No it means you are "assuming" because you find nothing more & no one
has complained yet. Kind of like an AIDS test, just because it's
negative doesn't mean a whole lot since it tests for the presence of
something. Granted that applied both surgical cleaning and data only
cleanings, but data only is less risky.
Honestly speaking neither method is the true solution. The true solution
is to dump everything including data for fear of unknown infections but
that's just not acceptable since most people don't have one much less
many backups.
Along the same lines, no web server that's been exploited can be trusted
until wiped, reinstalled and data restored from backups made before the
exploit. Difference is they tend to have the backups and are not trying
to pick though an infected store of data.
The worst way to do this is trying to disinfected the whole system. You
gonna do what you want to do, but it is certainly more risky than the
other two options.
Thane Sherrington (S) wrote:
At 04:07 PM 10/02/2006, warpmedia wrote:
One way is now a hit-or-miss hack job, the other the proper solution.
It's not a academic exercise, it's a job, there is no reason to spend
time and still not be certain you've done the job right.
I am doing the job right. Just because you can't get the time down to a
reasonable level to clean a system doesn't mean it's impossible. It
just means you haven't figured it out yet.
T
