Can you really 100% clean a compromised machine 100% of the time without wiping it?

[Drew Tognola]

Draino,

Well, for one reason, personally it takes me two full days to get my tweaks
& settings back to where I want them (probably longer). I work with people
who transfer files to different printers for document printing, they do this
with a computer console. But have repair something using Windows XP and half
of them are lost.

It's safe to say you'll always be in business because of this.

Drew

 

[Kerry Brown]

Ok here's the deal. I think the only way to "Certify 100% Clean" is to
format
and re-install the OS...........period.

The bottom line is I can save all of the customers data, do a fomat,
re-install with all the updates and install anti-virus software in about
1½
hours. Plus setup file sharing, networking, and make many tweaks. Why even
mess around trying to clean when most of the time it is just not going to
work.

I get $130.00 for each machine, flat rate. I usually do about 10 machines
a
month, so it makes for some nice pocket money.

When the customer ruins their machine again I do it all over again and
charge the same money.

You must move at light speed, have a very fast Internet connection, some way
of temporarily overclocking the customer's pc, and spend a lot of time
maintaining a very large collection of drivers and slipstreamed Windows
CD's. On a normal XP machine say a P4 2.0 GHz, 512 MB ram, PATA hard drive,
ATI or Nvdia graphics it takes at least 1 1/2 hours just to install
Windows, install the latest drivers, download Windows updates and install an
antivirus. Add anything unusual or a lesser machine (say a Celeron or Duron
with 256 MB) in the mix and it will take longer. This doesn't include
backing up then restoring their data. A typical customer has at least 5 to
10 GB of data they want saved. To be safe you should actually take an image
of their current system which is likely to be greater than 20 GB. If the pc
doesn't have USB 2.0 or firewire the backup process will be slow. You would
have to backup via LAN, USB 1.1 or open the case and install another drive.
If they have Office or any other significant apps to reinstall it will take
longer again. I charge two hours to do what you claim to do in 1 1/2. It
usually takes around three to do it properly but two is the going rate. The
saving grace is a lot of time while Windows is installing can be spent
working on another machine. I'm not saying it can't be done in 1 1/2 hours.
I have done it on fairly simple configurations.I am saying it usually takes
around double that to do the job properly. Some comments from others would
be good. Maybe I'm being too picky and/or doing more work than normal.

Kerry

 

[Richard Urban]

I think we are looking at a realistic time of about 3, or more, hours to do
what Draino says he does in 1 1/2 hours.

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Shenan Stanley]

Ok here's the deal. I think the only way to "Certify 100% Clean" is
to format and re-install the OS...........period.

The bottom line is I can save all of the customers data, do a fomat,
re-install with all the updates and install anti-virus software in
about 1½ hours. Plus setup file sharing, networking, and make
many tweaks.

Why even mess around trying to clean when most of the time it is
just not going to work.

I get $130.00 for each machine, flat rate. I usually do about 10
machines a
month, so it makes for some nice pocket money.

When the customer ruins their machine again I do it all over again
and charge the same money.

You must move at light speed, have a very fast Internet connection,
some way of temporarily overclocking the customer's pc, and spend a
lot of time maintaining a very large collection of drivers and
slipstreamed Windows CD's. On a normal XP machine say a P4 2.0 GHz,
512 MB ram, PATA hard drive, ATI or Nvdia graphics it takes at least
1 1/2 hours just to install Windows, install the latest drivers,
download Windows updates and install an antivirus. Add anything
unusual or a lesser machine (say a Celeron or Duron with 256 MB) in
the mix and it will take longer. This doesn't include backing up
then restoring their data. A typical customer has at least 5 to 10
GB of data they want saved. To be safe you should actually take an
image of their current system which is likely to be greater than 20
GB. If the pc doesn't have USB 2.0 or firewire the backup process
will be slow. You would have to backup via LAN, USB 1.1 or open the
case and install another drive. If they have Office or any other
significant apps to reinstall it will take longer again. I charge
two hours to do what you claim to do in 1 1/2. It usually takes
around three to do it properly but two is the going rate. The saving
grace is a lot of time while Windows is installing can be spent
working on another machine. I'm not saying it can't be done in 1 1/2
hours. I have done it on fairly simple configurations.I am saying it
usually takes around double that to do the job properly. Some
comments from others would be good. Maybe I'm being too picky and/or
doing more work than normal.

