By fresh I assume you mean freshly brought to you as an unknown state vs. freshly installed from scratch using assumed clean sources? Simple, you can't but the reasons to distrust it are lesser than a known compromised system.
Now like I said before and it applies to systems of any state: if you have hashes from a trusted state and are rehashing to compare the volume hosted as data in an assumed clean system then you can be reasonably sure the resulting rehashes truthfully represent the current state of the volume and if they match reference hash the volume matches the previously trusted state. Further, even without previous hashes you can use a database of known good hashes to vet the OS binaries since they are not going to be unique and work from there to assess if the system is reasonably trustworthy. Bruce Schinner I think did a write up about how it's a degree of trust with many systems because there is no absolute certainty. The hash database I've mentioned before is a US government project commonly used by law enforcement in forensic analysis. On Dec 27, 2012 7:43 AM, "Thane Sherrington" < [email protected]> wrote: > As you guys know, I don't believe in nuke and pave. I can understand the > philosophy, but it's flawed. If you can't trust a system you know was > infect, and has been carefully cleaned, how can you trust a fresh system > that has never been checked? > > T > > >
