Security Basics mailing list archives

RE: Crash Monitor

From: "Scott Race" <srace () jdaarch com>
Date: Wed, 2 Jul 2008 12:55:47 -0700


Philippe, your proposed solution is like demolishing your house and rebuilding because you think you "might" have 
termites.

I beg to differ than home PC data is less important than corporate data.  Home PC data is very important to that home 
user. If you assume "expertise is lacking", then a format/reinstall could easily result in data loss (family pictures, 
financial info, etc).

Bottom line is that if expertise is lacking, the user should find someone who knows what they're doing and check out 
how severe it is.  

And what if there is no rootkit?  You can at least get an idea of the risk factor by using the various tools of the 
trade (search and destroy products, netstat for listening ports, software firewall to check for incoming/outgoing 
connections, task mgr for running processes, etc).

To me, format and reinstall would be a better solution for a corporate PC, as generally data is stored on file servers 
and not on the local machine, thus there is little risk of a format losing sensitive data (of course this varies from 
network to network).  Home PCs generally have lots of data on them, and are generally not backed up.  

Case in point, my father-in-law just called Dell with a problem (he's an older guy), Dell ended up having him format 
the drive.  He had burned his data to a CD a few days before, but guess what, the CD didn't burn correctly (and he's a 
home user, he didn't test it).  DATA LOSS.  Sucks for him, all his Quicken data and family pics are gone.

Format should be a last resort.  Yes, it works, but there are other things to try first to get an idea of what solution 
is necessary.  


Scott

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Rivest, Philippe
Sent: Wednesday, July 02, 2008 12:22 PM
To: infolookup () gmail com; GremaGehan () web de; listbounce () securityfocus com; security-basics () securityfocus com
Subject: RE: Crash Monitor

To add to the previous post.

If you are going to look for rootkits I would suggest formatting and
re-installing. If you suspect you have a root-kit on your PC theres no need
to identify it or KNOW you have one. Just do a full format & reinstall.

If you have a rootkit,theres no complete way to remove it. I mean to know
100% that everything critical is removed. The time you are going to spend
investigating this, cleaning it and worrying about the after effects would be
better spent reinstalling.

For all those who are going to hit me with "you should know if there's a
rootkit", this is a stand alone PC, not corporate and the expertise and time
may be lacking. Also the lvl of sensitivity of the PC is probably very low.


Format and move on


Merci / Thanks
Philippe Rivest, CEH
Vérificateur interne en sécurité de l'information
Courriel: Privest () transforce ca
Téléphone: (514) 331-4417
www.transforce.ca


-----Message d'origine-----
De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la
part de infolookup () gmail com
Envoyé : 2 juillet 2008 15:13
À : GremaGehan () web de; listbounce () securityfocus com;
security-basics () securityfocus com
Objet : Re: Crash Monitor

Virus protection up to date? Any P2P software like lime wire that could bring
in tones of problems? Did you recently add any new software or hardware? Also
go to Microsoft site and download a root kit program and scan your pc.
------Original Message------
From: GremaGehan () web de
Sender: listbounce () securityfocus com
To: security-basics () securityfocus com
Sent: Jul 2, 2008 2:20 PM
Subject: Crash Monitor

Hello list,

my wife using Win 2000 + MS Office to writing her thesis. Of course
there are also such important tools like a Skype, ICQ ...... etc. (you
know ... ) At now it is daily that this PC is crashing. I don't know
why. It is possible to detect the crashing application? Do you know some
tool (something like DrWatson.)? The PC ist patched, Event Viewer show
nothing.
The most probably case is: ca. 1 hour after login hanging this PC up.
Independently of runnig applications. After restart its work normally.

Thank you in advance

Martin 


_______________________________________________________________________
EINE FÜR ALLE: die kostenlose WEB.DE-Plattform für Freunde und Deine
Homepage mit eigenem Namen. Jetzt starten! http://unddu.de/?kid=kid@mf2



Sent from my Verizon Wireless BlackBerry

Current thread:

Crash Monitor GremaGehan (Jul 02)
- <Possible follow-ups>
- Re: Crash Monitor infolookup (Jul 02)
  - RE: Crash Monitor Rivest, Philippe (Jul 02)
    - RE: Crash Monitor Scott Race (Jul 02)
    - RE: Crash Monitor -- rootkit discussion Rivest, Philippe (Jul 02)
    - RE: Crash Monitor -- rootkit discussion kawasaki.lector (Jul 02)
    - RE: Crash Monitor -- rootkit discussion Karl Lankford (Jul 03)
    - Re[2]: Crash Monitor -- rootkit discussion Adam Pal (Jul 02)
    - Message not available
    - RE: Crash Monitor Unknown (Jul 07)
    - Re: Crash Monitor Warner Tabor (Jul 07)
    - Re: Crash Monitor Kelly Keeton (Jul 11)
    - RE: Crash Monitor Banyan He (Jul 12)
- Re: Crash Monitor Geoffrey J Gowey (Jul 02)