I think we are looking at a realistic time of about 3, or more, hours
to do what Draino says he does in 1 1/2 hours.

Let's see.. I have done what was described MANY times.

If you have, say, a 2GHz machine, 512MB RAM.. 40GB hard drive 1/2 full..
And if you:
- make a list of all applications installed and users on the machine
- export the users email/contacts/favorites to a network location(easier
now.)
- image the machine (to a network location) to guarantee you miss nothing
- download/locate any unusual software/drivers while it images
- have an unattended process in place (like
http://unattended.sourceforge.net)
and redo the machine from scratch
(using the customer's keys of course - but installing all the free
plugins/antispyware/utilities you know they should have as well)
(this part also includes installing those "weird apps" you invariably
find)
- tweak and create a default user profile and all users from the list you
made
- log in as the main user (now - this assumes you have agreed not to
recreate all userrs - just one.)
- copy their data files from the backups and image file to their machine
(as well as you can)
- burn the image to a CD/DVD (multiple usually) as backup.
- test and return machine to user..

We are talking a minimum of 4 hours and I am sure I am leaving out things I
normally do.

While it is true a full reinstall of:
- Windows XP - all patches/tweaks/neededd drivers
- MS Office
- Quicktime
- K-Lite Codec Pack (Basic)
- Real Alternative
- Adobe Acrobat Reader
- Some Antivirus
- AdAware, Spybot, Bazooka, SpywareBlaster, IE-SpyAd
- Firefox
- Some CD/DVD burning software
- etc.

Will take about an hour and half to do - it's not the time consuming part.
Neither is the ghost backup (10 to 60 minutes dependent on amount of data.)
The time consuming parts are the parts where we decide to mess with the
users stuff - recreate it as best as we can so they are comfortable with
their computer. Good choice? maybe not. If all you did was backup and
reinstall - maybe 2 to 2½ hours. With the extra effort - 3 to 5 hours. If
you can get them to buy your imaging product so they can have the image
reader - maybe you could get away with just giving them their image to sort
through on their own. heh

 

[Kerry Brown]

Will take about an hour and half to do - it's not the time consuming part.
Neither is the ghost backup (10 to 60 minutes dependent on amount of
data.) The time consuming parts are the parts where we decide to mess with
the users stuff - recreate it as best as we can so they are comfortable
with their computer. Good choice? maybe not. If all you did was backup
and

Definately a good choice if you want repeat customers.

reinstall - maybe 2 to 2½ hours. With the extra effort - 3 to 5 hours.
If you can get them to buy your imaging product so they can have the image
reader - maybe you could get away with just giving them their image to
sort through on their own. heh

Thank you Shenan and Richard. I think it's good to review your business
procedures once in a while. You've reinforced my belief that doing it right
is worth it.

Kerry

 

[Kerry Brown]

Are you using an addin for OE? I like the way who said what is separated out
in your replies.

Kerry

 

[Guest]

First of all everone here had to understand the issue here......"TIME vs.
MONEY"

A brand new machine will only cost $350.00 dollars from DELL.

So with that in mind you MUST come in at no more than $150.00 or most people
won't spend the money or they will just get a new machine, at least that's
their logic.

Assymilating a machine into my network takes 2 minutes. A copy backup of the
MY DOCUMENTS folder take about 5 minutes at most.

A machine designed for XP will install in 39 minutes (XPSP2 intergrated with
all updates). So now we are at about 44 minutes. I install Norton 2005 on all
XP machines, Microsoft Anit Spyware Beta, Ad-Aware and Spybot Search &
Destroy. So add 30 minutes for that and that's my 1½.

I don't install and/or configure any Office programs or configure any e-mail
programs......they did it once they can do it again.

I will install a print driver for them. At least that way they can print
when they hook up their computer.

95% of all clients don't have anything they want saved anyway..

OK so real world about 2 hours MAX. Nothing ever goes as planned

-D-

 

[Shenan Stanley]

First of all everone here had to understand the issue
here......"TIME vs. MONEY"

We all understand that - no one questioned how much you charged.

A brand new machine will only cost $350.00 dollars from DELL.

+Tax and shipping - although sometime you get lucky with free shipping and
it is not much of a machine - very few people I know go with the base unit
like that.

