Much noise has been made over a recent eWeek story in which a Microsoft representative stated that businesses were going to have to come up with ways to rebuild machines easier and faster in response to the escalating sophistication of malware authors.
Naturally the /. crowd creamed themselves in the point-and-laugh orgy that ensued. The resulting consensus, predictably, was “Switch to OS X!“
Thing is, this “rebuild is better than repair“ approach has been common guidance from the security community for years, regardless which operating system you run. Once your machine is hacked, you can't trust that any amount of forensics or other investigative techniques will identify 100% of the infection. Once the system is rooted, you can't trust the logs on it, the binaries on it, or even trust it to show you all the files on the system.
That is a reality that doesn't change based upon which operating system you're running.
In a recent NIST publication addressing incident response to malware, they made the following recommendation:
Typically, organizations should rebuild any system that has a rootkit or is strongly suspected of having a rootkit.
Notice, they didn't say “... unless you're running Linux, or OSX, in which case you can just kick back and crack open a beer.”