But I have one for you: ALC, the Acceptable Level of Compromise. This is the level of system compromise people and enterprises are willing to live with. If you think the universal value of ALC is "none", you are badly mistaken. (Note- "is", not "should be"). I believe there are two primary reasons for this:
First possibility (the "good" one), If the pain and expense of resolution equals or exceeds the pain and expense of the compromise, logic dictates (or can be easily convoluted to dictate) that repair is the wrong answer. You can sprinkle words like potential and perceived in there if it makes you feel better (perceived expense, potential pain, etc.). Think about that before responding. As bad as living with compromise is, this at least means some thought (flawed or otherwise) goes into the decision and maybe we stand a chance of educating people in this category.
Second possibility (the bad one), the level of compromise is acceptable if you don't know you have been compromised. If they feel no pain, they are oblivious. Maybe they trust their anti-virus to protect them from everything, maybe they have unpatched systems, who knows- they certainly don't. Not much I can add, and this one is very common.
I bring this up because I have just run into another enterprise where they refused to re-image compromised systems and claimed that they never did. I have seen many who only check their systems when they have performance issues, and then don't care if they don't get all of the malware removed as long as system performance recovers to an acceptable level. The time and effort it takes to possibly clean (you never know what's left) a system is rarely worth the effort, I learned that years ago and now I just sing the song when I need to. What song is that? C'mon, you know it, sing with me:
F-Disk, Format, Re-In-Stall, Do-Dah, Do-Dah...
So, yes, there is an ALC, Acceptable Level of Compromise for many people. I don't like it, and neither should you, but we need to admit it.
Jack