So with that in mind you MUST come in at no more than $150.00 or
most people won't spend the money or they will just get a new
machine, at least that's their logic.

No one questioned the amount of money charged that I know of.

Assymilating a machine into my network takes 2 minutes. A copy
backup of the MY DOCUMENTS folder take about 5 minutes at most.

hahah
5 minutes at most.
Yep - I have seen people with 60GB music in "My Music" and 30GB video in "My
Video".. If you can do that in 5 minutes - I want your network.

A machine designed for XP will install in 39 minutes (XPSP2
intergrated with all updates). So now we are at about 44 minutes. I
install Norton 2005 on all XP machines, Microsoft Anit Spyware
Beta, Ad-Aware and Spybot Search & Destroy. So add 30 minutes for
that and that's my 1½.

No one argued that - matter of fact - I confirmed if nothing else. Matter
of fact - reading the next paragraph makes me think you need to learn to
automate more - because it was 1.5 hours for me to install office and all
the plugins, etc - and that is NOT my time spent in front of it - but off
doing whatever else it is I want to do. =)

I don't install and/or configure any Office programs or configure
any e-mail programs......they did it once they can do it again.

Actually - big assumption most of the time.. Somewhat valid - if their kids
still live at home. heh

I will install a print driver for them. At least that way they can
print when they hook up their computer.

I guess they have to tell you what printer?

95% of all clients don't have anything they want saved anyway..

Your clients aren't my clients then. I would say the ratio may be closer to
35% could care less if they lose their email.. their contacts.. their
pictures.. their music.. their videos.. their favorites.. etc.

OK so real world about 2 hours MAX. Nothing ever goes as planned

As I said - doing it your way would take 1.5 to 2.5 hours - depending on
amount of data being backed up. As you seem to back up very little (you
have some strange customers that could care less about their stuff or you
have learned to stay quiet about how much they are likely losing.. heh) -
1.5 to 2 hours seems about right.. But I could not - unless requested after
they knew what all they would be losing - bring myself to do that. I know
how much I would hate to lose most of my stuff (and you wouldn't be redoing
mine in no 2 hours - even with your method of copying just "My Documents".
heh

Money - yes - you must charge at least two hours labor for a rebuild - I
wouldn't argue that at all.
Heck - I would charge at least that for cleanup as well.

 

[Kerry Brown]

First of all everone here had to understand the issue here......"TIME vs.
MONEY"

A brand new machine will only cost $350.00 dollars from DELL.

So with that in mind you MUST come in at no more than $150.00 or most
people
won't spend the money or they will just get a new machine, at least that's
their logic.

Assymilating a machine into my network takes 2 minutes. A copy backup of
the
MY DOCUMENTS folder take about 5 minutes at most.

A machine designed for XP will install in 39 minutes (XPSP2 intergrated
with
all updates). So now we are at about 44 minutes. I install Norton 2005 on
all
XP machines, Microsoft Anit Spyware Beta, Ad-Aware and Spybot Search &
Destroy. So add 30 minutes for that and that's my 1½.

I don't install and/or configure any Office programs or configure any
e-mail
programs......they did it once they can do it again.

I will install a print driver for them. At least that way they can print
when they hook up their computer.

95% of all clients don't have anything they want saved anyway..

OK so real world about 2 hours MAX. Nothing ever goes as planned

-D-

It may work for you but most of my clients want for more than My Documents
backed up. If they have teenagers you have to find all the mp3's which could
be anywhere. Every p2p program seems to store them in a different place.
Some camera software doesn't store photos in My Documents. I'd hate to
explain where their wedding photos went. What if there is more than one
user? Most of my cients have their kids set up as separate users. What about
email? You have to figure out what email client they use and transfer
accounts and email for each user. The Files and Settings Transfer Wizard is
a big help but you still have to double check the rest of the drive(s) for
data as well. The backup and restore is what takes the time to do properly
and what creates a loyal customer. I do agree if you charge too much they
will go elsewhere. As for them buying a Dell I say have at it. I make more
money from them when they get the Dell and then can't figure out how to
transfer all their data. All I have to do then is the backup and restore and
I get to charge the same two hours

Kerry

 

[Plato]

I get $130.00 for each machine, flat rate. I usually do about 10 machines a
month, so it makes for some nice pocket money.

