Slashdot Mirror
Microsoft Says Recovery From Malware Becoming Impossible
An anonymous reader wrote to mention an eWeek Story about Microsoft's assertion that PCs may no longer be able to recover from the most aggressive Malware. From the article: "[Danseglio] cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. 'In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,'."
'In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,'."
:-)
Ummmmm, how about switching?
Seriously though, NeXTstep certainly has a long history in certain TLA government agencies and OS X is beginning to make significant inroads there as well. In addition the timing is right for many businesses as the infrastructure costs to maintaining Windows are simply becoming too high.
And calling these recent instances is a joke. I was having to perform complete system wipes and reconstructions due to malware years ago which is why we have essentially completed a migration to OS X. We do have some windows systems still around, but they are hidden behind OS X machines and are run headless and without connection to the Internet. In fact, it's been interesting that those companies that deliver microscopes (electron, confocal and light) and such that are currently driven by Windows are asking their customers to simply not plug them into networks or the Internet, severely limiting their use. They of course have been suggesting sneakernet to move files and data around, but my solution is to network them all with a dedicated backbone behind a Mac mini that is now shipping with Gigabit Ethernet on board.
Visit Jonesblog and say hello.
Unrecoverable? What's wrong with FDISK?
J'aime mieux les méchants que les imbéciles, parce qu'ils se reposent. -- Alexandre Dumas
1) Insert CD ... Linux"
2) "Welcome to
3) ???
4) Solved!
To switch to Linux. Since I said bye bye to Windows on my desktop the one thing I dont miss is spyware.
I trust Microsoft as far as I could comfortably spit a dead rat
Companies like Sony pushing rootkits onto unsuspecting customers is part of the trend toward stealth and aggressive rooting of machines. Once a serious worm that can spread quickly and hide deeply gets around, people will realize how serious an issue rootkits are.
Oh You POS
"...Microsoft's assertion that PCs may no longer be able to recover from the most aggressive Malware..."
You didn't expect them to say that PCs *are* recoverable if you use an alternative operating system that is not as susceptible to malware, did you?
Ok, so why was there no diasaster recovery plan in the first place? Surely the thought of an uber virus wrecking Windows had to have been brought up at some kind of meeting? Those who fail to plan plan to fail. Plain & Simple
--Taladon
Like Sweepstakes? Try out my service @ http://www.yourpowersweeps.com -- Free 21 day trial, no cc needed.
Bet those were Windows machines that couldn't recover from the malware. Good thing thing MS spotted that problem. Now if only someone could fix it....
Format C: seems to get rid of all 'Microsoft' malware.
Oh wait...
'Loose' is when your pants are three sizes too big. 'Lose' is when you misuse 'loose'.
Remove Windows. Install other operating system. Done.
Anyone remember that scene from the first South Park movie?
The govt's "war" on "cyperspace" is sure going well!
How did they get infected in the first place and how come the machines kept infecting themselves?
Of course you can't cleanse a dirty system from within if the exploit is remote, the only way I know to even come close is to remove from the net and cleanse, Rinse, repeat for each machine.
Sounds like a job for the PFY.
liqbase
I think any of us that work on computer systems long ago figured out that the rebuilding of a system is far easier than trying to remove each piece of malware. Now, in cases where there is critical data on the machine then it would be worth it to try. The fact is, but the time we hear about the issue, it isn't a matter of removing one or two pieces, it is usually closer to 20 or 30.
Is this implying that there are people who don't do a complete rebuild after a system is compromised?
Finally! A real reason to upgrade to Vista.
"Everyone needs to buy a copy of Windows Vista, which will solve the malware problem."
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
because they often use kernel hooks to avoid detection
Um, how about making it possible to DISABLE ADDING KERNEL HOOKS? There should at least be a reliable way to get a list of all currently-running kernel hooks, if there's not already.
You could never recover a compromised system reliably anyway. Once someone's got through your security to a certain level, you can't trust anything - including security tools and diagnostic information - that runs at that level or above. For a typical desktop PC or office server, that basically means you can't trust anything left on the system.
Any sort of virus removal or system clean-up after being cracked is just a calculated risk that the attack will have been completely removed, based on the fact that doing a complete rebuild of a system and restoring all the backed up data is expensive, and while not cleaning up 100% after an attack is potentially more expensive, the probability of this is low.
And no, running Linux or MacOS X instead of Windows doesn't change this, despite the number of people flippantly suggesting these alternatives. I'd have told you this earlier and saved a dozen posts, but apparently it's been 4 minutes since I last successfully posted a comment, so I can't post another one yet... ;-)
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
the U.S. government struggled with malware infestations on more than 2,000 client machines. 'In that case, it was so severe that trying to recover was meaningless.
Whereas, if they had been using thin clients with no local storage, the only recovery action would have been on the server. And if they had been running non-Windows on the server, they wouldn't have had these infestations in the first place. A full-blown Windows PC on every desktop in an enterprise is just an expensive welfare program for MCSE types.
I see the first few comments suggesting a switch to Linux or Macintosh. At least where I work, in the educational sector, that's impossible. The time spent retraining faculty and staff alone would outweigh the security benefits, especially when you consider all the specialized software floating around that hasn't been ported (curse you, Department of Education).
That being said, we haven't had much trouble with malware, and we're mainly an XP Pro/2K shop. We don't allow our users to run as administrators--period. That includes techs. Those who need the ability to install stuff have a local account which is prohibited from actually logging into the computer and has no rights to the domain. Ever since we implemented that things have been pretty quiet. In the rare case when somebody's machine does go down we can take a ghost image for backup purposes (if they aren't storing stuff on the network), and then re-ghost with a clean image. Average turnaround time: two hours.
No statement is true, not even this one.
Thats just annoying, the ad code is firing itself into a windo on its own.
Is it trying to exploit something and this is how firefox handles it, or are pointroll just shit?
liqbase
Microsoft is not admitting anything. They are just building this bleak picture of how malware is impossible to deal with, impossible without TCP (aka Palladium that is). It's just preparing the public for total control and domination that is coming. The world is Microsoft's oyster and everyone is a slave.
Why is there never any retaliation against the companies that produce this software? If someone overseas comes up with a way to play a DVD on his own computer then he's pursued endlessly. If someone puts out a warning about how Adobe's encryption is not so secure then they're drug over to the US for trial. But if someone writes malware that destroys thousands of computers, including government property, then absolutely nothing is done. It just seems a little odd to me.
They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,
"Quick, bob, run to the store and get Ghost..."
RelevantElephants: A Somatic WebComic...
And this process was named... "LINUX" !
... they're correct. Any malicious software that gains root or administrator-level privileges can completely hose a system, regardless of operating system.
I don't know what is scarier/more sad though, the fact that some people know their systems are infected will install 101 different programs to control it, or the fact that some people who have been infected will never know what their machines are being used for (DDoS, phishing sites, etc.).
Registered Linux user #421033
The EDS solution (while EDS isn't the best organization, this solution is highly effective in malware prone environments); GigE to the console, unified desktop system. You have three or four builds of different machines (Laptop, High-performance desktop, 'Information worker' desktop, kiosk) with an imaged pushed every night. Users data is stored nonlocally, in mapped network drives. Expensive to implement? Sure. Cost savings in the long run? You betcha! Plus, the helpdesk ends up with LEGITIMATE user issues, not 'Wah, I don't want to read the onscreen directions, you do it!'.
Informatus Technologicus
In an effort to eliminate fraud, waste and abuse, the government has suffered from a wasteful lack of process that has abused the taxpayers. These dangers with malware exist precisely because most of the time the people making the decisions are not those at a low enough level to actually see and understand it. This is a very good example of how management assumed so much power over the practical implementation of policy that those who were trying to actually do the grunt work couldn't do anything, and were totally hamstrung by incompetent, lazy and (IMO) treasonous management. The spyware problem here exists precisely because not enough money is spent the first time to get a good setup in place, and then management compounds the problem by not trusting those who actually do the day-to-day field work to do their jobs competently. Ironically, as the FBI shows, the field agents are significantly more qualified for being trusted to do their jobs than the bureaucrats that manage them. This applies to pretty much all other areas as well.
This is just one more attempt to soften up the consumer marketplace, tenderize it like a NY strip steak, so that joe average will be ready to buy a new PC, capable of running Vista so they don't have to worry about malware anymore, thanks to those really nice folks at Microsoft. The longer that MS has to soften the marketplace with FUD and 'smoke and mirrors' about how they are going to eliminate malware etc. with Vista, the more likely that people will 'wait for' Vista to ship rather than switch to before 2010, when Vista actually does ship SP2 so that it works. MS always makes more money by selling an OS license with new hardware then they ever did selling just the OS. We all know how that works.. so look forward to more of this MMSF in the coming months from the superheros in Redmond....
Support NYCountryLawyer RIAA vs People
Your point about the "costs" of maintaining a Windows-based network are well-taken, but with respect to malware, it's been a long-standing rule that the ONLY way to be sure it is gone from the system is to re-install the operating system. That applies to _any_ operating system. Where the *nix OSs shine is in the options you have for monitoring and learning from any malware that do enter your systems.
All the anti-unix/linux guys were saying that all the important stuff is in their home folder anyway, so it didn't matter if malware/viruses could only attack the home folder, because that's all that matters. Now we know why, It's nice to not have to worry about reinstalling the operating system because of malware, or formatting the entire hard drive. At the very worst, we'd have to back up important stuff, wipe out the home dir, and put the documents back in.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
In some cases, there really is no way to recover without nuking the systems from orbit
..a system has its own gravitational pull.
I wish that the industry would say this proper. A PC is a personal computer. That includes apple and most linux boxes. OTH, the PCs that are having problems are Windows based PCs. Basically, the press should be saying that it impossible to remove malware from windows.
I prefer the "u" in honour as it seems to be missing these days.
The restrictions necessary to prevent installation/execution of spyware are available in both Windows and Linux, but apparently neither are used (or will be) due to whining users.
I invite you to solve the "Ignorant User" problem: the user does not know what is going on, doesn't care, and will complain if you attempt to prevent it and will complain until you fix the resultant problems you were unable to prevent.
Effects can be isolated from the system with the proper settings, but we still have infested user profiles. And given local profile access, it's only one step from profile infecting to rootkit-enabled spyware that uses local exploits to jump up to system infecting.
let's all simultaneously cheer:
"Microsoft"!!!
