Saturday, June 14, 2008

Security Updates

I'm of the mindset, "Once a system has been compromised, it can't be trusted." If I find malware on a computer, be it Windows, Mac, or Linux (unlikely for the last two), I complete wipe it (Dban), and reinstall the system. It's funny to me that people still call it, "reformat". We've passed the Windows 98 days, folks. If you try to simply clean the system with anti-virus/spyware/adware solutions, you can't be sure the problem is gone. Only by wiping and reinstalling can you be sure.

Wipe the hard drive:
Tutorial on using Dban: Iron Geek

Some information on reinstallation:
PC World - Step By Step, reinstall Windows - How to Reinstall Windows without losing your data
Chris Parillo - How to Reinstall OSX
Dartmouth - Reinstalling OSX

Reinstalling Ubuntu is about the same as the above information. You can install Ubuntu from the DesktopCD, or the Alternative Install CD. Free Geek Central Florida gives a copy of Dban and the Ubuntu DesktopCD with each FreekBox.

But, you then hit the problem of how the malware got there in the first place. Wipe/reinstall won't stop the problem from happening again. It might - if the original problem happened from a vulnerability that's been recently patched- but it will probably happen again.

Once you're wiped and reinstalled the system, don't forget to do ALL the system updates. This is especially important on Windows.

Most malware comes from manipulation the user in order to get to the system. Email attachments, malicious scripts on websites, malware imbedded in picture files, and 'cross site scripting' are just a drop in the bucket of social engineering. The hard part is to learning how the original problem happened.

If you're a home user, a simple wipe, reinstall, update will take care of most malware and vulnerabilities. But, if you're an organization with 5 or more users, that simple procedure won't be enough.

What will be enough depends on the size of your business, the importance of the data, and what you can afford. That is whole 'nuther book, not just a blog post.

Use the anti-virus/spyware/adware products and programs to detect if you have something. If you do, don't bother 'cleaning', 'quaranteening'. Just wipe and reinstall.

Free anti-malware resources:
ClamWin -This is what I use for Windows
ClamXav - ClamAV for Mac
ClamAV - for Linux/BSD

And don't keep your personal files on the same disk as your system. That's just asking for trouble.

No comments: