Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Strange servicepack.exe file (not service.exe) found.

From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 18 Dec 2003 08:35:35 -0800
Yep.  However, I believe that the argument amongst
Windows admins will continue to favor rebuilding will
continue for the time being...however unfortunate that
may be.


  Paradoxically, I find many Linux admins perversely prone
to trying to do minimal cleanup to a box that is found to
be compromised, without much effort to discover what *else* 
has been done to the box in its "compromised, but not yet
detected" state, a period for which records such as local
logs cannot be trusted.  (Did the discovered compromise
throw open the doors to additional intrusions not yet noticed?
Was it, in fact, enabled by some prior unnoticed compromise?)

  I believe the argument on the Windows side is that it's
more prudent to return a box to a "known clean" state than to
an "unknown, but no currently known compromises" state.

David Gillett


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: