Re: Can you really 100% clean a compromised machine 100% of the time w
From: Richard Urban (richardurbanREMOVETHIS_at_hotmail.com)
Date: 11/19/05
- Next message: Lanwench [MVP - Exchange]: "Re: Windows Updates re-enable SP2 firewall??"
- Previous message: Kerry Brown: "Re: Can you really 100% clean a compromised machine 100% of the time w"
- In reply to: Kerry Brown: "Re: Can you really 100% clean a compromised machine 100% of the time w"
- Next in thread: Shenan Stanley: "Re: Can you really 100% clean a compromised machine 100% of the time w"
- Reply: Shenan Stanley: "Re: Can you really 100% clean a compromised machine 100% of the time w"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 19 Nov 2005 12:09:25 -0500
I think we are looking at a realistic time of about 3, or more, hours to do
what Draino says he does in 1 1/2 hours.
-- Regards, Richard Urban Microsoft MVP Windows Shell/User Quote from George Ankner: If you knew as much as you think you know, You would realize that you don't know what you thought you knew! "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message news:u5G3QiS7FHA.4076@tk2msftngp13.phx.gbl... > > "-Draino-" <Draino@discussions.microsoft.com> wrote in message > news:3C7D58E5-33F9-46FA-95B7-22DC8F42B33C@microsoft.com... >> Ok here's the deal. I think the only way to "Certify 100% Clean" is to >> format >> and re-install the OS...........period. >> >> The bottom line is I can save all of the customers data, do a fomat, >> re-install with all the updates and install anti-virus software in about >> 1½ >> hours. Plus setup file sharing, networking, and make many tweaks. Why >> even >> mess around trying to clean when most of the time it is just not going to >> work. >> >> I get $130.00 for each machine, flat rate. I usually do about 10 machines >> a >> month, so it makes for some nice pocket money. >> >> When the customer ruins their machine again I do it all over again and >> charge the same money. >> > > You must move at light speed, have a very fast Internet connection, some > way of temporarily overclocking the customer's pc, and spend a lot of time > maintaining a very large collection of drivers and slipstreamed Windows > CD's. On a normal XP machine say a P4 2.0 GHz, 512 MB ram, PATA hard > drive, ATI or Nvdia graphics it takes at least 1 1/2 hours just to > install Windows, install the latest drivers, download Windows updates and > install an antivirus. Add anything unusual or a lesser machine (say a > Celeron or Duron with 256 MB) in the mix and it will take longer. This > doesn't include backing up then restoring their data. A typical customer > has at least 5 to 10 GB of data they want saved. To be safe you should > actually take an image of their current system which is likely to be > greater than 20 GB. If the pc doesn't have USB 2.0 or firewire the backup > process will be slow. You would have to backup via LAN, USB 1.1 or open > the case and install another drive. If they have Office or any other > significant apps to reinstall it will take longer again. I charge two > hours to do what you claim to do in 1 1/2. It usually takes around three > to do it properly but two is the going rate. The saving grace is a lot of > time while Windows is installing can be spent working on another machine. > I'm not saying it can't be done in 1 1/2 hours. I have done it on fairly > simple configurations.I am saying it usually takes around double that to > do the job properly. Some comments from others would be good. Maybe I'm > being too picky and/or doing more work than normal. > > Kerry > >> "Leythos" wrote: >> >>> Most of us the worked on computers for a living have run across many >>> compromised computers with many different types of malware. >>> >>> As people post with compromised machines we direct them to all of the >>> tools that we know about in an effort to help them regain use of their >>> machines in a malware free mode, or at least enough access to backup >>> their documents and files to restore later. >>> >>> What is really at question is the ability of the current tools we have >>> to clean 100% of the malware 100% of the time in the current and future >>> environment for a givem machine at a given instant. >>> >>> This thread is not personal, about anyone's skills, about any >>> individual, it's only about cleaning malware off machines to the point >>> that we could state that 100% of all malware, known and unknown, is >>> removed from the machine at the moment you finish cleaning it. >>> >>> Do you feel 100% certain that your tools and skills can clean a >>> compromised machine, 100% of the time, without any malware, known or >>> unknow, remaining on the machine - 100% of the time? >>> >>> Since I don't believe that any one can actually say "YES" without >>> limitations, then how do we help all of these clueless users ensure >>> their machines are clean? >>> >>> We all know that you can wipe/reboot/install from clean disks, in a >>> clean environment, and the machine will be clean at that moment. >>> >>> We all know that it takes between 30~90 minutes to restore a machine >>> from scratch (depending on the method, quicker for ghost images), and >>> that it's time consuming to get everything back to normal for customers. >>> >>> We all know that no one wants to wipe/reinstall as it means lots of >>> extra work. >>> >>> Now, we also know that removing the malware can take hours in some >>> cases, most takes less. For some malware you have to boot to the >>> recovery console and manually remove it. >>> >>> So, it comes down to this - clean their system enough to save files to >>> CD/DVD, then wipe it to ensure that the malware is 100% removed and the >>> system is clean enough to be certified as clean. >>> >>> While most of us will just clean a machine and reboot it several times, >>> check the registry, tasks, netstat, etc.... then run the malware removal >>> tools several times, etc... It just means that we're willing to take the >>> level of risk for not having to put the time in to ensure that the >>> system is 100% certified clean, which means we don't really want to >>> reinstall everything again :) >>> >>> I know that some will claim they can perfectly clean a machine, but, if >>> you're really that sure you can clean 100% of malware, 100% of the time, >>> now and in the future, of known and unknown malware, without a >>> wipe/reinstall, then I think you're just fooling yourself. >>> >>> Again, are we assuming that by providing "reactionary" tools and methods >>> that don't wipe/reinstall, that we're doing visitors to this group (and >>> others) justice and actually providing them with a 100% clean platform >>> to continue with? >>> >>> -- >>> >>> spam999free@rrohio.com >>> remove 999 in order to email me >>> > >
- Next message: Lanwench [MVP - Exchange]: "Re: Windows Updates re-enable SP2 firewall??"
- Previous message: Kerry Brown: "Re: Can you really 100% clean a compromised machine 100% of the time w"
- In reply to: Kerry Brown: "Re: Can you really 100% clean a compromised machine 100% of the time w"
- Next in thread: Shenan Stanley: "Re: Can you really 100% clean a compromised machine 100% of the time w"
- Reply: Shenan Stanley: "Re: Can you really 100% clean a compromised machine 100% of the time w"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