Seriously now, the situation gets worse by the minute. Yesterday I run lavasoft's adware, spybot search & destroy, symantec antivirus and sysinternals rootkit detector. I found several problems, and I run behind a firewall. The rootkit detector found many hidden APIs.
For how long, Microsoft?
Is this really news? seems to me it is a lot like saying, MS says the sky is blue.
There is so much malware out there that bypasses antivirus and spyware checkers, case in point when I used to use windows (I moved to Gentoo/Solaris 10 about 3 months ago) I was running ClamAV, and Norton AV, additionally I had 2 spyware checkers, all these products updated every night.
One morning I executed a crack program (I know but I was half asleep, oh and before people start complaining that I shouldn't use the crack, I purchased the software but it requires activation everytime you reinstall your machine and they won't supply a key after 10 reinstalls) my machine was infected right away with spyware and adware all through the system, my virus checkers didn't catch it, my spyware checkers didn't catch it, I was running all the anti-malware applications I could trying to clean the system nothing was working I was manually cleaning the registry. In the end I had to reinstall the system. I have a pretty secure network my PC had all the protection I could reasonably use but still I was heavily infected the only cure a complete reinstall.
GeekServ Unix Consulting Services (http://www.geekserv.com)
Trusted computing is a euphemism for hardware rootkits. Who can guess what Microsoft would like to offer as the solution to the malware problem?
Uhmm.. Do they have a 200 ppl admin team?
... AUTOMATICALL!
I'm working part time in a smaller school as admin. They have about 70 machines. One machine or a whole CS room is recovered/reimaged in max 20 minutes...
I'm using a 5 lines linux-shell script, with ntfsimage and udpcast (multicast).
And Yes: They're XP machines. And the PCs join the ADS domain automatically.
..that I will present to the bossman, and he will ignore.
-sigh-
I just know the day that we get hacked, rooted, etc because someone brought something in from home... I'm going to get fired for not setting up a secure system.
Ive been desperatly trying to convince them that it is an actual real threat. That, yes, someone could steal our data if we dont secure it. The system is as solid as I can get it, but its not perfect. I know one day it'll eventually happen.
I'm really tired of taking the blame for security breaks.
Ive had mass emails, education campaigns, I even hung up fancy posters of the security rules with light-hearted dialogue. And every damn time something goes wrong, its because one of the suits was looking at porn (and god, do those suits love their porn, jeezus) or becuase someone brought a laptop in. And I still get the blame. Im about to say, "well bossman, the reason we got infected is because you like to browse anal rimjob websites and look for cheap escorts."
Its the only thing about my job I dont like.
Ah well.
For some time it has been easier to wipe and reinstall rather than repair an infection, of course this is dependant on knowing where your data is to begin with - hint: this is why we have servers. A reinstall (automated of course) will take less than 2 hours and everything is guaranteed to be working properly afterward. Properly eradicating most spyware takes a lot longer than this and doesn't guarantee that you or the program/s you use have gotten everything. Why even take the risk of repairing a spyware infection?
On Windows boxes I still see many spyware infections on computers where the users don't even have administrative access. This includes the adding and changing of system services that users don't (read as shouldn't) have access to change as well as totally screwing over the Windows system restore which I might add helps malicious software coders than the users actually trying to restore system files. All this from surfing a malicious site in IE.
It really is impossible to trust an infected machine even after every effort has been made to remove the spyware. This is something every Microsoft admin I know has known for some time, this should be a non story except that it's about a government branch that had 2000 spyware infected client machines and no disaster recovery plan - heads should be rolling.
the last three companies I have work for have provided networked HOME drives for each user.
Ideal for centralised backup, hot desks and easy to screen.
Key thing was the C drive was for files that could be deleted in an emergancy, like MP3 files etc.
Tech support walked around with a self running Ghost CD that would rebuild any machine at any time.
(Please do not reply about the importance of your MP3 collection)
ERR 411[Max number of witty sigs reached]
They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast...
...so they just called in the Borg to fix it, and everyone lived happily ever after.
He who knows best knows how little he knows. - Thomas Jefferson
The anonymous poster's link states the problem incorrectly. It's not PCs that can't be recovered, but Windows. And Microsoft has always made it difficult to quickly restore the OS. Things like GHOST exist, but are expensive. Microsoft has some build tools to automate the build process, but they take a lot more work than something like GHOST. I find this to be a serious flaw with Windows -- automated builds are too hard. (To be fair, I've not tried doing an automated build on Mac OS X. Most Linux variants make it really easy though.)
I'm having a hard time figuring out whether the Microsoft rep is trying to convince us to buy their new anti-malware product, or if they're making excuses for why their OS is so vulnerable. He is correct about social engineering being a serious problem though. Still, there are things that an OS should be doing to prevent rootkits. Like never allowing admin access without a password. And a lot of the rootkits exploit vulnerabilities that don't require any social engineering.
Software sucks. Open Source sucks less.
Formating doesn't come close to elimination real malware though. The boot sector isn't overwritten first of all unless you specify /s
Additionally, the malware could have virtualized your PC and whatever changes you make are to the virtual computer you are running on while the virus has real run of your hardware and resources. Even if that doesn't exist yet, one day it will because it is possible using software that is even freely available today, with some tweaks that bad people would only be too eager to implement.
Talk about the mother of all rootkits eh? Your computer would be like The Matrix, a virtual world where you think you are in charge but are really running a pawn cause you're pwn3d.
Oh You POS
"When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here."
Now those sound like the words of someone who has 'been there and done that' more than a few times. If Microsoft is having those kinds of problems with the hardware, software, and expertise they have at their disposal, imagine the kinds of problem that 'Sam's Plumbing and Heating Co.' is having.
personal computers don't belong in the business workplace. Whatever genius (M$) decided it was better to move away from the terminal-server model to individual PC workstations and its subsequent adoption in corporate America is ultimately responsible for high TCO, virus and malware outbreaks, disruption of business continuity, etc. The capabilities of modern personal computers are not necessary for most work and only serve as a distraction, resulting in even lower productivity.
Oh, and death to all virus/malware writers!
I take care of a couple hundred machines and the FIRST thing I did when I was hired was to set up an automatic install. It's a pretty tiny investment when you think about it. I didn't even do the standard hard drive cloning, I did it the HARD way and scripted a full XP install, which then hooks into automatic application install after XP is done. This is BASIC stuff. I can't believe the outright negligence of an IT department that doesn't have some sort of restore process.
Free The Lapland Six!!!
http://www.whatiwore.com
What I wore, now with 100% more pool project!
And this process was named... "LINUX" ! ...that you can clean a compromised Linux system without wiping it clean.... oh, wait... oops...
-Em
RelevantElephants: A Somatic WebComic...
Through education on how to use your current software, including the OS, telling people not to "punch the monkey" or click "whos legs are these??" and telling them not to install random crap on their computer, you can really improve the way people use their PCs.
Its not difficult to do this, and if you just have one training session, thats a lot better than having several hours spent per computer trying to recover its data/reinstalling programs or OS software.
Think about it. if you knew not to install something on your computer that you had no idea what it was, and your IT department told you not to do that kind of stuff, wouldnt you be more likely to not click "ok" when something asks to install?
I provide residential desktop computer support for a living, which includes a lot of malware removal. I find that it's virtually always possible to recover all data, programs, etc., and get the user back to exactly where they want to be.
I use tools including ClamAV/AVG/Norton, Ad-Aware, Spybot, and a couple custom scripts that can remove the malware. Windows repair installations help restore any files that become corrupt.
My entire process, from start to finish, including checking for bad hardware, backing up data, and actually repairing the system, does take 6-12 hours, but the economy of scales works in our favor.
Shameless plug: If you need computer support in the Chicago area, my company ( www.geeks42.com / www.geeksone.com ) can help! Drop your computer off at any UPS store and have it repaired promptly and professionally.
Just look at who is harmed in each case. In the DVD case, the (theoretical) harm is to the studio that holds the copyright on the content. In the Adobe case, the (again, theoretical) harm is to Adobe's image and to the publisher that uses their software. But in the malware case, the victims are ordinary users like you and me. What's the difference? In the first two cases, we're talking about theoretical harm to large, wealthy corporations. In the third, it's genuine harm to regular people. Now consider the relative clout of those two groups in our society (particularly in the political arena), and all should become clear.
We only want a quiet place to finish working while God eats our brains.
--Bruce Sterling
I don't think it's a novelty that Windows PCs tend to be suicidal and in constant need of attention. How come the IT division of the un-named branch had no plans for this?
:-))
We have had backups and Ghost(tm) mirrors and all since, well, 95. PCs should be clones/drones, all sensitive data and configs should be on a central server. Is this that hard to plan? Sounds so banal to me... and I guess to you guys too.
And at any rate, how can all this malware be scouting around? I don't administer such large networks but those I do maintain have had near zero attacks, and I have no magic wand, just common policies and best practices.
And also some good old humiliation for the user who got himself into trouble:
"well, you shouldn't have opened that mail SHOULD'VE YOU? Now all your files are F*UP, I hope I can repair them but I'm not so sure it will be possible, in the mean time TRY AND FOLLOW THE MEMOs!"
A mug of tea leater: ~$ tar xjf
Microsoft has screwed up for so long, in such a bad way, that now they can't even recommend using their operating system anymore?
Yes, I know I'm borderline troll, here, but lets look at the progress over the years here with Microsoft OSes:
1) DOS
Not much of an operating system. In fact, it does not meet my definition of an operating system. It started out as a purchased in house rip off of CPM or whatever, and IBM was conned into bundling it with their monopoly PC biz at the time. It took years to add features like memory management, disk caching, multi-tasking was a joke. Reliability was abysmal. Yuck. How did a company start from that?
2) Windows 1.0 - 3.x where x 1
Junk. Nobody used it, except towards the 3.x days, and even then people dropped to DOS much of the time.
3) Windows 3.1 and 3.11. Yes, this was the first viable product from the company, but barely. This came out in 1993. Yes, 1993. And it only then almost had the functionality of a Xerox Star from 1981.
4) NT 3.51. The first time I sat behind one of these, I was amazed. This was the first solid 32bit offering I used and it just felt solid and real. Same ugly interface for 3.1x, but this was a real operating system.
5) Windows 95. Its claim to fame was that Mac people called it MacOS from 1984. Honestly, it was their greatest achievement to date after conning their way with IBM. I was pleased when it came out. It had issues, but was OK for the time.
6) NT 4.0. Late to market, but OK. basically 3.51 with 95 UI and some other enhancements. decent for a small company or workstation I guess at the time.
