Re: Bootable vuln CD for Windows

["Ian Kelly" <E2chameleon () btopenworld com>]

Hi,

Central Command have a Vexira Rescue Disk System that is free to use
(http://www.centralcommand.com/rescue_disk.html). The system,which is
updated monthly, allows you to scan and remove viruses, Trojan Horses and
other malicious code using either a single bootable compact disk or a 4
floppy disk set (1 bootable, 3 data diskettes).

Network Associates is developing a product called McAfee CleanBoot
(http://www.mcafeeb2b.com/beta/cleanboot/default.asp) which is available for
beta testing. It will eventually let you create bootable CD's containing the
latest DAT files (if you are licensed to use them I presume).

If you used one of these you could ensure that there are no Trojans lurking
before running Nessus.


Ian.


----- Original Message -----
From: "Alexandros Papadopoulos" <apapadop () cmu edu>
To: <security-basics () securityfocus com>
Sent: Wednesday, October 30, 2002 8:06 PM
Subject: Bootable vuln CD for Windows


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear all.

I'm looking for a way to scan existing Windows XP installations for
trojans, viruses etc. The closest match to my needs seems to be Nessus,
but I have the following reservation:

Since the client has to be installed on the running Windows system, it
shouldn't be too hard to fool by some pre-existing trojan. I was
therefore wondering, if you know any way of running such a
vulnerability scanner from a bootable CD, thus making sure that all
benchmarks start from a clean system and results can be trusted.

Thanks

- -A
- --
http://andrew.cmu.edu/~apapadop/pub_key.asc
3DAD 8435 DB52 F17B 640F  D78C 8260 0CC1 0B75 8265
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE9wDurgmAMwQt1gmURAo0wAJ9wzdFKbQwjnm3WEy7RendqltmubgCfUMCO
Zd7EXZoDrSrHBBoDh+LgDPY=
=wMOG
-----END PGP SIGNATURE-----