RE: Point of No Return? Microsoft Says Recovery fromMalwareBecoming Impo ssible

["Larry Seltzer" <larry () larryseltzer com>]

Bart-PE is a great tool for forensics and some diagnostics, but running
Windows that way? It's awfully slow. One thing I like about it is that since
the system is offline I have a higher degree of confidence in malware scans.
Ironically, the rootkit scanners, like the F-Secure and Sysinternals ones,
are designed only to be run online and don't work in Bart-PE.
 
Larry Seltzer
eWEEK.com Security Center Editor
 <blocked::http://security.eweek.com/> http://security.eweek.com/
 <http://blog.ziffdavis.com/seltzer> http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 
 

  _____  

From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Brown, James
Sent: Tuesday, April 04, 2006 4:34 PM
To: funsec () linuxbox org
Subject: RE: [funsec] Point of No Return? Microsoft Says Recovery
fromMalwareBecoming Impo ssible


I've used that.  Not very functional- you only have a few Windows goodies.
No room for Office Apps IIRC.
 
Jim B.
 

  _____  

From: funsec-bounces () linuxbox org on behalf of Blanchard_Michael () emc com
Sent: Tue 4/4/2006 3:57 PM
To: drsollyp () drsolly com; fergdawg () netzero net
Cc: funsec () linuxbox org
Subject: RE: [funsec] Point of No Return? Microsoft Says Recovery from
MalwareBecoming Impo ssible



Bart-PE does just that :-)   It's like a windows based Knoppix :-)


Michael P. Blanchard
Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Office of Information Security & Risk Management
EMC ² Corporation
4400 Computer Dr.
Westboro, MA 01580


-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Drsolly
Sent: Tuesday, April 04, 2006 1:17 PM
To: Fergie
Cc: funsec () linuxbox org
Subject: Re: [funsec] Point of No Return? Microsoft Says Recovery from
Malware Becoming Impo ssible

On Tue, 4 Apr 2006, Fergie wrote:

> Interesting.
>
> Via eWeek.
>
> [snip]
>
> In a rare discussion on the severity of the Windows malware scourge, a
> Microsoft security official said businesses should consider investing in
> an automated process to wipe hard drives and reinstall malware-infested
> operating systems.
>
> "When you are dealing with rootkits and some advanced spyware programs,
> the only solution is to rebuild from scratch. In some cases, there
> really is no way to recover without nuking the systems from orbit," Mike
> Danseglio, program manager in the Security Solutions group at Microsoft,
> said in a presentation at the InfoSec World conference here.

Maybe MS should do "Windows for Grannies", along the lines of grannix.
If all the software is on CD Rom and you can't install software on the
hard disk, then you've moved quite a long way to hardeing the system.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.




  _____  

Note: The information contained in this message may be privileged and
confidential and protected from disclosure. If the reader of this message is
not the intended recipient, or an employee or agent responsible for
delivering this message to the intended recipient, you are hereby notified
that any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this communication in error,
please notify us immediately by replying to the message and deleting it from
your computer. Thank you. ThruPoint, Inc. 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.