Slashdot Mirror


Microsoft Says Recovery From Malware Becoming Impossible

An anonymous reader wrote to mention an eWeek Story about Microsoft's assertion that PCs may no longer be able to recover from the most aggressive Malware. From the article: "[Danseglio] cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. 'In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,'."

18 of 631 comments (clear)

  1. Sony by From+A+Far+Away+Land · · Score: 5, Insightful

    Companies like Sony pushing rootkits onto unsuspecting customers is part of the trend toward stealth and aggressive rooting of machines. Once a serious worm that can spread quickly and hide deeply gets around, people will realize how serious an issue rootkits are.

  2. no disaster recovery plan? by jacksonai · · Score: 3, Insightful

    Ok, so why was there no diasaster recovery plan in the first place? Surely the thought of an uber virus wrecking Windows had to have been brought up at some kind of meeting? Those who fail to plan plan to fail. Plain & Simple

    --Taladon

    --
    Like Sweepstakes? Try out my service @ http://www.yourpowersweeps.com -- Free 21 day trial, no cc needed.
  3. This is news? by pcgamez · · Score: 4, Insightful

    I think any of us that work on computer systems long ago figured out that the rebuilding of a system is far easier than trying to remove each piece of malware. Now, in cases where there is critical data on the machine then it would be worth it to try. The fact is, but the time we hear about the issue, it isn't a matter of removing one or two pieces, it is usually closer to 20 or 30.

  4. Re:It's time.... by trolleymusic · · Score: 5, Insightful

    I'm a Mac user, and although I love OS X with all of my bits, I do think that if the same % population used it as currently uses windows, then there would be more serious problems with it.

    I'm sure it's much harder to get malware running on OS X, but if it becomes the platform most of your potential audience are using then malware developers will just try harder to make nasties for Mac.

    So, in this respect, sometimes I'm glad for Windows + IE - simply because I don't have to use it :D

    --
    "damnit, trolley I want in your signature." - Elburrito
  5. Translation by metamatic · · Score: 5, Insightful

    "Everyone needs to buy a copy of Windows Vista, which will solve the malware problem."

    --
    GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
  6. But you never could... by Anonymous+Brave+Guy · · Score: 4, Insightful

    You could never recover a compromised system reliably anyway. Once someone's got through your security to a certain level, you can't trust anything - including security tools and diagnostic information - that runs at that level or above. For a typical desktop PC or office server, that basically means you can't trust anything left on the system.

    Any sort of virus removal or system clean-up after being cracked is just a calculated risk that the attack will have been completely removed, based on the fact that doing a complete rebuild of a system and restoring all the backed up data is expensive, and while not cleaning up 100% after an attack is potentially more expensive, the probability of this is low.

    And no, running Linux or MacOS X instead of Windows doesn't change this, despite the number of people flippantly suggesting these alternatives. I'd have told you this earlier and saved a dozen posts, but apparently it's been 4 minutes since I last successfully posted a comment, so I can't post another one yet... ;-)

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  7. Thin Clients by Citizen+of+Earth · · Score: 5, Insightful

    the U.S. government struggled with malware infestations on more than 2,000 client machines. 'In that case, it was so severe that trying to recover was meaningless.

    Whereas, if they had been using thin clients with no local storage, the only recovery action would have been on the server. And if they had been running non-Windows on the server, they wouldn't have had these infestations in the first place. A full-blown Windows PC on every desktop in an enterprise is just an expensive welfare program for MCSE types.

  8. Re:It's time.... by networkBoy · · Score: 3, Insightful

    Really, they had no way to wipe and restore on an automated process? Have they never heard of Ghost-EE? Multicasting?
    I use ghost on my PC, thus when I plan on installing new software I do so, play with it, am sure I like it, then:
    Restore latest clean system build image to machine,
    Install target application, ensure functionality,
    Create new latest clean system build image.
    I store all my non-temporary data on a server PC anyway, so this is an ideal solution. One that should work in any enterprise environment as well (assuming that there are only 3-4 different builds).
    -nB

    --
    whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  9. Re:It's time.... by myxiplx · · Score: 4, Insightful

    Yeah, because it's so easy to replace the 20+ programs that form the core of our business, and data migration's so easy a baby could do it. Please, try responding to the point that's actually raised here instead of going on and on about migrating to alternative systems. Many companies are simply not in a position to migrate their entire network.