7) Win 98. Better than 95, especially with OSR2 or whatever it was called. Introduced USB and plug and play, but neither worked well.
8) Win ME. No comment besides this was the alpha quality OS that was the beginning of the merge between DOS/Win to NT. Everybody knows this was junk.
9) Win2k Added stability for the first time to their systems. This is where they took a bad UI and started making it worse. Slow as a dog.
10) XP. Never really used it, but again, more stability, aside from the fact that the legacy support from bullet #1 is now an infectious target for malware, viruses, spyware, worms, trojans, you name it, if you don't want it, it will be on your newly installed computer in seconds without a firewall. Sometime after XP came out, MS took a week or two off of writing cutting edge code to get their security in gear. We all appreciate that, right?
11) Vista. Looks like a revamping of Win2k. Bad UI made worse, and will be slow as a dog. Nothing to see here, please move along.
What I noticed in typing this, is that MS is _always_ about 10 years behind where the progress should be. Its now 2006, and XP is a clowny looking thing from the mid 90s. I will say that they sure know how to sell stuff to people. They get an A++ for that, but innovation and quality have never been their forte.
When a *nix box gets rooted, generally standard practice says that you rebuild the box. I'm unsure if this is the case with Windows rootings. That is just the way it is.
Malware wants to be "sticky". I'm surprised it has taken this long to become truly difficult if not downright impossible to remove.
What I wonder is if people will just tolerate the unremovable malware instead of the frustration and/or time of reinstalling the OS and applications and getting everything just right all over again. It's one thing for system administrators and geeks to reinstall. It another thing entirely for the average user to have full/incremental backups or cloned drives or some set of procedures for reinstallation.
This is definitely an interesting situation.
the guys who with XP-SP1 tried to isolate everybody who had a common serial number?
MS has finally awakened and smells the coffee.
but I have no cup for them any more.
if this is supposed to be a new economy, how come they still want my old fashioned money?
I'm coming to the point where I feel that the core Windows environment needs to be booted from CD, or some other read-only media that can't be altered. Yes, additional drivers and installed programs will need to boot from the hard drive, however, a Safe Boot option to run your virus scan from as part of the read-only boot could then be used to much more easy remove the malware.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
At a large come huge company I used to work for, every Friday night all of the workstations enterprise-wide were reimaged whether they needed it or not. In a case like this, they'd just schedule an immediate reimage and bounce everyone all at once. Useless for a few hours, but problem solved. Once you get people on standardized desktops and saving only to network drives, this ceases to much of an issue.
Where I used to work, we solved the problem by running with a solution that reinstalls the software on the machine remotely.
We used a Windows domain and DFS to ensure the users did not lose their data when rebuilding a machine. We then sent an OS image to the system remotely and remotely installed all the software on the system. We would regularly update our image to include all security patches. This was also complemented by a Windows Update Server to push security patches to deployed systems. This was complimented by antivirus and safer policies enforced on the systems. The system also scaled well to several thousand computers.
This may seem like a lot of work, but there are several turn key solutions to do this. (e.g. we used altiris). In addition, the work we did upfront saved us an immense amount of time later on. We were able to reinstall the software on hundreds of computers in 30 minutes. Every now and then we would get a straggler but dealing with 2 or 3 stragglers is much easier than trying to fix or reinstall all the computers by hand. It also allowed us to recover from major virus-related disasters. It wouldn't be difficult to fix 2000 computers and have time to enjoy lunch. (If you are wondering where the bandwidth comes from, we multicast.)
Make your system as foolproof as possible and I'll show you the fool who can break it. It makes no sense to deepen the moat, add more boiling oil, and hire a thousand new guards if the user is simply going to lower the drawbridge.
Personally, I can't wait for the day they can patch human stupidity.
GetOuttaMySpace - The Anti-Social Network
Hey, how about the following...if we had something like a trusted computing architecture, then this wouldn't be a problem. The malware would never be able to infect the computer. Of course there might be some minor side effects...you might not be able to run just any old software you want. But that will surely affect only a very small percentage of people, and the benefits to everyone else will greatly outweigh those inconveniences.
I bet there are some smart people at microsoft, and I'm sure they'll be able to come up with something similar. Maybe we'll be hearing an announcement about some new security features in Windows Vista. I know I'm looking forward to it!
With this virtualization / Xen business, I'm sure Microsoft could modify Windows so that apps would work inside registry cages and such. This way you could install your gaming software inside a cage and it couldn't mess up your windows.
It's about time we start teaching Windows users to partition like we *nix users have been for years - data on one partition (/home) and the OS on another. I've done this with all of my Windows boxen since XP came out without a problem.
Colin Dean Go a year without DRM
It's amazing that when at least half a dozen knowledgable posters have already pointed out the fallacy here, we still find a personal ad for "prompt and professional" repairs that relies on closing the stable door after the horse has bolted.
The professional thing to do would be to explain in simple terms why the system is no longer reliable, help the user to back-up what data they can, help them to clean the system and reinstall everything they need, and then help them to install defensive software to avoid getting hit again. And what's more, if your turnaround time is really 6-12 hours, this approach is probably at least as fast, too.
With anything else, you may think you've fixed the problem, but you'll never know for sure, and the people who later get hit by the DDoS worm you missed won't thank you for it.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
How does the ordinary user do this?
I didn't have the foresight to make a Ghost image of my system from the factory. It's a DELL and the restore-to-factory-from-secret-hidden-partition doesn't work once I added a new partition to the drive (with Partition Magic).
So now it looks like I have to:
1. Make sure I have up to date backups of my data (always a good idea)
2. Purchase another copy of Windows even though I already paid for one
3. Dig through my records collecting all the keys to all my applications
4. Spend an entire day reinstalling Windows and all my applications. Anyone who says it only takes an hour to reinstall Windows must have a secret version I don't have access to. I have to babysit the install through ten reboots and many hours.
Is this the best way?!
What about after that? I can Ghost the Windows partition, but I'd still have to reinstall any applications installed after the Ghost was made. And it's no use putting the applications in another partition because the applications depend on cruft in the registry.
- For the complete works of Shakespeare: cat
I think a better headline would read World Says Recovery From Microsoft Becoming Impossible
Last time I was in Budapest I, um, dropped a heavy suitcase into the Duna. I think he had friends, so the problem isn't really solved. But hey, I enjoyed the big splash.
Please post some names and locations and I'll see how it fits with my travel plans.
This is obviously part of a subtle Microsoft campaing to promote DRM.
The funny thing is that they had to bash themselves for this!
...embraced and extended this new technology? :-P
?
Exactly, MS's solution is to build in an auto self-destruct that's activated the moment malware is detected.
"Hi there, this is Eddy your shipboard^H^H^H^H^H^H^H^H^Hdesktop computer, and I'm delighted to inform you that I'm going to self destruct in 5 seocnds. Sorry, you don't have time to close all applications to save your precious data. We have a real emergency situation here! It would be pointless to save anything anyway, because we're going to format your entire harddisk to make sure every tinsy bit of malware is destroyed. Share and Enjoy!"
"They did not have an automated process to wipe and rebuild the systems"
We had that going 5 years ago at a school district! Joins the domain, user apps installed. We could broadcast an image to hundreds of machines at once. We even had the pxe boot run a boot disk that it downloaded from the server, the machine name was based on the ip address. We would set a side a range of ip addresses and have the program name the computer accordingly. All the teacher had to do is login. No wonder we can't catch osama! Some reason, a bunch of monkeys f*$%()* a football comes to mind....
My typical solution for VISTA (Virus Infection Spyware Trojan Adware) has been to format the machine ever since their inception. I _knew_ that this method is a total waste of time for both me and my client. Looks like I had a good bit of practice before this method is really necessary... :(
I clean spyware/adware/virii...etc. from client computers daily. I haven't found a piece of malware yet that has forced me to just wipe clean and reload. I think the real problem is the man hours needed to clean a severely infected machine. I don't know...maybe I just haven't run across the malware they are referring too but I've seen some pretty nasty ones that do frustrate me to no end.
One of the main reasons that both viruses and malware is so prevalent on Windows is not just because of all the security holes, but because 90% (or more) of users run as local administrator on their system, thus giving any app full permission to corrupt their system.
Thumbs down to M$ for allowing this to happen. I understand that this "hole" has been significantly reduced in Vista - we'll see.
Use of imaging/backup software like Ghost has already been mentioned, but how many people really take system state backups (or for that matter any backups) with any regularity?
I worked for a while at MS (as a vendor, not a blue badge). The only approved way of recovering a suspect machine was to wipe it, apply the build with the latest sp, then the latest patches (or image equiv). This was well understood over a year ago.
Anything that you load from a corrupt system is suspect, ergo you can never run something from within windows to cure windows and be sure that it is going to work.
Oh, and don't surf the web with Admin privs.
...of IT costs (equipment, software, $$ equivalent of support staff time) in Business and Academia go towards protecting networks against flaws in Windows software. Anyone know?
making relying on backups far less useful (pointless, perhaps?). I've talked with people before about having Windows viruses that don't sap resources (at first) or kill the machine, but which quietly change data in files. Modify a "3" to a "7" in a few Excel files. Change meeting times in Outlook by 10 minutes here or there. Eventually, get more malicious and start changing other bits of data in files (mainly MS Office files for maximum compatibility/reach).
A good virus won't be found out for awhile, and without knowing when it infected the system, you won't easily be able to tell how far back to go in the backups to pull 'clean' files.
This would have a devastating effect on the trust people have in any part of the system. What good is 'rebuilding' the system if you can't trust the data backups either?
creation science book
Everytime you kill a kitten, god masturbates.
The two basic principles of Windows system administration:
* For minor problems, reboot
* For major problems, reinstall
Unattended
This is a system for fully automating the installation of Windows 2000 Professional and Server, Windows XP, and Windows Server 2003.
http://unattended.sourceforge.net/
The original point is that this causes genuine harm to every computer owner, including large wealthy corporations, as well as the government itself.
Most computers are actually used in a workplace, rather than at home.
Of course they had a disaster recovery plan. But since they didn't expect to have to recover from disasters as frequently as malware causes disasters, they simply didn't include an automated process. Legitimate (and good) disaster recovery plans can include manual re-installs of the machines involved based on the risk factors, costs of the offline duration during reinstall vs. costs to include automated recovery capability, etc.
