mailing list archives
Re: Incident Response
From: Mike Patterson <mike () snowcrash ca>
Date: Fri, 02 Jul 2010 10:21:43 -0400
On 10-07-01 6:19 PM, Daniel Holiday wrote:
This brings up a question that I have always asked - can you recover from a
machine that has had a virus on it?
Is it worth it? Usually not.
At work, sysadmins/techs will often try anyway. I often follow up
saying "you still have a problem on that system." It's not always the
Thankfully, I've done this enough that at least within my own (central
IT) department our client support folks will default now to
format/reinstall, despite the work involved.
What is the accepted procedure for after you have discovered a bad code on a
"It depends." :-) But generally anything less of reinstall and restore
data from last known good backup is rife with potential problems.
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
Main Web Site: http://pauldotcom.com