    Personally, I'd love to migrate us to Linux, but until I can replace CAD/CAM systems, accounting packages, design software, drawing packages, etc... that's simply not going to happen, and until it does happen I'm faced with the job of keeping our MS systems secure.

    We've found that preventing web based scripts from running has kept us virus free for nearly two years now, but even then we're expecting to be hit by something sooner or later. If you're running a Microsoft network, it's worth putting a few weeks aside to get RIS / Ghost working well. Right now we're looking to take things a step further by running all our clients off a set of blade servers running virtual machines. There are cost savings to be had with the ease of maintenance and disaster recovery suddenly becomes a whole lot simpler.

  10. Will it get to the point? by mytec · · Score: 3, Insightful

    When a *nix box gets rooted, generally standard practice says that you rebuild the box. I'm unsure if this is the case with Windows rootings. That is just the way it is.

    Malware wants to be "sticky". I'm surprised it has taken this long to become truly difficult if not downright impossible to remove.

    What I wonder is if people will just tolerate the unremovable malware instead of the frustration and/or time of reinstalling the OS and applications and getting everything just right all over again. It's one thing for system administrators and geeks to reinstall. It another thing entirely for the average user to have full/incremental backups or cloned drives or some set of procedures for reinstallation.

    This is definitely an interesting situation.

  11. Re:Fools... by xdroop · · Score: 3, Insightful
    I see the first few comments suggesting a switch to Linux or Macintosh. At least where I work, in the educational sector, that's impossible. The time spent retraining faculty and staff alone would outweigh the security benefits, especially when you consider all the specialized software floating around that hasn't been ported (curse you, Department of Education).
    Nothing is impossible.

    It's a gamble. Building the new system represents a cost (in time and labor if nothing else). Retraining staff is a cost. Finding new apps, or secure work-arounds for existing apps, represents another cost. Dealing with the transition (helpdesk, troubleshooting, whining users, fixing incompletely transitioned apps) represents yet another cost.

    On the balance side is the cost of a security breech which (insert your company's worst nightmare here). Or the cost of denying all your users all your computers for a period of time while things are all rebuilt. Of course it isn't guaranteed that either doomsday scenario is going to happen; simultaneously, it isn't guaranteed that either doomsday scenario is going to be limited to a single incident.

    It's called risk management.

    Put another way: is it worth taking a known, calculable, solid kick in the nuts to mitigate the risk that you might be repeatedly shot in the arm, chest, or head?

    What is your business worth?

    --
    you should read everything on the internet as if it had "but I'm probably talking out of my ass" appended to it.
  12. Re:It's time.... by Mister+Whirly · · Score: 3, Insightful

    I do think that if the same % population used it as currently uses windows, then there would be more serious problems with it.

    "FYI, That statement has been proven to be FUD for quite some time now."

    Um, how exactly? The only way it could be proven is if Apple had a significant share of the market. Which they don't, and won't. Nothing against Apple or Macs, it's just the numbers.

    --
    "But this one goes to 11!"
  13. Re:It's time.... by heinousjay · · Score: 3, Insightful

    That statement has been proven to be FUD for quite some time now.

    Actually, it hasn't been proven at all. It's not possible to prove it, as a matter of fact, without OS X being the dominant operating system on the market. The usual rebuttal, Apache vs. IIS, doesn't apply to anything but Apache and IIS.

    --
    Slashdot - where whining about luck is the new way to make the world you want.
  14. Re:So they just lick their wounds and move on? by jcr · · Score: 3, Insightful

    Why is there never any retaliation against the companies that produce this software?

    Probably because the license agreement guarantees NOTHING, in great big capital letters. They exclude all warranties, including the statutory implied warranty of fitness for a particular purpose.