Many of us do not have that option to do fresh installs to repair easily
fixed, or even difficult fixed, problems.

Many of us have business customers that have 20 or more apps installed
and configured and it would take days to install/configure them again.
So, we fix the pc, rather then format new.

 

[Paul Knudsen]

Ok here's the deal. I think the only way to "Certify 100% Clean" is to format
and re-install the OS...........period.

The bottom line is I can save all of the customers data, do a fomat,
re-install with all the updates and install anti-virus software in about 1½
hours. Plus setup file sharing, networking, and make many tweaks. Why even
mess around trying to clean when most of the time it is just not going to
work.

I get $130.00 for each machine, flat rate. I usually do about 10 machines a
month, so it makes for some nice pocket money.

When the customer ruins their machine again I do it all over again and
charge the same money.

Heheh, not a bad deal. I should try it.

 

[-Draino-]

Inline

money from them when they get the Dell and then can't figure out how to
transfer all their data. All I have to do then is the backup and restore
and I get to charge the same two hours

Good point there. And very true.

In any event it won't take long for them to ruin the new machine anyway.

-D-

 

[-Draino-]

Hey Shenan,

Ya I wasn't really commenting so much about the cost just more so about the
time involved. I don't mind spending all the time in the world on MY
machine, but as we all know the more you install the more time it is going
to take.

I have found that in my experience that most people want all their pictures
and that's about it. Yes some do want the vids and mp3's as well but on a
cable we are running at 100Mbps so it's not so bad, I can have breakfast
while all that's happening.

I always ask about the printer or I just get the info from the computer
before I format. People for some reason think that the printer is part of
the computer and they expect it to work.

In any event the thread started out asking about if cleaning up a machine
was 100% effective. I was really just saying that for the time involved, in
most cases a format and install would be the fastest and guarantee a 100%
clean machine.

-D-

 

[-Draino-]

I hear that and I always get nervous because I find that if I have to do
things the hard way it is going to cost a lot of money and for a business
that is ok, for a home user it may not be acceptable.

-D-

 

[-Draino-]

Let's see.. I have done what was described MANY times.

If you have, say, a 2GHz machine, 512MB RAM.. 40GB hard drive 1/2 full..
And if you:
- make a list of all applications installed and users on the machine
- export the users email/contacts/favorites to a network location(easier
now.)
- image the machine (to a network location) to guarantee you miss nothing
- download/locate any unusual software/drivers while it images
- have an unattended process in place (like
http://unattended.sourceforge.net)
and redo the machine from scratch
(using the customer's keys of course - but installing all the free
plugins/antispyware/utilities you know they should have as well)
(this part also includes installing those "weird apps" you invariably
find)
- tweak and create a default user profile and all users from the list you
made
- log in as the main user (now - this assumes you have agreed not to
recreate all userrs - just one.)
- copy their data files from the backups and image file to their machine
(as well as you can)
- burn the image to a CD/DVD (multiple usually) as backup.
- test and return machine to user..

We are talking a minimum of 4 hours and I am sure I am leaving out things
I normally do.


While it is true a full reinstall of:
- Windows XP - all patches/tweaks/neededd drivers
OK

- MS Office

Not part of the OS, not my problem. This is an EXTRA $$

- Quicktime
NEVER

- K-Lite Codec Pack (Basic)
NEVER

- Real Alternative
NEVER

- Adobe Acrobat Reader
Sometimes

- Some Antivirus
OK

- AdAware, Spybot, Bazooka, SpywareBlaster, IE-SpyAd

Check list over at http://www.spywarewarrior.com/rogue_anti-spyware.htm
(Bazooka, SpywareBlaster, and IE-SpyAd not needed)

- Firefox

Firefox??? Firefox has come under heavy fire lately. I would never ever
install this browser on any machine as a default browser. Wait for IE7, and
in the mean time use IE6.

- Some CD/DVD burning software

Never, it comes built in XP

- etc.

Will take about an hour and half to do - it's not the time consuming part.
Neither is the ghost backup (10 to 60 minutes dependent on amount of
data.) The time consuming parts are the parts where we decide to mess with
the users stuff - recreate it as best as we can so they are comfortable
with their computer. Good choice? maybe not. If all you did was backup
and reinstall - maybe 2 to 2½ hours. With the extra effort - 3 to 5
hours. If you can get them to buy your imaging product so they can have
the image reader - maybe you could get away with just giving them their
image to sort through on their own. heh

Ya images are great. The thing is trying to get one from the manufacture for
a paticular machine might not be possible.

