55 Some people say that disinfecting is a bad idea. Is that true? (Computer virus)
Description
This article is from the Computer Viruses FAQ, by Nick FitzGerald n.fitzgerald@csc.canterbury.ac.nz with numerous contributions by others.
55 Some people say that disinfecting is a bad idea. Is that true? (Computer virus)
Disinfection is completely "safe" only if the disinfecting process
completely restores the non-infected state of the object. That is, not
only must the virus be removed from the object, but the original length
must be restored exactly, as well as any system attributes (such as time
and date of last modification, fields in the header, etc). Sometimes it
is necessary to be sure that the object is placed on the same sectors of
the disk that it occupied prior to infection (this is particularly
important for some system areas and some files from programs which use
certain kinds of self-checking or copy protection).
None of the currently available disinfecting programs do all this. For
instance, because of the bugs that exist in many viruses and because
some infection processes involve overwriting (part of) the objects of
infection, some of the information about the original object may be
irrevocably destroyed. Sometimes it is not even possible to detect that
this information has been destroyed and to warn the user. Furthermore,
some viruses corrupt information very slightly and in a random way
(Nomenklatura, Ripper), so that it is not even possible to tell which
objects have been corrupted.
Therefore, it is usually better to replace infected objects with clean
backups, provided you are certain that your backups are uninfected (see
Continue to:
My Books