Since the organization TFA referenced is within the U.S. Government, it's quite likely their system design specified that the machines involved would neither have (direct) connectivity to the Internet nor permit users to install software. The odds of getting an uber-wrecking Windows virus on a stand-alone machine with a pre-selected & tested set of applications are pretty slim.
the guys who with XP-SP1 tried to isolate everybody who had a common serial number?
Ghost has nothing to do with using same serial number. You should always run sysprep or similar before running ghost to make sure you do not have duplicate sec ids on network.
RelevantElephants: A Somatic WebComic...
Or
Nuking From Orbit Made Easy
If your BIOS, kernel, and security layer are read-only or quickly reloadable from a read-only or authenticatable store, with hardware enforcement, you have no problem.
Bootable CDs running on machines that don't allow boot-from-anything-but-BIOS-flash-floppy altering of the BIOS fit the bill.
A more practical/faster-recovery solution is a boot-CD or trusted network-boot-image-server that reloads the system from a protected backup, such as a "ghost" image or backup partition. To insure against corruption, the boot-CD would need to contain checksums for every file on the backup image or partition, and have a secondary, read-only backup to use if the primary backup got corrupted.
Many computers sold today have this built-in, minus the checksum. If you hit a certain key during startup, the system will boot to a usually-hidden "recovery partition" and restore the system to "factory-fresh" condition. Perhaps Corporate IT managers can adopt the same idea so refreshing the system from a trusted boot medium loads the corporate preferred environment instead of the manufacturer's default environment.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I'm sorry.. What in the heck are you trying to say?
Any company that uses a Thin Client solution should also invest in properly locking down the server. E.G: Manditory profiles, no administrative accounts, Line of Business software only. Period. Most likely behind a Unified Threat Gateway.
If you are going to put 5-500 people on one machine, it damn well better be propely set up so that one (l)user does not bork the machine for everyone else. You also tend to want things like a tape drive with the "Automatic Restore" module so you can get backup quickly. (You know, the one where you put in the CD, and the "Clean Build" tape - and it formats the drive & copies the OS, and applications.... Then after updating the software, you put in the User Account & other data...)
My $.02
Too bad my clients will pinch $.01 untill it bleeds: Making them have to pay more for cleanup;)
+1 Funny mods haven't contributed to Karma in a long, long time.
Oh, and don't surf the web with Admin privs.
I have a shared internet connection. It doesn't work if I login with a guest account. Microsoft REALLY should have worked on making guest accounts more manageable.
I think your brain has "the mother of all rootkits" installed.
"Even if that doesn't exist yet, one day it will because it is possible using software that is even freely available today"
Priceless. If the software is freely available today, and it is possible - (do I even need to ask it?) why doesn't your "Matrix Malware" exist now??
"But this one goes to 11!"
Should read::
"Windows (TM) PC's can no longer recover from Malware of the worst sort..."
-=fshalor
Q: Why would Micro$oft say something like that?
A: Because they are about to release a new OS that will "solve" the problem.
Nah, they wouldn't do something like that.
In the land of the blind, the one-eyed man is king.
This is mainly because mallware (etc) is not "ok" it is a VIRUS...
The legal definition of a virus goes along the lines of "any program or script (etc) installed without the user's consent or knowledge for any malicious or purpose to cause the computer, it's files, or user some kind of distress.
SOunds like any of the mallware, etc, stuff that is out there...
Then we should be asking ourselves, what is Microsoft's culpability in this situation?
How much share do they have in this problem?
They have given us an operating system that allows this kind of thing, and they now admit that it is destroying our data, our ability to use the computer, etc...
And we had to pay for it...
I say a class action law suit is needed
--E--
Only solution:
throw away disk drive.
install new one.
Nonetheless, I learned one important lesson during my daily reinstall of each of those 20 PCs: Always Boot From A Clean Disk.
An important corrolary was, you need only replace the damaged files.
Here, over 15 years later, and we have some Microsoft chump proclaiming that a PC is irrecoverable without a total wipe. Two solutions: first, don't try recovering a PC operating system by first booting the infected operating system. Second, if you boot from a clean system, you shouldn't have to completely reinstall, just hit the ones that changed.
As an aside, has anyone else but me wondered, how truly effective is antivirus scanning that runs in realtime from the host OS it is scanning? Shouldn't you always couple so called "online scanners' with some kind of forced, whole-disk scan prior to full OS start, to be run at least every once in a while?
Why don't more organizations use a lock-down tool such as DeepFreeze (http://www.faronics.com/)? With DeepFreeze on a machine, you simply reboot and the malware is gone. There is the capability in DeepFreeze to allow "thawed space" so if you need to keep anything around between reboots you can put it there (or use a network drive). Windows allows you to remap directories, so "My Documents" and other necessary folders can be mapped to the thaw space. When you are dealing with large institutions (education, government, etc...), the time saved cleaning or rebuilding machines will more than offset the licensing costs. You can even automate the process to have a machine thaw itself, install updates, and refreeze itself overnight. Machines can also be rebooted (or thawed) remotely. It's a very useful program to have.
... especially if you're using XP.
There's a relatively inexpensive product for which you can purchase a license called 'WinINSTALL'. Not a lot of people seem to know about it for some reason, but the currently available version of the product makes it relatively painless to completely rebuild a PC's OS, complete with applications and various profile settings (shortcuts, your favorite background images, and so on).
It doesn't have the pain associated with image solutions; you don't have to worry about re-imaging your machines every time you change the software that you want installed on the boxes (although you do have to deal with setting up the software packages, which can be a little bit of a pain, depending on what you're installing, and how friendly your vendors have been towards corporate environments). You can even reset the employee's PC from you own PC, without having to visit their box. It just needs to be turned on.
It doesn't require you have some incredible mondo-server to make it run; you can use pretty much any Windows 2000 or better machine. Certainly, any of the machines being cranked out today can handle WinINSTALL. Hell, I've seen it work on circa-1999 machines without issue (I think that's about 500Mhz Pentiums with 64 megs of RAM). It's slow on such machines, but it seemed to work.
It's also likely to be around for a while; the product was first introduced to the Windows market back when Windows 3.11 was popular, maybe even before then. It used to win a lot of awards, but I think it just fell off everyone's radar over the years.
You can find more information about it here:
http://www.ondemandsoftware.com/
This is a product designed to deal with problems like this.
And so it goes.
What I noticed in typing this, is that MS is _always_ about 10 years behind where the progress should be. Its now 2006, and XP is a clowny looking thing from the mid 90s. I will say that they sure know how to sell stuff to people. They get an A++ for that, but innovation and quality have never been their forte.
MS Has gotten themselves into a catch 22. Issue: Legacy apps.
The reason they appear to be behind the times, and the reason it takes them so long to get a product 'out the door' is due to the fact they are building in legacy support into their most current operating systems. Apple decided to cut their losses in this, and can thus turn around new releases every year or so, while it might take MS 5 years to get something new out.
If MS decides to discontinue legacy support, they can potentially lose hundreds of thousands of customers. That would be a bad business decision. On the other hand, building a bulky product that people constantly complain about seems to be working just fine, as they still have a firm grasp on the OS market.
What would you do if you were Gates?
I think I saw this same post and response for the last 137 windows virus related stories. Does this mean there's a glitch in the matrix?
If an officer ever threatens to taze you, say you have a pacemaker.
It may not exist yet in the wild [who could say if this isn't being worked on though] because Virtual PCs are relatively new and the power to operate one has come about only in the last few years. Also the Internet has provided a way to remotely manage such a network of rooted machines, and yesterday VMware and Microsoft announced developments in the Virtual PC world.
This could take off at any time, all it takes is some bad people working on a way to hide behind what looks like your computer, but is really your PC running on a virtual PC.
If you're so skeptical, explain why this won't happen. You can't because it already happens, only the real system is modified to hide the malware from the OS, instead of the real PC being left alone while it runs on top of the malware OS with a virtual machine running the users' system.
Oh You POS
When people discuss the costs of *retraining* to use linux they're implying they've already trained their staff once before to use Windows. In many cases this isn't true - most users can't use Windows in the sense one can use Linux. Most windows users never add hardware, uninstall software, change the registry, edit a config file, update a package, etc... basic system tasks, but just click blindly in front them towards the light, or else they wouldn't shout "i've deleted the internet" , or get infected with malware by clicking "hot pics!!!!, downloading, install? , yes."
of course, the poor it department burdered with fixing their mess, a power windows users. but why? certainly all their jobs - adding scheduled tasks, performing a system upgrade, fixing the server are much easier in linux.
More headache than it's worth.
Using a fresh boot disk and known good bios, it should be possible to verify that the drive's BIOS and boot sectors are restored to factory defaults.
No need to add to landfills, unless you were joking.
Oh You POS
Would anyone like to bet on whether or not those 2000 users were given local admin rights on their boxes? Stop running everything as admin and your problems disappear (or at least get a lot smaller).
"If you're so skeptical, explain why this won't happen. You can't because it already happens"
I don't need to explain why it WON'T happen, I never claimed it wouldn't.
That's funny, the other post only said it was possible (with today's software even) and WOULD happen, now you are claiming it IS happening - please give an example.
Besides, the "Virtual PC" you speak of doesn't really exist outside of the OS - so by scrapping the OS you kill the "Virtual PC" also.
"But this one goes to 11!"
Wrong. The weakest link in malware defense is the totally flawed design model of Windows, the 90% of desktop PCs on the Internet that run Windows & the 95% of clueless Windows users who wouldn't know security if it hit them in the face. (And yes, I know some good knowledgeable Windows admins who DO know how to make the best of the design flaws & who do a damned ace job securing Windows boxes.)
In addition to the above, you can also blame Microsoft's relentless marketing lies in convincing Joe Average about the "simplicity and ease" of using Windows.
No, I'm not going to get smug about Linux because an unsecured Linux box can also be compromised - but the fact is that attacks on Linux (or UNIX) PCs will NEVER EVER be of the same epidemic proportions that have hit Windows PCs for the following simple facts:
1. Linux isn't ready for the "Joe Average" PC user. That means those that use it are more knowledgeable in what they do and therefore of a mindset that's more likely to take security seriously and harden their machines before putting them on the Internet.
2. About 90% of making a Linux PC secure is understanding some very SIMPLE rules - don't run services you don't need & those you do need, do your best to avoid running them as root. Add to that some common sense about not using guessable account names and non-dictionary passwords and those alone will keep 99% of script-kiddies away.
3. Try and find a single, insecure program that you can use to propogate malware on 90% of Linux boxes - don't bother, I'll give you the answer - THERE ISN'T ONE. There's far too many distros out there running far too many different variations of daemons that it would never happen.
