Computer Virus - Vulnerability and Countermeasures - Recovery Strategies and Methods

Recovery Strategies and Methods

One may also minimize the damage done by viruses by making regular backups of data (and the operating systems) on different media, that are either kept unconnected to the system (most of the time), read-only or not accessible for other reasons, such as using different file systems. This way, if data is lost through a virus, one can start again using the backup (which should preferably be recent).

If a backup session on optical media like CD and DVD is closed, it becomes read-only and can no longer be affected by a virus (so long as a virus or infected file was not copied onto the CD/DVD). Likewise, an operating system on a bootable CD can be used to start the computer if the installed operating systems become unusable. Backups on removable media must be carefully inspected before restoration. The Gammima virus, for example, propagates via removable flash drives.

A number of recovery options exist after a computer has a virus. These actions depend on the virus. Some may be safely removed by functions available in most antivirus software products (see above). Others may require re-installation of damaged programs. It is necessary to know the characteristics of the virus involved to take the correct action, and anti-virus products will identify known viruses precisely before trying to "dis-infect" a computer; otherwise such action could itself cause a lot of damage. New viruses that anti-virus researchers have not yet encountered (zero-day viruses) therefore present an ongoing problem, which requires anti-virus packages to be updated frequently.

... Restoring an earlier "clean" (virus-free) copy of the entire partition from a cloned disk, a disk image, or a backup is one solution—restoring an earlier backup disk image is relatively simple to do, usually removes any malware, and may be faster than disinfecting the computer—or reinstalling and reconfiguring the operating system and programs from scratch, as described below, then restoring user preferences ... Reinstalling the operating system—as described here—is another approach to virus removal, if the above options don't work It may be possible to recover copies of essential user data by booting from a live CD, or connecting the hard drive to another computer and booting from the second computer's operating system, taking great care not to infect that computer by executing any infected programs on the original drive ...
