Although I was answering your message my comments related much more to the general situation, and as you so clearly expressed in your next message the sad fact that many users are not able to make an informed decision because they don't, through no fault of their own, have the experience or the training in a very specialized area.
If I were to suggest adding anything to your boilerplate it would only only be to back up personal files since it is not always safe to rely on System Restore to mend a broken window ......
I would put that immediately after your initial red warning and include the advice always to make a backup to elsewhere than the main drive inside the computer and to be aware that this is a fallback safeguard since the backup might be infected.
I think the pros and cons of NPE have been well discussed but one point has been missed, users should first try detection and remediation using NBRT (Norton Bootable Recovery Tool). It is safer and better able to handle rootkit detections than NPE.
Very true. I had mentioned in an earlier post to Quads that I infected my test laptop with Mebroot and the NBRT was able to handle it with no problems.
In general terms of course NBRT has a better chance of detection than the normal anti-virus software because NBRT is running offline before the malware has had a chance to run and the fact that you are booting from a non-infected media.
I think it is prudent to recommend that NBRT be downloaded and burned to a CD or flash drive from a non-infected computer if possible.
If another computer is not available then of course we make do with what we have.
Speaking of NBRT, have you messed with the new version which should become the default one by the time that NIS 2011 is released? The new version makes burning to a CD or flash really, really easy. It is all streamlined and handled by the NBRT installer.
I just thought of another question regarding NBRT. With the current released version, it is many times necessary to add a driver to the CD so that the network is available for downloading new definitions. This procedure is pretty cumbersome for the less experienced user.
I will be very happy when the new version gets released!
How often is the NBRT ISO updated in terms of definitions? From my recollection when I downloaded the latest version the other day, the definitions were still from October, 2009.
I just thought of another question regarding NBRT. With the current released version, it is many times necessary to add a driver to the CD so that the network is available for downloading new definitions. This procedure is pretty cumbersome for the less experienced user.
How often is the NBRT ISO updated in terms of definitions? From my recollection when I downloaded the latest version the other day, the definitions were still from October, 2009.
Thanks very much
Allen
I'm sorry, but I don't have the answer to that question -- I primarily focus on network/firewall stuff. As you pointed out, the Beta version makes updating much easier.
The ISO definitions are only updated when the ISO image is released (so the first time it is released). Would be nice if the "wizard" install of the new NBRT would automatically download the latest definitions to include with the burned disk (definitions should be seperate not part of the image).
No disagreement here. I only asked the question because the process of creating a custom CD including the network drivers (if the default does not work on a particular computer) is a bit tedious and not the easiest thing for the average computer user.
Soon this will almost be a moot point since the new version of NBRT now in BETA has made this whole process so much easier.
