Re: Multi_VA trashed my system (Can David H Lipman please look a this) - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Multi_VA trashed my system (Can David H Lipman please look a this)

Leythos wrote:
[snip]
Quoted text here. Click to load it

legally clean? there's an interesting concept - how does the law define
'clean'?

Quoted text here. Click to load it

you don't *know* that you've removed all unknown malware from the
machine... if you left the machine blank instead of rebuilding it then
maybe you might have a certain amount of assurance about that, but if
you rebuild it you risk exposing it to unknown malware in your own tool
set...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Multi_VA trashed my system (Can David H Lipman please look a this)

kurtw@sympatico.ca says...
Quoted text here. Click to load it

How about we settle for this, as you want to keep going around in
circles:

1) I'm going to clean a machine based on the customers expectations

2) If the customer wants me to certify that the machine is clean, and
give them, in writing, a certificate, I will wipe and reinstall from a
MS CD and from Vendors CD's, not from burned copies..

3) If the customer doesn't want a certified state, I will clean the
machine based on how much the customer wants to pay and provide with the
information on what they can expect.

4) If you have a problem with the above, well, too bad, that's just the
way it's going to CONTINUE to work for my business. You are free to do
your work how you want.

--

spam999free@rrohio.com
remove 999 in order to email me

Re: Multi_VA trashed my system (Can David H Lipman please look a this)


Leythos wrote:
Quoted text here. Click to load it

Alright..


So your telling me your going to apply the same "fix" for a problem
that some typical high schooler in a computer class would do?

You've been doing this for 30 years? How much data have you cost people
in this time?

Quoted text here. Click to load it

A certificate? I'd like clarification. Do you have a scan of it I could
view? :)

Quoted text here. Click to load it

Based on how much they want to pay? So, lemme see if I understand this.
You'll let it leave possibly still under the control of software the
user does not want should the user not have enough to pay for a
thorough cleaning? Just exactly what do you mean?

Quoted text here. Click to load it

I have no problem with your methods, it's not my data being hosed. I do
feel sorry for the customers you have who don't know better, however. I
wonder if my viruses or your system restoration methods has destroyed
or caused to lose more data?

--

Regards,
Dustin Cook
http://bughunter.atspace.org


Re: Multi_VA trashed my system (Can David H Lipman please look a this)

bughunter.dustin@gmail.com says...
Quoted text here. Click to load it

This is the last response from me on this, based on how you keep taking
the tract: I've lost very little customer data/documents for cleaned
system in all those years.

--

spam999free@rrohio.com
remove 999 in order to email me

Re: Multi_VA trashed my system (Can David H Lipman please look a this)

Leythos wrote:
[snip]
Quoted text here. Click to load it

i wouldn't call them circles, since i really haven't budged from the
sole point of this at all, but i will agree that there's been no progress...

Quoted text here. Click to load it

aka giving the customer what they want...

which is all well and good except when they want the impossible (which
is generally the case in the malware field) - in that case 'just giving
the customer what they want' is the refrain of the snake-oil salesman...

Quoted text here. Click to load it

since ms has themselves distributed malware (and i'm not just talking
about greyware) that means you may well be handing them back a machine
with malware on it...

tell me, what would that say about your certification if that were to
happen? sure you can't be held responsible for the presence of the
malware, but if you turn around and certify the machine is clean the
certification itself isn't worth the paper it's written on...

Quoted text here. Click to load it

oh, i understand you have a business to run, and that your unwilling to
soften your 'certified clean' to the more intellectually honest 'high
assurance of cleanliness'... after all, it would have a negative impact
on your bottom line...

don't mind me asking the tough questions you should be asking
yourself... it's just my way to question whether myself or others are
really serving the greater good, and having already made the hard choice
of principles over the bottom line i now enjoy a certain ethical luxury
that i suppose makes me privileged... so go ahead and ignore me, i'm
just too out of touch with the common man anyways...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Multi_VA trashed my system (Can David H Lipman please look a this)

kurtw@sympatico.ca says...
Quoted text here. Click to load it

Sorry, but if that's the basis of your argument, then you're all wet.
There is no malware on the Windows XP CD that I've seen directly from
MS, and we're talking about MS Windows XP CD's, not vendors versions or
vendors OEM CD's - just Retail/OEM Full XP CD's.

