According to Mike Moratz-Coppins:
that there isn't something more sinister lurking around the system, then
as soon as any form of malware is found, then the logic of a lot of
people on this list dictates that the computer must be wiped and
clean-installed.
Quite frankly, yes.
That's if you want the most security. But security is a usually a risk
calculations: how much are you willing to risk, vs. how much functionality
and comfort do you want. Clean install and patching requires lots of work
(lost functionality for the down time, licenses to reactivate, probability
of being unable to reinstall an old software), and if you're dealing with
a "known" infection, you might be willing to forego this whole process
for the convenience of simply eradicating the small infection, and living
with the increased risk of a bigger infection hidden somewhere.
It all boils down to a standard risk analysys.
While there is a possibility that there could be "undetectable malware"
on the machine, I believe that, as a general policy, assuming there is
without any trace of evidence whatsoever is pure paranoia. There are
It is not pure paranoia. There are some sophisticated (and rare) piece
of malware out there, and the absence of known/detected malware is not
equal to the absence of malware at all. There's always a risk that any
system is compromised. It's quite low, but it exists.
Knowing that a system HAS been compromised means that the risk of non
detected malware being there is higher than a system that was never
compromised at all.
I also think if you resort to the wipe-install strategy as your general
answer to malware, then there is so much that you haven't learnt about
how malware tends to work on Windows, how it hides itself, how it stops
the admin from trying to remove it, and also quite a few quirks of
Windows. I'm not suggesting that I've learnt all there is to learn on
this topic either, but I have learnt quite a few strategies in the time
that I've been in business, and it can be quite mentally stimulating work.
It all boils down to risk analysys. Some of us are professionally risk
averse. Myself included.
To throw in an analogy (and I'm known for my sometimes-terrible
analogies), if your house has been burgled, I swear that some of you
would insist on burning it to the ground and building a new one.
That would be equivalent to throwing away the entire PC, screen,
keyboard, and buying a brand new one.
No, we're merely advocating replacing all door locks, even if there's
no evidence that the burglar took a copy of your keys, and replacing any
window frame that might have been tampered with for easier access.
And for some of us, yes, a burgled house would mean a team of experts
coming, throwing all your old furniture, and sweeping for planted bugs,
because that's what might be the risk.
Risk analysys. That's the watch-word.
--
Vincent Archer Email: archer@tms.frmug.org
All men are mortal. Socrates was mortal. Therefore, all men are Socrates.
(Woody Allen)
