Re: Can you really 100% clean a compromised machine 100% of the ti
From: -Draino- (Draino_at_discussions.microsoft.com)
Date: Sat, 19 Nov 2005 15:05:04 -0800
First of all everone here had to understand the issue here......"TIME vs.
A brand new machine will only cost $350.00 dollars from DELL.
So with that in mind you MUST come in at no more than $150.00 or most people
won't spend the money or they will just get a new machine, at least that's
Assymilating a machine into my network takes 2 minutes. A copy backup of the
MY DOCUMENTS folder take about 5 minutes at most.
A machine designed for XP will install in 39 minutes (XPSP2 intergrated with
all updates). So now we are at about 44 minutes. I install Norton 2005 on all
XP machines, Microsoft Anit Spyware Beta, Ad-Aware and Spybot Search &
Destroy. So add 30 minutes for that and that's my 1½.
I don't install and/or configure any Office programs or configure any e-mail
programs......they did it once they can do it again.
I will install a print driver for them. At least that way they can print
when they hook up their computer.
95% of all clients don't have anything they want saved anyway..
OK so real world about 2 hours MAX. Nothing ever goes as planned :)
"Kerry Brown" wrote:
> "-Draino-" <Draino@discussions.microsoft.com> wrote in message
> > Ok here's the deal. I think the only way to "Certify 100% Clean" is to
> > format
> > and re-install the OS...........period.
> > The bottom line is I can save all of the customers data, do a fomat,
> > re-install with all the updates and install anti-virus software in about
> > 1½
> > hours. Plus setup file sharing, networking, and make many tweaks. Why even
> > mess around trying to clean when most of the time it is just not going to
> > work.
> > I get $130.00 for each machine, flat rate. I usually do about 10 machines
> > a
> > month, so it makes for some nice pocket money.
> > When the customer ruins their machine again I do it all over again and
> > charge the same money.
> You must move at light speed, have a very fast Internet connection, some way
> of temporarily overclocking the customer's pc, and spend a lot of time
> maintaining a very large collection of drivers and slipstreamed Windows
> CD's. On a normal XP machine say a P4 2.0 GHz, 512 MB ram, PATA hard drive,
> ATI or Nvdia graphics it takes at least 1 1/2 hours just to install
> Windows, install the latest drivers, download Windows updates and install an
> antivirus. Add anything unusual or a lesser machine (say a Celeron or Duron
> with 256 MB) in the mix and it will take longer. This doesn't include
> backing up then restoring their data. A typical customer has at least 5 to
> 10 GB of data they want saved. To be safe you should actually take an image
> of their current system which is likely to be greater than 20 GB. If the pc
> doesn't have USB 2.0 or firewire the backup process will be slow. You would
> have to backup via LAN, USB 1.1 or open the case and install another drive.
> If they have Office or any other significant apps to reinstall it will take
> longer again. I charge two hours to do what you claim to do in 1 1/2. It
> usually takes around three to do it properly but two is the going rate. The
> saving grace is a lot of time while Windows is installing can be spent
> working on another machine. I'm not saying it can't be done in 1 1/2 hours.
> I have done it on fairly simple configurations.I am saying it usually takes
> around double that to do the job properly. Some comments from others would
> be good. Maybe I'm being too picky and/or doing more work than normal.
> > "Leythos" wrote:
> >> Most of us the worked on computers for a living have run across many
> >> compromised computers with many different types of malware.
> >> As people post with compromised machines we direct them to all of the
> >> tools that we know about in an effort to help them regain use of their
> >> machines in a malware free mode, or at least enough access to backup
> >> their documents and files to restore later.
> >> What is really at question is the ability of the current tools we have
> >> to clean 100% of the malware 100% of the time in the current and future
> >> environment for a givem machine at a given instant.
> >> This thread is not personal, about anyone's skills, about any
> >> individual, it's only about cleaning malware off machines to the point
> >> that we could state that 100% of all malware, known and unknown, is
> >> removed from the machine at the moment you finish cleaning it.
> >> Do you feel 100% certain that your tools and skills can clean a
> >> compromised machine, 100% of the time, without any malware, known or
> >> unknow, remaining on the machine - 100% of the time?
> >> Since I don't believe that any one can actually say "YES" without
> >> limitations, then how do we help all of these clueless users ensure
> >> their machines are clean?
> >> We all know that you can wipe/reboot/install from clean disks, in a
> >> clean environment, and the machine will be clean at that moment.
> >> We all know that it takes between 30~90 minutes to restore a machine
> >> from scratch (depending on the method, quicker for ghost images), and
> >> that it's time consuming to get everything back to normal for customers.
> >> We all know that no one wants to wipe/reinstall as it means lots of
> >> extra work.
> >> Now, we also know that removing the malware can take hours in some
> >> cases, most takes less. For some malware you have to boot to the
> >> recovery console and manually remove it.
> >> So, it comes down to this - clean their system enough to save files to
> >> CD/DVD, then wipe it to ensure that the malware is 100% removed and the
> >> system is clean enough to be certified as clean.
> >> While most of us will just clean a machine and reboot it several times,
> >> check the registry, tasks, netstat, etc.... then run the malware removal
> >> tools several times, etc... It just means that we're willing to take the
> >> level of risk for not having to put the time in to ensure that the
> >> system is 100% certified clean, which means we don't really want to
> >> reinstall everything again :)
> >> I know that some will claim they can perfectly clean a machine, but, if
> >> you're really that sure you can clean 100% of malware, 100% of the time,
> >> now and in the future, of known and unknown malware, without a
> >> wipe/reinstall, then I think you're just fooling yourself.
> >> Again, are we assuming that by providing "reactionary" tools and methods
> >> that don't wipe/reinstall, that we're doing visitors to this group (and
> >> others) justice and actually providing them with a 100% clean platform
> >> to continue with?
> >> --
> >> firstname.lastname@example.org
> >> remove 999 in order to email me