BERT method

from Wikipedia, the free encyclopedia

The BERT method is a guide to cleaning up a virus-infected computer . The name BERT method already existed at the beginning of the 1990s. After the turn of the millennium, it was largely out of use. However, the individual steps are still relevant today.

meaning

The acronym BERT stands for:

  • B - Booting the system from a virus-free system volume. (English: boot ). Booting from a virus-free system volume prevents the virus from loading itself into memory or being activated in any other way. Contaminated system or application programs are bypassed.
  • E - Remove or clean up the infected components. (English: erase ). The infected files or sectors need to be cleaned. This can mean complete deletion if the virus code cannot be removed individually. If no antivirus program is available, but a virus-free backup is available, deletion is an effective stopgap solution.
  • R - Restoration of possibly deleted components with a virus-free backup . (English: restore ). Deleted files, services or sectors must be restored. A backup copy is usually used for this. The reinstallation of the operating system or applications also falls under this point.
  • T - Testing for system consistency and freedom from viruses. (English: test ). Once the system is repaired, thorough tests must be carried out to ensure that the malware has been thoroughly removed. The file system and the system memory should be observed for unusual changes in the near future.

Weaknesses of the BERT method

The BERT method has weaknesses on its own, it only relates to the reconstruction of the system. It is based on the malware type of the classic computer virus and would not be an adequate means of eliminating a computer worm .

All further consequences of the infection and the necessities resulting from it are not taken into account:

  • Preventing the further spread of the malware is not considered.
  • The risk of re-infection is not given sufficient consideration.
  • In the event of damage, the preservation of evidence is sometimes important: on the one hand because of a possible insured event, on the other hand to initiate any legal action.
  • The infection analysis is not taken into account. The question of how the infection came about reveals security gaps in the system (see exploit ).
  • Are data from third parties affected, such as B. Login - or customer data, public relations is an imperative. The injured party must be informed.
  • Since the turn of the millennium at the latest, it has also been advisable in some cases to change the system passwords in the event of a malware attack .
  • Did the malware make changes to services such as B. Windows task planning or folder sharing, this must be undone.
  • In response to a vulnerability found, it should be removed or closed. ( Hotfix , patch , changing settings, setting up secure passwords or deactivating services that are not required)
  • In general, it is now recommended to boot a live OS with anti-virus software in the event of a virus attack. Before the scan, the virus database should be updated via a network connection.

Individual evidence

  1. a b c Secupedia.info: Description of the BERT method . Retrieved July 27, 2020 .
  2. a b PDF download - computer applications for physicians and biologists with mention of the BERT method. Retrieved July 27, 2020 .
  3. a b PDF download: Use of IT in occupational safety from Kassel University Press . Retrieved July 27, 2020 .
  4. Chip.de: Virus caught, what to do? Retrieved July 27, 2020 .
  5. Frag-Mutti.de: Virus on the computer, what to do? Retrieved July 27, 2020 .
  6. PC-Magazin.de: 5 tips on what to do with viruses on the computer . Retrieved July 27, 2020 .