[PLUG] It was going so well...
m0gely
m0gely at telestream.com
Wed May 23 04:21:34 UTC 2007
Ed Sawicki wrote:
> For the past few years I've been fortunate not
> to have to support Windows desktops. Now that
> may be changing a bit. I need to be able to
> disinfect a Windows box without having to spend
> any significant amount of time keeping up with
> the goings on in the Windows insecurity world.
This is impossible. This is where the meat of all the issues you hear
about happen. You're going to get to know Windows better than most
people if you care about the quality of your work in doing this. As
others have mentioned, BartPE with an AV plugin is your best bet for
offline virus cleaning. You'll want to spend some time adding in many
network card drivers though so any system you put the disc in will have
net access to update the virus def's.
Unfortunately ad|spy|malware mostly needs to be done while the syste, is
live. There is a Spybot plugin for Bart, but that class of software can
be more cancerous to a system than a virus causing damage on multiple
levels.
It might take you a couple days to learn BartPE and put together a good
disk that you like, but oh the time it will save in the long run...
> What should I buy?
ERD from Sysinternals (now part of MS). Their tools are invaluable.
If you're able too, suggest that people use Firefox instead of IE. I
keep it and the Flash, shockwave and Java plugins on a thumb drive so
they have the essential features they expect. Then I run Spyware
Blaster on the machine which does some preventative measures in IE and
FF so malware doesn't get in there to begin with. I like it because it
doesn't run in the background and eat resources. Really, that keeps
people out of trouble for the most part.
--
- m0gely
More information about the PLUG
mailing list