Microsoft Says Recovery from Malware Becoming Impossible

[Python]

On Wed, 2006-04-19 at 15:48 -0400, Ben Scott wrote:
>   *sigh*  I hate FUD, even when it's FUD for Linux and against
> Microsoft.
> 
>   Linux has the same problem.  Every system ever invented has the same
> problem.  The problem is that if you've had a full system compromise
> (whether you call your superuser "root", Administrator, or
> SUPERVISOR), you can no longer trust the computer to check itself. 
> The attacker can subvert the system to lie to you about itself.
> 
>   What Microsoft is saying -- you need to reinstall from trusted media
> after a root compromise -- have been Standard Operating Procedure in
> the security community for decades, on all platforms, nix and doze
> included.  See, for example, this classic guide from CERT:
> 
> http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
> 
>   We've had this same situation be discussed *on this list*, multiple
> times, going back at least a few years.

Sorry to keep beating the dead horse, but generally, the Linux reinstall
is more painless unless you are dealing with pre-built system images and
have kept the image archives up-to-date.  Most of the system will have
come from the distributor (e.g. Redhat) and the ancillary repositories.
There should be relatively little rummaging around for installation
media.

This recent advice on theregister looks like a good approach for future
system setups.  Perhaps some of the savvy folks on this list are already
doing this.
http://www.theregister.com/2006/04/13/virtual_security/


-- 
Lloyd Kvam
Venix Corp