Microsoft recommends rebuilding hacked machines

By Oren Sreebny on May 19, 2004 7:17 AM | | Comments (0)

My colleague James Morris points out an article in Microsoft's Technet site by Jesper M. Johansson, Security Program Manager at Microsoft, entitled Help: I Got Hacked. Now What Do I Do?.

• You can’t clean a compromised system by patching it. Patching only removes the vulnerability. Upon getting into your system, the attacker probably ensured that there were several other ways to get back in.
• You can’t clean a compromised system by removing the back doors. You can never guarantee that you found all the back doors the attacker put in. The fact that you can’t find any more may only mean you don’t know where to look, or that the system is so compromised that what you are seeing is not actually what is there.

it concludes:

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications). Alternatively, you could of course work on your resume instead, but I don’t want to see you doing that.

This list makes patching look not so bad, yes? We may hate patches, but the alternative is decidedly worse.

Sobering reality.

Categories:

Leave a comment

About this Entry

This page contains a single entry by Oren Sreebny published on May 19, 2004 7:17 AM.

Movable Type 3.0 and Mena's question was the previous entry in this blog.

Dave Clark -Tussle in Cyberspace is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

About Me
Powered by Movable Type 4.01

Search