On Tue, 2008-18-03 at 12:46 -0500, Jon R. Kibler wrote: > Mike Moratz-Coppins wrote: > > When removing malware of one sort or another, > > <SNIP> > > Hi, > > IMHO, anytime, repeat ANYTIME, you have an infected box, it is < 0% > trustworthy. You can remove the malware, but how do you know that > you found everything? You don't. Especially if the malware is some > sort of downloader or spyware.
Why is this? How can I trust my anti-<insert noun here) security product; A) Discovered and Diagnosed the problem accurately? I can't. B) Determine the exact nature of the discovery? I can't. C) Find a method of removing the infection? I can't. So, I have to rely on: 1) Knowledge of the OS. 2) Knowledge of the filesystem. 3) Knowledge that everything comes from a file, and if the source is determined, then 'everything else it does, even if it morphs..' can be discovered and repaired. Period. If all these so called 'security' companies would publish more information about malware, then I'd refute your argument 100%. But they do not, hence much information is misclassified, misdiagnosed, and simply not available. This is the REAL problem, not whether or not you can repair a system or 'trust' a PC. Anyone who plugs a PC into the net and 'trusts' it is a fool. You have to protect your PC and be aware of what problems mean. For instance 'anytime' a system crashes, this should be taken seriously but thanks to vendors like Microsoft we laugh and joke about it and forget about it. However many crashes are results of bugs, and many bugs are the exploits for malware. See how this comes full circle? > > Infected system? Back up the data, and ONLY the data, then (to quote > Microsoft from RSA a couple of years ago) "Nuke it from space!". You go nukey boy...I for one would not agree. Today's malware is capable (heck more likely) to be infecting your data, or better hiding DORMANT in your data. Come on, you telling me the stegography has been lost to malware developers? I don't think so. Today I'm reading about cold-boot infections. Wow, imagine a co-worker infecting PC's. It happens. but we don't stop folks from using PC's. > > Bottom line: It is impossible to give any reasonable assurance that > a box that was infected has been cleaned. Best solution: Never store > use data on a client system (so you have nothing to back up) and > simply reimage any suspect system (ZenWorks, Ghost, etc.). I have > some clients that reimage every desktop every weekend just for good > measure. Bottom Line: It is impossible to not be reinfected again. By reimaging you could be perpetuating dormant malware for years to come.
