How can crucial data be recovered after Windows 2000 workstations are hacked? That's what one reader asked site expert Kevin Beaver. Get Kevin's advice on how to clean your systems, save your data and prevent ongoing intrusions.

To check if your Windows systems are clean, you should first run a vulnerability assessment, such as GFI LANguard Network Security Scanner or QualysGuard Enterprise), or try an antivirus scanner, spyware cleaning utility or rootkit removal tool.

That said, the only definitive way to ensure your operating systems are clean is to wipe and reinstall them. The data is not likely infected; it's integrity and confidentiality may have been compromised, but data files usually don't harbor malware, etc. If your data is located in specific folders (i.e. Documents and Settings or My Documents), you could save that data off the workstation before cleaning the drives and reinstalling. If you choose this route, make sure you have reliable backups. I'd recommend creating an image of the drives using a utility like Acronis True Image in case you need to go back.

To prevent ongoing intrusions, you must not only have a solid firewall, but also use host-based protection. I'm talking about antivirus, antispyware and personal firewall software such as BlackICE. Check out the various system hardening checklists by Roberta Bragg on as well.

Following all of these steps and keeping up with current patches can keep you pretty secure from a technical perspective. You then have to deal with people, policies and procedures -- the more difficult aspect of Windows security, but not impossible. Learn from the intrusion, get upper management support, improve your security policies and procedures, and work on locking things down moving forward.

About the author: Kevin Beaver is founder and principal consultant of Atlanta-based Principle Logic LLC, as well as a resident expert on He specializes in information security assessments and incident response and is the author of the new book "Hacking for dummies" by John Wiley and Sons. Ask Kevin a question about Windows security threats today.

More information from

  • Windows Security Clinic: You've been hacked! Now what?
  • Book Excerpt: Designing security for a backup and recovery strategy
  • Book Excerpt: Designing a strategy for the encryption and decryption of files and folders

  • This was first published in April 2005

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.