Guest ~BD~ Posted January 20, 2009 Posted January 20, 2009 Quote: "Malware can be so hard to remove that walking away from an infected copy of Windows and, instead, restoring a known clean copy (such as the factory fresh state) will often be the right approach. " http://blogs.computerworld.com/battling_an...?source=NLT_SEC Quote
Guest Leythos Posted January 20, 2009 Posted January 20, 2009 In article <evW8Y6zeJHA.4180@TK2MSFTNGP06.phx.gbl>, BoaterDave@hotmail.co.uk says...<span style="color:blue"> > Quote: > "Malware can be so hard to remove that walking away from an infected > copy of Windows and, instead, restoring a known clean copy (such as the > factory fresh state) will often be the right approach. " > > http://blogs.computerworld.com/battling_an...?source=NLT_SEC</span> While it appears possible to "Clean" a machine of malware, how does one know for sure that it's completely clean? It's always been my position that if you want a "Clean" machine you must wipe and rebuild it in a clean environment, that's the only way to be 100% certain it's clean. With that said, I know many people that are not willing to wipe their machines and don't want to put forth the effort and are willing to accept the RISK that the machine is clean "enough" since they can't find anything using various tools. One thing that most of us have learned is that most cleaner programs find different things and many common things, but no single program finds everything all the time. This should be a clear indicator that there is no way to be sure that a compromised system is cleaned by any means short of wiping and reinstalling it. -- - Igitur qui desiderat pacem, praeparet bellum. - Calling an illegal alien an "undocumented worker" is like calling a drug dealer an "unlicensed pharmacist" spam999free@rrohio.com (remove 999 for proper email address) Quote
Guest ~BD~ Posted January 20, 2009 Posted January 20, 2009 "Leythos" <spam999free@rrohio.com> wrote in message news:MPG.23e00a72648d2ae9989835@us.news.astraweb.com...<span style="color:blue"> > In article <evW8Y6zeJHA.4180@TK2MSFTNGP06.phx.gbl>, > BoaterDave@hotmail.co.uk says...<span style="color:green"> >> Quote: >> "Malware can be so hard to remove that walking away from an infected >> copy of Windows and, instead, restoring a known clean copy (such as >> the >> factory fresh state) will often be the right approach. " >> >> http://blogs.computerworld.com/battling_an...?source=NLT_SEC</span> > > While it appears possible to "Clean" a machine of malware, how does > one > know for sure that it's completely clean? It's always been my position > that if you want a "Clean" machine you must wipe and rebuild it in a > clean environment, that's the only way to be 100% certain it's clean. > > With that said, I know many people that are not willing to wipe their > machines and don't want to put forth the effort and are willing to > accept the RISK that the machine is clean "enough" since they can't > find > anything using various tools. > > One thing that most of us have learned is that most cleaner programs > find different things and many common things, but no single program > finds everything all the time. This should be a clear indicator that > there is no way to be sure that a compromised system is cleaned by any > means short of wiping and reinstalling it. > > -- > - Igitur qui desiderat pacem, praeparet bellum. > - Calling an illegal alien an "undocumented worker" is like calling a > drug dealer an "unlicensed pharmacist" > spam999free@rrohio.com (remove 999 for proper email address)</span> Thanks for your response, Leythos. You said "how does one know for sure that it's completely clean?". I suspect you meant that to be a rhetorical question, but it is one that bothers me. Many visitors to the Microsoft groups are naive and inexperienced and come here heavily laden with their troubles and woes. They are given help and advice and carry out suggested actions without fear or intrepidation. They are also directed to all manner of 'Help' forums where they are then instructed to carry out 'cleaning action' which often involves downloading and running unknown (to them) software. How could any of these folk possibly know if malware had been added to their computer, rather than it being removed? Just a thought! -- Dave Quote
Guest Richard Urban Posted January 21, 2009 Posted January 21, 2009 Many people don't know if malware has been added to their computer. When my computer comes under the least amount of suspicion I no longer even try. I just go back to an image that I feel 99.99% certain is clean, and continue from there. -- Richard Urban Microsoft MVP Windows Desktop Experience "~BD~" <BoaterDave@hotmail.co.uk> wrote in message news:ebaf1W1eJHA.2404@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > > "Leythos" <spam999free@rrohio.com> wrote in message > news:MPG.23e00a72648d2ae9989835@us.news.astraweb.com...<span style="color:green"> >> In article <evW8Y6zeJHA.4180@TK2MSFTNGP06.phx.gbl>, >> BoaterDave@hotmail.co.uk says...<span style="color:darkred"> >>> Quote: >>> "Malware can be so hard to remove that walking away from an infected >>> copy of Windows and, instead, restoring a known clean copy (such as the >>> factory fresh state) will often be the right approach. " >>> >>> http://blogs.computerworld.com/battling_an...?source=NLT_SEC</span> >> >> While it appears possible to "Clean" a machine of malware, how does one >> know for sure that it's completely clean? It's always been my position >> that if you want a "Clean" machine you must wipe and rebuild it in a >> clean environment, that's the only way to be 100% certain it's clean. >> >> With that said, I know many people that are not willing to wipe their >> machines and don't want to put forth the effort and are willing to >> accept the RISK that the machine is clean "enough" since they can't find >> anything using various tools. >> >> One thing that most of us have learned is that most cleaner programs >> find different things and many common things, but no single program >> finds everything all the time. This should be a clear indicator that >> there is no way to be sure that a compromised system is cleaned by any >> means short of wiping and reinstalling it. >> >> -- >> - Igitur qui desiderat pacem, praeparet bellum. >> - Calling an illegal alien an "undocumented worker" is like calling a >> drug dealer an "unlicensed pharmacist" >> spam999free@rrohio.com (remove 999 for proper email address)</span> > > > Thanks for your response, Leythos. > > You said "how does one know for sure that it's completely clean?". I > suspect you meant that to be a rhetorical question, but it is one that > bothers me. > > Many visitors to the Microsoft groups are naive and inexperienced and come > here heavily laden with their troubles and woes. They are given help and > advice and carry out suggested actions without fear or intrepidation. They > are also directed to all manner of 'Help' forums where they are then > instructed to carry out 'cleaning action' which often involves downloading > and running unknown (to them) software. > > How could any of these folk possibly know if malware had been added to > their computer, rather than it being removed? > > Just a thought! > -- > Dave > </span> Quote
