Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ghost vs Malware


  • Please log in to reply
7 replies to this topic

#1 NoLuck1000

NoLuck1000

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 02 March 2010 - 02:29 AM

Hello everyone. I have a question that maybe someone can help me out . A friend and i were having a discussion about malware and how to avoid it.

My friend has Norton Ghost on his PC and he said that he doesn't need any of the antivirus/malware installed !. With Ghost, if he got malware on his PC all he need is about 15 minutes to restore the image with no harm done and he doesn't need to find and destroy the malware on his pc, which could take hours or days

For some reason i can't find anything wrong with this . Can someone here explain in details for me if he's right or not ?

Thank You,

BC AdBot (Login to Remove)

 


#2 Platypus

Platypus

  • Moderator
  • 13,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:52 AM

Posted 02 March 2010 - 04:20 AM

There is a huge flaw in his reasoning. If he has no antivirus or antimalware detection installed, how is he going to know if his computer has been compromised and needs to be re-imaged?

In other words, he's forgetting the main reason we want to prevent malware from getting onto a computer in the first place. That is "payload" - the potentially harmful actions malware can carry out before it is detected and either blocked or removed. Having a clean image to restore is great, I have that myself, but without any way to rapidly be alerted to any infection, a system can remain infected by say a rootkit and be doing whatever surreptitious actions for however long it can remain un-noticed.

Top 5 things that never get done:

1.


#3 NoLuck1000

NoLuck1000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 02 March 2010 - 11:35 PM

Thank You for your reply. I am completely agree with your reasoning :flowers:

Let's say that he somehow get a malware on his PC but he discover it right away since the PC is behaving strangely. So what he did is to run the last good image from Norton Ghost, would this image will be free from the malware or if there's some remains ?

Thank You again for your reply, i learned a lot by reading all the posts on this forum :thumbsup:

#4 Platypus

Platypus

  • Moderator
  • 13,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:52 AM

Posted 07 March 2010 - 12:01 AM

If the image is of the entire hard drive, then it should obliterate any malware, in my understanding.

If the image is of the system partition only, infected files on that partition will be replaced, and will be clean provided that the system was genuinely uninfected when the image was created. However infection could still exist in the MBR, executables on another partition, on removable drives, or on data CD/DVD etc media written during the infection.

The latter also applies even if the entire hard drive is re-imaged, infection could have been passed on to media connected to the system during the infection.

Top 5 things that never get done:

1.


#5 NoLuck1000

NoLuck1000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 07 March 2010 - 11:57 PM

Thank You very much for your help :thumbsup:

#6 NoLuck1000

NoLuck1000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 27 April 2010 - 01:51 AM

If the image is of the entire hard drive, then it should obliterate any malware, in my understanding.

If the image is of the system partition only, infected files on that partition will be replaced, and will be clean provided that the system was genuinely uninfected when the image was created. However infection could still exist in the MBR, executables on another partition, on removable drives, or on data CD/DVD etc media written during the infection.

The latter also applies even if the entire hard drive is re-imaged, infection could have been passed on to media connected to the system during the infection.



So if i restore my system with a clean image of the entire hard drive than all the malware should be gone even the ones hiding in the MBR too ??

#7 Platypus

Platypus

  • Moderator
  • 13,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:52 AM

Posted 27 April 2010 - 05:52 AM

That's how it should work.

Think of it this way. Once you have the image of the drive in its existing clean state, if your hard drive actually fails, you can restore the image to a replacement drive and it will appear to be your exact original system installation again. The replacement drive could be brand new and completely empty with no MBR at all, or a second-hand drive with a different MBR and OS to your system. All of the contents of your drive gets loaded back onto the new drive, taking the place of what is already there.

Even though your drive will hopefully not have failed, (just become seriously infected!!), the process of restoring the image will be the same and the clean image should go over the top of the existing drive contents in the same way. Fortunately I've not had to use this process to overcome infection on any system of my own, but that's how others who have used the procedure state it works for them.

Top 5 things that never get done:

1.


#8 NoLuck1000

NoLuck1000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 27 April 2010 - 10:48 PM

Thank You for answered all my questions . Next time if there are any malware that manage to slip by my antivirus/antispyware i can restore my system using a clean image without worrying about any leftover malware :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users