Which drives and partitions to scan?
in [Anti-Virus]
|
Prev: AvxBar and icon in Microsoft Access - Virus or Antivirus?
Next: Protecting against malware with combinations of free programs
From: The Central Scrutinizer on 15 Mar 2010 22:16 Hey we completely agree! I like the shotgun analogy ;-) I guess I need to explain myself better. Sorry. "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message news:Xns9D3CCDE9EE0E2HHI2948AJD832(a)69.16.185.250... > "The Central Scrutinizer" <gcisko(a)hotmail.com> wrote in > news:hnmfq4$lql$1(a)speranza.aioe.org: > >> And in a corporate environment where you do not have time to manually >> remove the big bad virus or malware? Then what? > > That depends on the situation. I'd be asking myself in the corporate > environment how this machine was compromised in the first place and take > steps to prevent that from happening again. Being as it is a corporate > computer and shouldn't have user personal data or anything on it, I'd > resort to a known clean image. I should have one readily available if it's > a corp machine. > > In any event, before wiping and reloading; I'd want to know how the > machine > was compromised, it's important. :) > > > IMO, taking a wipe and reload approach to all situations is akin to using > a > shotgun for target shooting. > > > > -- > "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge > this boulder right down a cliff." - Goblin Warrior >
From: FromTheRafters on 16 Mar 2010 07:28 Having a good recent image to load makes the 'flatten and rebuild' scenario the 'easy way' as well as the 'best way'. Many places will just remove the affected harddrive and replace it with a harddrive loaded with a new image - saving the old drive (and any remote logs) for any forensic investigation. "The Central Scrutinizer" <gcisko(a)hotmail.com> wrote in message news:hnmpli$c9g$1(a)speranza.aioe.org... > Hey we completely agree! I like the shotgun analogy ;-) I guess I need > to explain > myself better. Sorry. > > "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message > news:Xns9D3CCDE9EE0E2HHI2948AJD832(a)69.16.185.250... >> "The Central Scrutinizer" <gcisko(a)hotmail.com> wrote in >> news:hnmfq4$lql$1(a)speranza.aioe.org: >> >>> And in a corporate environment where you do not have time to >>> manually >>> remove the big bad virus or malware? Then what? >> >> That depends on the situation. I'd be asking myself in the corporate >> environment how this machine was compromised in the first place and >> take >> steps to prevent that from happening again. Being as it is a >> corporate >> computer and shouldn't have user personal data or anything on it, I'd >> resort to a known clean image. I should have one readily available if >> it's >> a corp machine. >> >> In any event, before wiping and reloading; I'd want to know how the >> machine >> was compromised, it's important. :) >> >> >> IMO, taking a wipe and reload approach to all situations is akin to >> using a >> shotgun for target shooting. >> >> >> >> -- >> "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. >> nudge >> this boulder right down a cliff." - Goblin Warrior >>
From: (PeteCresswell) on 16 Mar 2010 09:45 Per David H. Lipman: >In a corporate environment that follows a strict IA compliance it would be a complete wipe >and re-image. > >However note "re-image". Something that most enterprises practice while most individuals >do not. As a home user I think re-imaging is highly under-rated for people like myself. Having had a teenager pounding on my boxes for a number of years, I will re-image in a heartbeat - and have done it many, many times. Once one figures out how to keep from saving data to the system partition, re-imaging becomes pretty much trivial: no uncertainty, no decisions... and takes maybe 20-30 minutes, depending on what one has installed since the last image.... as opposed to virus removal - which I suspect would take at least that long to research the proper removal tool/technique and still not be 100% sure of success. -- PeteCresswell
From: The Central Scrutinizer on 16 Mar 2010 16:07
Yes your point on virus removal is 100% spot on. "(PeteCresswell)" <x(a)y.Invalid> wrote in message news:ah2vp51i4q766ri71e7i2cvp9bla3fevio(a)4ax.com... > Per David H. Lipman: >>In a corporate environment that follows a strict IA compliance it would be >>a complete wipe >>and re-image. >> >>However note "re-image". Something that most enterprises practice while >>most individuals >>do not. > > As a home user I think re-imaging is highly under-rated for > people like myself. > > Having had a teenager pounding on my boxes for a number of years, > I will re-image in a heartbeat - and have done it many, many > times. > > Once one figures out how to keep from saving data to the system > partition, re-imaging becomes pretty much trivial: no > uncertainty, no decisions... and takes maybe 20-30 minutes, > depending on what one has installed since the last image.... as > opposed to virus removal - which I suspect would take at least > that long to research the proper removal tool/technique and still > not be 100% sure of success. > -- > PeteCresswell |