it.guy1
New Member
- Reaction score
- 0
- Location
- Northwestern US
Used to always clean, now????
I find that it involves discussion with the client. Working at a university and having two types of clients has proven beneficial for learning about this. With students who have tons of software it is often in their best interest to clean with some training on how to avoid future infections, and some best practices to implement immediately.
With faculty and staff we used to just clean, after monitoring network traffic post clean, we have now changed our approach to a case by case basis, if they only use standard software, we back up data and nukem. If they have specialty software for research we clean, then monitor network traffic from the box for tell tale signs.
I know that this is a pretty unique environment, but it has proven to me that no matter how thorough a job we try to do when cleaning, the machine could be infected still. The network traffic we were seeing from the "Clean" machines indicated that the box was part of a Bot-net. No visible indications of infection, but was running with user installed IM clients.
I find that it involves discussion with the client. Working at a university and having two types of clients has proven beneficial for learning about this. With students who have tons of software it is often in their best interest to clean with some training on how to avoid future infections, and some best practices to implement immediately.
With faculty and staff we used to just clean, after monitoring network traffic post clean, we have now changed our approach to a case by case basis, if they only use standard software, we back up data and nukem. If they have specialty software for research we clean, then monitor network traffic from the box for tell tale signs.
I know that this is a pretty unique environment, but it has proven to me that no matter how thorough a job we try to do when cleaning, the machine could be infected still. The network traffic we were seeing from the "Clean" machines indicated that the box was part of a Bot-net. No visible indications of infection, but was running with user installed IM clients.
