Daniel
Premium,MVM
join:2000-06-26
Pleasanton, CA
clubs: 
| reply to The Penguin
Re: Trojan detection
If he did something foolish that could have resulted in a compromise then the best defense is to reinstall.
Trojan detection is a very weak thing right now. It's basically like this: if you find one using a tool, you have one. But if you don't find one it doesn't mean much of anything at all.
If in doubt, reinstall.
--
dmiessler.com -- grep understanding knowledge |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| said by Daniel  :If he did something foolish that could have resulted in a compromise then the best defense is to reinstall. Trojan detection is a very weak thing right now. It's basically like this: if you find one using a tool, you have one. But if you don't find one it doesn't mean much of anything at all. If in doubt, reinstall. what is your advice if he finds one..reinstall ? Where did you get your info that trojan detection is weak. 
seems to me the op already stated a trojan was detected and three products call it out.
and this statement "But if you don't find one it doesn't mean much of anything at all."
Are you assuming that every system out there is infected ?
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
ghost16825
Use security metrics
Premium
join:2003-08-26
| said by Name Game :said by Daniel :If he did something foolish that could have resulted in a compromise then the best defense is to reinstall. Trojan detection is a very weak thing right now. It's basically like this: if you find one using a tool, you have one. But if you don't find one it doesn't mean much of anything at all. If in doubt, reinstall. what is your advice if he finds one..reinstall ? Where did you get your info that trojan detection is weak. seems to me the op already stated a trojan was detected and three products call it out. and this statement "But if you don't find one it doesn't mean much of anything at all." Are you assuming that every system out there is infected ? In general, detection of a trojan implies a trojan is there (given 0% false positives). Non-detection of a trojan does not imply anything about the existence of a trojan. For all but the isolated case your preferred course of action should be to flatten and rebuild - that is, it should be the rule rather than the exception. By doing selective removal based on tool results you're basically saying: "I am smarter than the attacker; I know exactly how and when the attacker has changed my system and can restore the system to a known good state. (without wiping)." |
|
Daniel
Premium,MVM
join:2000-06-26
Pleasanton, CA
clubs:
| reply to Name Game
said by Name Game :said by Daniel :If he did something foolish that could have resulted in a compromise then the best defense is to reinstall. Trojan detection is a very weak thing right now. It's basically like this: if you find one using a tool, you have one. But if you don't find one it doesn't mean much of anything at all. If in doubt, reinstall. what is your advice if he finds one..reinstall ? Where did you get your info that trojan detection is weak. I spend all day, every day, doing information security at a professional level, and to do this correctly you need to be a student of the game. A popular point of discussion is the constant struggle between those who write trojans and those who try and detect them. It's widely accepted by those in the field that modern trojans are extraordinarily difficult to detect, and that if you suspect you may have one you should reinstall.
I grow tired of reminding you and others that there is a whole world of security outside the home PC environment, and that if you continue to approach things from this perspective alone you will remain ignorant. If you choose to ignore the big picture then that's fine by me, but please stop being surprised and/or defensive when I try and raise awareness.
--
dmiessler.com -- grep understanding knowledge |
|