Guest Bill Sanderson Posted January 21, 2009 Posted January 21, 2009 "~BD~" <BoaterDave@hotmail.co.uk> wrote in message news:ebaf1W1eJHA.2404@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > > "Leythos" <spam999free@rrohio.com> wrote in message > news:MPG.23e00a72648d2ae9989835@us.news.astraweb.com...<span style="color:green"> >> In article <evW8Y6zeJHA.4180@TK2MSFTNGP06.phx.gbl>, >> BoaterDave@hotmail.co.uk says...<span style="color:darkred"> >>> Quote: >>> "Malware can be so hard to remove that walking away from an infected >>> copy of Windows and, instead, restoring a known clean copy (such as the >>> factory fresh state) will often be the right approach. " >>> >>> http://blogs.computerworld.com/battling_an...?source=NLT_SEC</span> >> >> While it appears possible to "Clean" a machine of malware, how does one >> know for sure that it's completely clean? It's always been my position >> that if you want a "Clean" machine you must wipe and rebuild it in a >> clean environment, that's the only way to be 100% certain it's clean. >> >> With that said, I know many people that are not willing to wipe their >> machines and don't want to put forth the effort and are willing to >> accept the RISK that the machine is clean "enough" since they can't find >> anything using various tools. >> >> One thing that most of us have learned is that most cleaner programs >> find different things and many common things, but no single program >> finds everything all the time. This should be a clear indicator that >> there is no way to be sure that a compromised system is cleaned by any >> means short of wiping and reinstalling it. >> >> -- >> - Igitur qui desiderat pacem, praeparet bellum. >> - Calling an illegal alien an "undocumented worker" is like calling a >> drug dealer an "unlicensed pharmacist" >> spam999free@rrohio.com (remove 999 for proper email address)</span> > > > Thanks for your response, Leythos. > > You said "how does one know for sure that it's completely clean?". I > suspect you meant that to be a rhetorical question, but it is one that > bothers me. > > Many visitors to the Microsoft groups are naive and inexperienced and come > here heavily laden with their troubles and woes. They are given help and > advice and carry out suggested actions without fear or intrepidation. They > are also directed to all manner of 'Help' forums where they are then > instructed to carry out 'cleaning action' which often involves downloading > and running unknown (to them) software. > > How could any of these folk possibly know if malware had been added to > their computer, rather than it being removed? > > Just a thought! > -- > Dave ></span> No - that was not a rhetorical question. How do you (and you may be either a novice user or a computer professional) know that the machine is clean? Unless you follow Leythos' procedure, you don't--it is all a matter of percentages, and "feel" and experience. Experience can betray us as soon as something which is outside our previous experience appears. That said, very few users are ready to reinstall clean, even with some assurance of the ability to preserve data. I don't know what Microsoft PSS says when helping folks clean there systems, but there should always be some disclaimers in any cleaning operation, and the more remote, the more so--although clean HijackThis logs (and who defines those?) are a pretty good indicator. Additionally, even if you can satisfactorily clean a system, you aren't doing much more than assuring yourself of more work in the future if you can't help the user become more secure in the process--how did they get infected? What steps can they take to avoid it in the future. There are limits to the level of dialog that we can achieve in a newsgroup--the O.P. always has the option to decide when they've done/had enough. -- Quote
Guest PA Bear [MS MVP] Posted January 21, 2009 Posted January 21, 2009 Please don't feed the trolls...especially /that/ troll, Bill. <eg> Bill Sanderson wrote:<span style="color:blue"> > "~BD~" <BoaterDave@hotmail.co.uk> wrote in message > news:ebaf1W1eJHA.2404@TK2MSFTNGP04.phx.gbl...<span style="color:green"> >> >> "Leythos" <spam999free@rrohio.com> wrote in message >> news:MPG.23e00a72648d2ae9989835@us.news.astraweb.com...<span style="color:darkred"> >>> In article <evW8Y6zeJHA.4180@TK2MSFTNGP06.phx.gbl>, >>> BoaterDave@hotmail.co.uk says...</span></span></span> <SNIP><span style="color:blue"> > > No - that was not a rhetorical question...</span> Quote
Guest John D Posted January 21, 2009 Posted January 21, 2009 What is so special about ~BD~, PA Bear? Why the 'evil grin'? -- John "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message news:u1f1GU3eJHA.5844@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > Please don't feed the trolls...especially /that/ troll, Bill. <eg> > > Bill Sanderson wrote:<span style="color:green"> >> "~BD~" <BoaterDave@hotmail.co.uk> wrote in message >> news:ebaf1W1eJHA.2404@TK2MSFTNGP04.phx.gbl...<span style="color:darkred"> >>> >>> "Leythos" <spam999free@rrohio.com> wrote in message >>> news:MPG.23e00a72648d2ae9989835@us.news.astraweb.com... >>>> In article <evW8Y6zeJHA.4180@TK2MSFTNGP06.phx.gbl>, >>>> BoaterDave@hotmail.co.uk says...</span></span> > <SNIP><span style="color:green"> >> >> No - that was not a rhetorical question... </span></span> Quote
Guest doneganw Posted January 21, 2009 Posted January 21, 2009 Dear Dave, As a neophyte, I can testify that is is a daunting process! I appreciate the comments stated in this newsgroup that show understanding for how baffling it seems at first! Bye, Will "~BD~" <BoaterDave@hotmail.co.uk> wrote in message news:ebaf1W1eJHA.2404@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > > "Leythos" <spam999free@rrohio.com> wrote in message > news:MPG.23e00a72648d2ae9989835@us.news.astraweb.com...<span style="color:green"> >> In article <evW8Y6zeJHA.4180@TK2MSFTNGP06.phx.gbl>, >> BoaterDave@hotmail.co.uk says...