And before anybody accuses me of being a "zealot", I'll say this - I spend a lot of time checking and rechecking my Linux machines for vulnerabilities, I check syslogs regularly and do the occasional packet sniff just to see what's going on out there because 4 years ago I myself was hacked through an FTP service I stupidly left running on an Internet-connected Linux box. But that was MY fault and the good thing was I learnt by my mistakes and became more knowledgeable & vigilant in the process.
Sorry, but as a computer professional of some 20 years now, managing a Linux box properly is infinitely easier than working out the tangled mess of interdependent services, registry keys and DLLs that make up Windows - that's why I have the respect for Windows admins that DO know something about how to do it...
Gentoo Linux - another day, another USE flag.
I see the Main computer companies as the big problem for this. The preloaded machines are coming with programs like weatherbug and other such malware. They say that they are trying to get rid of malware, yet they preload it. This is like adding a filter to a cigarette. The end result is the same... DEATH
Danger Will Robinson! You are now entering a condescending Unix user zone!
I use one of these http://mrlinuxhead.com/ebd.html It boots to a known clean OS, scans and remove viruses and spyware very neatly. I used to have to remove the hard drive from PC's and put them on as a slave drive but that got old very quickly. Now I can do ten or twenty machines at a time.
I may be bad with names, but I'll never forget your IP address
You'll get your machine back and likely will not get easily infected again.
I don't have **knocks on wood** problems with mal / spyware.
I have a m0n0wall Perimeter firewall.... w/ the windows boxes behind this..... the perimeter firewall is your first and one of the best ways to keep the windows boxen protected.
i have spywareware blaster installed and updated on all the windows machines, in addition to current updated antivirus (F-secure) or (AVG). blah blah blah m$ antispy, and spybotsearch and destroy.
for the computers using wifi i have VPN over wifi using monowalls VPN capabilities in conjuction with RADIUS authentification from my domain controller.
I don't use IE, Firefox is used as the browswer on all the computers
hmmm let see what else.. software firewalls on each pc kerio or sygatePF
and of course brain power not clicking on stupid things not opening strange email attachments.
It is a little bit of work setting everything up, monitoring, updating...etc. but it is alot easier to keep this crapola off your pc's then deal with the aftermath.
I just had to help my dad and a couple other relatives work out some malware issues.... and really honestly after looking at the situations... the reformat options really seemed like the best... I certainly could have spent the time, running this and that malware scan and/or some online scanners then looking at hijackthis logs and maybe if i was really lucky more time digging about with something like system internals process explorer....
but really it seemed much more Expedient to backup their documents and just start over....and at least i could be sure that all the nasty crap was gone when i was done also.
however really the best option is keeping the junk off the network to begin with if at all possible.
actually I am happy to see you, however that is in fact a banana in my pocket.
It's not too difficult to create an encrypted, read-only database that stores a MD5 hash value for every file in the file system. Sweep the filesystem twice daily to detect changes and new files, and make the database writable only after sweeps to commit any updates. I wrote shell scripts to do this years ago, and the system is still damn good malware detection. You know when the system has been compromised, you know what has been compromised, and you know if the file replacement is clean.
Any fool can criticise, condemn, and complain, and most fools do. - Benjamin Franklin
I don't know how to start commenting on that. Obviously, you were not there in the DOS days.
Multitasking??? the Intel 8086 and 80286 processors did not even support that!(well, technically the '286 did, but the "protected mode" was almost unusable) And of course I am glossing over the fact that multitasking on the very limited resources consumer PC's had would have been useless.
Disk caching?? why in hell would I waste my precious kilobytes of RAM duplicating data that is safely tucked away on my floppy disk? Hell a 5 1/4 inch 360k floppy would have consumed HALF of my max memory space(remember? 640 kilobytes), plus the cache management code! And, well, there was no multitasking possible to get that data back on the disk without direct commands from the running program...
Reliability problems??? The only DOS version that had problems was DOS 4, which was the 1990 equivalent of Windows ME.
I ran everything from IBM DOS 2.1 to MS-DOS 5, and it was all right for SOHO uses. Of course if you were in big-budget atomic research, you may have had 4 or 8 megabytes at your disposal on a time-share computer instead of a tricked-out micro-computer with CGA and 4 simultaneous colors!
I just can't understand why people have so many problems with this. I know that being a software engineer I am a bit more savvy with my computers than most people, but this is still amazing me.
I have under my control (between work and home) about 7 Windows XP machines, none of them secured any more than the installation defaults, and most much less. About half of them have SP2.
I've never had a peice of spyware, malware, anything-ware, virus, or trojan..... Ever....
I am browsing a bizzare combination of sites for probably 10 hours of each day, using firefox and internet explorer. I goto plenty of free game sites, pr0n sites, etc.... Never have I had a problem, never has anything installed, never has my machine slowed down....
I have seen what some peoples machines look like, completely crippled and unusable with Malware... What the hell are these people doing? Why can I use so many machines for so many hours every day for many years and never have a single incident? Are these people just randomly choosing to download, and install applications right and left?
It sounds to me like everyone needs to just stop whining about malware being the problem, and instead learn how to use their damn operating system. And installing firefox would help, it seems to protect users from themselves a bit.
Somebody tell me if I am mistaken, but isn't it an extrodinarly rare case when we come across some malware/virus that is able to install and run itself with no user intervention? So all of these people must, for the most part, be choosing to install this crap one way or another.... Sounds to me like we should just revoke their computer privileges.
Big ones, small ones, some as big as yer 'ead!
Give 'em a twist, a flick o' the wrist...
...are designed to make money for some people, and everyone else pays and suffers. Pretty much always been that way.
IT in the government is an absolute fucking joke. Take it from me, because I work in it. The amount of money that is pissed away on useless, broken, or otherwise unecessary shit is astounding.
On top of that, the people who actually make the decisions, have no fucking clue what they are doing.
All your base are belong to Google.
"Everyone needs to buy a new computer that comes pre-installed with Windows Vista. OEM. With no adequate recovery disks."
I do think that if the same % population used it as currently uses windows, then there would be more serious problems with it.
But Mac OSes 9 and before had MORE viruses while having less users!
OS X is simply more secure.
-- Boycott Shell
... firmware... At this point I really think that ms needs to invest in firmware.. rather than installing an OS you insert a chip and the OS is on that chip. You get several slots and then run the software from that chip. the chips are none updateable, like a CDROM. Data is stored on the hard drive, but programs run from these chips. You need an upgrade, you get a new chip.
Only 'flamers' flame!
Does slashdot hate my posts?
You're going to need your datafiles someplace safe, like a server or a separate partition. You're going to need access to a drive to store your system images.
Before installing Windows, disconnect from the network.
Install Windows. During install, do not connect to the network. Get all your updates from the technet executables. Use the telephone activation option. Do not connect to the network. Get the firewall up and running. Don't connect to the network. Point your My Documents folder to the place your datafiles are. Do your base security configuration (firewall settings, replace all the pages in Explorer with about:blank, etc.) Do NOT connect to the network.
Take a system image. This is what you recover to if you need a major application overhaul, the "Base" image. If you are storing the image on the network you must make great care while doing this that the system does not boot to the installed OS with the network connected. Your OS install is in a very vulnerable state.
If you connected the network during the previous step, disconnect it before rebooting.
All the software that will install without the network, install and update it. Install Spybot Search & Destroy, with the Tea Timer option. Don't connect to the network. Install Ad-aware or whatever else you're using. Don't connect to the network. Take a system image. This is your "Working" image.
Now you can connect to the network. Immediately go to Windows update and get the latest patches, and their patches, and the patches for those patches. If any of the patched patches' patches have updates, get those too. During this step you'll probably reboot over and over.
You're done. If you have multiple PC's with identical hardware (and a license for each!) then the one image should do for all -- but check! Now on the Fourth of July weekend and New Year's Eve when you would normally be installing Windows on all of your PC's, you can take the evening off for fireworks and friends because you only need about 20 minutes per PC to restore them to working condition.
To get the whole day off, well, you know what everyone else here would say...
Help stamp out iliturcy.
Ok. Setting up a new system may help, but one of the secondary effects of malware is the control of somebody else about your system. If he decides to infect user data (manually) you may not find that automatically. (e.g. what about a change in the source code of large programs....).
1. Remove hard drive, install in a known-clean Windows box
2. give Administrator ownership of the system restore directory
3. Run a FULL scan of the drive using multiple tools, in safe mode:
- Ad-Aware
- Spybot S&D
- Microsoft AntiSpyware (I hate to say this but M$'s antispyware program is a great product)
- ClamAV
- A commercial AntiVirus program
4. Reinstall HDD into original machine, run Microsoft's MRT
This way, even stealth rootkits can be removed, providing there is a signature for it. If you boot from that drive, the latest-generation rootkits can completely hide themselves from the system, even if you have signatures to detect them. Thankfully they're not so widespread yet, but give the script kiddies a few more months and they will be.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
"A Mac-user with common sense!"
It's not common sense. It's wrong.
Microsoft is in a unique position. Because it has a virtual monopoly, Microsoft makes more money when its software has a lot of security vulnerabilities. For those who are ruled by money, morality has no force; "Maximizing Shareholder Value" is the way they live their lives.
Microsoft makes more money if it pressures its programmers to work too fast, so that they are sloppy, and then releases buggy software. Many people are fascinated by computers, and easily accept the world that Microsoft has created for them.
Here's a story about a Microsoft VP saying, "Oh, the next Windows operating system will be secure": "Safety and security is the overriding feature that most people will want to have Windows Vista for" .
So, Microsoft is once again telling us "The next version of Windows will be the good one." Before, Microsoft said Windows XP was "Built to be Dependable".
However, Vista will NOT include virus protection. Jim Allchin, co-president of Microsoft's platform products and services division told CRN, an industry magazine this:
CRN: In terms of security, how do you compare security in Vista vs. security in Windows XP SP2?
Allchin: SP2 was a very good system but compared to Vista, it's night and day.
CRN: Is there going to be antivirus in Vista?
Allchin: No, there is not.
CRN: Why?
Allchin: It's a complicated answer as to why not.
CRN: Was the decision based on technical concerns?
Allchin: It wasn't technical.
CRN: Will Vista resolve security problems once and for all?
Allchin: I'm not going to claim perfection or near perfection, but I think we're unrivaled in the work we've done. I believe security will be a huge problem for the industry for years and years and years but this will change the landscape in a fairly dramatic way.
