If you have your standard enterprise image up-to-date and an appropriate
delivery plan with centralized storage of user files, then moving to PXE
terminal-based systems (thin clients) that refresh on every boot or
regular reinstalls is not an issue for a regular user. If you are
talking about the common cable modem user, then you might consider
advising them to be prepared for an annual reinstall regardless of need.
It helps windows run better/faster and gives a yearly baseline of
known state. It's great right before tax filing time.
Mike Moratz-Coppins wrote:
Ansgar -59cobalt- Wiechers wrote:
Well, some of us just don't consider botnets acceptable. Apparently you
have a different opinion on that.
Neither do I. I just don't think it is necessary in a lot of cases to
wipe everything out in order to get rid of a malware infection.
I am perfectly aware that malware with rootkit-style capabilities can
render security tools useless, however I don't think I've yet seen a
case where every technique/tool I use has come up with negative results
when there are still symptoms of an infection.
Of course, I haven't yet been called out because a customer hasn't
noticed any symptoms of a system infection. I'm perfectly willing to
accept the possibility that a "100% undetectable" rootkit has slipped by
me at some point, after all, it could be on my system right now. It
could have been on that customer's system when all they asked me to do
was fix their printer problem.
Furthermore, I think if you take your point of view through to its
logical conclusion, you should be reinstalling all of your systems (and
any system you ever administrate) on an extremely regular basis. Good
luck with that.
