PaulDotCom mailing list archives
Re: Incident Response
From: Mike Patterson <mike () snowcrash ca>
Date: Fri, 02 Jul 2010 10:21:43 -0400
On 10-07-01 6:19 PM, Daniel Holiday wrote:
This brings up a question that I have always asked - can you recover from a machine that has had a virus on it?
Sometimes, yes. Is it worth it? Usually not. At work, sysadmins/techs will often try anyway. I often follow up saying "you still have a problem on that system." It's not always the *same* problem. Thankfully, I've done this enough that at least within my own (central IT) department our client support folks will default now to format/reinstall, despite the work involved.
What is the accepted procedure for after you have discovered a bad code on a system?
"It depends." :-) But generally anything less of reinstall and restore data from last known good backup is rife with potential problems. Mike _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: Incident Response Craig Freyman (Jul 01)
- Re: Incident Response Craig Freyman (Jul 01)
- Re: Incident Response Josh Little (Jul 01)
- Re: Incident Response Daniel Holiday (Jul 02)
- Re: Incident Response Mike Patterson (Jul 02)
- Re: Incident Response Craig Freyman (Jul 02)
- Re: Incident Response Daniel Holiday (Jul 02)