+100. Microsoft wrote something similar 5-7 years ago. So this is old news, stated again for those who have forgotten that there is *no* 100% guaranteed recovery from a compromise short of re-installation starting from read-only media.
And I've stated again and again and again, if you use the compromised system as a toy, sure I'll clean it for you, but if you use the system for anything serious (finance/shopping/identity-related), the only 100%-guaranteed-clean solution is nuke and pave. Carl -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Monday, June 27, 2011 7:14 PM To: NT System Admin Issues Subject: Re: This is - unsettling... On Mon, Jun 27, 2011 at 6:19 PM, Kurt Buff <[email protected]> wrote: > Not that it isn't good practice anyway, but to have MSFT saying > they're helpless is a bit disquieting. If a system has suffered system compromise, the only course of action which can give you assurance of trust is to reinstall everything from known-good media. Any other course of action depends on the software which you've already established is compromised. This isn't really anything new. It's been a CERT recommendation for something like two decades now. The use of the MBR, or not, is really irrelevant. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
