I do have a question, can systematic re-imaging format out a rootkit. I think it will since a root kit is no more than code and if you nuke the drive it should nuke the root kit.

My plan is to image a clean machine and periodically just re-image it. Good plan? I am looking at VMware etc. as a system wide solution turning the old machines into services within a virtual environment.

Disabling ALL sorts of Completely uneeded services etc etc goes a Very long way to securing things, also on XP etc!

Throw in a few very good Security Apps too, properly configured and you’re laughing, well i am anyway lol.

Next we’ll be hearing that IE can’t be made VERY secure, but it can be and IS 4 me and plenty of others.

Maybe some people arn’t aware of the NTFS partion/s on XP etc with all those ADS Streams that nasties Can + Do hide in. Try looking through All those when you have some spare time!

The main vector for intrusions of any kind on ANY system are the user. Clicking on this n that etc and visiting dodgy sites and DL stuff they arn’t certain of or where it Really came from with crap inside etc etc.

If you get your system sorted whatever flavour it might be, then it’s Sorted. bearing in mind the above.

I don’t suffer Any uninvited intrusions, so i’m living proof it can be done.

Spanner

How could you possibly know if am Secure or not? you can’t, nor can any body else! You or they do NOT know the precautions i have taken, and continue to do as and when.

Maybe you arn’t aware that i have communicated with HF on several occasions on different topics. My previous comments were NOT directed at HF, but genearally to people reading who may think that NT/XP etc are safe. They might be safer outa the box in “Some” areas than 98 etc, but we’ve all seen how they still get penetrated Daily, but i Don’t!

I do read his stuff, and others too, and i acknowledge he is gifted and i DO have respect for him. I understand his modus operandi in giving the “Security + Software” people a kick up the ass to tighten things up, and that’s a Good thing. What people do with his RK’s is up to them, not HF.

He has previously said that his main focus and expertise is Rootkits on NT etc systems. I like him only recently discovered the RK for 98 posted on hxdef!

Only i know if i allow anything in to my PC or not from wherever, and i’m Very careful what i do and where i choose to surf. Sometimes i take calculated risks on purpose to see if my defences stand up. So far they have i’m pleased to say.

Others using non NT etc systems might not be so lucky, for the reasons i gave earlier as well.

But it’s very interesting to note that week after week after week, i keep on seeing scores of people in many forums, and that i know, who get infected with all sorts of crap, including RK’s, that are running XP etc PC’s.

As well as tightening things up as i mentioned before, here’s something else you can do that’s Proven to help protect, it’s an Excellent App that works on ALL Win OS’s including 98.

-
BOClean enables you to:

Destroy trojans and remove registry entries
Detects and destroys malicious spyware

Detects and destroys malicious *ROOTKITS*

Disconnect the threat without disconnecting you
Generate optional report and safe copy of evidence
Automatically sweep and detect in the background
Both Updates and Upgrades FREE of charge

http://www.nsclean.com/boclean.html
-

Regards,
Spanner

However, I got seriously owned with a Windows NT 4.0 box running Exchange Server 5.5 in the year 2003. Yes, I had all the patches. It was replaced with a GNU/Linux box running postfix and courier-imap, and it’s proven bulletproof to this point.