L
Leythos
Most of us the worked on computers for a living have run across many
compromised computers with many different types of malware.
As people post with compromised machines we direct them to all of the
tools that we know about in an effort to help them regain use of their
machines in a malware free mode, or at least enough access to backup
their documents and files to restore later.
What is really at question is the ability of the current tools we have
to clean 100% of the malware 100% of the time in the current and future
environment for a givem machine at a given instant.
This thread is not personal, about anyone's skills, about any
individual, it's only about cleaning malware off machines to the point
that we could state that 100% of all malware, known and unknown, is
removed from the machine at the moment you finish cleaning it.
Do you feel 100% certain that your tools and skills can clean a
compromised machine, 100% of the time, without any malware, known or
unknow, remaining on the machine - 100% of the time?
Since I don't believe that any one can actually say "YES" without
limitations, then how do we help all of these clueless users ensure
their machines are clean?
We all know that you can wipe/reboot/install from clean disks, in a
clean environment, and the machine will be clean at that moment.
We all know that it takes between 30~90 minutes to restore a machine
from scratch (depending on the method, quicker for ghost images), and
that it's time consuming to get everything back to normal for customers.
We all know that no one wants to wipe/reinstall as it means lots of
extra work.
Now, we also know that removing the malware can take hours in some
cases, most takes less. For some malware you have to boot to the
recovery console and manually remove it.
So, it comes down to this - clean their system enough to save files to
CD/DVD, then wipe it to ensure that the malware is 100% removed and the
system is clean enough to be certified as clean.
While most of us will just clean a machine and reboot it several times,
check the registry, tasks, netstat, etc.... then run the malware removal
tools several times, etc... It just means that we're willing to take the
level of risk for not having to put the time in to ensure that the
system is 100% certified clean, which means we don't really want to
reinstall everything again
I know that some will claim they can perfectly clean a machine, but, if
you're really that sure you can clean 100% of malware, 100% of the time,
now and in the future, of known and unknown malware, without a
wipe/reinstall, then I think you're just fooling yourself.
Again, are we assuming that by providing "reactionary" tools and methods
that don't wipe/reinstall, that we're doing visitors to this group (and
others) justice and actually providing them with a 100% clean platform
to continue with?
compromised computers with many different types of malware.
As people post with compromised machines we direct them to all of the
tools that we know about in an effort to help them regain use of their
machines in a malware free mode, or at least enough access to backup
their documents and files to restore later.
What is really at question is the ability of the current tools we have
to clean 100% of the malware 100% of the time in the current and future
environment for a givem machine at a given instant.
This thread is not personal, about anyone's skills, about any
individual, it's only about cleaning malware off machines to the point
that we could state that 100% of all malware, known and unknown, is
removed from the machine at the moment you finish cleaning it.
Do you feel 100% certain that your tools and skills can clean a
compromised machine, 100% of the time, without any malware, known or
unknow, remaining on the machine - 100% of the time?
Since I don't believe that any one can actually say "YES" without
limitations, then how do we help all of these clueless users ensure
their machines are clean?
We all know that you can wipe/reboot/install from clean disks, in a
clean environment, and the machine will be clean at that moment.
We all know that it takes between 30~90 minutes to restore a machine
from scratch (depending on the method, quicker for ghost images), and
that it's time consuming to get everything back to normal for customers.
We all know that no one wants to wipe/reinstall as it means lots of
extra work.
Now, we also know that removing the malware can take hours in some
cases, most takes less. For some malware you have to boot to the
recovery console and manually remove it.
So, it comes down to this - clean their system enough to save files to
CD/DVD, then wipe it to ensure that the malware is 100% removed and the
system is clean enough to be certified as clean.
While most of us will just clean a machine and reboot it several times,
check the registry, tasks, netstat, etc.... then run the malware removal
tools several times, etc... It just means that we're willing to take the
level of risk for not having to put the time in to ensure that the
system is 100% certified clean, which means we don't really want to
reinstall everything again
I know that some will claim they can perfectly clean a machine, but, if
you're really that sure you can clean 100% of malware, 100% of the time,
now and in the future, of known and unknown malware, without a
wipe/reinstall, then I think you're just fooling yourself.
Again, are we assuming that by providing "reactionary" tools and methods
that don't wipe/reinstall, that we're doing visitors to this group (and
others) justice and actually providing them with a 100% clean platform
to continue with?