As part of an article TechRepublic published on removing
malware
, we asked members what applications should be on a recovery/utility CD-ROM. This
question has become increasingly important as malicious attacks against
networks, e-mail servers, and Web sites have become evermore common. For the network administrator or IT
professional, the applications included on this disk serve as the arsenal they
use to defend against and, when that fails, recover from these attacks.

Once again, the TechRepublic membership came through with a
fantastic set of responses that named hundreds of applications as potential
candidates for a state-of-the-art recovery/utility CD. All of the applications
mentioned met a specific requirement, but for some, the number of times they
were mentioned in the discussion thread did not reach the level of a consensus.
These applications were superseded by others that performed the same or similar
function, but were more popular overall with TechRepublic members. That being
said, no application was without merit, and your personal preference will, and
should, take precedence in some cases.

What members suggested

Two specific themes seemed to resonate with the TechRepublic
membership when discussing their preferred toolset: make sure you have a
utility for every conceivable function you will need to perform in a recovery
situation, and have an alternative boot disk available.

The right tool for the job

The first theme was initially expressed by tshanks:

I carry at least 2
CD’s with AdAware, Spybot
S&D, Spamihilator, AVG AV, Win2K SP4 and SP3
(just in case SP4 bombs), NAVCE 8.0 with latest updates on 4 floppies, and of
course FDisk, Format, etc. I also keep an assortment
of network diags, monitor drivers (yes, I
periodically download them from manufacturer’s sites) NIC drivers, Partition
Magic, and the list goes on. One of the CD’s is a “give away” to my
clients with AVG, AdAware, Spybot
S&D and Spamihilator. The cost is minimal, but
the returns are great! I can’t count the number of small businesses I’ve gotten
contracts with just because I gave them something before we even talked about
service contracts.

While tshanks’ list is
certainly admirable, no one really came close to the thoroughness of black_eyed_pea,
who went out of his way to give members an extensive plan, in the form of
checklists, for both preventing and removing spyware.
The complete checklists from black_eyed_pea can be found in the original discussion
thread.

Boot it

The second theme prevalent in the discussion thread revolved
around bootable CDs. Whether it was Linux, Windows, DOS, FreeBSD, or Bart’s
PE
, members were adamant that any recovery/utility toolset have a portable
bootable version of an operating system. The first member to make this
suggestion was dmurawsky:

I’d put a Linux mini
distribution on it with full file system support. There are several nice
packages that fall around the 200 Meg range (FIRE, Morphix)
which leaves plenty of space for other utilities. I’d also recommend Spybot, fport, vision (same
company as fport), and tools along those lines. A
good command line virus scanner, or links to a Web based one (I use trend micro’s) is a definite plus.

Getting slightly more specific, yanai made this suggestion:

I keep a copy of
KNOPPIX handy. It’s a bootable Linux system with a suite of tools, including Mozilla, which you can use to rule out hardware issues and
download other utilities. It does not install itself on your hard drive;
instead, it decompresses its core into a memory partition it creates on bootup.

When it came to bootable CDs the overwhelming suggestion was
a trip to the Ultimate Boot
CD
Web site, where the steps required to make a bootable disk were laid out
for you. Not only does this site contain information about Linux bootable
disks, but it also includes information on setting up a Windows bootable disk
which relies on Bart’s PE.
Perhaps pc.team
summed it up best:

Been using a rescue
disk on CD based on Barts PE, You can build it to
your needs via plugins and gives you a Windows XP
like system all running from a CD.

A list of pc.team’s plugins for Bart’s PE is available in the original discussion thread.


BartPE

I am not familiar with Bart’s Preinstalled Environment (BartPE), but I am now very curious about it. Those members
posting in the discussion viewed it quite favorably. Are there any caveats to BartPE members would like
to share before I take a crack at it myself?


List of downloads

Below is just one way to interpret member suggestions and
should be a good start toward creating your ultimate recovery/utility CD. Of
course, if you want to have the maximum amount of options, two CDs full of
these applications may be the best route. I’m not sure there is such a thing as
having too many utilities at your disposal. (Note that many of these apps are
free or nearly free.):

No doubt there are other applications that could go on this
list. If you feel passionately about a particular app that does not appear here
or in the previous discussion, post your suggestion in the article discussion
thread.

The bottom line

TechRepublic member Danlanier probably best summed up the feelings of every person who has either been hijacked or
had to fix a hijacked computer:

The worst thing is
that we are talking about making a rescue disk because of the malware and attacks that occur through normal everyday web
browsing.

The spyware/adware industry has evolved to VIRUS status and is
using the same techniques that virus writers do (probably the same
people)…I’ve been using the ad-aware/spybot one-two
punch for over two years (? maybe longer). But I’m tired of this crap, and
since I can’t personally pound the runny nose maggots in the ground, we need to
devise a campus wide solution that does not cost thousands of man hours.

It is a sad commentary on the state of information
technology and the culture that surrounds it that we have to deal with these
dastardly deeds, but malware and its ilk are facts
that cannot be ignored. Having the tools to recovery from an attack, or any
form of system failure, is a necessary evil that has never been more important.