InfoWorld - Security Adviser: After infection: New schemes to restore your systems

/Home/Internet Security: Blogs/Internet Security: InfoWorld blog/InfoWorld: Security Adviser 2012

Antimalware software can detect infections, but fixing those problems still means wiping and rebuilding your hardware

By Roger A. Grimes
FEBRUARY 07, 2012

In the computing world, detecting problems is far easier than fixing them. Take antimalware software: It's always been better at accurately finding viruses and the like than at cleaning up and repairing infected systems. That left security professionals with an ongoing conundrum for the past three decades: How can we be certain we've cleaned up a system once it's been compromised? Just because it tells you it's infection-free doesn't mean it is. Malware can modify one bit, and because you don't know which bit has changed, you have to do a complete recovery.

The answer is you can't trust a system once it's been compromised unless you completely rebuild it. In today's world of insufficient backups, that task usually gets distilled into arduous and time-consuming tasks. For example, you may have to copy off all your data that isn't backed up, format the drive, re-install the operating system and software, then replace the data.

Click the URL above to read the full article