Re: Multi_VA trashed my system (Can David H Lipman please look a this)

Discussion in 'Spyware' started by Betina, May 15, 2006.

  1. Betina

    Art Guest

    Hmm. Seems to me the way out of that problem for repair techs is to
    first note the update level of a PC and if reformat/reinstall is
    required, only install updates to the original level. But then that
    has the problem that it might have been patching ills that brought
    the PC into your shop. You can't win :)

    I wonder how many users update and patch. I wonder how many repair
    techs update and patch customer's PCs.

    Are you implying that you don't update and patch?

    Art, May 19, 2006
    1. Advertisements

  2. On that special day, Peter Seiler, () said...
    Actually, I have no idea. "free from notion" perhaps?

    It might be helpful if you tell newbies, that the Outlook (Express)
    settings are designed contrary to good netiquette rules; but there are
    cases which cannot be treated. You spend your efforts on something
    without getting anything in return.

    It is bad enough that pcbutts1 steals other people's work, and he
    continues to do so even when people are telling him he does, without
    any sign of remorse or embarrassment, so why should he be caring about
    your complaints, at all?

    This is just wasted energy.

    Gabriele Neukam

    Gabriele Neukam, May 19, 2006
    1. Advertisements

  3. On that special day, Dustin Cook, () said...
    The problem is, that the line between good and bad, wanted and unwanted
    is a *very* thin one.

    There is software that not everybody wants to be on his/her machine,
    although its presence is legal. It might even be just a (mis)
    configuration, that causes issues. If you remove it, you break a law,
    if you leave it there, your customer says, you failed to keep up to
    your words. I mean things like the Sony XCP program, or Alpha DVD.

    How do you explain a customer, that his/her machine is free from
    nasties, if the printer driver phones home, and the desktop search
    application opens their data base to the world (see Google desktop)?

    What will their lawyers say?

    Gabriele Neukam

    Gabriele Neukam, May 19, 2006
  4. On that special day, Art, () said...
    One side note:

    That with the three mile island? Seeing what happened in the Ukraine
    twenty years ago, you can count yourself lucky, really.

    I wonder why some people still think setting up new plants is a
    solution to the rising of oil prices, instead of developing more energy
    efficient devces, which make better use of the power already available.

    Energy saving doesn't create any kind of waste, be it carbon dioxide or

    Gabriele Neukam

    Gabriele Neukam, May 19, 2006
  5. Betina

    Dustin Cook Guest

    Any good tech will do research to see whats going on with the machine,
    before doing anything to it. Techs who are quick to reformat/reinstall
    aren't really techs, they're monkeys.
    We patch and update, of course. We also monitor which patches are
    causing what issues based on the software already present on the
    machine. But, we don't go willy need and apply all the patches without
    checking to make sure they're kosher with the software present already
    on the machine. Yes, it takes more work this way, but the computer runs
    Did I say I didn't? I believe what I said was, techs who go patch patch
    patch without checking the box are the ones who cause problems.
    Dustin Cook, May 19, 2006
  6. Betina

    Dustin Cook Guest

    Seems to be user judgement tho. :(
    I'm aware of both scenarios, having done the manual removal a few times
    of Sony's product...
    We explain to the customer what we did, what they need to do, and what
    remains on the computer that they elected to install. For example, the
    google desktop. We inform the customer of the risks of using it, and
    they make the final decision. We can lead a horse to water, but short
    of drowning him, we can't make him drink it.
    Dustin Cook, May 19, 2006
  7. Betina

    Art Guest

    With our higher prices of oil and gasoline, I've heard no talk of
    nuclear, but much talk about energy saving and efficiencies.

    Art, May 19, 2006
  8. Betina

    Art Guest

    You didn't say you did either, which is why I asked.

    Art, May 19, 2006
  9. I'm originally from Harrisburg.
    We lived five miles west of Three Mile Island, in 1979 when it had its
    problem. (That would be across the river.)

