Microsoft: recovery from Windows malware becoming impossible; better to to wipe and rebuild

“In a rare discussion on the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation. ‘When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit,’ Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here,” Ryan Naraine reports for eWeek.

“He cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. ‘In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,’ Danseglio added,” Naraine reports. “Danseglio, who delivered two separate presentations at the conference—one on threats and countermeasures to defend against malware infestations in Windows, and the other on the frightening world on Windows rootkits—said anti-virus software is getting better at detecting and removing the latest threats, but for some sophisticated forms of malware, he conceded that the cleanup process is ‘just way too hard.’ …In February alone, [Microsoft’s] free Malicious Software Removal Tool detected a social engineering worm called Win32/Alcan on more than 250,000 unique machines.”

Full article here.

MacDailyNews Take: Most of the world picked the wrong platform, that much is obvious.

Advertisements:
Apple’s brand new iPod Hi-Fi speaker system. Home stereo. Reinvented. Available now for $349 with free shipping.
Apple’s new Mac mini. Intel Core, up to 4 times faster. Starting at just $599. Free shipping.
MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
Connect iPod to your television set with the iPod AV Cable. Just $19.

32 Comments

  1. He cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines.

    There goes your tax dollars folks…

  2. Well, while the world fusses over Micro$hite and all their horrendous products, I’ve just been and upgraded my Nokia 6230 firmware and can now Sync with my PowerBook thatnks to OS X 10.4.6.

    Apple Computers. Why Struggle?

  3. OMG. It’s even worse than I thought.

    So now you need to buy software to periodically wipe your hard drive just to keep your Windows machine in a “reduced malware” state (malware-free and Windows being polar opposites).

  4. Just because 90% of the world use Windhoes doesn’t mean it is good.

    This is proof that most people are lemmings and just follow and don’t ‘think different’.

    The enlightened few are persecuted and called cultist but WE know, Oh boy how we know!

    As a side line there are over 6 billion people on this planet and it is 2006 and at least 80% of those souls still believe in sharmans magic, black magic, voodoo, and other supernatural rubbish.

    Think about that folks. Pretty scarry isn’t it?

    A lot of them actually use PC’s as well. Now that is scarry!!!!!!!

    Leo

  5. Ever been to those CNET, ZDNET talkback forums where there is always the obligatory “I’ve never had viruses/malware” Windows user. They always come up with the remark “it’s not that hard, you have to know what you’re doing”. Well, the joke is on them.

    From the article:

    “Offensive rootkits, which are used hide malware programs and maintain an undetectable presence on an infected machine, have become the weapon of choice for virus and spyware writers and, because they often use kernel hooks to avoid detection, Danseglio said IT administrators may never know if all traces of a rootkit have been successfully removed.”

    Also…””We’ve seen the self-healing malware that actually detects that you’re trying to get rid of it. You remove it, and the next time you look in that directory, it’s sitting there. It can simply reinstall itself,” he said.”

    BTW, I’m a Sys Admin in a Windows shop and re-imaging is a typical occurrence. We also use Deep Freeze by Faronics. All this is extra TCO of course. Never had to do so much when I supported Macs in my previous job. So, any Winblows troll that comes here , is full of it. They always were.

  6. “He cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. ‘In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden”

    Ahhh. Now we know the reason for FEMA’s slow response to Katrina.

  7. I am a Windows developer. This is something we all knew for YEARS. It’s about time someone from inside took the risk of standing up and speaking the truth. Windows is a clunker and Vista will be worse.

    What really pisses me off is how Apple is not capitalizing on this. Are they that worried that MS will pull the plug on the MBU that they would rather be silent? Apple passed on a chance to be the leaders years ago. Now they are making great inroads into the consumer market, and they are passing up a chance to expand on that through better marketing. Further, they could take on the business market more now than ever given MS’s security flops. I hope Apple steps up – it’s simply a better operating system. ” width=”19″ height=”19″ alt=”cool grin” style=”border:0;” />

  8. I just “rebuilt” (or reinstalled – pick your poison) my Gateway last night over some crappy malware issues… And then I spent $18 on eBay for Norton Antivirus… I wonder how long before I have to rebuild it again.

    My wife uses it for FrontPage (she says she is comfortable with it, despite the fact that she has a brand new iMac intel core-duo).

  9. M$ Mac Business Unit has the largest group of Apple Developers outside of Apple. If they shut the doors a huge group of them would be available to Apple and others. Many would probably team up for startups.

    Pages & keynote are not perfect, but represent enough of a base to develop a replacement for Office quickly. Open Office could also be used as a base, such as Apple’s use of KDE’s Webkit for the Safari Browser. Also don’t forget that Apple owns FileMaker and they could easily develop tools for a Mac Office suite as well.

    MBU is not serving Apple well. No Outlook, Access, Live Meeting, One Note, Front Page, Publisher, etc. There will be no Mac version of Expression even though it started life as a Mac application. A crippled MSN client, no Windows Media Client, no Internet Explorer. VPC is about to become a non-issue. About the only thing they do is Office and it is a bloated, resource hogging mess.

    Without Office, more Mac users would support companies making great productivity apps like Mellel, Mariner Write & Calc, NoteBook, NoteTaker, etc. With more sales they can further develop their programs.

    SUPPORT ORIGINAL MAC DEVELOPERS.
    The software they make integrates better into the OS, draws more on system features, runs better, etc. Remember, it’s the software- not the hardware.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.