Focus on Microsoft
More along the lines of malware disinfection Mar 18 2008 01:33PM
Mike Moratz-Coppins (mike mikeymike org uk) (3 replies)
RE: More along the lines of malware disinfection Mar 18 2008 06:08PM
Express Web Systems, Inc. (mailinglist expresshosting net) (1 replies)
Re: More along the lines of malware disinfection Mar 18 2008 06:28PM
Mike Moratz-Coppins (mike mikeymike org uk) (1 replies)
RE: More along the lines of malware disinfection Mar 28 2008 01:46AM
Murda Mcloud (murdamcloud bigpond com)
RE: More along the lines of malware disinfection Mar 18 2008 05:46PM
Devin Ganger (DevinG 3sharp com)
Re: More along the lines of malware disinfection Mar 18 2008 05:46PM
Jon R. Kibler (Jon Kibler aset com) (3 replies)
RE: More along the lines of malware disinfection Mar 18 2008 07:57PM
Wayne S. Anderson (wfrazee wynweb net) (2 replies)
RE: More along the lines of malware disinfection Mar 18 2008 09:07PM
Monahan, Jim (MONAHAJ ccf org)
Re: More along the lines of malware disinfection Mar 18 2008 08:56PM
Mike Moratz-Coppins (mike mikeymike org uk) (3 replies)
Re: More along the lines of malware disinfection Mar 19 2008 04:03PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (1 replies)
Re: More along the lines of malware disinfection Mar 19 2008 05:31PM
Mike Moratz-Coppins (mike mikeymike org uk) (2 replies)
Re: More along the lines of malware disinfection Mar 20 2008 09:21AM
Vincent Archer (archer tms frmug org)
Re: More along the lines of malware disinfection Mar 19 2008 08:33PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (2 replies)
RE: More along the lines of malware disinfection Mar 19 2008 11:21PM
Mark Brunner (mark_brunner hotmail com) (1 replies)
RE: More along the lines of malware disinfection Mar 28 2008 02:22AM
Murda Mcloud (murdamcloud bigpond com)
Re: More along the lines of malware disinfection Mar 19 2008 09:12PM
Mike Moratz-Coppins (mike mikeymike org uk) (3 replies)
Re: More along the lines of malware disinfection Mar 23 2008 01:06AM
pinowudi (pinowudi gmail com)
RE: More along the lines of malware disinfection Mar 20 2008 08:34AM
John Lightfoot (jlightfoot gmail com) (1 replies)
Re: More along the lines of malware disinfection Mar 20 2008 04:54PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (1 replies)
Re: More along the lines of malware disinfection Mar 23 2008 04:26AM
pinowudi (pinowudi gmail com)
Re: More along the lines of malware disinfection Mar 20 2008 12:41AM
Geekwench (geekwench hotmail com)
RE: More along the lines of malware disinfection Mar 18 2008 11:55PM
Devin Ganger (DevinG 3sharp com)
RE: More along the lines of malware disinfection Mar 18 2008 11:31PM
Wayne S. Anderson (wfrazee wynweb net)
Re: More along the lines of malware disinfection Mar 18 2008 07:26PM
M Lists (m-lists lucretia ca)
On Tue, 2008-18-03 at 12:46 -0500, Jon R. Kibler wrote:
> Mike Moratz-Coppins wrote:
> > When removing malware of one sort or another,
>
> <SNIP>
>
> Hi,
>
> IMHO, anytime, repeat ANYTIME, you have an infected box, it is < 0%
> trustworthy. You can remove the malware, but how do you know that
> you found everything? You don't. Especially if the malware is some
> sort of downloader or spyware.

Why is this? How can I trust my anti-<insert noun here) security
product;

A) Discovered and Diagnosed the problem accurately? I can't.
B) Determine the exact nature of the discovery? I can't.
C) Find a method of removing the infection? I can't.

So, I have to rely on:

1) Knowledge of the OS.
2) Knowledge of the filesystem.
3) Knowledge that everything comes from a file, and if the source is
determined, then 'everything else it does, even if it morphs..' can be
discovered and repaired.

Period.

If all these so called 'security' companies would publish more
information about malware, then I'd refute your argument 100%. But they
do not, hence much information is misclassified, misdiagnosed, and
simply not available.

This is the REAL problem, not whether or not you can repair a system or
'trust' a PC. Anyone who plugs a PC into the net and 'trusts' it is a
fool. You have to protect your PC and be aware of what problems mean.
For instance 'anytime' a system crashes, this should be taken seriously
but thanks to vendors like Microsoft we laugh and joke about it and
forget about it. However many crashes are results of bugs, and many
bugs are the exploits for malware.

See how this comes full circle?

>
> Infected system? Back up the data, and ONLY the data, then (to quote
> Microsoft from RSA a couple of years ago) "Nuke it from space!".

You go nukey boy...I for one would not agree. Today's malware is
capable (heck more likely) to be infecting your data, or better hiding
DORMANT in your data. Come on, you telling me the stegography has been
lost to malware developers? I don't think so.

Today I'm reading about cold-boot infections. Wow, imagine a co-worker
infecting PC's. It happens. but we don't stop folks from using PC's.

>
> Bottom line: It is impossible to give any reasonable assurance that
> a box that was infected has been cleaned. Best solution: Never store
> use data on a client system (so you have nothing to back up) and
> simply reimage any suspect system (ZenWorks, Ghost, etc.). I have
> some clients that reimage every desktop every weekend just for good
> measure.

Bottom Line: It is impossible to not be reinfected again. By reimaging
you could be perpetuating dormant malware for years to come.

[ reply ]
Re: More along the lines of malware disinfection Mar 18 2008 06:26PM
Mike Moratz-Coppins (mike mikeymike org uk) (2 replies)
RE: More along the lines of malware disinfection Mar 19 2008 01:39PM
Devin Ganger (DevinG 3sharp com)
Re: More along the lines of malware disinfection Mar 18 2008 09:51PM
Colin Copley (colin 75 btinternet com) (1 replies)
RE: More along the lines of malware disinfection Mar 28 2008 01:55AM
Murda Mcloud (murdamcloud bigpond com)


 

Privacy Statement
Copyright 2010, SecurityFocus