Malware including computer viruses and trojan horses is proving increasingly difficult to completely remove using the software tools available. It is also proving to be increasingly time consuming to deal with infections and hence the risk of infection and reinfection of other machines on the Department's network is growing.
For all desktop equipment that is managed by the Computer Officers, regardless of the Operating system installed the following actions will be taken upon the detection of malware:
- The local disks will be reformatted, the partition table replaced and boot sector wiped.
- The operating system will be reinstalled.
- It may be necessary to delete roaming profiles and/or other user data.
If the Computer Officers become aware of any infected equipment that is not managed centrally then it will be disconnected from the Network and not permitted to use Network resources until the owner has proved that they have completely wiped and reinstalled the system.
Things to think about
- Users will need to prove that they have licenses for any applications to be reinstalled. Therefore it is recommended that users look after the licences for any software purchased.
- If software is installed from media then users are advised to keep a copy of the media.
- The Computer Officers maintain automatic installation kits for many pieces of software. If users would like software to be installed automatically and a kit does not already exist they are welcome to raise this with the Computer Officers with a view to a kit being created.
- All data stored locally will be lost when a machine is wiped (including email, documents, and programs). Therefore it is recommended that users implement a mechanism to ensure that all important data is stored on a server.