Once again, Microsoft is taking advantage of the fact that most of its customers have little technical knowledge. Mr. Allchin said that "security will be a huge problem for the industry for years and years and years".
Microsoft charges for OneCare Live. That's another way to make money. Make sloppy software, and then sell protection against the sloppiness.
Note the emphasis on "beta testing" in Mr. Allchin's statements in the CRN interview. Someone said that Microsoft's motto is "The whole world is our beta tester."
--
Before, Saddam got Iraq oil profits and paid part to kill Iraqis. Now a few Americans get Iraq oil profits, and American citizens pay to kill Iraqis. Improvement?
out. The government gets it by default through taxes, and then pisses it away.
All your base are belong to Google.
Your system will call open(), read(), and close() on critical files, in order to calculate the MD5 sum. And those system calls will be carried out by the kernel. Which will be untrustworthy, if the machine is affected with a kernel-mode rootkit.
Unless you are booting your system off known-good read-only media twice daily, you don't know for sure whether you're missing something.
I don't believe that rebooting every desktop and every critical server off trusted media twice daily would really be a very scalable approach for a company with even a few hundred users...
Utterly absurd.
;)
I had a persistent malware problem years ago... a 'windows' something-or-other.
I installed a Linux distro. And 'poof', the problem vanished.
A non-article, if ever.
This shouldn't be surprising, but people don't seem to be mentioning it. Microsoft is trying to take the stand that "spyware is getting so bad, there's just nothing _anyone_ can do!". And they make this clear with the claim that it is PCs which cannot recover well from advanced malware (when PCs can handle it just fine, it's Windows that poses the problem).
They should take some responsibility for their own products from time to time. Avoidance of the truth will not help them in the long-run. They need to address these sorts of issues by the next Major windows version or people are going to continue to move toward the MacOX/Linux realms more and more.
Install COX in your backend today!
Unix has the tools, the technology, and the ability to repel, withstand, and almost eliminate the threats that Virus, Spyware, and Malware pose to MS-Windows based machines
a spx/precn_n?c=us&cs=04&l=en&s=bsd
That is why we do not need a Microsoft monopoly, because then you have a monopoly sized problem with these threats.
If the 7.1 Billion dollar R&D company can't stop it, but Freeware Linux can, what is stopping you from migrating to a better Operating System? Get over it already! Just do it!
Need Linux for Dummies?, try Linspire.com or mandriva.com or suse.com
Need absolutely free of cost? - try ubuntu.com or slackware.com
Need a whole new consumer package?
low cost Mac Mini from Apple - http://www.apple.com/macmini/
Dell with Linux preloaded - http://www1.us.dell.com/content/products/compare.
Reflections on Trusting Trust. The first time I read this I was blown away.
"Detection is difficult, and remediation is often impossible," Danseglio declared. "If it doesn't crash your system or cause your system to freeze, how do you know it's there? The answer is you just don't know."
So if I'm understanding him correctly, malware is unremoveable, undetectable, and the best approach to take if you have malware is to re-image the affected machine... the only conclusion is that in order to be safe you must keep your windows box unformatted, unconnected, and always, always in the "off" position.
Or run OS X.
Corporate IT has become testing ground for MS unfinished products based on half-baked designs, resulting in Gates going down in history as the one who made bad engineering acceptable. Given Microsoft's record in the security area, it's absolutely bizarre that anyone still even considers buying from them. It must be like a cult or something.
What the article seems to be saying is that MS is throwing in the towel and admitting they're out of their league.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
This has to be preparation for MS to push trusted computing on all of us.
MS: See, malware is impossible to remove from Windows. TPC will cure all of this for you.
CUSTOMER: Oh, OK.
I have to admit that's an intriging concept. It's a little farfetched right now (it would have to be a pretty honking big virus, if it carried around a copy of VMWare inside of itself), but at the very least it does point out that there a lot of at least theoretical nasty-games you could play on a system that had virtualization installed but not running by default.
I think the solution might be, if you have the hardware overhead, just to run your insecure OS in a sandbox created through virtualization. That way if it gets hosed, or even if some virus managed to install another virtualized OS on top of while compromising it, you'd be able to get "one level below" the infected system and clean it out.
It would be a mistake to write it off as impossible, especially as computers get powerful enough for a casual user to be running a virtualized OS and never notice the difference from a native one.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Still not secure enough to be immune from running malicious code. Nothing can ever be that secure. How do you know, for example, that the latest update of NetNewsWire doesn't install spyware? You can't. You just have to trust, and this is usually good enough. Usually, but not always.
Even with yesterday's 10.4.6 update, there remains in AppKit a likely remote command execution exploit when viewing malformed JPEGs. See here, for example. (DO NOT CLICK THIS IN SAFARI!) This affects every OS X app other than those which happen to implement their own JPEG decoders (including, thankfully, Camino and company). So if you download the evil JPEG to your desktop, and you have previews turned on, it sends the Finder into a crash-relaunch loop. Assuming this bug allows arbitrary code execution, Pierre MacProgrammer could easily craft a JPEG, today, to spread like wildfire among Mac users--hey, we're a tight-knit community--by emailing itself via Mail.app.
Don't bury your head in the sand just because we Mac users are better than our PC brethren (snicker). Eventually, I think Apple's going to have to implement a whitelist/blacklist of sites in Safari, or something like that SiteAdvisor plugin does for FireFox.
Cripple fight!
The subject says it all.
I trust Microsoft as far as I could comfortably spit a dead rat
Just leave windows... we have a forum of switchers on Mac Mini Forums http://www.macminiforums.com/forums/
Free Web based FTP
So Vista's anti-virus/malware stuff isn't even released yet and they are already seeding the excuses for why it won't work.
That's what strong earth magnets are for.
Just leave windows... We have a forum of switchers http://www.macminiforums.com/forums/
Free Web based FTP
At my workplace sometimes folks bring in their home PC's for me to clean off on my lunch break. A quick job pays a 6-pack of Mickey's. A longer job pays a 6-pack of Guinness. From those cleanup jobs I can vouch that the typical home user with an always-on DSL/cable Internet connection is in a world of hurt. I try to show folks how to Ghost their hard drive onto a DVD-R so that they can restore their system to a usable state rather than search through the haystack for all of the malware needles.
For example, the most recent cleanup I did entailed a laptop that had no antivirus software running on it. They did have a bundled AOL spyware app installed, but as far as I could tell it had never been run. I installed Avast! and Ad-aware from CD and ran full scans on the system. The result was over 300 virus and over 3,000 malware captures. Amazing that the computer could even launch an initial Windows Explorer session at all.
If things continue their downward spiral (i.e. - Microsoft dominance, widespread Internet exploits, monetary incentive for malware deployment, and foreign government turning a deaf ear on abuse reports) I would require that anyone with a Windows-based Internet-exposed PC have to earn an operator license. Much like someone would have to do to operate an automobile, motorcycle, ham radio, etc. This would include mandatory security training. And for God's sake, a brief explanation of imaging and recovering their hard drive in case they get hit with something later.
Seriously though, this scenario isn't viable. But perhaps virtualization technology offer a safe haven. Folks could just reboot their virtual image if they get slammed with something and get back to square one. Until the malware authors get one step ahead of that at least there would be some breathing room...
I'm sure this has been posted over and over, so I'll post it AC, but it bears repeating.
Windows breeds this crap by design. Stop using it.
Go get a Mac loaded with OS X, or if you don't want to spend money on new hardware, go to Linux or BSD. If you get tons of malware and crud on Windows over and over again, and you keep going back to Windows when much better solutions exist that don't get these problems, *you* are the problem.
Die, Windows.
Many sysadmins responsible for desktop deployment might want to move to something other than windows, but the sad fact of the matter is, if something goes wrong as a result of a virus/worm/hole it's easy to say to management "Everybody in windows deals with this kind of stuff". If you take a risk with OS X or LINUX and the migration goes horrible YOU will get canned even if it was not your fault.
Given the risk factors most people will play it safe and just blame windows.
I believe what the grandparent (or great great grandparent, or however it's best to refer to the poster) was trying to say was that if you were to boot up the original OS and do a format: C then you would only erase the virtual OS, because that's all you have access to. Because of this, you would retain your malware.
Having used many virtual machines, I can honestly say there are a couple of major flaws:
1) Booting up from, in this case a DOS disk, would mean you were booting up into a separate environment that would truly erase the hard drive. If you are familiar with live CDs and the like you'll know how relatively trivial it is to get out of your original OS and then play with it. THe most common example I can think of offhand is to get the SAM file out of windows XP.
2) The virtual machine simply would not look like your home machine. If I have OpenOffice installed and am using Opera as my browser, the odds that the virtual machine would have these preinstalled so that I wouldn't notice the difference are slim to none. Now trivial things like backgrounds etc could probably be reproduced with a few scripts, but nontrivial things like entire appliation suites would be challenging.
3) I have yet to see a virtual machine that doesn't have a significant boot time which is completely separate from the boot up time of your computer. Maybe you'd write it off as a side effect of the virus, though, if you were just a plain old non-geek user.
There are a few other things that strike me as reasonable problems with the scenario, such as the fact that you would suddenly have lost a half gig of RAM or however much your original OS has for itself, but some of them would probably be things you could deal with ultimately.
Anyway, in short I don't think it's a realistic scenario that this would ever occur, and if it did I think there are ways to recover from it.
How to use coral cache: http://slashdot.org.nyud.net:8090/~oscartheduck
For my own purposes, I coined the term "wipegrade". It's been a long time since I've felt comfortable upgrading a system, say from fedora core 4 to 5, or to a new version of winblowz. There are usually enough bugs with the upgrade mechanism, that it makes sense anyway to wipe and reinstall. Now add the peace of mind of nuking malware, and easing the process of reinstalling from scratch should really bad things happen, and wipegrading becomes the obvious choice.
With things like slipstreaming and user-generated livecds, along with the aforementioned motivations, I imagine that wipegrading will become easier and easier to do in the near future.
-jdog
If you can't tell the difference between an actual OS and a Virtual one, you have no business doing any formatting/installation of operating systems period.
Besides, try booting Windows and formatting your C: drive - that would never work.
"But this one goes to 11!"
The EU is already talking about going after them for the features they are including with Vista.
"Give a man a fish and he will ask for tartar sauce and French fries!"
People to re-install XP as many times as they like/need, or are they still going to charge us for that prilvlage? And what about Vista, since the exact same stuff is going to eventually happen?