 

[Shenan Stanley]

Are you using an addin for OE? I like the way who said what is
separated out in your replies.

I am - I use OE-QuoteFix.
It does *not* do everything you see in my posts - some of that is manual.
I'm a bit picky about how my posts appear. *grin*

 

[Kerry Brown]

I am - I use OE-QuoteFix.
It does *not* do everything you see in my posts - some of that is manual.
I'm a bit picky about how my posts appear. *grin*

Thanks, I'll take a look at it.

Kerry

 

[Plato]

I hear that and I always get nervous because I find that if I have to do
things the hard way it is going to cost a lot of money and for a business
that is ok, for a home user it may not be acceptable.

Let me add some things to clarify what I said. We try to fix a business
machine instead of starting fresh because with all those
apps/settings/etc installed it could take a day to get the pc back to
what it was if you started fresh. Many have very complex network
settings as well. So, it's cheaper for the business to "work the
problem".

Of course there are many type of business pcs the ones I'm talking about
are those with desktop full of icons and they use them all. Then you
have to find printer drivers, mobo drivers, etc. Then they may have
custom apps that you may have to call the software maker to get the
right tweaks/settings.

So you may spend a few hours fixing, or even an entire morning, but it's
better than the business having to pay you for an entire day. Besides,
they want the pc up asap. Even if some [not-so-essential] apps dont work
just yet.

Now for the home user. Interestingly, even tho you get the call, go
over, and figure for a hour or so work, you could probably get the
computer back to 95% to what it was before the problem. The customer
often hints he/she *really* wants that "new car feel" like the pc was
brand new again. It often seems like they expect/want you to start 100%
fresh.

Yes of course, they dont want to pay for you trying, then find out it
cant be fixed, then have to pay for more time to start it fresh
afterwards.

BTW, a $130 fee for a fresh install is pretty much what the average,
small pc repair business might charge in my area also. With new pcs at
$499 yes, you do have to cap the cost for the home user.

 

[Leythos]

Let me add some things to clarify what I said. We try to fix a business
machine instead of starting fresh because with all those
apps/settings/etc installed it could take a day to get the pc back to
what it was if you started fresh. Many have very complex network
settings as well. So, it's cheaper for the business to "work the
problem".

Of course there are many type of business pcs the ones I'm talking about
are those with desktop full of icons and they use them all. Then you
have to find printer drivers, mobo drivers, etc. Then they may have
custom apps that you may have to call the software maker to get the
right tweaks/settings.

So you may spend a few hours fixing, or even an entire morning, but it's
better than the business having to pay you for an entire day. Besides,
they want the pc up asap. Even if some [not-so-essential] apps dont work
just yet.

I find that most businesses, other than home businesses that are just
playing at being a business, accept and want their computer
wiped/reinstlaled so that they don't have to question about it STIL
being compromised and their financials being compromised again.

Most of the "small" business take the same time to reinstall as a home
computer where the home user has a couple apps - there are no special
motherboard drives (at least nothing more different than a home PC), no
special network settings (as it's just as easy to join a domain as a
work group) and with a domain their settings are/should be on the
server, no special printer drivers (not any more than a home
computer)...

The difference between a home computer and business computer is that a
business is more likely to absorb the cost of a wipe/reinstall than a
home user.

 

[Guest]

In my experience, cleaning IS difficult, but is usually attempted because the
real issue with the alternative of formatting isn't so much reinstalling
Windows itself but reinstalling the apps, and the typical home or SB user
tends to be very careless about storing software CDs and serials. It's not
unknown for such users to have become dependent on a piece of software for
their work which is obsolete and no longer obtainable, and for which they've
long-ago lost the disc. Likewise it's an odds-on bet they've forgotten their
ISP or website-hosting logon and are relying on the stored password to
connect them. If the Windows serial wasn't on the case they've have lost that
too.

Dare I say it in here, but malware has become much less of a problem since
we've heavily discouraged the use of IE. The other major source is CDs,
particularly those suplied with peripherals which install phone-home
'messengers' and the like. HST, the latter category are usually more of a
nuisance than a threat, being easier to remove.