Wednesday, July 21, 2010

Deep antivirus Guide (3)


Step 4: System Recovery

Collect the required information about the attack and to understand its full nature, you can start from an infected computer to delete malicious software and restore any damaged data.

Important: Even if you have to identify and clean up malicious software from your computer to attack anti-virus software, Microsoft also recommends that in some capacity to determine the date and time of infection and infection occurs. This information will not be difficult to determine which system, the backup media or removable media may be exposed to attack.

How to complete the process will depend largely on the special nature of malicious software attacks. However, you can use the following advanced process to ensure the complete recovery of data and computer systems:
1. To restore lost or corrupted data.
2. Delete or clean the infected file.
3. Confirmed that there is no malicious software computer systems.
4. The computer system to reconnect to the network.

Verify that the system does not exist malicious software is a key step in should not be ignored. Many malicious software threats to the long period of time without being detected. In addition, the backup image or system restore points may contain the infected system files, which will lead to lead to other infections (if infected backup image to restore the source). For these reasons, we must try to identify malicious software attacks, the first instance of the date and time. In the time stamp is set to benchmark, determine the date of the backup image in order to determine whether any of these images contain the same malware damage.

Clean up or rebuild?
Consider how to recover system, can be two options. The first option is to clean up the system, it relies on the known characteristics of the attack in order to withdraw the damage to each system. The second option is usually referred to as reconstruction or rehabilitation of the system. However, the decision to use which option is not a simple choice.

Only if you are very sure that all the elements have carried out attacks on a reliable record, and clean-up process will be successful repair of attacks each element, the only clean-up system should be selected. Anti-virus vendors usually provide the required documentation, the supplier may take several days to fully understand the nature of the attack. Clean-up operation of the system is usually preferred because it can maintain the applications and data to the system without changing back to a clean state. Compared with the reconstruction of the system by this method can often be more quickly resume normal operation. However, if not a detailed analysis of malicious code, then the cleaning system may not completely remove the malicious software.

The main risk is to clean up the system may not detect or record the initial infection or may not record the sub-elements of infection or attack, so that your system is still vulnerable to infection or some kind of mechanism for malicious software attacks. Because of the risk, many organizations have chosen only to rebuild their infected system to make absolutely sure they did not have malicious software.

Typically, whenever the system is installed where the back door or Rootkit attack when, Microsoft recommends that you rebuild the system. These types of attacks more information, see Chapter 2 of this guide, "malicious software threats." These types of attacks is difficult to reliably detect the various components, so try to eliminate them again after the attacks usually occur. These attacks are usually used to open the right has destroyed the system from unauthorized access, enabling them to start other attacks in the system to upgrade them to the privileges or install their own software. For these reasons, the computer system can be absolutely sure that there is no malicious software attacks, the only way is through trusted media to rebuild them, and configure them to fix the weaknesses vulnerable, such as missing security updates or weak user passwords.

The process also requires careful from infected systems to capture and measure all the necessary user data, modify data on any damage, scan it to ensure that the data does not contain any malicious software, data recovery and ultimately to a new reconstruction of a clean system. Reconstruction system also need to reinstall the system, all applications previously available, and then correctly configure each application. Therefore, the reconstruction can best ensure the elimination of infection or attack, but it is usually a much larger task than cleaning up.

Choose which option to use the system's main consideration when you choose depends completely eliminated and the options to resolve infection or attack level of confidence. And to ensure the integrity and stability of the system compared to the shutdown time required for repair are secondary considerations.



Table 3 system clean-up and reconstruction of the strengths and weaknesses

Note: If you choose to clean up infected systems, the organization's management and legal team should perform a risk analysis to determine whether they are willing to lose some of the cleanup process malicious code that committing to the future when a greater risk of attack.

System cleaning
If malicious software attacks and acts of a perfect record, and the cleaning process has been tested and proven, you should also consider the system as a viable option cleared. From Microsoft or anti-virus vendors to obtain a comprehensive record of the steps (Administrators can follow the steps) or for cleaning infected systems automated tools. These two options can be carefully undo the process of implementation of infection for each operation, and allows the system to restore the original state of operation. These processes usually can be used to clean up the major virus or worm, and usually infected with malicious software in the first few days after the effective.

Note: Because many malware attacks bulk release (for example, MyDoom @ A, MyDoom @ B, etc.), it is necessary to use only clean-up process or tool to clean the system-specific versions of malicious software.

If automatic tool can not clean up to deal with malicious software, you can manually clean it from the system when the basic steps include:
1. Termination of malicious software implementation process. To terminate any running process and related malicious software and remove any malicious software associated with entry or scheduled tasks to run automatically.
2. Remove the introduction of malicious software files. This step will need to host the files on your hard drive a detailed analysis to determine which documents the impact of malicious software.
3. Application of the latest security updates or patches can reduce the use of the initial attack vulnerability. The steps may require some re-start the Windows Update Web site and access in order to ensure that all security updates applied.
4. Change may have been damaged in any password (domain password or the local code), or weak and easily guessed passwords.
5. Undo the introduction of malicious software on any system changes. This step may involve the reduction of the local hosts file on the computer and firewall configuration.
6. Restore the malicious software to modify or delete user files.

