Microsoft: recovery from Windows malware becoming impossible; better to to wipe and rebuild

“In a rare discussion on the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation. ‘When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit,’ Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here,” Ryan Naraine reports for eWeek.

“He cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. ‘In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,’ Danseglio added,” Naraine reports. “Danseglio, who delivered two separate presentations at the conference—one on threats and countermeasures to defend against malware infestations in Windows, and the other on the frightening world on Windows rootkits—said anti-virus software is getting better at detecting and removing the latest threats, but for some sophisticated forms of malware, he conceded that the cleanup process is ‘just way too hard.’ …In February alone, [Microsoft’s] free Malicious Software Removal Tool detected a social engineering worm called Win32/Alcan on more than 250,000 unique machines.”

Full article here.

MacDailyNews Take: Most of the world picked the wrong platform, that much is obvious.

Advertisements:
Apple’s brand new iPod Hi-Fi speaker system. Home stereo. Reinvented. Available now for $349 with free shipping.
Apple’s new Mac mini. Intel Core, up to 4 times faster. Starting at just $599. Free shipping.
MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
Connect iPod to your television set with the iPod AV Cable. Just $19.

32 Comments

  1. He cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines.

    There goes your tax dollars folks…

  2. Well, while the world fusses over Micro$hite and all their horrendous products, I’ve just been and upgraded my Nokia 6230 firmware and can now Sync with my PowerBook thatnks to OS X 10.4.6.

    Apple Computers. Why Struggle?

  3. OMG. It’s even worse than I thought.

    So now you need to buy software to periodically wipe your hard drive just to keep your Windows machine in a “reduced malware” state (malware-free and Windows being polar opposites).

  4. Just because 90% of the world use Windhoes doesn’t mean it is good.

    This is proof that most people are lemmings and just follow and don’t ‘think different’.

    The enlightened few are persecuted and called cultist but WE know, Oh boy how we know!

    As a side line there are over 6 billion people on this planet and it is 2006 and at least 80% of those souls still believe in sharmans magic, black magic, voodoo, and other supernatural rubbish.

    Think about that folks. Pretty scarry isn’t it?

    A lot of them actually use PC’s as well. Now that is scarry!!!!!!!

    Leo

  5. Ever been to those CNET, ZDNET talkback forums where there is always the obligatory “I’ve never had viruses/malware” Windows user. They always come up with the remark “it’s not that hard, you have to know what you’re doing”. Well, the joke is on them.

    From the article:

    “Offensive rootkits, which are used hide malware programs and maintain an undetectable presence on an infected machine, have become the weapon of choice for virus and spyware writers and, because they often use kernel hooks to avoid detection, Danseglio said IT administrators may never know if all traces of a rootkit have been successfully removed.”

    Also…””We’ve seen the self-healing malware that actually detects that you’re trying to get rid of it. You remove it, and the next time you look in that directory, it’s sitting there. It can simply reinstall itself,” he said.”

    BTW, I’m a Sys Admin in a Windows shop and re-imaging is a typical occurrence. We also use Deep Freeze by Faronics. All this is extra TCO of course. Never had to do so much when I supported Macs in my previous job. So, any Winblows troll that comes here , is full of it. They always were.

  6. “He cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. ‘In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden”

    Ahhh. Now we know the reason for FEMA’s slow response to Katrina.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.