<span style="color:darkred"> >>> Quote: >>> "Malware can be so hard to remove that walking away from an infected >>> copy of Windows and, instead, restoring a known clean copy (such as the >>> factory fresh state) will often be the right approach. " >>> >>> http://blogs.computerworld.com/battling_an...?source=NLT_SEC</span> >> >> While it appears possible to "Clean" a machine of malware, how does one >> know for sure that it's completely clean? It's always been my position >> that if you want a "Clean" machine you must wipe and rebuild it in a >> clean environment, that's the only way to be 100% certain it's clean. >> >> With that said, I know many people that are not willing to wipe their >> machines and don't want to put forth the effort and are willing to >> accept the RISK that the machine is clean "enough" since they can't find >> anything using various tools. >> >> One thing that most of us have learned is that most cleaner programs >> find different things and many common things, but no single program >> finds everything all the time. This should be a clear indicator that >> there is no way to be sure that a compromised system is cleaned by any >> means short of wiping and reinstalling it. >> >> -- >> - Igitur qui desiderat pacem, praeparet bellum. >> - Calling an illegal alien an "undocumented worker" is like calling a >> drug dealer an "unlicensed pharmacist" >> spam999free@rrohio.com (remove 999 for proper email address)</span> > > > Thanks for your response, Leythos. > > You said "how does one know for sure that it's completely clean?". I > suspect you meant that to be a rhetorical question, but it is one that > bothers me. > > Many visitors to the Microsoft groups are naive and inexperienced and come > here heavily laden with their troubles and woes. They are given help and > advice and carry out suggested actions without fear or intrepidation. They > are also directed to all manner of 'Help' forums where they are then > instructed to carry out 'cleaning action' which often involves downloading > and running unknown (to them) software. > > How could any of these folk possibly know if malware had been added to > their computer, rather than it being removed? > > Just a thought! > -- > Dave > </span> Quote
Guest ~BD~ Posted January 21, 2009 Posted January 21, 2009 Thanks for posting your thoughts, Will style_emoticons/ Richard Urban has spoken wisely in this thread. Please pay heed to anything that Shenan Stanley offers as advice. Most folk with 'problems' are (IMO) totally blinkered and have thoughts solely related to their own personal position. They are (IMO) highly vulnerable. I have felt duty-bound to stay and monitor the activity of others (the 'helpers') operating within just some of the Microsoft newsgroups (there are thousands - literally). When I first arrived 'here' over three years ago I had, mistakenly, thought that Microsoft staff would be monitoring and checking to ensure a 'safe' environment for us ........ but alas that is not so. This is the real Wild West of the Internet and my guess is that there are a few bad apples in the barrel here. Be wary, Will! Dave "doneganw" <doneganw@att.net> wrote in message news:A660664B-255B-45A8-986B-585B605C95C3@microsoft.com...<span style="color:blue"> > Dear Dave, > > As a neophyte, I can testify that is is a daunting process! > > I appreciate the comments stated in this newsgroup that show > understanding for how baffling it seems at first! > > Bye, > Will > > > "~BD~" <BoaterDave@hotmail.co.uk> wrote in message > news:ebaf1W1eJHA.2404@TK2MSFTNGP04.phx.gbl...<span style="color:green"> >> >> "Leythos" <spam999free@rrohio.com> wrote in message >> news:MPG.23e00a72648d2ae9989835@us.news.astraweb.com...<span style="color:darkred"> >>> In article <evW8Y6zeJHA.4180@TK2MSFTNGP06.phx.gbl>, >>> BoaterDave@hotmail.co.uk says... >>>> Quote: >>>> "Malware can be so hard to remove that walking away from an >>>> infected >>>> copy of Windows and, instead, restoring a known clean copy (such as >>>> the >>>> factory fresh state) will often be the right approach. " >>>> >>>> http://blogs.computerworld.com/battling_an...?source=NLT_SEC >>> >>> While it appears possible to "Clean" a machine of malware, how does >>> one >>> know for sure that it's completely clean? It's always been my >>> position >>> that if you want a "Clean" machine you must wipe and rebuild it in a >>> clean environment, that's the only way to be 100% certain it's >>> clean. >>> >>> With that said, I know many people that are not willing to wipe >>> their >>> machines and don't want to put forth the effort and are willing to >>> accept the RISK that the machine is clean "enough" since they can't >>> find >>> anything using various tools. >>> >>> One thing that most of us have learned is that most cleaner programs >>> find different things and many common things, but no single program >>> finds everything all the time. This should be a clear indicator that >>> there is no way to be sure that a compromised system is cleaned by >>> any >>> means short of wiping and reinstalling it. >>> >>> -- >>> - Igitur qui desiderat pacem, praeparet bellum. >>> - Calling an illegal alien an "undocumented worker" is like calling >>> a >>> drug dealer an "unlicensed pharmacist" >>> spam999free@rrohio.com (remove 999 for proper email address)</span> >> >> >> Thanks for your response, Leythos. >> >> You said "how does one know for sure that it's completely clean?". I >> suspect you meant that to be a rhetorical question, but it is one >> that bothers me. >> >> Many visitors to the Microsoft groups are naive and inexperienced and >> come here heavily laden with their troubles and woes. They are given >> help and advice and carry out suggested actions without fear or >> intrepidation. They are also directed to all manner of 'Help' forums >> where they are then instructed to carry out 'cleaning action' which >> often involves downloading and running unknown (to them) software. >> >> How could any of these folk possibly know if malware had been added >> to their computer, rather than it being removed? >> >> Just a thought! >> -- >> Dave >></span> > </span> Quote
Guest Tom [Pepper] Willett Posted January 21, 2009 Posted January 21, 2009 Hoople head. "~BD~" <BoaterDave@hotmail.co.uk> wrote in message news:%23DXCraBfJHA.5328@TK2MSFTNGP06.phx.gbl... : Thanks for posting your thoughts, Will style_emoticons/ : : Richard Urban has spoken wisely in this thread. Please pay heed to : anything that Shenan Stanley offers as advice. : : Most folk with 'problems' are (IMO) totally blinkered and have thoughts : solely related to their own personal position. They are (IMO) highly : vulnerable. I have felt duty-bound to stay and monitor the activity of : others (the 'helpers') operating within just some of the Microsoft : newsgroups (there are thousands - literally). : : When I first arrived 'here' over three years ago I had, mistakenly, : thought that Microsoft staff would be monitoring and checking to ensure : a 'safe' environment for us ........ but alas that is not so. This is : the real Wild West of the Internet and my guess is that there are a few : bad apples in the barrel here. Be wary, Will! : : Dave : : : : "doneganw" <doneganw@att.net> wrote in message : news:A660664B-255B-45A8-986B-585B605C95C3@microsoft.com... : > Dear Dave, : > : > As a neophyte, I can testify that is is a daunting process! : > : > I appreciate the comments stated in this newsgroup that show : > understanding for how baffling it seems at first! : > : > Bye, : > Will : > : > : > "~BD~" <BoaterDave@hotmail.co.uk> wrote in message : > news:ebaf1W1eJHA.2404@TK2MSFTNGP04.phx.gbl... : >> : >> "Leythos" <spam999free@rrohio.com> wrote in message : >> news:MPG.23e00a72648d2ae9989835@us.news.astraweb.com... : >>> In article <evW8Y6zeJHA.4180@TK2MSFTNGP06.phx.gbl>, : >>> BoaterDave@hotmail.co.uk says... : >>>> Quote: : >>>> "Malware can be so hard to remove that walking away from an : >>>> infected : >>>> copy of Windows and, instead, restoring a known clean copy (such as : >>>> the : >>>> factory fresh state) will often be the right approach. " : >>>> : >>>> http://blogs.computerworld.com/battling_an...?source=NLT_SEC : >>> : >>> While it appears possible to "Clean" a machine of malware, how does : >>> one : >>> know for sure that it's completely clean? It's always been my : >>> position : >>> that if you want a "Clean" machine you must wipe and rebuild it in a : >>> clean environment, that's the only way to be 100% certain it's : >>> clean. : >>> : >>> With that said, I know many people that are not willing to wipe : >>> their : >>> machines and don't want to put forth the effort and are willing to : >>> accept the RISK that the machine is clean "enough" since they can't : >>> find : >>> anything using various tools. : >>> : >>> One thing that most of us have learned is that most cleaner programs : >>> find different things and many common things, but no single program : >>> finds everything all the time. This should be a clear indicator that : >>> there is no way to be sure that a compromised system is cleaned by : >>> any : >>> means short of wiping and reinstalling it. : >>> : >>> -- : >>> - Igitur qui desiderat pacem, praeparet bellum. : >>> - Calling an illegal alien an "undocumented worker" is like calling : >>> a : >>> drug dealer an "unlicensed pharmacist" : >>> spam999free@rrohio.com (remove 999 for proper email address) : >> : >> : >> Thanks for your response, Leythos. : >> : >> You said "how does one know for sure that it's completely clean?". I : >> suspect you meant that to be a rhetorical question, but it is one : >> that bothers me. : >> : >> Many visitors to the Microsoft groups are naive and inexperienced and : >> come here heavily laden with their troubles and woes. They are given : >> help and advice and carry out suggested actions without fear or : >> intrepidation. They are also directed to all manner of 'Help' forums : >> where they are then instructed to carry out 'cleaning action' which : >> often involves downloading and running unknown (to them) software. : >> : >> How could any of these folk possibly know if malware had been added : >> to their computer, rather than it being removed? : >> : >> Just a thought! : >> -- : >> Dave : >> : > : : Quote
Guest ~BD~ Posted January 21, 2009 Posted January 21, 2009 "Bill Sanderson" <bill_sanderson@msn.com.plugh.org> wrote in message news:B67EF218-B9EE-4B2B-8C8C-FF8CC56DC26F@microsoft.com...<span style="color:blue"> > > "~BD~" <BoaterDave@hotmail.co.uk> wrote in message > news:ebaf1W1eJHA.2404@TK2MSFTNGP04.phx.gbl...<span style="color:green"> >> >> "Leythos" <spam999free@rrohio.com> wrote in message >> news:MPG.23e00a72648d2ae9989835@us.news.astraweb.com...<span style="color:darkred"> >>> In article <evW8Y6zeJHA.4180@TK2MSFTNGP06.phx.gbl>, >>> BoaterDave@hotmail.co.uk says... >>>> Quote: >>>> "Malware can be so hard to remove that walking away from an >>>> infected >>>> copy of Windows and, instead, restoring a known clean copy (such as >>>> the >>>> factory fresh state) will often be the right approach. " >>>> >>>> http://blogs.computerworld.com/battling_an...?source=NLT_SEC >>> >>> While it appears possible to "Clean" a machine of malware, how does >>> one >>> know for sure that it's completely clean? It's always been my >>> position >>> that if you want a "Clean" machine you must wipe and rebuild it in a >>> clean environment, that's the only way to be 100% certain it's >>> clean. >>> >>> With that said, I know many people that are not willing to wipe >>> their >>> machines and don't want to put forth the effort and are willing to >>> accept the RISK that the machine is clean "enough" since they can't >>> find >>> anything using various tools. >>> >>> One thing that most of us have learned is that most cleaner programs >>> find different things and many common things, but no single program >>> finds everything all the time. This should be a clear indicator that >>> there is no way to be sure that a compromised system is cleaned by >>> any >>> means short of wiping and reinstalling it. >>> >>> -- >>> - Igitur qui desiderat pacem, praeparet bellum. >>> - Calling an illegal alien an "undocumented worker" is like calling >>> a >>> drug dealer an "unlicensed pharmacist" >>> spam999free@rrohio.com (remove 999 for proper email address)</span> >> >> >> Thanks for your response, Leythos. >> >> You said "how does one know for sure that it's completely clean?". I >> suspect you meant that to be a rhetorical question, but it is one >> that bothers me. >> >> Many visitors to the Microsoft groups are naive and inexperienced and >> come here heavily laden with their troubles and woes. They are given >> help and advice and carry out suggested actions without fear or >> intrepidation. They are also directed to all manner of 'Help' forums >> where they are then instructed to carry out 'cleaning action' which >> often involves downloading and running unknown (to them) software. >> >> How could any of these folk possibly know if malware had been added >> to their computer, rather than it being removed? >> >> Just a thought! >> -- >> Dave >></span> > > No - that was not a rhetorical question. > > How do you (and you may be either a novice user or a computer > professional) know that the machine is clean? Unless you follow > Leythos' procedure, you don't--it is all a matter of percentages, and > "feel" and experience. Experience can betray us as soon as something > which is outside our previous experience appears. > > That said, very few users are ready to reinstall clean, even with some > assurance of the ability to preserve data. > > I don't know what Microsoft PSS says when helping folks clean there > systems, but there should always be some disclaimers in any cleaning > operation, and the more remote, the more so--although clean HijackThis > logs (and who defines those?) are a pretty good indicator. > > Additionally, even if you can satisfactorily clean a system, you > aren't doing much more than assuring yourself of more work in the > future if you can't help the user become more secure in the > process--how did they get infected? What steps can they take to avoid > it in the future. > > There are limits to the level of dialog that we can achieve in a > newsgroup--the O.P. always has the option to decide when they've > done/had enough. ></span> -- Many thanks for posting, Bill. I appreciate your comments. I'm simply a 'user' but with more than three years now of experimenting with all manner of 'cleaning' - both on this and a previous box (which I trashed because I was certain that a gremlin remained within it, no matter what I did! ..... and that included installing a completely new hard drive). I agree that it is better to destroy partitions , format and re-install windows whenever one has an inkling that malware may be present ......... it's knowing that it is 'on board' which is the hard part nowadays! My difficulty with newsgroups - and some forums - is knowing who may be trustworthy. Perhaps you'd like to ask Robear Dyer (aka PA Bear) why he has said to you here in this thread " ........ especially /that/troll" - what is 'special' about me? (~BD~, BoaterDave, Imbeady2 and Beady!) I know that he has not liked me asking searching questions ........ and he knows he has lied about me being banned by ISP's. That has NEVER happened. Quote
