[Tfug] Customer Service

Harry McGregor micros at osef.org
Wed Jun 16 09:50:09 MST 2004 

On Wed, 2004-06-16 at 08:10, ewf wrote:
> That's not the only thing,
> 
>                I once thought that erasing filesystems gave you the 
> complete solution, but I
> learned recently that, (especially newer computers), have electrically 
> alterable firmware
> chips that can become contamenated and therefore have to be 
> removed/replaced. Another-
> words the BIOS area of a computer is now susceptable to unauthorized 
> intrusion.

This is not exactly true with current systems.

The only electronically alterable parts of the bios beyond the whole
bios is the cmos settings (PC x86 arch).

I have never run into a virus that is smart enough to figure out what
the free space is in the bios chip, and not screw up rebooting of the
system.  It's just not going to happen.

You do need to do more than nuke the file system, a good DD over the
front of the drive is enough though.

dd if=/dev/zero of=/dev/hda bs=65536 count=1000 should fully clear the
boot sector and partition tables to the point that windows will treat it
like a brand new HD.

If you want to be paranoid do this:
dd if=/dev/zero of=/dev/hda bs=65536
dd if=/dev/urandom of=/dev/hda bs=65536
dd if=/dev/zero of=/dev/hda bs=65536

			Harry


>                                                                         
>                                                                       Erich
> 
>                                                                         
>                                      
> 
> Angus Scott-Fleming wrote:
> 
> >On 16 Jun 2004 at 4:03, johngalt  wrote:
> >
> >  
> >
> >>Unless the system is not stable and too much trouble to fix, blowing away the
> >>file system and starting over is a NooB sort of solution. 
> >>    
> >>
> >
> >I think you'll find that many sysadmins consider this to be the ONLY solution 
> >when you have a system which has been rooted.  And since WinBoxen users mostly 
> >run as root, that may be the only way to ensure you don't have some unknown 
> >rootkit running that will re-0wn their system when you put it back online.
> >
> >
> >--
> >Angus Scott-Fleming
> >GeoApps, Tucson, Arizona
> >1-520-290-5038 / fax 1-208-248-3124
> >+-----------------------------------+
> >
> >
> >
> >_______________________________________________
> >tfug mailing list
> >tfug at tfug.org
> >https://www.tfug.org/mailman/listinfo/tfug
> >
> >  
> >
> 
> 
> _______________________________________________
> tfug mailing list
> tfug at tfug.org
> https://www.tfug.org/mailman/listinfo/tfug

More information about the tfug mailing list