dbarrow
04-12-2006, 09:52 AM
http://blogs.zdnet.com/Bott/?p=32
... When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit. …
[For some sophisticated forms of malware,] detection is difficult, and remediation is often impossible. If it doesn't crash your system or cause your system to freeze, how do you know it's there? The answer is you just don't know. Lots of times, you never see the infection occur in real time, and you don't see the malware lingering or running in the background."...
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx?mfr=true
On This Page
Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more
Law #5: Weak passwords trump strong security Law #5: Weak passwords trump strong security
Law #6: A computer is only as secure as the administrator is trustworthy Law #6: A computer is only as secure as the administrator is trustworthy
Law #7: Encrypted data is only as secure as the decryption key Law #7: Encrypted data is only as secure as the decryption key
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
Law #9: Absolute anonymity isn't practical, in real life or on the Web Law #9: Absolute anonymity isn't practical, in real life or on the Web
Law #10: Technology is not a panacea Law #10: Technology is not a panacea
... When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit. …
[For some sophisticated forms of malware,] detection is difficult, and remediation is often impossible. If it doesn't crash your system or cause your system to freeze, how do you know it's there? The answer is you just don't know. Lots of times, you never see the infection occur in real time, and you don't see the malware lingering or running in the background."...
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx?mfr=true
On This Page
Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more
Law #5: Weak passwords trump strong security Law #5: Weak passwords trump strong security
Law #6: A computer is only as secure as the administrator is trustworthy Law #6: A computer is only as secure as the administrator is trustworthy
Law #7: Encrypted data is only as secure as the decryption key Law #7: Encrypted data is only as secure as the decryption key
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
Law #9: Absolute anonymity isn't practical, in real life or on the Web Law #9: Absolute anonymity isn't practical, in real life or on the Web
Law #10: Technology is not a panacea Law #10: Technology is not a panacea