Re: Can you really 100% clean a compromised machine 100% of the time w
From: Shenan Stanley (newshelper_at_gmail.com)
Date: 11/19/05
- Next message: Carey Frisch [MVP]: "Re: Decrypting Files"
- Previous message: Lanwench [MVP - Exchange]: "Re: Shut off auto reconnect network drive"
- In reply to: Richard Urban: "Re: Can you really 100% clean a compromised machine 100% of the time w"
- Next in thread: Kerry Brown: "Re: Can you really 100% clean a compromised machine 100% of the time w"
- Reply: Kerry Brown: "Re: Can you really 100% clean a compromised machine 100% of the time w"
- Reply: Kerry Brown: "OT question about OE addin"
- Reply: -Draino-: "Re: Can you really 100% clean a compromised machine 100% of the time w"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 19 Nov 2005 11:50:30 -0600
-Draino- wrote:
> Ok here's the deal. I think the only way to "Certify 100% Clean" is
> to format and re-install the OS...........period.
>
> The bottom line is I can save all of the customers data, do a fomat,
> re-install with all the updates and install anti-virus software in
> about 1½ hours. Plus setup file sharing, networking, and make
> many tweaks.
>
> Why even mess around trying to clean when most of the time it is
> just not going to work.
>
> I get $130.00 for each machine, flat rate. I usually do about 10
> machines a
> month, so it makes for some nice pocket money.
>
> When the customer ruins their machine again I do it all over again
> and charge the same money.
Kerry Brown wrote:
> You must move at light speed, have a very fast Internet connection,
> some way of temporarily overclocking the customer's pc, and spend a
> lot of time maintaining a very large collection of drivers and
> slipstreamed Windows CD's. On a normal XP machine say a P4 2.0 GHz,
> 512 MB ram, PATA hard drive, ATI or Nvdia graphics it takes at least
> 1 1/2 hours just to install Windows, install the latest drivers,
> download Windows updates and install an antivirus. Add anything
> unusual or a lesser machine (say a Celeron or Duron with 256 MB) in
> the mix and it will take longer. This doesn't include backing up
> then restoring their data. A typical customer has at least 5 to 10
> GB of data they want saved. To be safe you should actually take an
> image of their current system which is likely to be greater than 20
> GB. If the pc doesn't have USB 2.0 or firewire the backup process
> will be slow. You would have to backup via LAN, USB 1.1 or open the
> case and install another drive. If they have Office or any other
> significant apps to reinstall it will take longer again. I charge
> two hours to do what you claim to do in 1 1/2. It usually takes
> around three to do it properly but two is the going rate. The saving
> grace is a lot of time while Windows is installing can be spent
> working on another machine. I'm not saying it can't be done in 1 1/2
> hours. I have done it on fairly simple configurations.I am saying it
> usually takes around double that to do the job properly. Some
> comments from others would be good. Maybe I'm being too picky and/or
> doing more work than normal.
Richard Urban wrote:
> I think we are looking at a realistic time of about 3, or more, hours
> to do what Draino says he does in 1 1/2 hours.
Let's see.. I have done what was described MANY times.
If you have, say, a 2GHz machine, 512MB RAM.. 40GB hard drive 1/2 full..
And if you:
- make a list of all applications installed and users on the machine
- export the users email/contacts/favorites to a network location(easier
now.)
- image the machine (to a network location) to guarantee you miss nothing
- download/locate any unusual software/drivers while it images
- have an unattended process in place (like
http://unattended.sourceforge.net)
and redo the machine from scratch
(using the customer's keys of course - but installing all the free
plugins/antispyware/utilities you know they should have as well)
(this part also includes installing those "weird apps" you invariably
find)
- tweak and create a default user profile and all users from the list you
made
- log in as the main user (now - this assumes you have agreed not to
recreate all userrs - just one.)
- copy their data files from the backups and image file to their machine
(as well as you can)
- burn the image to a CD/DVD (multiple usually) as backup.
- test and return machine to user..
We are talking a minimum of 4 hours and I am sure I am leaving out things I
normally do.
While it is true a full reinstall of:
- Windows XP - all patches/tweaks/neededd drivers
- MS Office
- Quicktime
- K-Lite Codec Pack (Basic)
- Real Alternative
- Adobe Acrobat Reader
- Some Antivirus
- AdAware, Spybot, Bazooka, SpywareBlaster, IE-SpyAd
- Firefox
- Some CD/DVD burning software
- etc.
Will take about an hour and half to do - it's not the time consuming part.
Neither is the ghost backup (10 to 60 minutes dependent on amount of data.)
The time consuming parts are the parts where we decide to mess with the
users stuff - recreate it as best as we can so they are comfortable with
their computer. Good choice? maybe not. If all you did was backup and
reinstall - maybe 2 to 2½ hours. With the extra effort - 3 to 5 hours. If
you can get them to buy your imaging product so they can have the image
reader - maybe you could get away with just giving them their image to sort
through on their own. heh
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
- Next message: Carey Frisch [MVP]: "Re: Decrypting Files"
- Previous message: Lanwench [MVP - Exchange]: "Re: Shut off auto reconnect network drive"
- In reply to: Richard Urban: "Re: Can you really 100% clean a compromised machine 100% of the time w"
- Next in thread: Kerry Brown: "Re: Can you really 100% clean a compromised machine 100% of the time w"
- Reply: Kerry Brown: "Re: Can you really 100% clean a compromised machine 100% of the time w"
- Reply: Kerry Brown: "OT question about OE addin"
- Reply: -Draino-: "Re: Can you really 100% clean a compromised machine 100% of the time w"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