Please let us know what you claim is malware on the MS CD's?

--

spam999free@rrohio.com
remove 999 in order to email me

Re: Multi_VA trashed my system (Can David H Lipman please look a this)

Leythos wrote:
Quoted text here. Click to load it

tense please... i don't know that there necessarily is malware on those
cd's, only that there has been malware on ms cd's in the past... this is
a well documented fact - microsoft has distributed multiple macro
viruses (http://sun.soci.niu.edu/~crypt/other/onestop.htm ), as well as a
korean version of visual studio with nimda in it
(http://support.microsoft.com/?kbid=323302&sd=msdn)...

ergo, using cd's straight from microsoft is no guarantee of
cleanliness... ergo you can't be certain the machines you hand back to
people after rebuilding with such cd's are clean...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Multi_VA trashed my system (Can David H Lipman please look a this)

kurtw@sympatico.ca says...
Quoted text here. Click to load it

Um, lets see, a NON-OS disk that contained a test, in 1995, oh, and one
of the mentions was from a company that made the software for MS, not MS
itself.

Like it or not, there has never been a documented case of MS providing
OS disks with any malware on them, not any. So, it would stand to
reason, that since none of have been detected to date, none have been
detected by the white-hats, none have been detected by the AV vendorors
or the anti-spyware vendors, that it's a very safe bet that a legit non-
vendor version of a MS Windows XP (Retail/OEM/VL) is going to be clean.

What this means, is that unless someone can point to my/their
installation CD's as containing malware, that they have a 99.9+%
probability of being clean. If that was not the case, it would have been
all over the media by now.

--

spam999free@rrohio.com
remove 999 in order to email me

Re: Multi_VA trashed my system (Can David H Lipman please look a this)

Leythos wrote:
Quoted text here. Click to load it

a) macro viruses were distributed multiple times, not just once in '95
b) there are more incidents in the examples i listed than you are
representing here
c) NON-OS is an interesting distinction to make since i seem to recall
you install more than just the base operating system...

Quoted text here. Click to load it

a) OS disks are not magically different from NON-OS disks... the lack of
a virus on an OS disk is little more than good luck...
b) we aren't talking about safe bets, we're talking about certification...

Quoted text here. Click to load it

before you were talking about 100%, now you're down to 99.9+%... how low
can you go?

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Multi_VA trashed my system (Can David H Lipman please look a this)

kurtw@sympatico.ca says...
Quoted text here. Click to load it

OK, let me make this simple for you:

1) If I wipe a machine, in a secure environment, and reinstall from
scratch the Vendor/OEM/Windows provided OS and apps that were included
with the computer, I have no liability in returning the system.

2) The machine, following 1 above, is considered clean unless a known
malware was identified in the distro installed and made public.

3) The machine above would be considered clean legally

I'm done, that's all I have to do to meet legal compliance and state a
"Clean" machine was returned to the client.


--

spam999free@rrohio.com
remove 999 in order to email me

Re: Multi_VA trashed my system (Can David H Lipman please look a this)


Leythos wrote:

Quoted text here. Click to load it

What if the OS and or apps you've loaded have vulnerabilities? Do you
intend to issue patches before returning to the customer?

Quoted text here. Click to load it

And if the malware isn't known yet?

Quoted text here. Click to load it

Legally clean? I'm really unfamiliar with this terminology. By what
legal definition is a machine deemed clean?

Quoted text here. Click to load it

A freshly loaded machine, sure. I'm not entirely sure about this clean
aspect tho.

--
Regards,
Dustin Cook
http://bughunter.atspace.org


Re: When is a machine really clean?

bughunter.dustin@gmail.com says...
Quoted text here. Click to load it

What does that have to do with it being clean when returned?

Exploits and Vulnerabilities, if they exist, does not make the machine
compromised at the time it's rebuilt - it only means there is a known
path to compromise it in a specific situation that is known.

The machine would still be clean.

