If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Can you really 100% clean a compromised machine 100% of the time without wiping it?
Leythos wrote:
Most of us the worked on computers for a living have run across many compromised computers with many different types of malware. As people post with compromised machines we direct them to all of the tools that we know about in an effort to help them regain use of their machines in a malware free mode, or at least enough access to backup their documents and files to restore later. What is really at question is the ability of the current tools we have to clean 100% of the malware 100% of the time in the current and future environment for a givem machine at a given instant. This thread is not personal, about anyone's skills, about any individual, it's only about cleaning malware off machines to the point that we could state that 100% of all malware, known and unknown, is removed from the machine at the moment you finish cleaning it. Do you feel 100% certain that your tools and skills can clean a compromised machine, 100% of the time, without any malware, known or unknow, remaining on the machine - 100% of the time? Since I don't believe that any one can actually say "YES" without limitations, then how do we help all of these clueless users ensure their machines are clean? We all know that you can wipe/reboot/install from clean disks, in a clean environment, and the machine will be clean at that moment. We all know that it takes between 30~90 minutes to restore a machine from scratch (depending on the method, quicker for ghost images), and that it's time consuming to get everything back to normal for customers. We all know that no one wants to wipe/reinstall as it means lots of extra work. Now, we also know that removing the malware can take hours in some cases, most takes less. For some malware you have to boot to the recovery console and manually remove it. So, it comes down to this - clean their system enough to save files to CD/DVD, then wipe it to ensure that the malware is 100% removed and the system is clean enough to be certified as clean. While most of us will just clean a machine and reboot it several times, check the registry, tasks, netstat, etc.... then run the malware removal tools several times, etc... It just means that we're willing to take the level of risk for not having to put the time in to ensure that the system is 100% certified clean, which means we don't really want to reinstall everything again I know that some will claim they can perfectly clean a machine, but, if you're really that sure you can clean 100% of malware, 100% of the time, now and in the future, of known and unknown malware, without a wipe/reinstall, then I think you're just fooling yourself. Again, are we assuming that by providing "reactionary" tools and methods that don't wipe/reinstall, that we're doing visitors to this group (and others) justice and actually providing them with a 100% clean platform to continue with? I'm not 100% sure I'll wake up every morning.. (or even where sometimes..) So - it would be ridiculous for anyone to claim 100% certainty on anything with as many variables as that. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
Ads |
#2
|
|||
|
|||
Can you really 100% clean a compromised machine 100% of the timewithout wiping it?
Shenan Stanley wrote:
Leythos wrote: Most of us the worked on computers for a living have run across many compromised computers with many different types of malware. As people post with compromised machines we direct them to all of the tools that we know about in an effort to help them regain use of their machines in a malware free mode, or at least enough access to backup their documents and files to restore later. What is really at question is the ability of the current tools we have to clean 100% of the malware 100% of the time in the current and future environment for a givem machine at a given instant. This thread is not personal, about anyone's skills, about any individual, it's only about cleaning malware off machines to the point that we could state that 100% of all malware, known and unknown, is removed from the machine at the moment you finish cleaning it. Do you feel 100% certain that your tools and skills can clean a compromised machine, 100% of the time, without any malware, known or unknow, remaining on the machine - 100% of the time? Since I don't believe that any one can actually say "YES" without limitations, then how do we help all of these clueless users ensure their machines are clean? We all know that you can wipe/reboot/install from clean disks, in a clean environment, and the machine will be clean at that moment. We all know that it takes between 30~90 minutes to restore a machine from scratch (depending on the method, quicker for ghost images), and that it's time consuming to get everything back to normal for customers. We all know that no one wants to wipe/reinstall as it means lots of extra work. Now, we also know that removing the malware can take hours in some cases, most takes less. For some malware you have to boot to the recovery console and manually remove it. So, it comes down to this - clean their system enough to save files to CD/DVD, then wipe it to ensure that the malware is 100% removed and the system is clean enough to be certified as clean. While most of us will just clean a machine and reboot it several times, check the registry, tasks, netstat, etc.... then run the malware removal tools several times, etc... It just means that we're willing to take the level of risk for not having to put the time in to ensure that the system is 100% certified clean, which means we don't really want to reinstall everything again I know that some will claim they can perfectly clean a machine, but, if you're really that sure you can clean 100% of malware, 100% of the time, now and in the future, of known and unknown malware, without a wipe/reinstall, then I think you're just fooling yourself. Again, are we assuming that by providing "reactionary" tools and methods that don't wipe/reinstall, that we're doing visitors to this group (and others) justice and actually providing them with a 100% clean platform to continue with? I'm not 100% sure I'll wake up every morning.. (or even where sometimes..) So - it would be ridiculous for anyone to claim 100% certainty on anything with as many variables as that. I understand that the most secure server is one encased in a concrete room, well underground with no incoming or outgoing wires (yes, deductions can be made purely from observations of mains power use). The trouble is that it ceases to be a server. On the otherhand, the most functional server is one that can be reached freely but this tends to be the least secure Between these two extremes are the do-able IMO |
#3
|
|||
|
|||
Can you really 100% clean a compromised machine 100% of the time without wiping it?
In ,
deebs had this to say: My reply is at the bottom of your sent message: Between these two extremes are the do-able IMO Heyya Deebs... Pick what you want to do, know what the risks are, and then make your choice based on what you want to accomplish today. That's my truthful recommendation. If you LIKE using a poker playing program and don't mind leeking your personal information or make it a point not to keep any real info on there and don't mind your PC slowing down when you fill it full of trash then so be it. Who am I to say what you can't do? What I do think is that there should be some sort of minimal standard of protection (with optional over-ride until the point at which they become a source of infection) enforced by the ISP. Now that'd be alright... -- Galen - MS MVP - Windows (Shell/User & IE) http://dts-l.org/ Please note that if you're reading this in a browser and the domain is not owned by Microsoft then this work is being used without permission. Access MS Newsgroups : http://kgiii.info/windows/all/general/msnewsgroups.html |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Can you really 100% clean a compromised machine 100% of the time without wiping it? | Kerry Brown | General XP issues or comments | 9 | November 23rd 05 06:19 PM |
Can you really 100% clean a compromised machine 100% of the time w | MidwestTech | General XP issues or comments | 8 | November 15th 05 05:58 AM |
Can you really 100% clean a compromised machine 100% of the time without wiping it? | Mike Hall \(MS-MVP\) | General XP issues or comments | 0 | November 14th 05 08:00 PM |
Can you really 100% clean a compromised machine 100% of the time without wiping it? | Sharon F | General XP issues or comments | 0 | November 14th 05 06:30 PM |
Can you really 100% clean a compromised machine 100% of the time without wiping it? | Sharon F | Windows XP Help and Support | 0 | November 14th 05 06:30 PM |