As part of an article TechRepublic published on removing malware, we asked members what applications should be on a recovery/utility CD-ROM. This question has become increasingly important as malicious attacks against networks, e-mail servers, and Web sites have become evermore common. For the network administrator or IT professional, the applications included on this disk serve as the arsenal they use to defend against and, when that fails, recover from these attacks.
Once again, the TechRepublic membership came through with a fantastic set of responses that named hundreds of applications as potential candidates for a state-of-the-art recovery/utility CD. All of the applications mentioned met a specific requirement, but for some, the number of times they were mentioned in the discussion thread did not reach the level of a consensus. These applications were superseded by others that performed the same or similar function, but were more popular overall with TechRepublic members. That being said, no application was without merit, and your personal preference will, and should, take precedence in some cases.
What members suggested
Two specific themes seemed to resonate with the TechRepublic membership when discussing their preferred toolset: make sure you have a utility for every conceivable function you will need to perform in a recovery situation, and have an alternative boot disk available.
The right tool for the job
The first theme was initially expressed by tshanks:
I carry at least 2 CD's with AdAware, Spybot S&D, Spamihilator, AVG AV, Win2K SP4 and SP3 (just in case SP4 bombs), NAVCE 8.0 with latest updates on 4 floppies, and of course FDisk, Format, etc. I also keep an assortment of network diags, monitor drivers (yes, I periodically download them from manufacturer's sites) NIC drivers, Partition Magic, and the list goes on. One of the CD's is a "give away" to my clients with AVG, AdAware, Spybot S&D and Spamihilator. The cost is minimal, but the returns are great! I can't count the number of small businesses I've gotten contracts with just because I gave them something before we even talked about service contracts.
While tshanks' list is certainly admirable, no one really came close to the thoroughness of black_eyed_pea, who went out of his way to give members an extensive plan, in the form of checklists, for both preventing and removing spyware. The complete checklists from black_eyed_pea can be found in the original discussion thread.
The second theme prevalent in the discussion thread revolved around bootable CDs. Whether it was Linux, Windows, DOS, FreeBSD, or Bart's PE, members were adamant that any recovery/utility toolset have a portable bootable version of an operating system. The first member to make this suggestion was dmurawsky:
I'd put a Linux mini distribution on it with full file system support. There are several nice packages that fall around the 200 Meg range (FIRE, Morphix) which leaves plenty of space for other utilities. I'd also recommend Spybot, fport, vision (same company as fport), and tools along those lines. A good command line virus scanner, or links to a Web based one (I use trend micro's) is a definite plus.
Getting slightly more specific, yanai made this suggestion:
I keep a copy of KNOPPIX handy. It's a bootable Linux system with a suite of tools, including Mozilla, which you can use to rule out hardware issues and download other utilities. It does not install itself on your hard drive; instead, it decompresses its core into a memory partition it creates on bootup.
When it came to bootable CDs the overwhelming suggestion was a trip to the Ultimate Boot CD Web site, where the steps required to make a bootable disk were laid out for you. Not only does this site contain information about Linux bootable disks, but it also includes information on setting up a Windows bootable disk which relies on Bart's PE. Perhaps pc.team summed it up best:
Been using a rescue disk on CD based on Barts PE, You can build it to your needs via plugins and gives you a Windows XP like system all running from a CD.
A list of pc.team's plugins for Bart's PE is available in the original discussion thread.
I am not familiar with Bart's Preinstalled Environment (BartPE), but I am now very curious about it. Those members posting in the discussion viewed it quite favorably. Are there any caveats to BartPE members would like to share before I take a crack at it myself?
List of downloads
Below is just one way to interpret member suggestions and should be a good start toward creating your ultimate recovery/utility CD. Of course, if you want to have the maximum amount of options, two CDs full of these applications may be the best route. I'm not sure there is such a thing as having too many utilities at your disposal. (Note that many of these apps are free or nearly free.):
- Spybot Search & Destroy
- Ad-aware 6.0
- AVG Anti-Virus
- Spinrite 6.0
- Firefox or Opera
- McAfee Stinger
- Norton Ghost
- Norton Partition Magic
- Off by One Browser
- WS_FTP Home
No doubt there are other applications that could go on this list. If you feel passionately about a particular app that does not appear here or in the previous discussion, post your suggestion in the article discussion thread.
The bottom line
TechRepublic member Danlanier probably best summed up the feelings of every person who has either been hijacked or had to fix a hijacked computer:
The worst thing is that we are talking about making a rescue disk because of the malware and attacks that occur through normal everyday web browsing.
The spyware/adware industry has evolved to VIRUS status and is using the same techniques that virus writers do (probably the same people)...I've been using the ad-aware/spybot one-two punch for over two years (? maybe longer). But I'm tired of this crap, and since I can't personally pound the runny nose maggots in the ground, we need to devise a campus wide solution that does not cost thousands of man hours.
It is a sad commentary on the state of information technology and the culture that surrounds it that we have to deal with these dastardly deeds, but malware and its ilk are facts that cannot be ignored. Having the tools to recovery from an attack, or any form of system failure, is a necessary evil that has never been more important.
Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to BreakingModern.com, aNewDomain.net, and TechRepublic.