Quoted text here. Click to load it

The chances of the real Windows XP / 2003 OS cd containing a malware is
very slim, even more slim than any other OS, and has zillions of people
looking to take them down by finding one so they can hammer MS again.

If anyone installs a OS from a valid media, they are legally not liable
for something that is unknown on something that is expected to be clean
and has been reported as clean.

Quoted text here. Click to load it

Contact an attorney and ask them how you could certify a machine as
being clean of malware and follow their answer. You may have to find one
that has IT training or IT experience in court.

Quoted text here. Click to load it

A fresh load, on a wiped machine, built in a clean environment, is as
clean as it can be, unless you install crap on it. Every Windows XP cd
and 2003 CD (and 2000 Workstations/Server) CD I've seen from Dell, Full
MS OEM, and direct RETAIL, has been clean as far as the world knows,
that's good enough for me and the courts.


--

spam999free@rrohio.com
remove 999 in order to email me

Re: When is a machine really clean?


Leythos wrote:

Quoted text here. Click to load it

The fact that if the machine has known exploits, it's cleanliness will
be undone once it establishes a network connection.

Quoted text here. Click to load it

No, they just make it compromised once you allow it internet/network
access.

Quoted text here. Click to load it

For a few minutes.

Quoted text here. Click to load it

But you install more then just the OS don't you?

Quoted text here. Click to load it

I'm once again, unsure about this legally not responsible you keep
talking about.

Quoted text here. Click to load it

I've asked you this twice now. By what legal definition have YOU been
provided where you can claim a machine is certifiably clean? You made
the initial remark about this legally clean sillyness, I'm asking what
that entails, exactly in your case. If you don't mind.

Quoted text here. Click to load it

which courts? Honestly, what exactly have you been told deems a machine
clean from a legal and certifyable standpoint?

--

Regards,
Dustin Cook
http://bughunter.atspace.org


Re: When is a machine really clean?

bughunter.dustin@gmail.com says...
Quoted text here. Click to load it

That's not true, only suspected. Many machines contain many exploits,
but the exploits are meaningless unless there is a path to exploit them
- just having a network connection does not mean the can be exploited.

Quoted text here. Click to load it

No, they provide an "Opportunity" for it to become compromised if the
user/owner doesn't take any precautions on a open network, on a
protected network the exploits might never be reachable to exploit.

Quoted text here. Click to load it

Which was the point, you agree with me then, the machine "IS" clean when
returned.

Quoted text here. Click to load it

I install the OS and service packs related to security, which have a
history of being clean in the public eye. Not all security updates are
needed for all machines to remain clean, but it's a good idea if you
don't know where the machine will be used.

I install software depending on the software and if I feel comfortable
with it.

Quoted text here. Click to load it

It's a case if industry acceptance, just like malpractice, if the
"industry" accepts that a wiped/installed machine under certain limits,
is considered clean, then it's not a liability.

Quoted text here. Click to load it

explained above.

--

spam999free@rrohio.com
remove 999 in order to email me

Re: Multi_VA trashed my system (Can David H Lipman please look a this)

Leythos wrote:
Quoted text here. Click to load it

in other words it's the smallest amount of work you can do that gets you
your money and covers your arse at the same time...

and instead of being technically clean, it's *legally* clean - which is
a distinction your customers will very likely not understand and
therefore develop false expectations...

i used the term snake oil before as a warning of where it sounded like
this was heading - hoping that at some critical point it would diverge
from the path it was on... it didn't...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Multi_VA trashed my system (Can David H Lipman please look a this)

kurtw@sympatico.ca says...
Quoted text here. Click to load it

If you look at it that way, more power to you.

Quoted text here. Click to load it

And you've not shown where a wipe/reinstall using Windows media (XP +
SP2 as an example) contains any malware. So, that would seem to indicate
that a wiped machine, reinstalled in a clean environment, would actually
be considered clean.

Until you can provide reputable links that prove that the Windows XP
Media I get from MS or a retail box contains malware and what the
malware is, it's a clean install.
 

