Over
time some computers tend to slow down compared to how they worked
when they were new; that even can lead to the computer “freezing p”
and become totally unresponsive. There are many potential reasons
for these effects. Here are a few examples:
-
During regular use temporary files do not get deleted when no longer needed.
-
Too many “background” programs accumulate and run unnecessarily.
-
Unscrupulous companies, programs and web sites literally trick the user into installing unnecessary and often outright pernicious programs, so called PuPs.
When
this this gets too bad some people just buy a new computer but in
most cases this is not necessary. Other people ask a computer repair
shop or technician for help. And here is where it gets tricky for the
end user who usually is not a computer geek.
Provided
that the hardware of the computer in question is still working
correctly these “repairs” can be done in two fundamentally
different ways:
-
The computer can be wiped or reset to factory-new state as it was originally delivered.
-
Offending files and programs can be removed and eventual damage repaired.
Among
computer repair technicians the question “repair or wipe” is one
of the most controversially discussed topics of all. More often than
not these discussions in online forums are based mostly on beliefs
and habit than on facts.
My
personal take at this question is this: It very rarely is in my
client's best interest (or mine!) to wipe and reload the operating
system. I know this in stark contrast to what businesses like Best
Buy and others say and do but I write this for my average clients,
home users that want their computer “to just work”.
A
successful repair is, among others, defined by:
-
All viruses, malware, PuPs and so on have been completely removed.
-
The cleanup is actually accomplished in about 2 hours.
-
After the cleanup the computer runs reliably at normal speed.
-
For a reasonable period of time the computer remains free from malicious software - provided the user cooperates and avoids mistakes that are all too common.
Especially
larger support organizations routinely apply the wipe-and-reload
method. They usually claim one or more of the following reasons as
their justification:
-
It’s the only way to be sure all infections are removed.
-
It’s the fastest way to resolve the problem.
-
This process also gets rid of other clutter.
IMHO
much more to the point, this one-size-fits-all approach doesn’t
require much skill, training or experience on part of the technician
who is doing the work; thus the bigger organization saves money on
training and wages for better qualified employees.
Most
certainly the wipe-and-reload solution is not in the customer’s
best interest; here are some of the reasons:
-
The rarely understands that their computer will look and feel very different after a reload.
-
The customer will have to manually reload drivers, reset the fonts he got used to and now “wants”, select colors, margins, standard folders and file associations; he/she may have to install printer(s) and apat other system settings that have been building up over time since the computer was new.
-
Some programs or data files will get destroyed or lost; if they are infrequently used that may show up only weeks or months after the “repair”.
-
The user will be without the computer for as long as the reload takes which could be several days.
-
Very sophisticated viruses may return after a reload unless very specific measures prevent such reinfection, for example after MBR and/or BIOS infection.
Here
are some of the reasons why this approach is not in the
technician's best interest, especially if I am the technician
doing the cleanup:
-
If I “wipe and reload” then the client doesn’t need me, he/she can do it themselves or,
worse yet, use the techie kid next-door to do it for the cost of a pizza. -
Some programs, drivers, settings and user data will get lost.
-
The computer will not “look and feel the same” as it did before the repair.
-
The work involved will require much more time than I can honestly charge.
The
only way to resolve issues caused by viruses or malware is to
find and remove all such nasty programs, their activation methods and
associated files and to repair eventual damage to the operating
system.
A
good cleanup must include improved preventive measures to avoid
future success of another malware attack.
I am
fully aware that this sometimes is next to impossible; modern malware
almost always relies on social
engineering tricks to get on a computer. In the
end it depends on the user to always
follow my Ten
Commandments Of Safe Computing,
now more than ever before.
Again
opposed to common methods I prefer the on-site visit for a clean up
job. Only on-site I can convey to the customer some training, show
him/her the time proven tools and methodology I recommend to follow
and get a feeling for how well they understand my appeals to use
common sense.
There
are situations when wipe-and-reload is appropriate, for example and
IMHO if all these conditions are met:
-
You have a recent full-image backup of that computer.
-
There are only one or two user(s) set up on the infected computer .
-
There is no (or very little) locally-installed software on the infected computer.
These
conditions are hardly ever met in a home environment. Only if these
conditions are met I will consider a reload. In eleven years of
“fixing” home computers I have had to reload the operating system
only on two occasions.
I
see no acceptable alternative to intelligently and
methodically removing all malware infections and repairing any damage
they may have caused.
And I am well aware of the fact that on rare occasions malware may have done so much damage to the operating system that there may be no other way but to wipe and rebuild; but, as I said, luckily these cases are becoming more and more rare.
As usual I welcome suggestions and comments right here in the blog.
Click here for a categorized Table Of Contents.
No comments:
Post a Comment