PaulDotCom mailing list archives

Re: Incident Response

From: Mike Patterson <mike () snowcrash ca>
Date: Fri, 02 Jul 2010 10:21:43 -0400

On 10-07-01 6:19 PM, Daniel Holiday wrote:

This brings up a question that I have always asked - can you recover from a
machine that has had a virus on it?


Sometimes, yes.

Is it worth it?  Usually not.

At work, sysadmins/techs will often try anyway.  I often follow up
saying "you still have a problem on that system."  It's not always the
*same* problem.

Thankfully, I've done this enough that at least within my own (central
IT) department our client support folks will default now to
format/reinstall, despite the work involved.

What is the accepted procedure for after you have discovered a bad code on a
system?


"It depends."  :-)  But generally anything less of reinstall and restore
data from last known good backup is rife with potential problems.

Mike
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Re: Incident Response Craig Freyman (Jul 01)
- Re: Incident Response Craig Freyman (Jul 01)
- Re: Incident Response Josh Little (Jul 01)
  - Re: Incident Response Daniel Holiday (Jul 02)
    - Re: Incident Response Mike Patterson (Jul 02)
    - Re: Incident Response Craig Freyman (Jul 02)