When some is infected?

[ToddAndMargo <ToddAndMargo () zoho com>]

Hi All,

   Since I sell Kaspersky and have had a lot of customers
on it for years, I have learned that if something gets
by Kaspersky, it is going to be a wild ride getting rid
of it.   (I get rid of them manually and/or run other
vendors stuff at the computer.)

   Now a days, when I walk up to a protected computer,
my thoughts are "maybe".  Did something get past that is not
being detected?

   Now I am thinking that a well crafted bad guy is
going to get past "penetration testing" (PEN).  Although
find anything like this is not the scope of PEN
testing, I am still thinking it would be ethical
to see if any traffic is sneak out that is not suppose
to be.

  So I was thinking that I should turn off all network
traffic producing programs I know of on the POS computer,
and just sit watching its outgoing traffic to make
sure there is no bad guy Command and Control going on.
Does this make sense to you?

   Is Wireshark the proper tool for this?

Your thoughts always appreciated.

-T


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------