If you decide to manually perform these steps only should rely on them as infected with remedial measures (if later with the release of the cleaning process of comparison) to ensure that you perform all the necessary steps. Or, if the organization has an anti-virus support group, it will also need to ensure that it is used to identify and mitigate all possible ways to attack the destructive process of inspection and repair to meet the needs. Otherwise, may result in being re-infected very quickly.

Restore or re-install?
If you determine the best method is to rebuild the system, you can use to determine a clean image or system backup to restore the system, or through the first media to reinstall the system.

If you choose to restore the system from the previous image, consider trying to protect the infected system to the latest user data, in order to avoid the time between the backup and the current between the created or updated changes. If the backup from the original media rather than rebuild the system to prevent data loss is the only option is to retain the backup data before the data on the infected system.

From the infected system to restore data
System is usually the most important asset of which the data resides. Therefore, we must carefully consider how to preserve, restore or repair the data, back up the data, then data in the reconstruction of the system to restore the data.

Backup all data to unauthorized users or system can not perform or the safety of media or location to visit. If necessary, use the tools can be used to restore data or other methods, then safely store it until the reconstruction of the data to the system restore it.

Image or restore from backup
Images or recover data from backup, you must destroy the infected system to restore data capture it before use. There are various available data can be dynamically streamline backup data and restore data from the system. These tools not only to maximize the protection system against malicious software infection, also can prevent hardware failures and other potential threats to the system. Configure a complete disaster recovery infrastructure is not within the scope of this guide. However, the following section in this area can be used to address several issues related to the key anti-virus technology.

Windows System Restore
Windows System Restore (WSR) is modified by the file before the surveillance records, and in some cases, back up those files to protect critical system and application files. Must understand your anti-virus application is to support WSR, because WSR can create a restore point, if you use it in the first malicious software at any time after the clean-up system, then the restore point may be infected with malicious software. This case, the malicious software from infected restore points may be re-introduced to the system. Fortunately, you can identify the WSR anti-virus applications will detect malicious software restore process. If the infected file is detected, then the anti-virus solution will attempt to modify, move or delete them. If successful clean up the file, WSR will restore the specific file. However, if the file can not clean up was to delete or quarantine, the restore process will fail, because the isolated file will result in the reduction of inconsistent state. This case, WSR will restore operation to restore the system before the start of a state.

Automatic System Recovery
Through the Automated System Recovery (ASR), can easily backup your computer fast boot volume and system volume, so that infected your system, or the failure to quickly restore the system. However, the same as the other backup media, ASR backup file may be infected with malicious software.

Windows Backup Solution
As part of the Windows family of operating systems to provide solutions for departments or small and medium business environments provides a simple backup solution. However, the same as the WSR and ASR, the backup file itself may contain malicious software infection. Therefore, when using the solution, be sure not to restore the malicious software to the system and restart the malicious software attacks. Restore the system using the backup image before, you should use to detect and remove malicious software has been updated anti-virus applications check and scan all backup files.

Step 5: post-recovery steps

This section provides information about the control of the first malicious software attacks and recover from specific steps to be taken after the terms of the guidelines. The completion of this stage is important because it can enhance the organization of the user, the overall strategy process and technology.

Check the meeting after attack
The meeting should include affected parties, and the need for free exchange of programs to benefit all parties.

Attack update
Inspection and assessment of any proposals put forward by the meeting, then make sure that as soon as possible to implement them in organizations. When the special vulnerability is exposed, often simultaneously use several methods to reduce its risks. Important to note that these changes may affect the organization's users, processes and technology. Check the expected attack caused damage to the organization should emphasize the prevention of organized attacks by the positive recurrence of the perceived benefits of future costs. At this point, if the organization has not implemented method of deep virus protection, please see this guide's "deep virus protection" in order to check which elements of the method most beneficial to the organization.

Summary

This article provides for adoption of prudent and consistent manner from malicious software attack recovery guidelines and recommendations. Must strictly follow the recommended steps, otherwise it will lead to further tissue malicious software attacks, while, organizations also may be difficult or Wufazhendui means to attack the perpetrators Caiqufalv.

If the organization and implementation of the deep anti-virus solution, then use it to reduce the number of attacks may be harmful to a minimum. However, if the prior is not prepared to deal with planning for the worst case, then when an attacker successfully penetrated the anti-virus defense, the organization will face a serious threat.

Security personnel should be common malicious software (such as the chapter describes the technology) training to prepare this in advance. Should also consider creating a tool that contains chapter describes some of the malicious software analysis tool kit, and can be used to quickly capture and record important information about the infected system, any scripts or other utilities. This will help when the system was attacked by malicious software attacks to reduce the impact on business operations.






Recommended links:



convert MPG to mov



iSoft DVD to MP4 Ripper



Youtube to 3GP Software



Infomation Health And Nutrition



Recommend PIMS And CALENDARS



mkv file converter



Catalogs DEBUGGING



Cisco's Chambers stress and strengthen the country



How-to FLV Converter



Youtube FLV to EPOC Deluxe



Matroska video



Youtube To TV Platinum



Explosion WMV to DVD



Convert Mov To Flv



Premier Chat And Instant Messaging



No comments:

Post a Comment