What a M$ security manager has to say about infected Windows PCs

Discussion in 'DIY Computers' started by Mike Tomlinson, Jul 5, 2009.

  1. Mike Tomlinson, Jul 5, 2009
    #1
    1. Advertisements

  2. Mike Tomlinson

    Conor Guest

    I agree completely with the comments about not being able to trust
    them.

    As said though, if you implement security patches when they come out,
    its far better than not and getting p0wned.
     
    Conor, Jul 5, 2009
    #2
    1. Advertisements

  3. Mike Tomlinson

    Rob Morley Guest

    "This list makes patching look not so bad, yes? We may hate patches,
    but the alternative is decidedly worse."
    Aren't you glad you're running Windows? :-\
    The article is a bit crap - he says you can't trust ant-virus software
    to run because you may have been rootkitted, without mentioning rescue
    disks or Linux live CDs, or just pulling the disk and sticking it in
    another machine.
     
    Rob Morley, Jul 5, 2009
    #3
  4. Mike Tomlinson

    Clive Guest

    The secret is applying security patches and taking precautions.
    No point having a lack of knowledge which allows a system to
    become infected.
     
    Clive, Jul 5, 2009
    #4
  5. Mike Tomlinson

    Conor Guest

    There speaks someone without a clue. What help is a Linux Live CD going
    to be? How is putting it in another computer going to do anything in
    the event of a rootkit?
     
    Conor, Jul 5, 2009
    #5
  6. Mike Tomlinson

    Bernard Peek Guest

    The article was written in 2004. Some of the details have changed since
    then but the basic advice is sound. If your system is compromised the
    only way to be reasonably certain that you have cleaned it is a
    bare-metal install.
     
    Bernard Peek, Jul 5, 2009
    #6
  7. Mike Tomlinson

    Bernard Peek Guest

    In message <-september.org>,
    Linux live CDs give you the chance to run an AV scanner that an infected
    Windows OS can't fool. Putting the drive into another computer bypasses
    any rootkit on the infected drive, by not booting from it. Again, you
    can use a clean OS to run a virus scan.
     
    Bernard Peek, Jul 5, 2009
    #7
  8. Mike Tomlinson

    Conor Guest

    Perhaps you'd like to show me these Linux based AV solutions that are
    as comprehensive as Windows ones. The ones I've seen only have quite
    basic Windows virus scanning.
    However opening the infected file could result in the host being
    infected.
     
    Conor, Jul 5, 2009
    #8
  9. Mike Tomlinson

    Bernard Peek Guest

    There are several around, and only a basic scanner is required.
    That depends on the type of file and the application you use to open it.
    Personally I'd choose an antivirus program, which is a pretty safe
    option.
     
    Bernard Peek, Jul 5, 2009
    #9
  10. But of course the problem is that the patches are produced in response
    to a known vulnerability. Often, if not always, someone has already used
    the hole to infect some unknown number of systems .. IIRC 'blaster' got
    to lots of places BEFORE there was a patch for it.
     
    GSV Three Minds in a Can, Jul 5, 2009
    #10
  11. Mike Tomlinson

    Conor Guest

    Unless it can purge registry keys and hidden files in system folders,
    it's no use.
    Ho-hum....
     
    Conor, Jul 5, 2009
    #11
  12. There are more AV products available for Linux than I realised,
    including F-PROT, which AFAICT uses the same heuristics and definitions
    as the Windows version. I just picked on F-PROT because FWIH it's one of
    the best (for Windows).
    In that case, presuming you haven't been stupid enough to put a known
    infected drive in a system without trying to secure it first, then
    patching the first infected system wouldn't have helped either.
     
    Tony Houghton, Jul 5, 2009
    #12
  13. Why wouldn't they be able to find the latter? The hidden/system
    properties are just attributes aren't they, not some clever trick that
    inherently makes them inaccessible from other systems?
     
    Tony Houghton, Jul 5, 2009
    #13
  14. Mike Tomlinson

    Bernard Peek Guest

    In message <B$>, GSV Three Minds in a Can
    It does happen but it's not common. The more common sequence is that MS
    patch a vulnerability then someone reverse-engineers the patch. That
    usually takes 2-3 days so the really dangerous time is a few days after
    patch-Tuesday.

    IMHO If you don't have the expertise to test patches in the first few
    days after they are released the safe option is to set your systems to
    install security patches automatically. There's a risk that a patch will
    bring your systems down but there is no unconditionally safe course of
    action.
     
    Bernard Peek, Jul 5, 2009
    #14
  15. Mike Tomlinson

    Bernard Peek Guest

    Antivirus programs under Linux or Windows are able to edit the registry
    and to read hidden and system files.

    Neither will be able to do anything with encrypted files or partitions.
    If you have those then you can't read any of the files on another
    system, under Windows or Linux. For these the only option is to nuke the
    encrypted data then restore from a clean backup. If you don't have a
    clean backup then you are screwed.
     
    Bernard Peek, Jul 5, 2009
    #15
  16. Mike Tomlinson

    gaz Guest


    Well maybe MS policy of encouraging companies to not supply restore media
    makes a format and reinstall as a standard course of action pretty
    difficult.

    Gaz
     
    gaz, Jul 5, 2009
    #16
  17. Mike Tomlinson

    gaz Guest

    And, 0.3% of home users have a clean backup.....

    Gaz
     
    gaz, Jul 5, 2009
    #17
  18. Mike Tomlinson

    Bernard Peek Guest

    And, 0.3% of home users have a clean backup.....[/QUOTE]

    Lots of business users don't have a clean backup. Some of them will
    discover this fact the hard way.

    Most companies should be using encrypted partitions for their laptops.
     
    Bernard Peek, Jul 5, 2009
    #18
  19. Never heard of 0-day exploits, eh, Clive, oops, I mean Rob, the Tiscali
    idiot? Isn't it time for you to morph again?
    My, you really are a stupid twat aren't you?
     
    Mike Tomlinson, Jul 6, 2009
    #19
  20. Mike Tomlinson

    GB Guest

    If your system is still working to some extent, could you not just copy all
    the data onto a non-encrypted partition? Of course, you could not tell for
    sure whether the data had been altered, but you could get an idea by
    comparing even an oldish backup with the data on the new partition on a
    file-by-file basis.
     
    GB, Jul 6, 2009
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.