    We were upwind... :)
    Three Mile Island Unit 2 is still performing perfectly. Several friends
    worked on the island, but they've all retired now.
    Beauregard T. Shagnasty, May 19, 2006
  10. Betina

    Ant Guest

    Sounds like "clueless" would be right word.
    Ant, May 19, 2006
  11. Betina

    kurt wismer Guest

    i think it is you who is misunderstanding me... i'm talking about a
    situation where that bet isn't made at all... where the principals are
    made to understand that the certainty that others might promise them is
    not actually available under any circumstances but you will do your best...
    i can see no reason why one might be forced into such intellectual
    dishonesty as to _certify_ that a machine is _clean_...
    kurt wismer, May 20, 2006
  12. Betina

    Leythos Guest

    Well, if it's a case of "Do your best to rid my machine of malware",
    then I have no issues cleaning it. Now that you've made that clear, I
    have no issues with it, knowing that something could be missed that
    neither you or I might be able to detect.
    Leythos, May 20, 2006
  13. On 17 May 2006 11:25:18 -0700, "Dustin Cook"
    Well, that's the point - if you can't be sure you've cleaned all the
    malware, you don't know what types of malware may remain.

    In the absolute sense, Leythos is correct when he balks at certifying
    a cleaned system as clean. Where he's wrong is (by the same absolute
    standards) considering a wiped and rebuilt PC as (staying) clean.

    The fact that a malware (i.e. any kind of unwanted sware) is present,
    means whatever defenses that system had, have failed. If they failed
    once to let one malware through, they may have failed a number of
    times to let a number of malware through.

    And if they failed before, then putting up a freshly-setup system is
    as likely to fail again - particularly as a freshly-installed
    installation is unpatched and vulnerable.
    I'd prefer a cleaned system to a fresh duhfault install that has to be
    patched via the 'net in the face of incoming attacks. If the stakes
    were high enough, I'd keep the original HD out of the box for offline
    forensics while a fresh build is deployed in the meantime.
    How do you know what you're dealing with, if all your scanners etc.
    have to run from the infected OS?

    How do you know a fresh build will stay clean, if you have to go
    online while unpatched to get patches?

    How do you know a fresh build stays clean, if you restore a "data
    backup" that contains IE downloads, incoming MS Messenger attachments
    and incoming email attachments hidden in the mailboxes?

    So yes, Leythos; there's uncertainty in cleaning systems. But "just"
    wiping and starting over does not dispell that uncertainty.

    To be near-absolutely sure of being clean in mid-2006, you'd need:
    - an up-to-date off-system set of checksum data for every code file
    - ability to examine and suppress every integration point
    - off-HD maintenance OS to run all of the above

    In practice, maintaining an up-to-date database of code checksums is
    tricky, because of the "version creep" effect of incessant patching.

    Most of us don't whitelist all code files, nor maintain comparison
    data to generically detect trojan replacement or intra-file infection.
    Instead, we use a variety of av scanners that look for known bad guys.
    These, plus scanners for commercial malware, debulk the more common
    stand-alone malware files that rely on explicit integration, and then
    we use HiJackThis or similar to check the common integration points.
    Absolutely - it's as useless as advice to "just" do backups.

    Tip Of The Day:
    To disable the 'Tip of the Day' feature...
    cquirke (MVP Windows shell/user), May 20, 2006
  14. Betina

    Leythos Guest

    I have no misconceptions of a machine, one that I've wiped and
    resinstalled, staying clean in the hands of a non-technical type. I've
    managed to keep my own machines free of malware for the almost 30 years
    I've been using computers (yea, malware has not really been around that

    Legally, the only thing that matters, if you are providing a
    certification of a machine being clean, is that it was clean by all
    standards when given/returned to the customer.
    Leythos, May 20, 2006
  15. Which means your focus is not workstations, which you probably treat
    as disposable - after all, all the "real" data is on the server, and
    who cares what preferences, software etc. are lost?

    That approach is inappropriate when 1 PC represents the entire
    infrastructure of a company or user - there's no magic server holding
    the data, no well-maintained installation image, no neat little
    whitelist of a handful of "approved" apps.

    Do you have any idea how long it could take to rebuild such a system
    to exactly the same applications, settings, ptreferences, etc.?
    That includes removing software, given this is created by fallible
    (and sometimes downright gullible) humans.