Guest Leythos Posted January 22, 2009 Posted January 22, 2009 In article <ebaf1W1eJHA.2404@TK2MSFTNGP04.phx.gbl>, BoaterDave@hotmail.co.uk says...<span style="color:blue"> > You said "how does one know for sure that it's completely clean?". I > suspect you meant that to be a rhetorical question, but it is one that > bothers me.</span> Not rhetorical at all, it was meant for discussion. For years I've cleaned machines, used all of the tools, and for my customers network, any my own, where we manage the firewall, av, browsing, etc... none of the tools have ever detected malware, but for unmanaged customers or customers that won't play by the security rules, as well as customers home computers (since we don't do residential work unless it's the owner(s) of a company we provide service for), well, sadly I've seen a few of them compromised and the cost of "cleaning" is much greater than the cost of securing them in the first place. In almost all cases it's a stupid person doing something that they've been warned against for more than a decade, but they ignored the warnings for some reason that is beyond me. Almost always the compromise is because of some unethical (in my opinion) action on the user (porn, gambling, pirated downloads, etc...).... We have a standard form we provide to anyone with a compromised machine, it describes the two options - attempted cleaning of "KNOWN and DETECTABLE MALWARE" and "Wiping and reinstalling". Our form clearly lists that we assume no liability for the first and will NOT certify the machine as "Clean" using the first method - for the second method we will certify (with vendor media) that the machine is known clean and free of malware at the time it was returned to the customer. In almost all cases, the form is of enough concern to them that we are permitted to wipe/reinstall, but it's a shame that it takes the simple language to "Scare" them into doing the proper thing. It's not like they didn't already know this, but it seem that most people treat their computers like toasters instead of like Bank Records. -- - Igitur qui desiderat pacem, praeparet bellum. - Calling an illegal alien an "undocumented worker" is like calling a drug dealer an "unlicensed pharmacist" spam999free@rrohio.com (remove 999 for proper email address) Quote
Guest Leythos Posted January 22, 2009 Posted January 22, 2009 In article <urVvsxBfJHA.2384@TK2MSFTNGP04.phx.gbl>, BoaterDave@hotmail.co.uk says...<span style="color:blue"> > My difficulty with newsgroups - and some forums - is knowing who may be > trustworthy. > </span> This is a simple one BD, trust NO ONE, PERIOD. Don't trust me, nor anyone else in these groups, as we've seen before, there are unethical people that impersonate others and most people have no clue that it's happening (since they can't read headers). The first rule of security - Block Everything. Second rule, trust nothing until given a reason to trust it. -- - Igitur qui desiderat pacem, praeparet bellum. - Calling an illegal alien an "undocumented worker" is like calling a drug dealer an "unlicensed pharmacist" spam999free@rrohio.com (remove 999 for proper email address) Quote
Guest ~BD~ Posted January 22, 2009 Posted January 22, 2009 "Leythos" <spam999free@rrohio.com> wrote in message news:MPG.23e18ddde6c9bdc198983b@us.news.astraweb.com...<span style="color:blue"> > In article <urVvsxBfJHA.2384@TK2MSFTNGP04.phx.gbl>, > BoaterDave@hotmail.co.uk says...<span style="color:green"> >> My difficulty with newsgroups - and some forums - is knowing who may >> be >> trustworthy. >></span> > > This is a simple one BD, trust NO ONE, PERIOD. > > Don't trust me, nor anyone else in these groups, as we've seen before, > there are unethical people that impersonate others and most people > have > no clue that it's happening (since they can't read headers). > > The first rule of security - Block Everything. Second rule, trust > nothing until given a reason to trust it. > > -- </span> Thanks for spelling it out for others to see, Leythos. When first I ventured onto a newsgroup I had never even heard of a Header, let alone know how to read one! Mr Foldes is clever though - he can read an IP address even if it is encrypted within the Header info. I'm uncertain how he can do that. style_emoticons/ -- Dave Quote
Guest Leythos Posted January 22, 2009 Posted January 22, 2009 In article <ewn1N8CfJHA.5496@TK2MSFTNGP02.phx.gbl>, BoaterDave@hotmail.co.uk says...<span style="color:blue"> > > "Leythos" <spam999free@rrohio.com> wrote in message > news:MPG.23e18ddde6c9bdc198983b@us.news.astraweb.com...<span style="color:green"> > > In article <urVvsxBfJHA.2384@TK2MSFTNGP04.phx.gbl>, > > BoaterDave@hotmail.co.uk says...<span style="color:darkred"> > >> My difficulty with newsgroups - and some forums - is knowing who may > >> be > >> trustworthy. > >></span> > > > > This is a simple one BD, trust NO ONE, PERIOD. > > > > Don't trust me, nor anyone else in these groups, as we've seen before, > > there are unethical people that impersonate others and most people > > have > > no clue that it's happening (since they can't read headers). > > > > The first rule of security - Block Everything. Second rule, trust > > nothing until given a reason to trust it. > > > > -- </span> > > Thanks for spelling it out for others to see, Leythos. > > When first I ventured onto a newsgroup I had never even heard of a > Header, let alone know how to read one! > > Mr Foldes is clever though - he can read an IP address even if it is > encrypted within the Header info. I'm uncertain how he can do that. style_emoticons/</span> I've been on Usenet since 84, that's a lot of changes and a lot of crap to have watched over the years. Always double check anything you read, email, web, Usenet, etc... Don't believe that an email sent from someone that appears to be a friend or someone you email every day is actually from them - if it looks suspicious or you don't know, call the person or disregard it. -- - Igitur qui desiderat pacem, praeparet bellum. - Calling an illegal alien an "undocumented worker" is like calling a drug dealer an "unlicensed pharmacist" spam999free@rrohio.com (remove 999 for proper email address) Quote