    Software is sold on a "if it sucks, you lose" basis.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  15. Re:It's time.... by Kadin2048 · · Score: 3, Insightful

    I'm not sure that I buy into this completely. Although there are certainly people out there who write malware for the sake of writing malware, I think that if everyone was running a system that was less inherently vunerable/insecure, that you would see criminals turning towards other ways of making money. The large-scale malware problems we're seeing today (e.g. botnetting) occur because it's profitable to write the malware, gather together a large net of bots, and then sell/lease/rent them out to someone for some malicious purpose. At some point, you can make it difficult or expensive enough to write the malware that it's no longer profitable to do that. It doesn't mean that the problem will disappear, but it might change -- criminals might put more effort into phishing and social engineering, rather than straight botnet+DDoS attacks.

    That's kind of like arguing against putting a better lock on your door, because criminals are always going to figure out a way to break it. It's true, but really you don't need a lock that's strong enough to keep every criminal out, you just need to make it more secure than your neighbor's house. In OS terms, eventually you're just going to make it secure enough that it's easier to go after the user than break the system itself.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  16. Re:It's time.... by 0racle · · Score: 4, Insightful

    The usual rebuttal, Apache vs. IIS, doesn't apply to anything but Apache and IIS

    Well if one of the best analogies is dismissed as not relevant because they aren't the same as OS's, wouldn't the idea that OS X would have the same problems as Windows also be dismissed because OS X is not the same as Windows? There is either a relation between poor security and popularity or their isn't.

    --
    "I use a Mac because I'm just better than you are."
  17. It's not common sense. It's wrong. by Futurepower(R) · · Score: 5, Insightful

    "A Mac-user with common sense!"

    It's not common sense. It's wrong.

    Microsoft is in a unique position. Because it has a virtual monopoly, Microsoft makes more money when its software has a lot of security vulnerabilities. For those who are ruled by money, morality has no force; "Maximizing Shareholder Value" is the way they live their lives.

    Microsoft makes more money if it pressures its programmers to work too fast, so that they are sloppy, and then releases buggy software. Many people are fascinated by computers, and easily accept the world that Microsoft has created for them.

    Here's a story about a Microsoft VP saying, "Oh, the next Windows operating system will be secure": "Safety and security is the overriding feature that most people will want to have Windows Vista for" .

    So, Microsoft is once again telling us "The next version of Windows will be the good one." Before, Microsoft said Windows XP was "Built to be Dependable".

    However, Vista will NOT include virus protection. Jim Allchin, co-president of Microsoft's platform products and services division told CRN, an industry magazine this:

    CRN: In terms of security, how do you compare security in Vista vs. security in Windows XP SP2?

    Allchin: SP2 was a very good system but compared to Vista, it's night and day.

    CRN: Is there going to be antivirus in Vista?

    Allchin: No, there is not.

    CRN: Why?

    Allchin: It's a complicated answer as to why not.

    CRN: Was the decision based on technical concerns?

    Allchin: It wasn't technical.

    CRN: Will Vista resolve security problems once and for all?

    Allchin: I'm not going to claim perfection or near perfection, but I think we're unrivaled in the work we've done. I believe security will be a huge problem for the industry for years and years and years but this will change the landscape in a fairly dramatic way.

    Once again, Microsoft is taking advantage of the fact that most of its customers have little technical knowledge. Mr. Allchin said that "security will be a huge problem for the industry for years and years and years".

    Microsoft charges for OneCare Live. That's another way to make money. Make sloppy software, and then sell protection against the sloppiness.

    Note the emphasis on "beta testing" in Mr. Allchin's statements in the CRN interview. Someone said that Microsoft's motto is "The whole world is our beta tester."

    --
    Before, Saddam got Iraq oil profits and paid part to kill Iraqis. Now a few Americans get Iraq oil profits, and American citizens pay to kill Iraqis. Improvement?

  18. Re:It's time.... by 10101001+10101001 · · Score: 3, Insightful

    I didn't realize it was analogy. I could have sworn it was a hypothesis with predictions. The prediction was that higher use results in a higher rate of being attacked and hence a higher rate of being exploited. To simple dismiss the Apache vs IIS argument without any basis places everyone else in the position to do the same with Windows vs Linux or Windows vs Mac OS X.

    The simple face is, Apache vs IIS does prove the simple argument that the ratio of users to exploits is higher relative to other competitors doesn't work. Whether or not there is in fact another model that fits is certainly an interesting question. But good luck not making a completely esoteric model that works but only applies to a very small subset of the industry.

    --
    Eurohacker European paranoia, gun rights, and h