SANS Knowledge

SANS is one of those Organizations that everybody knows about and totally ignores. While they’re certainly ahead of the FBI and Us-cert when it comes to sharing information, there is still plenty of geek talk to obscure the knowledge.

Much to my surprise, the mini SANS course was in standard form English and full of easy to follow useful advice. I mean, I hardly consider myself a SANS scolar for $100, but I use the manual for every XP computer I own.

I’ll even go so far as to say, when they upgrade everything for Vista, I’ll send them another $100 and take the course again.

A side benifit of the course is I’m now on the SANS spam list. Much of what they write about is for management types so mear mortals can comprehend it.

My favorite accidental tip was a reminder to use “fdisk /mbr” when formatting and reinstalling windows.

HUH!!!

fdisk is one of those clever dos commands that you can use to delete partitions before you use a drive wipe program. This was removed from Windows software after Windows Me. What I forgot is that damned Master Boot Record that most of us mortals know so little about. Now most geeks have heard of virus imbedded in the Primary (FAT or NTFS) Partition and most even recognize that Norton scans the Master Boot Record and gives a report on Viral activity in the area.

What is not so obvious is that all anti-virus programs miss the newest virus and all are likely to miss Military Strength Malware designed to circumvent anti virus programs.

Removing the Master Boot Record and partitions before wiping the drive, formatting it and reinstalling the operating system was what was necessary to get rid of that nasty malware that hit me when I made the mistsake of testing that miserable Tenebril GhostSurf Crap.

The malware made it past a full protected machine and funny thing, all the bot characteriastics indicate it was probably a commericial effort and not Military Strength Malware. So I’m not sure this will work for everythying but it’s worth a try.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: