Absolutely you're right the best way to handle a rootkit is restore from a known-good backup. Just like you practiced, last month when you tested it when found and fixed the problem with backup system.
Unfortunately, 90% of people don't have a proper backup system. Probably over half of systems that are being "backed up" can't actually be restored because the backup media went bad a year ago or whatever.
For the people who don't have a solid backup:
> some IT professional who sells himself to a client by cl
One technique for data sterilization is to convert to a different format. For example, converting a Word document to WordPerfect will make sure there are no macros, I believe. Then convert back. Even better, convert to plain text if possible, and leave it as plain text. JPG to bump, etc.
Re: (Score:3)
Data yes, OS and programs, no (Score:2)
Absolutely you're right the best way to handle a rootkit is restore from a known-good backup. Just like you practiced, last month when you tested it when found and fixed the problem with backup system.
Unfortunately, 90% of people don't have a proper backup system. Probably over half of systems that are being "backed up" can't actually be restored because the backup media went bad a year ago or whatever.
For the people who don't have a solid backup:
> some IT professional who sells himself to a client by cl
Re: (Score:1)
Format conversion for sterilization. Word - WPS (Score:2)
One technique for data sterilization is to convert to a different format. For example, converting a Word document to WordPerfect will make sure there are no macros, I believe. Then convert back. Even better, convert to plain text if possible, and leave it as plain text. JPG to bump, etc.