clean up after a mess

Discussion in 'other security issues & news' started by cccm, Dec 15, 2007.

Thread Status:
Not open for further replies.
  1. cccm

    cccm Registered Member

    Joined:
    Dec 15, 2007
    Posts:
    3
    hi
    i would like to have your opinion on the following issue.

    I have had experieneced a lot of malware attacks and i strongly suspect that my pc has been ROOTKIT attacked, as i used the pc for non critical purposes and with very minimal protection. However, i decided to get a new hard drive to replace the one with all the malware, because i would like to use the computer for some very sensitive data handling.

    1) my first question is, will i be safe using a new hard drive form all kinds of malware including the most dangerous rootkits. i mean can the motherboard be infected.. if so how to see if it has been infected.
    ------------------------------------------------------------------------------------------------------------

    My second question is; when i use the new hard drive and install the OS (win xp with sp2) what to do next...ie. do i update windows first or download my anitvirus prog first..

    i am asking because, i have no hardware firewall (router) and my internet connection is VERY VERY slow so it would take me over an hour to update windows.

    2) Am i safe trying to update windows with no hardware firewall, no antivirus prog running for over an hour?
    put in mind the previous history of attacks and the fact that i will be handling quite sensitive data and need to be supersafe.

    the antivirus prog that i will use, i will download from the internet (since my current drive is a malware junkie, i wont use it to download and burn)..

    thanks
    cccm
     
  2. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    The safety of a new drive will depend on how you are going to protect it from malware. As far as I know I've never heard of malware attacking the motherboard.
    ------------------------------------------------------------------------------------------------------------

    With the old drive even if it is infected you can download a free software firewall, don't install it, copy it to a CD so you can transfer it to your new drive without connecting to the internet. Alternatively you can use the XP firewall, it will stealth your presence on the internet, and allow you to download the XP updates.

    If your connection is very slow, it could take a lot longer than an hour to download everything. I still think the latest updates of XP will make your system quite secure.

    I think a hardware firewall is useful in the long run, to install and update Windows as I mentioned XP's firewall or another software firewall will do as long as they stealth you on the internet. As soon as Windows is installed and updated with a firewall, I would install an antivirus. Two names that come to my mind as free and reliable: Avira and Avast.(there are other possibilities)

    I also suggest you start reading about computer security.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    1) my first question is, will i be safe using a new hard drive form all kinds of malware including the most dangerous rootkits. i mean can the motherboard be infected.. if so how to see if it has been infected.

    ----
    You'll be fine, you mobo will not be infected - of course some people will present you with matrix style scenarios that will make you wanna bury the pc underground - keep cool and stay close to reality.

    My second question is; when i use the new hard drive and install the OS (win xp with sp2) what to do next...ie. do i update windows first or download my anitvirus prog first..

    ----
    Whatever you want, SP2 comes with firewall, so you'll be ok, you can update Windows first and then install anti-virus - maybe even better in case your AV conflicts with some of the updates.

    I would suggest you do the following:

    - Install Windows + activate
    - Image, so you don't have to do this all over again (buy an imaging program)
    - Install Windows updates, image again
    - Install your software, image again
    - Don't forget a non-MS browser like Firefox or Opera


    i am asking because, i have no hardware firewall (router) and my internet connection is VERY VERY slow so it would take me over an hour to update windows.

    ----
    An hour's not that much - an hour for over 100 updates since SP2 came out.

    2) Am i safe trying to update windows with no hardware firewall, no antivirus prog running for over an hour?

    put in mind the previous history of attacks and the fact that i will be handling quite sensitive data and need to be supersafe.

    the antivirus prog that i will use, i will download from the internet (since my current drive is a malware junkie, i wont use it to download and burn).

    -----
    Yes, you'll be safe. Your firewall will protect you from any network attacks, but nothing can save you from yourself - if you decide to infect yourself, nothing will work. The history of the attacks you mention was probably something you caused yourself, either by downloading and running something bad or using an inferior browser like IE to enjoy the internet.

