Microsoft Official: Malware Recovery Not Always Possible

FoxNews.com (Excerpt) ^ | April 4, 2006 | Rayn Naraine

[HAL9000]

Excerpt -

LAKE BUENA VISTA, Fla. — In a rare discussion on the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation.

"When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here.

~ snip ~

[DemosCrash]

Joe Average has a reason to upgrade. They will sell a whole lot of whatever AV tool they offer with Vista, simply because they kept it out of the OS.

You can thank the DOJ for that.

[DemosCrash]

Great news. When did you last have to rebuild UNIX or VMS from scratch?

Do you know what a rootkit is?

[Spiff]

This is not news. Any knowledgeable information security professional knows that the only reliable solution for dealing with intrusions and compromises on a system is to reformat and rebuild from original media. This goes for every flavor of Windows, Mac OSX, Linux, Unix, everything. There is no 100% method for detecting root kits and such.

[Bloody Sam Roberts]

Microcrap has spyware built into this version of Windoze.

I use a small, free utility called XP-AntiSpy on every install of XP that I do. I lets you plug/configure all of those "phone home" holes and let's you neuter all MSN Messenger prosesses as well.

[The_Reader_David]

I'm on a Mac, and my office desktops are both Linux boxes. (Sincker)

I've heard there is this plague Windoze users have to deal with, but I've only seen one case of it--my son's gaming computer came down with it, and had to have the hard-drive wiped. Fortunately the only data lost were old saved games.

Actually it's not just statility issues that keep me off Windoze machines: I've got a 'guild loyalty' to the Free BSD kernel and secondarily to Linux. The Free BSD kernel was written by a mathematician of my own field (category theory) who want over into CS, and Linux was scaffolded on Minux, a reduced version of Unix written as the basis for student exercises by another category theorist who went into CS.

[Spiff]

In other words, there's NO technical reason to not include virus protection, BECAUSE WE MAKE MONEY FROM VIRUSES!

Right. Get your tinfoil helmets on because it is a widespread, grand conspiracy. The fact that Microsoft does not sell antivirus tools should be completely kept out of the equation because it is only a malthusian plot to distract us from Bill Gates' plan to conquer the earth.

[Revolting cat!]

Do you know what a rootkit is? (Your entire post!)

Trolling much?

[Bloody Sam Roberts]

2 words: "Norton Ghost"

I saw the light a few weeks ago and no longer do old style backups (i.e. fulls and incrementals) on external media.

I set up my system to do snaps and clones with Norton Ghost.
With the PC DOS startup disk, I don't need Windows to do anything.
When a HDD craps out, pop in a new one and restore a clone or snapshot image to it. All done, up and running in one hour. Sweet.

[driftdiver]

"Fortunately, if you configure your machine properly"

Thats assuming you arent running pirated software. Which of course nobody ever does.

[Bloody Sam Roberts]

Dang. I hate Tripod.

[VOA]

bump

[hiredhand]

Yeah.. :-) I saw this. Microjunk. :-) I'm finishing up a project at work. It probably cost $25k to package it for my employer and then document and train people. I'm ALMOST done. When I'm done, I'm taking TEN days off and going shooting with my brother!

But anyway...the project is totally supported by Linux (Debian Stable to be specific) on a dual CPU IBM server....the exact specs of which escape me at the moment.

The equivalent Microsoft solution would have cost $60k for software ALONE, and quite possibly wouldn't have run on the (slightly aged) server I used.

I've been doing things like this since 1996 and people keep asking me why I won't use Microsoft. I ask them to give me a reason and so far, nobody comes up with any good reasons...so I continue to be a Linux, SunOS, Solaris, HP-UX (rather not HP-UX though!), FreeBSD, OpenBSD geek. :-)

Hey man...good to hear from you...things slowed down yet? :-)

[HAL9000]

Dang. I hate Tripod.

Game over, man. Game over!

[HAL9000]

Microsoft Windows - The Disposable Operating System for your expendable data.

[psychoknk]

Great news. When did you last have to rebuild UNIX or VMS from scratch?

I've seen some messed up Gentoo configurations. Also, I have seen OSX get put into a state beyond recognition. In both of those cases, however, the problem was of the PEBCAK (Problem Exists Between Chair And Keyboard) variety, rather than a virus or rootkit affecting the computer. However, I run all of my Linux machines completely unprotected, and have not run into a single virus. If my Windows box did not have a firewall and antivirus running, it would most definitely be compromised by now. This I blame solely on Windows's popularity and the homogeneous nature of the way the operating system is deployed on so many systems (i.e. there are a variety of Linux kernels and a variety of programs that people use, so it is hard to make a virus that would target them all, whereas with Windows, pretty much everyone uses IE, Office, Outlook or Outlook Express, etc.).

[bigdcaldavis]

I don't run Windows anymore...ANY form of Windows. If I need to use a Windows-based program on my computers (I use Xandros 3.02 OCE on the laptop [with KDE and Gnome] and Xandros 2.01 OCE on the desktop [with KDE and Gnome]), I install Crossover Office 5.0 Pro and then use Crossover to install my Windows-based programs (such as Adobe Photoshop, IE 6, and iTunes 4.9). If I want to install and/or play a Windows-based game, I install Transgaming Cedega and use that to install and play Windows-based games. Sometimes I begin to think that Microsoft PURPOSELY makes Windows insecure on orders of Big Brother so it will be easy for Big Brother to spy on your computer. I remember there was talk that Ashcroft (while he was Atty. General) wanted to make all computer firewalls illegal as a knee-jerk reaction to 9/11. And have you seen all the Microsuckups (what I call people who suck up to Gates and Microsoft) behave like typical fanboys when they say "LINUX SUCKS! MICROSOFT RULES!"? I suspect some of those "fanboys" are actually Microsoft employees. But like it or not, eventually Big Brother will be able to spy on your computers, and Big Brother will ban all OSes which will be impossible/improbable to be spied upon (such as most Linux distros, and in some cases, Mac OS). In the future, the NWO will make Windows the official and only legal OS, and in tribute to the NWO, Gates will be more than happy to remake Microsoft Windows "Microsoft NWO" (NWO standing for NewWorldOrder's Windows Only"). And since the NWO will ban all copyright/trademark laws, Microsoft's NWO logo will be the nWo logo used in World Championship Wrestling and the WWE.

[al_again]

Give me a friggin break! I'm no fan of MS but how many people are making concerted efforts to attack a unix (less than 100) or VMS (less than 5) vs MS where you have thousands upon thousands (corporations and people). You have a very inaccurate comparison!

[CodeToad]

There would be if Microsoft would first stop allowing IE to download executables without user knowledge and then have the OS prevent such root use.

[bigdcaldavis]

I'm using Linux.

And yeah, what you said...what's malware? :D

[bigdcaldavis]

I wonder if the next edition of the Virginia Terrorism Handbook will have the following :

1. All Linux advocates are terrorists.
2. Anybody who runs or has ever run Linux is a terrorist.
3. Anybody who own a Linux distro CD is a terrorist.
4. Anybody who criticizes Microsoft is a terrorist.
5. Anybody who install Mac OSX_X86 on a Windows-based PC is a terrorist.