My system rarely gets any viruses or malware, but I find it is usually is good to reinstall Windows based operating systems once a year or so to get all the junk cleaned out/fixed.
Let's think about this for a minute. Computers are operated by humans. That is one security hole no one can fix. To us, it seems easy. We're programmers, pen-testers, geek squad members. We're basically lucky enough to have a hobbyy that pays well.
Not everyone thinks like a geek. Joe Sixpack doesn't give a damn how his computer works, and doesn't want to learn how it works. He just wants to browse the net, send e-mail, and maybe if he's feeling frisky put up a new desktop wallpaper. These people don't know what a "root password" is. They don't know what an "address bar" is. They don't know or CARE. They just want to get things done as quickly as possible and get away from that electric picturebox.
Windows get a lot of flak because they're the most used OS. I'll admit, some problems are because of Microsoft's mistakes, mainly what I like to call "Root Culture". Every person and program requiring root access? Brilliant idea Bill.
But even *nix's model of security relies on you not being stupid. Choosing a good root password, not installing random crap etc. I read about a mac OSX "virus" recently. The program asked for your root password to install itself. I'm sorry, but nothing can protect a computer from stupid people, and Windows just happens to be the target because a majority of all people (and therefor a majority of stupid people) use windows.
Ka-ching!
"A lot of things, including a very secure operating system, are possible and even desirable."
A very secure operating system is here now, and free: OpenBSD: "Only one remote hole in the default install, in more than 8 years!"
That contrasts with Windows, which has had more than 20 remote vulnerabilities each year since Windows 95 was released in '95.
OpenBSD is Number One in security, by design.
My theory, expressed in the grandparent post, is that Windows is deliberately vulnerable due to the manner of management of software development. When a company has a virtual monopoly, vulnerability increases profit.
In other news: mafia says recovery from "hits" becoming impossible.
Well you could get the malware to just install a nice slick os with viturlization. Just get it to up start your os in a sandbox type set-up. I would think with a strip down unix varient as the malware os would boot quick enough and not use to much system resources while the user is using the computer that most well not notice it or just not care about it effects enough to warrent a system check.
It would still look nothing at all like the original OS, though.
How to use coral cache: http://slashdot.org.nyud.net:8090/~oscartheduck
MS finally wakened
and smells the coffee
but I have no cup for them
There, I fixed your haiku for you
"It doesn't cost enough, and it makes too much sense."
Why does it take a government research and tax dollars to tell people such obvious crap? That's what the software is designed for. (Hence Malware.)
Precisely. I suspect that in the "what if" future being posited in the original post that it'll become easier to create a virtual OS that looks and behaves very similar to the original, but it'll never be perfect.
How to use coral cache: http://slashdot.org.nyud.net:8090/~oscartheduck
Bootable Linux images could take a huge leap forward in popularity if they were equipped to deal with Windows malware. Give them away with every new PC purchase if you like -- it would just be one more good alternative before sending the hapless users to their restore disks. Even though you can't auto-update a CD or DVD, it could be smart enough to download data files that have the latest signatures or (if necessary) builds of the cleanup software. Every so often, release entire new images and offer the user the chance to burn a new "system cleanup disk". If it also offered the user basic functionality, such as Knoppix already does, so that people could connect to chartooms and use webmail and otherwise ask for assistance, so much the better. (Most people with home connectivity have webmail access whether they know it or not -- my boss got mailbombed and I just logged into her webmail and filed the offending messages away from the Inbox. She did not even know she HAD webmail access, but she sure does now.)
Basically all I'm advocating here is Knoppix + Windows malware remover shipped with every whitebox machine, and an update website. I'd sure keep one (or several, so I can just leave them with affected users) in MY toolkit. Brand new whiteboxes need not even have a physical disk, just a reserved partition -- though it is obviously much harder for any malware to destroy a CD-R that's not in the machine than it is to muck about with a hard drive partition.
This could even be turned into a legitimate money-making enterprise. Give away disks for free, but charge a small subscription fee to get a new image every month or so. If you only charge maybe $12 dollars a year, people won't bother chasing down new free disks, they'll just pay because it's not worth the time to save two bucks here and there. Minor updates (anything not necessitating a new image) would be free, and built into the next image. Anyone willing to contribute to the malware remover updates would of course not have to pay cash since they are paying in time and expertise.
Another thing I think would be a good idea would be to put image day halfway between Windows Update days, so that the lifetime of an unpatched exploit would effectively be cut in half, no matter when it is exploited.
Finally, there is no reason this would have to be done in Linux, it just seems to me that the capabilities are already almost there. Why reinvent the wheel unnecessarily?
Mal-2
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
This is an admission of failure on Microsoft's part. The complexity and inflexibility of such a system is unacceptable and the efficacy is questionable. What's keeping the bad guys off your image server? If they root that, they have every machine in your organization. The same kind of thing can be said of local image copies, you are moving the target not fixing the root problem which is an unacceptably poor security model. The cost of all of this is a complete loss of user freedom within the organization. If your users can't chose the tools they need, they can't do the work that makes the company run. "Standardized desktop" a euphemism for vendor lock in.
Friends don't help friends install M$ junk.
Ok, we really aren't that stupid are we?
After looking through all the posts... "Just swtich to Mac/OSX - switch to Linux - OpenBSD - NEXT - Solaris - etc etc etc..."
The Slashdot users, even the Mac Slashdot users realize that rookit technology and malware is NOT A WINDOWS ONLY PROBLEM?
Sure Windows is the bulk of the target and sure Windows has security issues that make in the past especially make it more subject to being rootkited.
However everyone here is SMART enough to realize that this can affect ANY commercial or consumer level OS? Right?
It sounds fun to say, switch to OSX, but rootkit level of malware can affect OSX just as it can Solaris, Linux and Windows.
So have fun, but don't be stupid and buy into the myth that Windows is the only OS that can be affected like this.
Ok?
I've never seen malware removal really work. In sane places, it's mostly a tool to show the user that their computer really is rooted and SOP has always been wipe and reload.
The big difference between *nix and Windoze is the difficulty of the wipe and reload. The easiest case is free software in a standard configuration. You just copy the binary out and leave the home partition alone and the system is fixed. Non free software brings levels of difficulty due to copy protection and other licensing issues. Windoze is the worst in that regard because the registry has no standards to it and each little program puts it's licensing stuff there and elsewhere. Each workstation requires individual attention unless you severely limit the user's choice of software.
Microsoft's admission of these problems is amazing.
Friends don't help friends install M$ junk.
You do need to know your system, but...
Three things, first.
a) Monitor your RAM use.
b) Monitor your CPU use.
c) Monitor your bandwidth use.
If I get weird spikes in any/all of the above, my first step is usually to either run task manager or this if it's something which task manager can't detect. If there's something running which I don't recognise, (and yes, I *do* know my system that well, and so should you) my next step is to run msconfig and check the startup section there. 99% of bugs will show up there as having some kind of startup entry, and from there it's a simple process of deleting the bug executable and its' registry entries. One other thing which people might not know about though is to also scan the prefetch directory, (c:\windows\prefetch) as backup copies of bugs generally land in there as well.
If, and only if, that process does not work, (and again, in 99.5% of cases it will) I then head onto the Web and look for answers.
Generally speaking if the above process doesn't work, what you're looking for is an alien dll which is being injected into a system executable. (Ususually svchost.exe because of how opaque that generally is anywayz.) I'm not good enough to be able to do manual stack traces, but what I can do is watch the CPU usage meter in procexp.exe (mentioned above) and the process shown as using the large amount of CPU time/ram will be the one the dll is hiding in. From there, the only thing you really need from the web is the specific name of the dll that's being injected, and once you've got that, you're clean.
The other big thing is, don't use Internet Explorer. Yes, I have it installed, but I generally only use it as a backup for very limited periods if I'm wanting to look at a single page that Firefox isn't rendering correctly. (Doesn't happen all the time, but more often than you'd think.)
XP is surprisingly easy to keep clean, IMHO. The main reason being that, despite what people claim, there really only are a few different ways in which a bug can operate on the system. They all need startup access, (and there are only really two ways that they can get that, one being a standard location in the registry) and they're all going to leave a RAM/CPU footprint.
So I don't buy what people say about XP being indefensible. You have to be proactive, and you have to know your box on an intuitive level...but it's completely doable.
According to XBill, Windows itself is actually a virus cleverly disguised as an OS. If you read the EULA, you discover it's also a rootkit. The software's owner, with your click through permission, has helped themselves to the right to inspect and delete any file on your system.
Friends don't help friends install M$ junk.
YOu might have to delete $home in some cases but being basically a Unix variant, the system itself should be relatively immune from a system-wide infection.
I'd much rather restore my system files than $home.
If you don't want to have to recover from installing malware stop buying it.
What's to say there's not crap like the Sony rootkit going on, kernel level obfuscation routines in place to fool your repair utility, etc?
Unless you boot from clean, known-good media to scan with, you're pissing into the wind, imho.
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Windows is so insecure because is uses a 'binary' registry...and this has been the case since 1995. Windows has been "unrecoverable" since then. Since the Architecture is built where everything can access everthing else (permissions can be changed) then of course you will have the problems we all have been having. Unix by it's very nature prevents malware (almost).
And the idea of running virtual machines is an excellent way to provide security since the malware can't use the host, and can't use the virtual machines either...Virtual PC/VMWare comes to mind.
Thats my two cents.
Here's the info I got today:
Hmmm. Your ideas are intriguing to me and I wish to subscribe to your newsletter.
I just throw this out there, but zero the hard drive should just about wipe any malware off. I can't see how a virus is going virtualized a PC when it is not being loaded into memory. At the extreme, you pull the plug and reboot with external media. The media isn't going to load anything off the hard drive. The only time I would imagine that might happen if used spintronics making hard drive, memory, and possibly the processor all one device.
You don't have to be smart to use a Mac, you just have to be smart enough to buy one
Actually I wasn't implying that the virtual system would be a generic version, it would actually BE the users' PC virtualized. vmware's P2V utility essentially, but running without intervention, and in the background. It might be many years away, but if it can happen, and bad people will profit from it, odds are it will happen unless some security method heads it off at the pass.
Oh You POS
Just because the U.S. government struggled with a PC problem, doesn't mean the average user or a mid sized corp would have the same problems. Face it, all U.S. government departments got a failing grade AGAIN this year on computer security - in its own internal audits! Any mid sized corp would certainly not sit on its ass for years on a problem. All places I've worked at had AV/backup policies in place and a PC restoration procedure. I don't see there being any problem.
