According to Mike Moratz-Coppins:
> that there isn't something more sinister lurking around the system, then
> as soon as any form of malware is found, then the logic of a lot of
> people on this list dictates that the computer must be wiped and
> clean-installed.

Quite frankly, yes.

That's if you want the most security. But security is a usually a risk
calculations: how much are you willing to risk, vs. how much functionality
and comfort do you want. Clean install and patching requires lots of work
(lost functionality for the down time, licenses to reactivate, probability
of being unable to reinstall an old software), and if you're dealing with
a "known" infection, you might be willing to forego this whole process
for the convenience of simply eradicating the small infection, and living
with the increased risk of a bigger infection hidden somewhere.

It all boils down to a standard risk analysys.

> While there is a possibility that there could be "undetectable malware"
> on the machine, I believe that, as a general policy, assuming there is
> without any trace of evidence whatsoever is pure paranoia. There are

It is not pure paranoia. There are some sophisticated (and rare) piece
of malware out there, and the absence of known/detected malware is not
equal to the absence of malware at all. There's always a risk that any
system is compromised. It's quite low, but it exists.

Knowing that a system HAS been compromised means that the risk of non
detected malware being there is higher than a system that was never
compromised at all.

> I also think if you resort to the wipe-install strategy as your general
> answer to malware, then there is so much that you haven't learnt about
> how malware tends to work on Windows, how it hides itself, how it stops
> the admin from trying to remove it, and also quite a few quirks of
> Windows. I'm not suggesting that I've learnt all there is to learn on
> this topic either, but I have learnt quite a few strategies in the time
> that I've been in business, and it can be quite mentally stimulating work.

It all boils down to risk analysys. Some of us are professionally risk
averse. Myself included.

> To throw in an analogy (and I'm known for my sometimes-terrible
> analogies), if your house has been burgled, I swear that some of you
> would insist on burning it to the ground and building a new one.

That would be equivalent to throwing away the entire PC, screen,
keyboard, and buying a brand new one.

No, we're merely advocating replacing all door locks, even if there's
no evidence that the burglar took a copy of your keys, and replacing any
window frame that might have been tampered with for easier access.
And for some of us, yes, a burgled house would mean a team of experts
coming, throwing all your old furniture, and sweeping for planted bugs,
because that's what might be the risk.

Risk analysys. That's the watch-word.

--
Vincent Archer Email: archer (at) tms.frmug (dot) org [email concealed]

All men are mortal. Socrates was mortal. Therefore, all men are Socrates.
(Woody Allen)

[ reply ]