Guest ~BD~ Posted January 22, 2009 Posted January 22, 2009 "Leythos" <spam999free@rrohio.com> wrote in message news:MPG.23e18d612bc712e798983a@us.news.astraweb.com...<span style="color:blue"> > In article <ebaf1W1eJHA.2404@TK2MSFTNGP04.phx.gbl>, > BoaterDave@hotmail.co.uk says...<span style="color:green"> >> You said "how does one know for sure that it's completely clean?". I >> suspect you meant that to be a rhetorical question, but it is one >> that >> bothers me.</span> > > Not rhetorical at all, it was meant for discussion. > > For years I've cleaned machines, used all of the tools, and for my > customers network, any my own, where we manage the firewall, av, > browsing, etc... none of the tools have ever detected malware, but for > unmanaged customers or customers that won't play by the security > rules, > as well as customers home computers (since we don't do residential > work > unless it's the owner(s) of a company we provide service for), well, > sadly I've seen a few of them compromised and the cost of "cleaning" > is > much greater than the cost of securing them in the first place. > > In almost all cases it's a stupid person doing something that they've > been warned against for more than a decade, but they ignored the > warnings for some reason that is beyond me. Almost always the > compromise > is because of some unethical (in my opinion) action on the user (porn, > gambling, pirated downloads, etc...).... > > We have a standard form we provide to anyone with a compromised > machine, > it describes the two options - attempted cleaning of "KNOWN and > DETECTABLE MALWARE" and "Wiping and reinstalling". Our form clearly > lists that we assume no liability for the first and will NOT certify > the > machine as "Clean" using the first method - for the second method we > will certify (with vendor media) that the machine is known clean and > free of malware at the time it was returned to the customer. > > In almost all cases, the form is of enough concern to them that we are > permitted to wipe/reinstall, but it's a shame that it takes the simple > language to "Scare" them into doing the proper thing. It's not like > they > didn't already know this, but it seem that most people treat their > computers like toasters instead of like Bank Records. > > -- > - Igitur qui desiderat pacem, praeparet bellum. > - Calling an illegal alien an "undocumented worker" is like calling a > drug dealer an "unlicensed pharmacist" > spam999free@rrohio.com (remove 999 for proper email address)</span> Thanks for posting again Leythos. I do like your expression of treating their computers like toasters! style_emoticons/ When you say "Wiping and reinstalling" do you mean deleting all partitions and formatting or do you feel that it is satisfactory (say, on a single hard disk that has two partitions C: and D:) to reinstall Windows on the C: drive leaving data on D: intact? TIA -- Dave Quote
Guest Leythos Posted January 22, 2009 Posted January 22, 2009 In article <OYs63SKfJHA.4404@TK2MSFTNGP04.phx.gbl>, BoaterDave@hotmail.co.uk says...<span style="color:blue"> > When you say "Wiping and reinstalling" do you mean deleting all > partitions and formatting or do you feel that it is satisfactory (say, > on a single hard disk that has two partitions C: and D:) to reinstall > Windows on the C: drive leaving data on D: intact? TIA</span> Wipe, as in the entire physical drive, everything, period, nada left. -- - Igitur qui desiderat pacem, praeparet bellum. - Calling an illegal alien an "undocumented worker" is like calling a drug dealer an "unlicensed pharmacist" spam999free@rrohio.com (remove 999 for proper email address) Quote
Guest John D Posted January 22, 2009 Posted January 22, 2009 "Leythos" <spam999free@rrohio.com> wrote in message news:MPG.23e2adedea7c23eb98984a@us.news.astraweb.com...<span style="color:blue"> > In article <OYs63SKfJHA.4404@TK2MSFTNGP04.phx.gbl>, > BoaterDave@hotmail.co.uk says...<span style="color:green"> >> When you say "Wiping and reinstalling" do you mean deleting all >> partitions and formatting or do you feel that it is satisfactory >> (say, >> on a single hard disk that has two partitions C: and D:) to reinstall >> Windows on the C: drive leaving data on D: intact? TIA</span> > > Wipe, as in the entire physical drive, everything, period, nada left. > > -- </span> That is straight-forward advice ....... but I wonder how many (even 'professionals') follow it! Are you just as confident that ........ I'll call them 'gremlins' .......... cannot remain within a computer if the hard drive is wiped as you describe (or even replaced with a new one)? What about gremlins hiding in, say, a RAM stick or somewhere on the motherboard? There again, how could you possibly know the answer?!! style_emoticons/ Dave Quote
Guest Shenan Stanley Posted January 23, 2009 Posted January 23, 2009 John D wrote:<span style="color:blue"> > That is straight-forward advice ....... but I wonder how many (even > 'professionals') follow it! > > Are you just as confident that ........ I'll call them 'gremlins' > ......... cannot remain within a computer if the hard drive is > wiped as you describe (or even replaced with a new one)? > > What about gremlins hiding in, say, a RAM stick or somewhere on the > motherboard? There again, how could you possibly know the answer?!! > style_emoticons/</span> Since the RAM (internal system memory) is cleared when the computer is powered down - that would be quite the trick. If the 'gremlin' was in the BIOS - the only writable media I know about that could act in the way you are implying internal to the machine with your "somewhere on the motherboard" comment - you've been more than infested with malware. Now - if you mean 'on a USB Memory Stick/Thumb Drive, CD, DVD, SD card, floppy diskette, zip disk, bluetooth connected device like a phone, etc - you might have a point. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html Quote
Guest ~BD~ Posted January 23, 2009 Posted January 23, 2009 In line responses "Shenan Stanley" <newshelper@gmail.com> wrote in message news:uCAMR3OfJHA.500@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > John D wrote:<span style="color:green"> >> That is straight-forward advice ....... but I wonder how many (even >> 'professionals') follow it! >> >> Are you just as confident that ........ I'll call them 'gremlins' >> ......... cannot remain within a computer if the hard drive is >> wiped as you describe (or even replaced with a new one)? >> >> What about gremlins hiding in, say, a RAM stick or somewhere on the >> motherboard? There again, how could you possibly know the answer?!! >> style_emoticons/</span> > > Since the RAM (internal system memory) is cleared when the computer is > powered down - that would be quite the trick.</span> I know that all memory on system RAM is supposed to die without power - when you study the construction, though, it seems quite feasible to me (a layman) that such an item could be configured to retain 'gremlins', so to speak! (The Chinese are velly cleffer!) <span style="color:blue"> > If the 'gremlin' was in the BIOS - the only writable media I know > about that could act in the way you are implying internal to the > machine with your "somewhere on the motherboard" comment - you've been > more than infested with malware.