From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-77660-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1JfHfw-0000hR-Nq
	for garchives@archives.gentoo.org; Fri, 28 Mar 2008 16:43:33 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 78464E0690;
	Fri, 28 Mar 2008 16:43:30 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 4BCB2E0690
	for <gentoo-user@lists.gentoo.org>; Fri, 28 Mar 2008 16:43:30 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by smtp.gentoo.org (Postfix) with ESMTP id F04876716E
	for <gentoo-user@lists.gentoo.org>; Fri, 28 Mar 2008 16:43:26 +0000 (UTC)
X-Virus-Scanned: amavisd-new at gentoo.org
X-Spam-Score: -2.258
X-Spam-Level: 
X-Spam-Status: No, score=-2.258 required=5.5 tests=[AWL=0.341,
	BAYES_00=-2.599]
Received: from smtp.gentoo.org ([127.0.0.1])
	by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id yvhSV3F6KIjC for <gentoo-user@lists.gentoo.org>;
	Fri, 28 Mar 2008 16:43:20 +0000 (UTC)
Received: from hs-out-0708.google.com (hs-out-0708.google.com [64.233.178.248])
	by smtp.gentoo.org (Postfix) with ESMTP id CA40E6718A
	for <gentoo-user@gentoo.org>; Fri, 28 Mar 2008 16:43:19 +0000 (UTC)
Received: by hs-out-0708.google.com with SMTP id x43so453479hsb.0
        for <gentoo-user@gentoo.org>; Fri, 28 Mar 2008 09:43:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding;
        bh=KO8Z37kx3rlrERUda5Uhxcjns/GIEbahsYF3qmQL81M=;
        b=qz6QcfutoqOkB33YiKifustF0AavrSAkfki9nzs6SyPHUcp8xn7IBe84XLbIsdYz6N270sTojzt7p2ABzRMlamfO7+RUol8fQOvn6FPw6uJLKfk9mw4LyDe7Qp7gJH4IW11nGorOKQ/5mJzzYq93Tmebpqm0uSiAiWPbHzlMDbU=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding;
        b=ilntHu/CnR8s6glyJfIpVkU73ABIUz+BgJi0meB5IGTlkESk3TjViy7V90nMecXNo1GK1UoeGK3RUdauXLRXZtn6nKA0XWhL9I9QlHFNg6ljSlWpyCL1U9m/rWfHHuNGKr9c54MwTVsUxf7Phe0braLwtKgLAwL2MIOZfU4bh6U=
Received: by 10.100.173.9 with SMTP id v9mr7242406ane.39.1206722598273;
        Fri, 28 Mar 2008 09:43:18 -0700 (PDT)
Received: from ?10.200.1.14? ( [75.127.65.162])
        by mx.google.com with ESMTPS id 20sm2689014agb.37.2008.03.28.09.43.16
        (version=SSLv3 cipher=RC4-MD5);
        Fri, 28 Mar 2008 09:43:17 -0700 (PDT)
Message-ID: <47ED2023.8050201@gmail.com>
Date: Fri, 28 Mar 2008 12:43:15 -0400
From: 7v5w7go9ub0o <7v5w7go9ub0o@gmail.com>
User-Agent: Thunderbird 2.0.0.12 (X11/20080213)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user] Re: Boot Gentoo to clean windows
References: <8978E31831121041B2E97EBC0BF8503306AAD3B5@EXVS01.hostedexchange.com> <7AC66BDE-E12E-4360-84F5-4B5AC0C6089D@stellar.eclipse.co.uk>
In-Reply-To: <7AC66BDE-E12E-4360-84F5-4B5AC0C6089D@stellar.eclipse.co.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 68793c4b-b758-40b0-a390-76bd999e8046
X-Archives-Hash: 116edf5f582edcf2c2725857fa799f8e

Stroller wrote:
<snip important, informative stuff>
> 
> Be aware that sometimes Windows isn't cleanly fixable. Although I try to 
> avoid it until I've exhausted avenues for a clean repair, sometimes the 
> best thing to do is simply to back-up & reinstall.
> 

Think this is a great write up.

The last paragraph seems most important - given today's
professionally-authored compromises, the best thing to do may be presume
that you've been rooted with redundancy, and simply be prepared to 
quickly rebuild the box from scratch.

Especially if you use the computer for business or other sensitive matters.

So arguably, one should use the second OS (Linux or Windows) as a 
diagnostic tool to determine if it's compromised or not, and except for 
something simple (e.g. an infection vector caught before activation by 
an AntiTrojan scanner in a browser cache, mail letter, etc.), one should 
simply rebuild the box.

So to the above, I'd add a "have a rebuild strategy"  i.e. copies of 
data (not executables), addresses, passwords, etc. that can be quickly 
returned to a rebuilt OS. Windows benefits greatly from rebuilding - a 
rebuilt box will seem quicker and faster than ever before, and won't 
have lingering "relics" from earlier maintenance levels.


-- 
gentoo-user@lists.gentoo.org mailing list