Re: More along the lines of malware disinfection

If you have your standard enterprise image up-to-date and an appropriate 
delivery plan with centralized storage of user files, then moving to PXE 
terminal-based systems (thin clients) that refresh on every boot or 
regular reinstalls is not an issue for a regular user.  If you are 
talking about the common cable modem user, then you might consider 
advising them to be prepared for an annual reinstall regardless of need. 
 It helps windows run better/faster and gives a yearly baseline of 
known state.  It's great right before tax filing time.

Mike Moratz-Coppins wrote:
> Ansgar -59cobalt- Wiechers wrote:
> > Well, some of us just don't consider botnets acceptable. Apparently you
> > have a different opinion on that.
>
> Neither do I.  I just don't think it is necessary in a lot of cases to 
> wipe everything out in order to get rid of a malware infection.
>
> I am perfectly aware that malware with rootkit-style capabilities can 
> render security tools useless, however I don't think I've yet seen a 
> case where every technique/tool I use has come up with negative results 
> when there are still symptoms of an infection.
>
> Of course, I haven't yet been called out because a customer hasn't 
> noticed any symptoms of a system infection.  I'm perfectly willing to 
> accept the possibility that a "100% undetectable" rootkit has slipped by 
> me at some point, after all, it could be on my system right now.  It 
> could have been on that customer's system when all they asked me to do 
> was fix their printer problem.
>
> Furthermore, I think if you take your point of view through to its 
> logical conclusion, you should be reinstalling all of your systems (and 
> any system you ever administrate) on an extremely regular basis.  Good 
> luck with that.