    IOW, CYA. If the client gets ripped to shreds a week later, that's
    fine as long as the malware came in after you'd returned the PC.
    It would be interesting to do this experiment:

    1) Take 10 MSFT employees; they can be chosen by MSFT
    2) Let each draw up a list of "all" integration points
    3) Compare the lists to see if there's > 5% variance
    4) Get another 100 MSFT employees to check the list
    5) See what % of missed integration points they add to the list

    If even MS can't enumerate all possible integration points, much less
    provide a "safe mode" that suppresses ALL of them, then you can safely
    say we've lost control of the game ;-)

    Tip Of The Day:
    To disable the 'Tip of the Day' feature...
    cquirke (MVP Windows shell/user), May 20, 2006
  16. Betina

    Leythos Guest

    While we have a lot of servers and most customers have a server, several
    of our smallest customers have only 3~5 workstations, but we're smart
    enough to backup data between them or to a external device.
    In our installations we would not provide a solution with the problems
    you describe. Sure, there are many that have that problem, but that's
    because of some idiot setting it up that way.
    I've been doing this for almost 30 years, so, yes, I have a very real
    understanding. Are you aware that if you don't provide clients with a
    simple means to backup their data, with a means to backup their email
    folders/files, etc.. that you are doing this a great disservice?
    Why do you keep going around in circles, we never discussed what happens
    AFTER, only the cleaning stage. In all my years of designing and
    maintaining networks I've never had one of our networks compromised as
    long as we managed it. I've had clients with home PC's that were
    compromised that we cleaned up, installed basic security apps/methods,
    locked down, and have worked with them for years without another
    compromise... What's your point?
    Which goes back to you just proving my point - if you want a clean
    machine you need to wipe it and restore it from scratch in a clean
    environment, apply all updates, etc... The machine will be legally clean
    and can be returned with the expectation that it contains no malware at
    that time. If the users choose to ignore the security methods you've
    provided, well, you're not responsible for that, you've done what was
    contracted, removed all known/unknown malware from the machine.
    Leythos, May 20, 2006
  17. Betina

    kurt wismer Guest

    Leythos wrote:
    legally clean? there's an interesting concept - how does the law define
    you don't *know* that you've removed all unknown malware from the
    machine... if you left the machine blank instead of rebuilding it then
    maybe you might have a certain amount of assurance about that, but if
    you rebuild it you risk exposing it to unknown malware in your own tool
    kurt wismer, May 20, 2006
  18. Betina

    Leythos Guest

    How about we settle for this, as you want to keep going around in

    1) I'm going to clean a machine based on the customers expectations

    2) If the customer wants me to certify that the machine is clean, and
    give them, in writing, a certificate, I will wipe and reinstall from a
    MS CD and from Vendors CD's, not from burned copies..

    3) If the customer doesn't want a certified state, I will clean the
    machine based on how much the customer wants to pay and provide with the
    information on what they can expect.

    4) If you have a problem with the above, well, too bad, that's just the
    way it's going to CONTINUE to work for my business. You are free to do
    your work how you want.
    Leythos, May 21, 2006
  19. Betina

    Dustin Cook Guest

    I have no clue how one would deem a machine certiflyably clean short of
    writing all the firmware, software, etc themselves and having that
    subjected to intense peer review....

    Realistically, this isn't possible.
    Dustin Cook, May 21, 2006
  20. Betina

    Dustin Cook Guest

    So your telling me your going to apply the same "fix" for a problem
    that some typical high schooler in a computer class would do?

    You've been doing this for 30 years? How much data have you cost people
    in this time?
    A certificate? I'd like clarification. Do you have a scan of it I could
    view? :)
    Based on how much they want to pay? So, lemme see if I understand this.
    You'll let it leave possibly still under the control of software the
    user does not want should the user not have enough to pay for a
    thorough cleaning? Just exactly what do you mean?
    I have no problem with your methods, it's not my data being hosed. I do
    feel sorry for the customers you have who don't know better, however. I
    wonder if my viruses or your system restoration methods has destroyed
    or caused to lose more data?
    Dustin Cook, May 21, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.