Is it still good practice to reinstall everything after you are owned?

Tue Sep 19 10:57:33 PDT 2017

On Tue, Sep 19, 2017 at 1:41 PM, Steve Kinney <admin at pilobilus.net> wrote:

>
>
> On 09/19/2017 07:37 AM, Georgi Guninski wrote:
> > Is it still good practice to reinstall everything after you are owned?
> >
> > It used to be, but after reading about windows viruses I am not sure it
> > is.
>
> Well if somebody who reads the CPunk list is "fixing" a failed Microsoft
> operating system, that implies that the computer in question belongs to
> somebody else who demands Microsoft.  In that case, industry best
> practice is to follow the most expensive path possible:  "It is morally
> wrong to allow a sucker to keep his money."  The more of a client or
> employer's money you spend, the more important your job appears to be
> and the more /you/ can charge.
>
> So you will want to go shopping, and buy any "upgrades" that are
> available.  Assure that the anti-virus and related tools installed are
> the very most expensive.  If possible replace hardware, not just
> software.  Explore the potential for adding firewall appliances etc. to
> the network the compromised system plugs into - every security incident
> is a window of sales opportunity and, thanks to the popular press and
> the efforts of Microsoft and other snake oil vendors, the sky is not
> necessarily the limit.  Start building a case to change out /everything/
> IT related at the shop in question for the most expensive and massively
> over-built infrastructure possible - where and as this becomes possible,
> it qualifies as a Total Win.
>
> Also bear in mind that once Microsoft has been specified, "security" is
> out the window and compliance with popular misconceptions and IT sales
> literature constitute due diligence on the security front.  As a
> practical security objective, you will want to see the largest number of
> security incidents your client or employer will tolerate going forward,
> as you play the part of a heroic warrior battling hordes of Evil Genius
> Super Hackers on their behalf.  Do this well, with a straight face and
> the assistance of talking points from your vendors, to meet the only
> security objective that matters:  Your job and retirement security.
>
> Remember that an occasional /real/ loss of important assets will assure
> that your client or employer values your services very highly.  If
> things get too quiet around the shop for too long, dropping a couple of
> anonymous tips on security issues at your shop in "hacking" forums -
> make them look like a disgruntled ex-employee looking for pay-back - can
> do wonders to boost your importance in the eyes of management.
>
> :o)
>
>
>
>
>
>
>
>
Georgi,

Yes - in addition, since some attackers have been shown to compromise not
only UEFI firmware, but also blobs in peripheral devices, a re-flashing of
those components from HW land. In many cases, this type of recovery is
'impossible'.

Practically, individuals will take a stab on guessing attacker capability
between; zero sophisticated persistence and h/w re-install survivability
and act accordingly. It is difficult to get that right, if not impossible.

Broadly, the types of activities you perform on various hardware would
dictate the appropriate response. For example, you might not go about
generating a root CA on the computer you routinely clean adware from, and
you might not consider that computer 'safe for the task' after a OS
reinstall, instead favoring fresh, network interface stripped, or purpose
built HW.

-Travis

-- 
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4648 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20170919/e4b4cd46/attachment.txt>