Security Basics mailing list archives
RE: computer with rootkit?
From: Dan Lynch <DLynch () placer ca gov>
Date: Thu, 29 Sep 2011 16:54:47 -0700
-----Original Message----- From: Jamie Ivanov [mailto:jamie.ivanov () gmail com] Sent: Thursday, September 29, 2011 3:01 PM
Do what you will and I will continue reverse engineering and fixing them. Ignore the fact that they can be fixed and it's not that difficult for seasoned malware specialists. In the end, not my problem, but the companies I work for will continue to reap the benefits of my work. :)
You may have missed the point being made here. Unless you're being paid specifically to deconstruct malware, you're spending unnecessary time "repairing" machines that are more efficiently and effectively simply rebuilt. In a minority of cases, the infection is simple enough to remove quickly and with a fair amount of certainty. And in a minority of cases will it take hours to re-image, push patches, etc. Most companies of any size have a standard install image that can be dropped on a machine in a matter of minutes. Even downloading and burning the latest Hiren ISO takes longer than imaging a PC if your image is kept up to date. Further, Angar's earlier point still stands: without a complete baseline of the system, you CAN NOT remove a root kit and its associated malware with any certainty. Do you have MD5 hashes of every file? If there's nothing of value on the machine but a few docs and spreadsheets, recover them offline, scan them, and image the box.
Apparently I've stepped on some egos.
Hmmm. Your first post in this thread is maybe a little pompous, certainly antagonistic, and directly insulting to a number of other posters. Expect a bit of push back. Dan Lynch, CISSP Information Technology Analyst County of Placer Auburn, CA ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: computer with rootkit?, (continued)
- RE: computer with rootkit? Steven Marco (Modern Compliance Solutions) (Sep 29)
- Re: computer with rootkit? Jamie Ivanov (Sep 28)
- RE: computer with rootkit? Brian Rogalski (Sep 29)
- Re: computer with rootkit? Jamie Ivanov (Sep 29)
- Re[2]: computer with rootkit? Adam Pal (Sep 29)
- Re: Re[2]: computer with rootkit? Jamie Ivanov (Sep 29)
- RE: computer with rootkit? Dan Lynch (Sep 29)
- Re: computer with rootkit? Jamie Ivanov (Sep 29)
- RE: computer with rootkit? Joe DeMarco (Sep 29)
- Re: computer with rootkit? Jamie Ivanov (Sep 29)
- RE: computer with rootkit? Dan Lynch (Sep 30)
- Re: computer with rootkit? Security (Sep 30)
- Re: computer with rootkit? Jeff Stebelton (Sep 30)
- Re: computer with rootkit? Jamie Ivanov (Sep 29)
- Re: computer with rootkit? Ansgar Wiechers (Sep 29)
- Re: computer with rootkit? Jamie Ivanov (Sep 29)
- Re: computer with rootkit? Ansgar Wiechers (Sep 29)
- RE: computer with rootkit? Mikesch, David A (Sep 30)
- Re: computer with rootkit? Francois Yang (Sep 29)
- Re: computer with rootkit? rogue5 (Sep 29)