    Cheers,
    Mrk
     
  4. cccm

    cccm Registered Member

    Joined:
    Dec 15, 2007
    Posts:
    3
    so if i use ONLY windows SP2 firewall (no hardware firewall, ie NAT or anything) and go to windows update site and get the updates (an hour + )
    there will be NO risk at all of getting an infection of ANY TYPE of malware 0 %
    -------------------------------------------------------------------

    i wanted to stress this point as i am worried about the safey of my sensitive data that i plan to use on this setup, especially that i read somewhere on the internet that there are types of malware that auto spread themselves on the net with no browsing or downloading involved.
    ------------------------------------------------------------------------
    also i read in an article in a pc site that there is a statistics or an experiment that concluded that unpatched windows cant survive on the net more than 30 minutes..
    ---------------------------------------------------------------------------
    also that windows firewall is weak and can easily by bypassed by malware
    --------------------------------------------------------------------------
    i think i have a cd that contained Norton internet security 2007 (from the manufacturer) but its lost and i will try to search for it...

    But i have used this cd a lot on infected computers to install it on.. my question is if i use this cd to set NIS on the new computer.. is there any risk of infection as the cd was used to install NIS on a severly compromised pc (including rootkit)
    ------------------------------------------------------------------------

    i would like also to take your opinion on Norton internet security 2007.

    if i manage to get it on a clean cd, should i install it before i update windows..

    which to update first windows or norton internet security 2007
    -----------------------------------------------------------------
    thanks
    cccm
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    If you fear for your data, don't place it on the machine until after you update Windows.

    Windows firewall is fine, more than fine in fact. You don't need to waste your money.

    Even if stayed online for 240 days, without actually doing anything, just being connected, nothing will happen, the firewall will protect you.

    That 30 min thingie refers to old versions of Windows without firewall. Nothing to worry about.

    Malware that auto-spreads needs to infect the machine first, nothing to worry if you are just going to update Windows.

    Regarding your internet habits, you can infect yourself easily - more easily than someone hacking through your firewall. For example, if you download some email attachment called pics.exe and run it. Or if you try to use a crack to overcome a serial problem in a program. Or if you download codecs to see movies in certain websites, when you do not check the source of those codecs.

    A few simple self-harm examples.

    Use firewall, use non-MS browser like Firefox or Opera, do not download stuff you are not sure about - ask here, and you'll be fine.

    I'm not a fan of big companies and their product - usually they are expensive, bloated, slow down the machine and actually are inferior to many other smaller products.

    If you want good, light firewalls, try either free AVG, Antivir or avast! or if you want payware, I'd suggest NOD32.

    Don't be afraid of ghosts. Things are very simple. Relax. You should try to read a bit about how things works, how Internet functions, network protocols, Windows insides, etc, and you will see that things are not complicated and that you can stay safe and enjoy the web without too much fuss.

    Basic rules:

    1. If you're not sure, ask - Wilders is a great place. Don't click and then regret. Check first.
    2. Download programs from their official sites - again, ask if you need.
    3. Do not be tempted to download codecs and such from sites showing you movies; they are usually fake. There are good, clean sites to get all the necessary tools for anything.
    4. Be careful about email attachments and links in IM programs, sites, emails.
    5. If you use non-MS programs as alternatives to Windows defaults, you'll increase your security and usability.

    Mrk
     
  6. cccm

    cccm Registered Member

    Joined:
    Dec 15, 2007
    Posts:
    3
    thanks for your clarification

    i found the NIS 2007 CD.
    However, I have used this cd a lot on infected computers to install NIS on them..

    my question is if i use this cd to set NIS on the new computer..
    is there any risk of infection as the cd was used to install NIS on a severly compromised pc (including rootkit) "

    -------------------------------------------------
    when i install the NIS after OS installation,
    do i update NIS then update windows or vice versa.. WHICH IS MORE SECURE-even if just a little bit more secure as one can never be too careful when it comes to security online?


    thanks
    cccm
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    CD-ROM
    Nothing can write to a CD-ROM or a CD-R without multisession :)
     
  8. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    Reading again your first post I have the feeling that you are getting a new drive because your old one is infected. To get an extra drive is always helpful in terms of extra space, backups etc... But you don't have to change an infected drive unless the drive is malfunctionning. All you have to do is erase (format) your old drive (all the malware, including rootkits, will be erased) and you can reinstall Windows as if it were a new drive.

    NIS 2007 is fine as a suite (install it after Windows updates). You should check if it's working properly with your system. If you activate NIS 2007 you should turn off Windows XP own firewall to avoid conflicts.
     
Loading...
Thread Status:
Not open for further replies.