Why am I deleting these files

M

Mike

Guest
Hello,

I was told that the security regulations at my organization require me

to delete the following files. I was curious if anyone could tell me

why and possible consequences. Thanks for any help.

Delete:

ir : c:\winnt\inf

c:\winnt\inf\system32\drivers

c:\winnt\inf\system32\drivers\dllcache

netir : all directories

nscirda : all directories

Posix: all directories

os2 .exe: all directories

.ex_ : all directories

 
S

Shenan Stanley

Guest
Mike wrote:<span style="color:blue">

> I was told that the security regulations at my organization require

> me to delete the following files. I was curious if anyone could

> tell me why and possible consequences. Thanks for any help.

>

> Delete:

> ir : c:winntinf

> c:winntinfsystem32drivers

> c:winntinfsystem32driversdllcache

>

> netir : all directories

> nscirda : all directories

> Posix: all directories

> os2 .exe: all directories

> .ex_ : all directories</span>

Who told you this?

--

Shenan Stanley

MS-MVP

--

How To Ask Questions The Smart Way

http://www.catb.org/~esr/faqs/smart-questions.html

 
S

Special Access

Guest
On Thu, 12 Jun 2008 15:55:17 -0500, "Shenan Stanley"

<newshelper@gmail.com> wrote:

<span style="color:blue">

>Mike wrote:<span style="color:green">

>> I was told that the security regulations at my organization require

>> me to delete the following files. I was curious if anyone could

>> tell me why and possible consequences. Thanks for any help.

>>

>> Delete:

>> ir : c:winntinf

>> c:winntinfsystem32drivers

>> c:winntinfsystem32driversdllcache

>>

>> netir : all directories

>> nscirda : all directories

>> Posix: all directories

>> os2 .exe: all directories

>> .ex_ : all directories</span>

>

>Who told you this?

>

>--

>Shenan Stanley

> MS-MVP</span>

Most likely an over-anxious security person. Even DISA (used to

secure Gov't computer systems) doesn't require you to delete all of

those files. POSIX and OS2, yes... but not the rest, especially the

dllcache directory!

Most security folks are of the mindset to eliminate any possibility of

compromise. For example, I can take an ex_ file and expand it to

allow me to use the exe that is being blocked by security settings

elsewhere. This may be stopped by setting the security the same, but

most security folks don't think that's enough of a prevention method.

Protection in multiple layers, in case one layer is compromised there

is another.

Mike

 
K

Kevin Hatfield

Guest
Kind of funny though style_emoticons/

He is correct - those directories are being deleted due to the high

probability of being attacked by viruses/malware. The filenames

are being deleted because they can either be manipulated or exploited. This

seems a little paranoid..

Shouldn't actually hurt anything, though.

"Special Access" <nonyabidnezz@hotmail.com> wrote in message

news:j8n354trperbpajt6ffs0hq55uqsok0jnv@4ax.com...<span style="color:blue">

> On Thu, 12 Jun 2008 15:55:17 -0500, "Shenan Stanley"

> <newshelper@gmail.com> wrote:

><span style="color:green">

>>Mike wrote:<span style="color:darkred">

>>> I was told that the security regulations at my organization require

>>> me to delete the following files. I was curious if anyone could

>>> tell me why and possible consequences. Thanks for any help.

>>>

>>> Delete:

>>> ir : c:winntinf

>>> c:winntinfsystem32drivers

>>> c:winntinfsystem32driversdllcache

>>>

>>> netir : all directories

>>> nscirda : all directories

>>> Posix: all directories

>>> os2 .exe: all directories

>>> .ex_ : all directories</span>

>>

>>Who told you this?

>>

>>--

>>Shenan Stanley

>> MS-MVP</span>

>

> Most likely an over-anxious security person. Even DISA (used to

> secure Gov't computer systems) doesn't require you to delete all of

> those files. POSIX and OS2, yes... but not the rest, especially the

> dllcache directory!

>

> Most security folks are of the mindset to eliminate any possibility of

> compromise. For example, I can take an ex_ file and expand it to

> allow me to use the exe that is being blocked by security settings

> elsewhere. This may be stopped by setting the security the same, but

> most security folks don't think that's enough of a prevention method.

> Protection in multiple layers, in case one layer is compromised there

> is another.

>

> Mike </span>

 
S

Special Access

Guest
On Mon, 7 Jul 2008 14:20:52 -0500, "Kevin Hatfield"

<khatfield@fedex.com> wrote:

You're only paranoid if the whole world ISN'T out to get you <grin>

Shouldn't hurt if you secure the directories from all but system and

admin (read: remove EVERYONE group) as these are your "trusted" folks.

Also helps if you are behind (multiple) firewall(s)

Mike

<span style="color:blue">

>Kind of funny though style_emoticons/

>

>He is correct - those directories are being deleted due to the high

>probability of being attacked by viruses/malware. The filenames

>are being deleted because they can either be manipulated or exploited. This

>seems a little paranoid..

>

>Shouldn't actually hurt anything, though.

>

>"Special Access" <nonyabidnezz@hotmail.com> wrote in message

>news:j8n354trperbpajt6ffs0hq55uqsok0jnv@4ax.com...<span style="color:green">

>> On Thu, 12 Jun 2008 15:55:17 -0500, "Shenan Stanley"

>> <newshelper@gmail.com> wrote:

>><span style="color:darkred">

>>>Mike wrote:

>>>> I was told that the security regulations at my organization require

>>>> me to delete the following files. I was curious if anyone could

>>>> tell me why and possible consequences. Thanks for any help.

>>>>

>>>> Delete:

>>>> ir : c:winntinf

>>>> c:winntinfsystem32drivers

>>>> c:winntinfsystem32driversdllcache

>>>>

>>>> netir : all directories

>>>> nscirda : all directories

>>>> Posix: all directories

>>>> os2 .exe: all directories

>>>> .ex_ : all directories

>>>

>>>Who told you this?

>>>

>>>--

>>>Shenan Stanley

>>> MS-MVP</span>

>>

>> Most likely an over-anxious security person. Even DISA (used to

>> secure Gov't computer systems) doesn't require you to delete all of

>> those files. POSIX and OS2, yes... but not the rest, especially the

>> dllcache directory!

>>

>> Most security folks are of the mindset to eliminate any possibility of

>> compromise. For example, I can take an ex_ file and expand it to

>> allow me to use the exe that is being blocked by security settings

>> elsewhere. This may be stopped by setting the security the same, but

>> most security folks don't think that's enough of a prevention method.

>> Protection in multiple layers, in case one layer is compromised there

>> is another.

>>

>> Mike </span>

></span>

 
You must log in or register to reply here.
Top Bottom