Reading this article, I see the similarities between running a computer infrastructure and the body's response to a infection. The immunogical response to infection is to isolate and destroy infected cells akin to wiping a desktop computer. Computer specialist should look to this analogy for hints to computer infrastructure planning. Network firewalls and proxies function analogous to the skin. Anti-malware acts in the same way as antibodies. IT staff are the T-cells. There is one lesson that IT hasn't learn which is using a multi-platform environment. Antigens rarely infect all types of tissues in the human body. This prevents the immune system from being overwhelm in case of attack. I suggest planning Mac OS X, Linux, and Solaris into the infracture. There is low probability that malware will be able to hit all of them at once. Computer malware is like terrorist attacks, hurricanes, and antigens in that it can't always be prevented. Specialist need to plan in a way that minimizes the lost to the business.
You don't have to be smart to use a Mac, you just have to be smart enough to buy one
If the un-named government agency had just one or a few standard desktop images, this should be a piece of cake.
Ghost and ISO distributions (on CD/DVD) are similar, but less elegant IMO.
Fiat Lux.
I'm sorry. It's just that I've been running Linux too long. What is this 'virus' thing you speak of? Also, what are these 'worms' and what is 'malware'? I have absolutely no idea what this story is about. I've searched the internet (for a long time) and even put the question up to the thousands of people who visit my website each day. I've never heard of this stuff. Is it some kind of application, or is it a game? I know it can't be bad. My site has been up non-stop (24/7/365) for more than three years (the only thing I worry about is lightning and hard disk failure). Also, I've heard people talk about computers 'freezing' or 'slowing down'. I know when I run more than 20 or 30 large applications at a time my computer starts slowing down too. As for 'freezing', can't you put a heater near it? Does it really get cold? And someone explain what this virus stuff is. I'm curious.
-Microsoft Says Recovery From Malware Becoming Impossible
Becoming? It's been like that forever, try to find the unistaller for windows, i does not come with one.
The boot sector isn't overwritten first of all unless you specify /s
/MBR"
For windows.. Boot on recovery floppy. On the command line enter "FDISK
Then reboot and recover.
The truth shall set you free!
For example, how about a way to reinstall windows - on it's own partition, and windows would automatically find all installed, well know applications, on their own partition. And get rid of that XP activation cr@p.
Instead, windows always wants the entire HDD in one partition. And msft makes me paranoid to re-install because Idon't know how many more actiivations I have.
Wouldn't it be great if you could just push a button, and have windows reinstall from a bunch of cab files on their own partition?
It actually has been done. MS, of all people, did a proof of concept and Slashdot ran the article. I'm too lazy to look it up, but this is on the horizon. Now, I'll address your points so you understand how this will work.
#1 - This bit is probably true, but not always. A smart piece of malware could potentially flash the bios to bypass the boot order.
#2 - You simply put the *current* machine into a VM. I.e. you install yourself (the virtual monitor) under the OS and run the OS itself as your VM.
#3 - Such a virus could have little overhead because it wouldn't have to do much. Most of the APIs and such would just be pass-throughs to the actual hardware. E.g. why bother virtualizing calls to the video card? You just need to hide a little of your memory footprint and disk footprint.
While MS' proof of concept wasn't as smart as this in many regards, there's no reason why it can't be done. The only problem right now is that not all parts of x86 processors can be virtualized, but both AMD and Intel are providing technology to fix that little problem.
Corporate Feudal State
Crime is allowed to pay... when it enhances Shareholder value.
Thanks. That's the craziest post I've read on Slashdot in some time and that's saying something!
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Perhaps you haven't noticed but you're not allowed to say "Microsoft Sucks" outside of Slashdot. It would offend lots of people who have chosen to buy the Microsoft schpeil lock stock and barrrel. They think you're calling them "stupid".
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Magazine Advertisement for Apple ][.
Reportedly, the MITS Altair 8800 also used the moniker in 1975 but I didn't quickly find documentary evidence.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Back in the day, I remember a virus named NYB that stuck around beyond fdisk on scsi drives. The only way to get rid of it was an actual low level format.
Interesting - ATA disks also have a way to hide sectors - I forget the term but came across it recently doing some forensics work.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I see the first few comments suggesting a switch to Linux or Macintosh. At least where I work, in the educational sector, that's impossible. The time spent retraining faculty and staff alone would outweigh the security benefits, especially when you consider all the specialized software floating around that hasn't been ported (curse you, Department of Education).
How long do you think the school district will be in existance? Are they condemmed to run Windows for all eternity? If not, what will change to allow them to get out from under Microsoft's thumb? What do the costs look like to switch now vs. pay licensing for another 300 years?
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Our society seems to have an adversion to taking responsiblity for who does what. For example:
It is time for responsiblity to be taken.
I prefer the "u" in honour as it seems to be missing these days.
Reading about p2v here: http://www.vmware.com/products/p2v/ it doesn't sound like it could perform what you are talking about without a lot of processor work and a lot of time. It "transforms an image of an existing physical system into a VMware virtual machine." So you need to have an image of the computer first. If you had a hypothetical application that could look at someone's computer, transform the contents to an image and then deploy that image, it'd be amazingly processor intensive. Moore's law doesn't even assist, as operating systems are becoming weightier to fill in the power being supplied, and even if they weren't, applications certainly are. A few years back I would have been surprised when a game advertised itself as filling several DVDs, for example. Now, I wouldn't blink. In short, it's a neat idea, and if you were patient enough to implement a script or something to detect when the processor was idle and run only then it might work over the course of several months, but I'm sure it'd only work on a user with little/no knowledge.
How to use coral cache: http://slashdot.org.nyud.net:8090/~oscartheduck
I have almost NEVER worked in any organization where users were given latitude to just install whatever the hell they want. IT staff, maybe, but rank and file? Never. It's not even a virus issue, it's a licensing and business process and continuity issue. You want your "tools" to be chosen such that in the event of disaster, you can repalce them as quickly as possible with no impediments. Arbitrary configurations are a sure-fire way to guarantee that will not happen.
I mean it should be a technology not a religion. Though if it is so important to choose one specific brand over all others regardless of merit and regardless of the problems and defects, then one has to wonder.
90% or more of business users don't need to hold on to their legacy systems and can easily leave Windows. There are many cost and time effective ways of dealing with the remaining 10%.
If your brand of car had half as many problems as the brand of software in question here, you'd not only never, ever think of buying that brand, and bad mouth it to all friends neighbors colleagues relatives and anyone else you can corner, but you'd probably be all over those lemon laws. Even computer hardware is held to different standards. If a PC maker makes hardware that crashes occasionally, they're subject of a class action suit. What makes Microsoft so excempt? If it's not working, go with another brand. It's how everything else is done.
People going on and on with MS despite all the problems and costs remind me of this one dumb fellow I knew who some my friends worked with. He missed a few days of work because of really bad food poisoning (projectile vomiting and diarhea) which he figure came from the pork entré at a nasty dive none of us would consider eating at. So when he got well, he ate there again, the same dish, just to be sure. Yep. More projectile vomiting and explosive diarhea. Then when he got well again, he ate there again because it tasted good and the waitress was cute. Yep. Yet another round of projectile vomiting and explosive diarhea. IIRC it was another two rounds of that before he learned his lesson about restaurants.
It's been 15 years of different versions of Windows on DOS or Windows on NT (yes it's still the NT kernel) and people still haven't learned their lesson -- and go back again for another helping.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Nonsense.
Microsoft is already supplying anti-malware software. It's free and called Windows Defender. Microsoft can argue truthfully that operating systems are not supposed to be vulnerable, and that the company is just eliminating problems in their product.
The evidence is that Microsoft deliberately ships sloppy code. Is that okay with you?
It is difficult, to be sure, but it is mostly a psychological matter or ideological (Bill Worship).
Just because people are used to the situation, doesn't mean the problem's solved. If you've followed any of the security bulletins for any amount of time you'll notice that trying to keep up with MS' patches, using firewalls, and anti-virus software will only improve your situation a bit. You'll still get hit many ways. e.g. MSIE and Outlook both go through firewalls or they won't work. Instead, moving to software and systems designed for a networked environment is really your only way to reduce maintenance costs, aside from unplugging permanently from the Internet.
I take it you haven't used different versions of MS Office over the years or tried OpenOffice recently. Moving from one version of MS Office to another, you will lose data or formatting. That applies even to relatively uncomplex spreadsheets and word processing documents. At this point tools like OpenOffice handle older Microsoft formats much better (i.e. more accurately) than MS Office itself. It's certainly much better at restoring MS Office files that have gotten corrupted and can't be opened by MS Office. You can do batch conversions too, using MS Office.However, be sure not to fall for the myth of 'rip and replace' Unless you rented your productivity software, you should be able to run both at the same time. That way both are present, first as the new package is phased in, second as the old package is phased out. Again, unless you rent your software you can keep one or two 'recovery' stations around until they wear out just in case they are needed. And, of course, you would have the foresight to retain backup copies of the files in the original format in a read-only archive, just in case.
However, if you're using MS Works for your data, you're still S.O.L., regardless of which other package you choose.
I'll do one better. Here's the real deal and available for non-Windows platforms: Illustrator and PageMaker. Post the link to the Sage software you are talking about. I'm not familiar with it. The world hasn't yet fallen into the polar extremes of a choice of MS vs OpenSource, though to hear it from Redmond, you'd think that was the case. There are plenty of options to move off MS without going to Linux or giving up commercial software.Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
True story (posted anonymously 'cuz I like my job)- Our environment is ~80% thin clients accessing a Citrix server farm. My boss hates them because the users commonly complain about lag. I love them because they're a dream to support and I'm lazy.
A few months ago I started getting a flood of tickets for people claiming to have pop-ups and spyware on their thin clients. It turns out that one of the sysadmins had decided to do some surfing from one of the servers (running Win 2000) and got it jacked up. Anyone who happened to connect to that server got all of the usual symptoms. Asshat. I don't know if the powers that be figured out who was responsible or not.
Since I'm bitching, I'll also note that our help desk drones are also clueless and have no idea what a virtual machine is, else they never would have sent the ticket to me in the first place. They troubleshoot thin clients exactly the same as desktops, including trying to run defrag on them. Most of the users have no idea what a thin client is, despite using one for 40 hrs/week, but in their case it's not their job to know the technical details.