Why we re-image after a virus infection alert
April 5th, 2013 by dshettle
The standing practice in ITS is to re-image a computer when it is infected with a virus. This process is a headache, both for the assigned user (in possible loss of stored data, definite loss time and productivity) and ITS (time to re-image, re-install software, etc.). In many cases the individual with the infected computer asks us why we can’t just “clean” the machine instead.
Viruses and malware are extremely complex. Cleaning utilities have tried valiantly to keep pace, but this endeavor is a losing battle: Anti-virus simply can’t keep up. Malware authors are quicker to adapt their products to circumvent cleaning tools and anti-virus. As a result, once a machine has downloaded malware, its integrity can never again be fully trusted. Even methods like Windows “System Restore” are not effective, as malware authors have adapted to that strategy by specifically targeting “System Restore” files.
The type of data an assigned person has access to partially dictates what leeway we give. If he or she has access to data classified as “protected” or “sensitive” by the College’s Data Classification policy, then the threshold is very low: A single detected instance of malware is sufficient to require us to re-image the computer. The College simply cannot risk the confidentiality of “protected” or “sensitive” data. If the person does not have access to such data, then we may wait to see if malware detections persist, in which case we insist on a re-image. Also, certain viruses are excellent at circumventing any attempts at eradicating them. In these cases, we mandate a re-image.
The best way to avoid a virus-related re-image is to never come in contact with a virus in the first place. Please avoid infection by limiting your use of College-owned computers to College-related purposes. For our part, ITS actively tries to address this by keeping computers current with software updates: the best technological tool in our arsenal. We are also continually investing in other high-tech means of making it less likely that you encounter malware.