[PLUG] It was going so well...

m0gely m0gely at telestream.com
Wed May 23 04:21:34 UTC 2007


Ed Sawicki wrote:

> For the past few years I've been fortunate not
> to have to support Windows desktops. Now that
> may be changing a bit. I need to be able to
> disinfect a Windows box without having to spend
> any significant amount of time keeping up with
> the goings on in the Windows insecurity world.

This is impossible.  This is where the meat of all the issues you hear 
about happen.  You're going to get to know Windows better than most 
people if you care about the quality of your work in doing this.  As 
others have mentioned, BartPE with an AV plugin is your best bet for 
offline virus cleaning.  You'll want to spend some time adding in many 
network card drivers though so any system you put the disc in will have 
net access to update the virus def's.

Unfortunately ad|spy|malware mostly needs to be done while the syste, is 
live.  There is a Spybot plugin for Bart, but that class of software can 
be more cancerous to a system than a virus causing damage on multiple 
levels.

It might take you a couple days to learn BartPE and put together a good 
disk that you like, but oh the time it will save in the long run...

> What should I buy?

ERD from Sysinternals (now part of MS).  Their tools are invaluable.

If you're able too, suggest that people use Firefox instead of IE.  I 
keep it and the Flash, shockwave and Java plugins on a thumb drive so 
they have the essential features they expect.  Then I run Spyware 
Blaster on the machine which does some preventative measures in IE and 
FF so malware doesn't get in there to begin with.  I like it because it 
doesn't run in the background and eat resources.  Really, that keeps 
people out of trouble for the most part.

-- 
- m0gely



More information about the PLUG mailing list