</span> In another group, Tim Jackson replied thus:- <span style="color:blue"> > I have been led to believe that the BIOS on a motherboad can be > attacked/infected but I have no knowledge of how one may check and/or > 'clean' same.</span> It can, but it isn't a likely attack route. The method varies according to the make and model of motherboard, and some boards have a jumper that must be set to allow any writing the flash ROM at all, or have a hard-coded alarm that warns you when writing is being enabled. So it is an unreliable and expensive method for a hacker. If you want to check, then look into your motherboard's flash update utility (probably on the CD that came with it, or on the manufacturer's website) and see if you can copy the existing flash contents. If so then you can make a baseline copy, and periodically repeat the process to make sure you continue to get the same data. You can probably find a security utility somewhere that will mirror the BIOS area of the memory map, which is pretty much the same thing in most cases As always, Shenan, thank you for posting your views. I appreciate it! -- Dave Quote
Guest Leythos Posted January 23, 2009 Posted January 23, 2009 In article <eOP$N5TfJHA.5572@TK2MSFTNGP02.phx.gbl>, BoaterDave@hotmail.co.uk says...<span style="color:blue"> > I know that all memory on system RAM is supposed to die without > power - when you study the construction, though, it seems quite feasible > to me (a layman) that such an item could be configured to retain > 'gremlins', so to speak! > > (The Chinese are velly cleffer!)</span> And that's why we don't buy non-USA vendors products for secure sites. In all my years I've only read about malware that infects BIOS memory, never actually seen one and I hardly think it's worth most malware writers time to do something that could easily be found and has little chance to be widespread cosidering the differences needed to program a BIOS. -- - Igitur qui desiderat pacem, praeparet bellum. - Calling an illegal alien an "undocumented worker" is like calling a drug dealer an "unlicensed pharmacist" spam999free@rrohio.com (remove 999 for proper email address) Quote
Guest ~BD~ Posted January 23, 2009 Posted January 23, 2009 "Leythos" <spam999free@rrohio.com> wrote in message news:MPG.23e377c9b12ce8c398984f@us.news.astraweb.com...<span style="color:blue"> > In article <eOP$N5TfJHA.5572@TK2MSFTNGP02.phx.gbl>, > BoaterDave@hotmail.co.uk says...<span style="color:green"> >> I know that all memory on system RAM is supposed to die without >> power - when you study the construction, though, it seems quite >> feasible >> to me (a layman) that such an item could be configured to retain >> 'gremlins', so to speak! >> >> (The Chinese are velly cleffer!)</span> > > And that's why we don't buy non-USA vendors products for secure sites.</span> An interesting (and telling!) comment, Leythos. Thanks. Are you permitted to advise who "we" are? You don't have to tell me - I'm simply curious on this occasion. style_emoticons/ <span style="color:blue"> > In all my years I've only read about malware that infects BIOS memory, > never actually seen one and I hardly think it's worth most malware > writers time to do something that could easily be found and has little > chance to be widespread cosidering the differences needed to program a > BIOS.</span> I've only read about same too - and agree with you! -- <span style="color:blue"> > - Igitur qui desiderat pacem, praeparet bellum. > - Calling an illegal alien an "undocumented worker" is like calling a > drug dealer an "unlicensed pharmacist" > spam999free@rrohio.com (remove 999 for proper email address) </span> Quote
Guest Leythos Posted January 23, 2009 Posted January 23, 2009 In article <uMHNNjWfJHA.5496@TK2MSFTNGP02.phx.gbl>, BoaterDave@hotmail.co.uk says...<span style="color:blue"> > > "Leythos" <spam999free@rrohio.com> wrote in message > news:MPG.23e377c9b12ce8c398984f@us.news.astraweb.com...<span style="color:green"> > > In article <eOP$N5TfJHA.5572@TK2MSFTNGP02.phx.gbl>, > > BoaterDave@hotmail.co.uk says...<span style="color:darkred"> > >> I know that all memory on system RAM is supposed to die without > >> power - when you study the construction, though, it seems quite > >> feasible > >> to me (a layman) that such an item could be configured to retain > >> 'gremlins', so to speak! > >> > >> (The Chinese are velly cleffer!)</span> > > > > And that's why we don't buy non-USA vendors products for secure sites.</span> > > > An interesting (and telling!) comment, Leythos. Thanks. > > Are you permitted to advise who "we" are? You don't have to tell me - > I'm simply curious on this occasion. style_emoticons/</span> Nope, I'm a non-person. I'm sure you can find others that don't buy foreign systems based on security concerns. What I think is funny is that some military contractors are still purchasing Lenovo systems. -- - Igitur qui desiderat pacem, praeparet bellum. - Calling an illegal alien an "undocumented worker" is like calling a drug dealer an "unlicensed pharmacist" spam999free@rrohio.com (remove 999 for proper email address) Quote
Guest Richard Urban Posted January 23, 2009 Posted January 23, 2009 RAM is supposed to be flushed upon a reboot. Yet, most people who have been repairing computers for a long time will tell you, as I am, that sometimes a complete power down (including removing the plug from the outlet) works wonders when you have totally unexplained happenings that you can not get a handle on. It is one of the things I tell my family to do when they call me fro trouble shooting a problem. You would be surprised how often it resolves a strange problem. Often enough for me that it is one of the "first" things I tell by brothers and sons to do. Many times nothing else need be done. Now I will admit that we all have computers that are 3-5 years old. The same goes for printers that are misbehaving. Pull the power cord from the wall for 30 seconds or so. I had one printer that would not register correctly when printing. I thought the paper was slipping during the feed. The print at top and bottom was normal but the print toward the center was compressed till it was almost a solid block of black. I unplugged the printer from the wall and went to get a coffee. When I plugged in the printer everything was fine. BUT, I don't see this as being a vector for infection as the condition is too arbitrary. I doubt that anything could purposefully "target" a condition caused by aging hardware. -- Richard Urban Microsoft MVP Windows Desktop Experience "~BD~" <BoaterDave@hotmail.co.uk> wrote in message news:eOP$N5TfJHA.5572@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > In line responses > > "Shenan Stanley" <newshelper@gmail.com> wrote in message > news:uCAMR3OfJHA.500@TK2MSFTNGP06.phx.gbl...