Microsoft Says Recovery from Malware Becoming Impossible

Lloyd Kvam lkvam at venix.com
Thu Apr 20 09:42:00 EDT 2006 

On Wed, 2006-04-19 at 17:05 -0400, Ben Scott wrote:
> On 4/19/06, Python <python at venix.com> wrote:
> > Sorry to keep beating the dead horse, but generally, the Linux reinstall
> > is more painless ...
> 
>   I don't know about that.  Our Windows installs aren't really all
> that different from a Red Hat KickStart install.  Hit F12 during boot,
> boot into RIS, start install over network, a little bit later, you're
> done.  Of course, I know what I'm doing and have invested in the time
> and tools to make Windows operate properly.  But I've seen clueless
> Linux admins before, too.
> 
>   The cost of a reinstall is generally all the post-OS-install,
> application-specific configuration that has to be done, anyway.  Our
> crappy ERP system is hard to automate.  I've encountered the same on
> nix, too.  Ask the list about installing Oracle some time.... :)
> 
> > ... unless you are dealing with pre-built system images and
> > have kept the image archives up-to-date.
> 
>   There are other ways to do automated Windows installs besides than
> via Ghost-style hard disk images.  Like RIS, above.
> 
> >  Most of the system will have come from the distributor (e.g. Redhat) ...
> 
>   Oh, really?  When did that law get passed?  :)  I've had plenty of
> nix installations where the critical software most especially did
> *not* come from the distribution.

But I think that is changing.  My Fedora 3 system has about 20 manually
installed packages.  My Fedora 5 has 1.  Most of that is due to greater
package availability in the repositories.  Even a limited sysadmin like
me can look like a pro when
	yum install whatever-package-you-want
does all of the heavy lifting and all that's left is to specify the
config details that fit my operation.

> 
> > There should be relatively little rummaging around for installation
> > media.
> 
>   The big time cost is not looking for CDs.

You're probably better organized at keeping install media, updates,
software unlock codes and the like in their proper places.  I love that
I can pretty much ignore all of that now.

> 
> > This recent advice on theregister looks like a good approach for future
> > system setups.  Perhaps some of the savvy folks on this list are already
> > doing this.
> > http://www.theregister.com/2006/04/13/virtual_security/
> 
>   Virtualization is a valid technique, but a second ago you were
> saying about the difficulty of keeping pre-built images of a single
> system.  How is keeping images of multiple virtual systems easier? 
> :-)

I only manage three systems: laptop, desktop/development/test-server,
production-server.  I am not really fluent in all of the roll-out and
management techniques, so please feel free to set me straight.
Kickstarts appear to be a one-way street.  I don't know of a way to
generate a kickstart file from a working system.  Maybe that's trivial,
but a quick google only found push-style automation.  That works so long
as no packages are installed directly bypassing the kickstart data flow.

The virtualization docs, if I am reading them correctly, seem to promise
the ability to create system images based on the working install.  That
suggests automatically creating and saving snapshots for recovery
purposes.  That would allow for ad hoc package installs and updates
while still having reliable system images for recovery.  Data recovery
would be separate, but that's already getting handled OK at least in
most operations.

> 
> -- Ben
> 

-- 
Lloyd Kvam
Venix Corp.
1 Court Street, Suite 378
Lebanon, NH 03766-1358

voice:  603-653-8139
fax:    320-210-3409

More information about the gnhlug-discuss mailing list