|
Posted by Root Kit on June 24, 2008, 7:26 am
If you were Registered and logged in, you could reply and use other advanced thread options
wrote:
>it is you who does not understand the nature of modern malware if you
>think a generic removal procedure like wipe-n-reinstall is sufficient
>for recovery....
How did you get the idea I might think that was sufficient? We were
talking about removing malware from an infected machine - not about
total recovery.
>it's no longer just about what *got on to* your computer but also about
>what *got out*... a generic removal procedure won't help you determine
>what kinds of sensitive information may have gotten leaked and the
>frequency of compromise for most average people makes acting like it all
>got leaked each time completely unmanageable...
What "got out" is a little hard to get back, isn't it? - Anyway,
cleaning an infected machine and doing forensic analysis are too
different things.
>diagnosis/thorough knowledge is required in order to have some idea of
>what secondary effects the malware might have had besides just intruding
>into the pc, and once such thorough knowledge is had the sledge hammer
>approach is no longer necessary...
Once again, unless you have a baseline you cannot obtain such
"thorough knowledge".
>generic removal (note, not the same as recovery) may still be more
>expedient once you have thorough knowledge of the problem, but
>wipe-n-reinstall is still sub-optimal...
Once again, unless you have a baseline you cannot obtain such
"thorough knowledge".
>restoring from an image is
>better as you don't run the risk of forgetting to apply security-related
>configuration changes that you made the first time 'round... also, it's
>generally faster than re-installing...
Yes. it may be better. I usually use the phrase "revert to a known
clean state" - which ultimately (unless you have something like a
known good image) means flatten and rebuild.
| 
XML site map