe that the threats are
becoming more and more blended.

> 2) Jon's point about reliability here is very key to the discussion. It is
> COMPLETELY irresponsible to warrant to a customer that you can certify a
> system safe after it has been infected with any manner of
> control-compromising code that has gone undetected/untreated for a period of
> time.

Do you see this as applying in a joe average home user scenario?

> As an individual consumer, I may choose to take that risk so there is
> an important distinction for the environment that you are asking this
> question on. On an enterprise level it is hard to imagine a small or medium
> business where this risk is acceptable.

Agreed.

> Realize that security is the intelligent application of principles and
> experience to maintain a balance between confidentiality, integrity, and
> accessibility for yourself, your customer, or your organization. Security
> doesn't have to be "wipe and restart" OR "remove the malware and continue
> using", there are other solutions out there. It is important to recognize
> that there are multiple possible approaches and you need to examine the
> risks and benefits of your (hopefully standardized) approach to regularly
> determine if it can be improved.

I assume you mean, in my average scenario (eg. home casual user got
their machine compromised through installing something while browsing
for porn) that my advising the customer of common-sense approaches as
well as possibly suggesting alternative software to help avoid similar
problems in the future, for example?

--
Mike Moratz-Coppins
mike (at) mikeymike.org (dot) uk [email concealed]
http://www.mikeymike.org.uk/

[ reply ]
Re: More along the lines of malware disinfection Mar 19 2008 04:03PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (1 replies)
Re: More along the lines of malware disinfection Mar 19 2008 05:31PM
Mike Moratz-Coppins (mike mikeymike org uk) (2 replies)
Re: More along the lines of malware disinfection Mar 20 2008 09:21AM
Vincent Archer (archer tms frmug org)
Re: More along the lines of malware disinfection Mar 19 2008 08:33PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (2 replies)
RE: More along the lines of malware disinfection Mar 19 2008 11:21PM
Mark Brunner (mark_brunner hotmail com) (1 replies)
RE: More along the lines of malware disinfection Mar 28 2008 02:22AM
Murda Mcloud (murdamcloud bigpond com)
Re: More along the lines of malware disinfection Mar 19 2008 09:12PM
Mike Moratz-Coppins (mike mikeymike org uk) (3 replies)
Re: More along the lines of malware disinfection Mar 23 2008 01:06AM
pinowudi (pinowudi gmail com)
RE: More along the lines of malware disinfection Mar 20 2008 08:34AM
John Lightfoot (jlightfoot gmail com) (1 replies)
Re: More along the lines of malware disinfection Mar 20 2008 04:54PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (1 replies)
Re: More along the lines of malware disinfection Mar 23 2008 04:26AM
pinowudi (pinowudi gmail com)
Re: More along the lines of malware disinfection Mar 20 2008 12:41AM
Geekwench (geekwench hotmail com)
RE: More along the lines of malware disinfection Mar 18 2008 11:55PM
Devin Ganger (DevinG 3sharp com)
RE: More along the lines of malware disinfection Mar 18 2008 11:31PM
Wayne S. Anderson (wfrazee wynweb net)
Re: More along the lines of malware disinfection Mar 18 2008 07:26PM
M Lists (m-lists lucretia ca)
Re: More along the lines of malware disinfection Mar 18 2008 06:26PM
Mike Moratz-Coppins (mike mikeymike org uk) (2 replies)
RE: More along the lines of malware disinfection Mar 19 2008 01:39PM
Devin Ganger (DevinG 3sharp com)
Re: More along the lines of malware disinfection Mar 18 2008 09:51PM
Colin Copley (colin 75 btinternet com) (1 replies)
RE: More along the lines of malware disinfection Mar 28 2008 01:55AM
Murda Mcloud (murdamcloud bigpond com)


 

Privacy Statement
Copyright 2010, SecurityFocus