--

spam999free@rrohio.com
remove 999 in order to email me

Re: Multi_VA trashed my system (Can David H Lipman please look a this)

Leythos wrote:
Quoted text here. Click to load it
[snip]
Quoted text here. Click to load it

nor do i have to, only that it *can* contain malware... your assertion
is that the machines are clean, which means that there isn't malware -
only you can't prove a negative so you can't be certain they're really
clean and therefore cannot certify that they're clean... i only have to
show that it's possible for them to contain malware in order to show
that the certification is suspect...

Quoted text here. Click to load it

and this is classic argumentum ad ignorantiam...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Multi_VA trashed my system (Can David H Lipman please look a this)

kurtw@sympatico.ca says...
Quoted text here. Click to load it

And it's not suspect in a reasonable position, based on years of
industry experience, so it would stand, the machine, wiped and
reinstalled in a clean environment would be considered clean.

--

spam999free@rrohio.com
remove 999 in order to email me

Re: Multi_VA trashed my system (Can David H Lipman please look a this)

Leythos wrote:
Quoted text here. Click to load it

the machine may not be suspect, since the likelihood of it not being
clean is exceptionally low, however the certification is always suspect
because it is predicated on faulty logic...

if the process by which a certification is performed can result in a
situation where the certification is wrong/false then there is something
very wrong with that certification process and each set of results it
produces/has produced are suspect...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Multi_VA trashed my system (Can David H Lipman please look a this)

Quoted text here. Click to load it


I've taken to doing that as well... the trick is to collate a small,
clean and code-free data set in the first place; once you do that
(stomping on MS defaults and kicking useless untrainable apps out the
way) then it's near-trivial to maintain a fifo set of backups on each
PC, and pull the latest of these from read-only shares across the LAN.

Quoted text here. Click to load it


If folks need 1 PC, they get 1 PC - not a mock-workstation and a
mock-server (though to some extent one emulates that via
partitioning).  One tries to put a backup solution in place, and that
can work very well if the apps play well with the scheme.

What's less easy to do, is to preserve the state of the installation
itself;whatever ad-hoc apps, utilities, settings etc. they use.  It's
far harder to scope in everything you want while scoping out things
you don't, such as a dormant malware that's been sitting quietly for a
month before hatching a payload.

Quoted text here. Click to load it


Sure, but I'm not talking about data backups - data isn't enough.  A
clean and fresh duhfault install (or even a decent non-duhfault
install) is far away from the evolved environment they had.

BTW, backing up (or rather, restoring) "email" can be hazardous, given
that most email apps hide incoming attachments and may expose risk
surfaces to them that can facilitate clickless attack.  A nice prompt
return to productivity might mean av sigs that can't detect it yet.

Quoted text here. Click to load it


Quite - but a "clean PC" is meaningless if it doesn't stay clean.  It
may mean you can't be blamed for what happens next, and I appreciate
how important that can be, but it's not enough for the client's needs.

So yes, one *should* discuss what happens after, because it's
extremely relevant, and can be where the "rebuild" aproach fails -
especially if no attempt was made to determine the malware present,
how it got there, and so forth.

Quoted text here. Click to load it

Well, my approach is not to lock ppl out of their PCs, but to try and
facilitate things so they can do as much with thier PCs as they like.

Which is slightly different from MS's approach, which was to
facilitate things so web sites and media pimps could do what they like
:-)

Quoted text here. Click to load it

That smells a bit to me.  It's very easy to create a situation that
looks good on paper, will inevitably fail, but that doesn't matter
because hey it's the user's fault.  You presuppose that a rebuilt PC
will magically not be exploitable in the same way that it was before.

Now I can see how one may believe that, if a "great unwashed" system
comes in, and goes out properly set up and defended.  But what happens
when it's onbe of "your own" properly-setup PCs that comes in with
active malware?  You'll send it out as it came in, and the same
thing's quite likely to happen again.  

You can say it's the user's fault, or (in the case of clickless
attack) the system's fault, but the mileage is the same (it's the same
system,, going back to the same user) unless you can respond to the
specifics of the malware.  You can't do that if you didn't bother to
detect and assess the infection.



Quoted text here. Click to load it
    Trsut me, I won't make a mistake!
Quoted text here. Click to load it

Site Timeline