<span style="color:green"> >> John D wrote:<span style="color:darkred"> >>> That is straight-forward advice ....... but I wonder how many (even >>> 'professionals') follow it! >>> >>> Are you just as confident that ........ I'll call them 'gremlins' >>> ......... cannot remain within a computer if the hard drive is >>> wiped as you describe (or even replaced with a new one)? >>> >>> What about gremlins hiding in, say, a RAM stick or somewhere on the >>> motherboard? There again, how could you possibly know the answer?!! >>> style_emoticons/</span> >> >> Since the RAM (internal system memory) is cleared when the computer is >> powered down - that would be quite the trick.</span> > > > I know that all memory on system RAM is supposed to die without > power - when you study the construction, though, it seems quite feasible > to me (a layman) that such an item could be configured to retain > 'gremlins', so to speak! > > (The Chinese are velly cleffer!) > ><span style="color:green"> >> If the 'gremlin' was in the BIOS - the only writable media I know about >> that could act in the way you are implying internal to the machine with >> your "somewhere on the motherboard" comment - you've been more than >> infested with malware.</span> > > > In another group, Tim Jackson replied thus:- ><span style="color:green"> >> I have been led to believe that the BIOS on a motherboad can be >> attacked/infected but I have no knowledge of how one may check and/or >> 'clean' same.</span> > > It can, but it isn't a likely attack route. The method varies according > to the make and model of motherboard, and some boards have a jumper that > must be set to allow any writing the flash ROM at all, or have a > hard-coded alarm that warns you when writing is being enabled. So it is > an unreliable and expensive method for a hacker. > > If you want to check, then look into your motherboard's flash update > utility (probably on the CD that came with it, or on the manufacturer's > website) and see if you can copy the existing flash contents. If so then > you can make a baseline copy, and periodically repeat the process to > make sure you continue to get the same data. > > You can probably find a security utility somewhere that will mirror the > BIOS area of the memory map, which is pretty much the same thing in most > cases > > > > As always, Shenan, thank you for posting your views. I appreciate it! > > -- > Dave > > > </span> Quote
Guest ~BD~ Posted January 23, 2009 Posted January 23, 2009 Thanks for posting yur views/thoughts Richard. Much appreciated. style_emoticons/ I've found that the "unplug ..... and wait" trick works wonders on much electronic equipment - PC's, TV's, video recorders and suchlike! -- Dave "Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message news:%23Hhu5QZfJHA.5496@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > RAM is supposed to be flushed upon a reboot. > > Yet, most people who have been repairing computers for a long time > will tell you, as I am, that sometimes a complete power down > (including removing the plug from the outlet) works wonders when you > have totally unexplained happenings that you can not get a handle on. > > It is one of the things I tell my family to do when they call me fro > trouble shooting a problem. You would be surprised how often it > resolves a strange problem. Often enough for me that it is one of the > "first" things I tell by brothers and sons to do. Many times nothing > else need be done. Now I will admit that we all have computers that > are 3-5 years old. > > The same goes for printers that are misbehaving. Pull the power cord > from the wall for 30 seconds or so. I had one printer that would not > register correctly when printing. I thought the paper was slipping > during the feed. The print at top and bottom was normal but the print > toward the center was compressed till it was almost a solid block of > black. I unplugged the printer from the wall and went to get a coffee. > When I plugged in the printer everything was fine. > > BUT, I don't see this as being a vector for infection as the condition > is too arbitrary. I doubt that anything could purposefully "target" a > condition caused by aging hardware. > > -- > > > Richard Urban > Microsoft MVP > Windows Desktop Experience > > > "~BD~" <BoaterDave@hotmail.co.uk> wrote in message > news:eOP$N5TfJHA.5572@TK2MSFTNGP02.phx.gbl...<span style="color:green"> >> In line responses >> >> "Shenan Stanley" <newshelper@gmail.com> wrote in message >> news:uCAMR3OfJHA.500@TK2MSFTNGP06.phx.gbl...<span style="color:darkred"> >>> John D wrote: >>>> That is straight-forward advice ....... but I wonder how many (even >>>> 'professionals') follow it! >>>> >>>> Are you just as confident that ........ I'll call them 'gremlins' >>>> ......... cannot remain within a computer if the hard drive is >>>> wiped as you describe (or even replaced with a new one)? >>>> >>>> What about gremlins hiding in, say, a RAM stick or somewhere on the >>>> motherboard? There again, how could you possibly know the answer?!! >>>> style_emoticons/ >>> >>> Since the RAM (internal system memory) is cleared when the computer >>> is powered down - that would be quite the trick.</span> >> >> >> I know that all memory on system RAM is supposed to die without >> power - when you study the construction, though, it seems quite >> feasible >> to me (a layman) that such an item could be configured to retain >> 'gremlins', so to speak! >> >> (The Chinese are velly cleffer!) >> >><span style="color:darkred"> >>> If the 'gremlin' was in the BIOS - the only writable media I know >>> about that could act in the way you are implying internal to the >>> machine with your "somewhere on the motherboard" comment - you've >>> been more than infested with malware.</span> >> >> >> In another group, Tim Jackson replied thus:- >><span style="color:darkred"> >>> I have been led to believe that the BIOS on a motherboad can be >>> attacked/infected but I have no knowledge of how one may check >>> and/or 'clean' same.</span> >> >> It can, but it isn't a likely attack route. The method varies >> according >> to the make and model of motherboard, and some boards have a jumper >> that >> must be set to allow any writing the flash ROM at all, or have a >> hard-coded alarm that warns you when writing is being enabled. So it >> is >> an unreliable and expensive method for a hacker. >> >> If you want to check, then look into your motherboard's flash update >> utility (probably on the CD that came with it, or on the >> manufacturer's >> website) and see if you can copy the existing flash contents. If so >> then >> you can make a baseline copy, and periodically repeat the process to >> make sure you continue to get the same data. >> >> You can probably find a security utility somewhere that will mirror >> the >> BIOS area of the memory map, which is pretty much the same thing in >> most >> cases >> >> >> >> As always, Shenan, thank you for posting your views. I appreciate it! >> >> -- >> Dave >> >> >></span> > </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.