I go to absurd lengths to follow SANS' advice

Rob Rosenberger, Vmyths co-founder
Friday, 28 December 2001

SECURITY EXPERTS AT the SANS Institute recommended a precautionary hard disk reformat to fight the Code Red worms. No, really! They absolutely meant it.

If Santa brought you a Windows XP computer, then you need to reformat the hard disk as a precaution. No, really!

As I noted in a previous column, "your computer doesn't need to be compromised by a worm — according to SANS, your computer may be clean, but you should reformat anyway." They still to this day claim "the only real solution is to reformat the system's hard drive and reinstall all the software" even if you have a non-infected PC. Translation: better safe than sorry. When the Goner virus struck, I took heed of SANS' sage advice. No joke: I reformatted the bootable partition in every Windows-based computer working on my current antivirus experiment. I reinstalled the operating system from scratch just like SANS recommended. Then I reinstalled every application from scratch. Then I applied all the security patches. I finished the final rebuild one week ago yesterday. Whew! Then I shut down every PC hooked to the network. Then I shut down all four servers. Then I shut down the T1 line to my office. Then I shut down the T1 line to my upstream provider. Then I shut down all the UPSs, including those in the server room. Then I flipped the #3, #15, and #26 circuit breakers. Yes, folks, I actually performed a physical precautionary disconnect. Then I slowly powered everything back up... "Oh c'mon, Rob. Circuit breakers?" You bet! I go to absurd lengths to follow SANS' advice. Okay, I'll admit I didn't need to flip breaker #26 — I just like to watch the emergency lights come on. But I did do it. Technically speaking, you could say the Goner virus cost me three man-weeks of effort. Anyone who maintains an enterprise network knows what I went through, and I did it all as a precaution. (Memo to Michael Erbschloe: I consult these days at $150/hr, which implies a 24% probability you'll need to recalculate those absurdly precise guesstimates you spout to the media.) And this leads me to the reason for my column. If Santa brought you a Windows XP computer, then it is vulnerable to the terrifying new "UPnP exploit." To paraphrase the SANS Institute: "if a vulnerable system has simply been left unpatched while [the UPnP exploit] has been circulating, the only real solution is to reformat the system's hard drive and reinstall all the software."

Windows XP threatens the USA and all She stands for. Be a model citizen — reformat your hard disk as a precaution.

MOST OF SANTA'S gifts have touched the Internet by now, so they need a precautionary hard disk reformat by default. If you haven't logged onto the Internet with your Christmas PC, then don't log on just to obtain the patch. (Think of the irony!) Beg someone else to download it for you. I think I've got a spare CD-R lying around here if you need it. Of course, I can't exactly explain how you're reading my column to begin with. Let me guess: you accessed Vmyths with your vulnerable Windows XP system, right? Shame on you! Your PC threatens the United States of America and all She stands for. Be a model citizen like me. Reformat your hard disk as a precaution.