On 10 March 2010 09:03, oiaohm <wineforum-user@xxxxxxxxxx> wrote: > All altered files from the infected system can be archived. Ie the reduces the size of the data to backup from an infected system to prevent the infection causing data loss. > Basically it possible to reset a Linux system to as if clean installed and in the process recover all the altered files and setting from the system. > Lot of poorly trained people will just blow a Linux system away like they did with windows. Why is doing the windows way bad. No good records and if something was installed by package and something is altered that should not have been hello we now have something to send to virus labs to develop a signature to locate viruses. > Package compare is a great way of reducing the size of system backups as well by the way. Mmmmmm ... speaking as a Unix sysadmin: if a work Unix box got rootkitted, I would in fact just blow it away and carefully restore data from backups. It's not like reinstallation is that hard or takes that long, and I'd feel much more reassured of my system's clean state than I would trying to clean a known dirty one. Your mileage may vary. This is getting off-topic :-) - d.