The Worst Case Scenario
An IT insurance policy is going to be just like any other insurance policy out there; it’s designed to be unreadable and setup with so many loopholes that it’s going to leave you with your pants down when you most need it. While I have no direct experience with any of the various IT insurances running around, I was Life and Health Insurance licensed at one time (something I’m still paying penance for). Insurance laws are generally written by the insurance company, for the insurance company. Any laws on the books that appear to protect you, the customer, are only there for appearances sake. Not that I’m cynical or anything.
I have to say that I find it comical that the company had 5 different backups of their data, but only one of them, the printout, was in a non-volitale format. Why didn’t they have a copy on CD or something else that could be read from but not written too? I hope they learned a lesson and that any important information they have is a more securely backed up now.
IT insurance of any type is still too new of a field for anyone to feel comfortable with. The insurance companies don’t have enough of a history on the IT field to create a real actuarial table, but they do have enough information to craft a contract that has exclusions for most real world issues. A contact of mine recently asked me about ‘hacking insurance’ for his company. We talked about it and agreed that unless your part of a company that does the majority of business online, the insurance isn’t going to be a good investment. The list of exclusions and requirements on the policy was long, complex and full of escape clauses for the insurance company. I think that IT insurance is still a field for the hucksters, companies trying to make a name for themselves, and businesses who are willing to (or need to) play the luck of the dice. If you’re a main stream company, you’re probably better off taking the money from your insurance policy and investing it in tighter security at your company. Of course, IT security usually doesn’t look as good to a C-level officer.
I’m in the process of trying to recover a computer for a family member. Another computer savvy member of the family got a cable modem and connected the computer directly to the Internet without any protection (anti-virus, anti-spyware, personal firewall). The system is so infected it won’t boot properly to Windows ME (no jokes please), and in Safe Mode, it can’t read the CD drives. Without the ability to read CD’s, no software installation.
I found the BitDefender LiveCD while looking for a bootable Linux image that included the ability to scan a Windows partition for viruses. While my search was not exhaustive, I didn’t find any other alternatives. If you know of one, please let me know.
I tried booting to this LiveCD on my personal system first. It identified most of the major hardware without any major hiccups and in very little time. The first problem I ran into was reading the system s NTFS partitions. BitDefender does apparently have provisions for reading a NTFS partition, but it requires additional software that did not appear to be on the CD. I have some more research to do on this point.
On the WindowsME system, boot up was much slower and the USB keyboard seemed to give the image a bit of a headache. Once the system was fully up, mounting the hard drives was very simple. Using BitDefender’s Linux virus scan didn’t turn out well though. Two attempts to scan the hard drive ended with the computer hung and in need of a reboot. On a positive note, the kernel recognized both CD drives, allowing the contents of a security CD to be moved to the hard drive of the computer.
Rebooting to WindowsME Safe Mode allowed me to install Spybot S&D and AVG Antivirus, from the folder copied while in Linux. Both programs installed successfully, albiet with slightly outdated databases. Spybot found in the neighborhood of 60 instances of scumware, and AVG found over 20 instances of viruses. Rebooting allowed both programs to finish their cleanup, but the system still isn’t booting properly.
I’m not sure what the next step is, but I think it will involve recovering any valuable files off the computer and re-installing Windows. If the BitDefender LiveCD will allow me to use the CD-RW on the computer great, otherwise I might have to slave the HD in another computer. It would probably be less work to backup everything to a DVD and re-image. And this time I can add all the security software before it ever comes close to the Internet.