Originally posted here by bballad
AHH Jaguar the difrence here is that you only have to secure your PC where rrbar has to deal with laptops that travel and that people run from home. when you enter a network enviroment and are incharge of said enviroment you have to asume that the useres (be it 10 or 10,000) know nothing about security and will forget anything you tell them (I had people rutenly turn off their AV program because it wouldn't let them view an email attachment ). In a coperate network you do have to worry about compromised systems because users are dumb.

I am thinking the best sugestion for rrbar is to go through what is running at startup (hopefuly you know what programs should be running), but be warned some keyloggers can load as services so they wont show on that list your best bet may be to run a port scan across all at risk systems to see if any are passing data out when they shouldn't be.
That's why I never plan to work as an administrator... just a simple software engineer.