Slashdot Mirror


Microsoft Says Recovery From Malware Becoming Impossible

An anonymous reader wrote to mention an eWeek Story about Microsoft's assertion that PCs may no longer be able to recover from the most aggressive Malware. From the article: "[Danseglio] cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. 'In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,'."

107 of 631 comments (clear)

  1. It's time.... by BWJones · · Score: 5, Interesting

    'In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,'."

    Ummmmm, how about switching? :-)

    Seriously though, NeXTstep certainly has a long history in certain TLA government agencies and OS X is beginning to make significant inroads there as well. In addition the timing is right for many businesses as the infrastructure costs to maintaining Windows are simply becoming too high.

    And calling these recent instances is a joke. I was having to perform complete system wipes and reconstructions due to malware years ago which is why we have essentially completed a migration to OS X. We do have some windows systems still around, but they are hidden behind OS X machines and are run headless and without connection to the Internet. In fact, it's been interesting that those companies that deliver microscopes (electron, confocal and light) and such that are currently driven by Windows are asking their customers to simply not plug them into networks or the Internet, severely limiting their use. They of course have been suggesting sneakernet to move files and data around, but my solution is to network them all with a dedicated backbone behind a Mac mini that is now shipping with Gigabit Ethernet on board.

    --
    Visit Jonesblog and say hello.
    1. Re:It's time.... by trolleymusic · · Score: 5, Insightful

      I'm a Mac user, and although I love OS X with all of my bits, I do think that if the same % population used it as currently uses windows, then there would be more serious problems with it.

      I'm sure it's much harder to get malware running on OS X, but if it becomes the platform most of your potential audience are using then malware developers will just try harder to make nasties for Mac.

      So, in this respect, sometimes I'm glad for Windows + IE - simply because I don't have to use it :D

      --
      "damnit, trolley I want in your signature." - Elburrito
    2. Re:It's time.... by superid · · Score: 4, Informative

      Speaking unofficially from an "unnamed branch of the U.S. Government", we can't switch as much as we'd like to. We are locked into Windows XP and we can only use the applications on the "gold disk". At least it's cheap, it only costs us $4,200 per year per low end laptop.

    3. Re:It's time.... by Anonymous Coward · · Score: 2, Funny

      I'm a Mac user, and although I love OS X with all of my bits, I do think that if the same % population used it as currently uses windows, then there would be more serious problems with it.

      A Mac-user with common sense! This day will go down in Slashdot's annals* as the day that Mac-users are no longer a-priori considered completely gay. *wiping away tears of joy*

      * tee-hee, I said "annals"

    4. Re:It's time.... by networkBoy · · Score: 3, Insightful

      Really, they had no way to wipe and restore on an automated process? Have they never heard of Ghost-EE? Multicasting?
      I use ghost on my PC, thus when I plan on installing new software I do so, play with it, am sure I like it, then:
      Restore latest clean system build image to machine,
      Install target application, ensure functionality,
      Create new latest clean system build image.
      I store all my non-temporary data on a server PC anyway, so this is an ideal solution. One that should work in any enterprise environment as well (assuming that there are only 3-4 different builds).
      -nB

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    5. Re:It's time.... by FellowConspirator · · Score: 2, Informative

      With regard to scientific equipment: my experience (in a biotech firm) has been quite similar. Vendors did not want you to patch the OS, install ANY software (AV or otherwise), and advised against placing the devices on a network. However, biotech generally have a protocol that requires the backing up all the data that comes off the machine.

      However, lately, we see more and more vendors moving to Linux for instrumentation control. As a company, we now request non-Windows based control and data acquisition systems (most are Linux, but we've got Mac, Solaris, and IRIX). In general, we've found these to be more robust with fewer software and data-acquisition glitches. All of our newer mass-specs have Linux-based instrumentation systems, as do our gel-imagers and such.

      You are right, though, in that reimaging Windows systems is SOP most places. The company I work for now does a "refresh" on a biannual schedule whether you need it or not, and just about any time anything strange happens on your machine. Company policy dictates that useful information be stored on a shared drive and not locally -- that way, reimaging is a minor inconvenience.

      Funny, we don't have a similar policy for non-Windows systems. Of course, about 45% of our desktops run Windows and 100% of our desktop support guys are MSCEs.

    6. Re:It's time.... by myxiplx · · Score: 4, Insightful

      Yeah, because it's so easy to replace the 20+ programs that form the core of our business, and data migration's so easy a baby could do it. Please, try responding to the point that's actually raised here instead of going on and on about migrating to alternative systems. Many companies are simply not in a position to migrate their entire network.

      Personally, I'd love to migrate us to Linux, but until I can replace CAD/CAM systems, accounting packages, design software, drawing packages, etc... that's simply not going to happen, and until it does happen I'm faced with the job of keeping our MS systems secure.

      We've found that preventing web based scripts from running has kept us virus free for nearly two years now, but even then we're expecting to be hit by something sooner or later. If you're running a Microsoft network, it's worth putting a few weeks aside to get RIS / Ghost working well. Right now we're looking to take things a step further by running all our clients off a set of blade servers running virtual machines. There are cost savings to be had with the ease of maintenance and disaster recovery suddenly becomes a whole lot simpler.

    7. Re:It's time.... by truthsearch · · Score: 2, Interesting

      Can't because someone at the top says you can't or can't because your apps are too dependant on XP? I guess I'm asking if it's a technical issue or a bureaucratic issue.

    8. Re:It's time.... by dfgchgfxrjtdhgh.jjhv · · Score: 2, Insightful

      or you could just use linux.

    9. Re:It's time.... by da · · Score: 3, Interesting

      [Speaking from no direct experience of the U.S. military, but...], it's probably staffed by (some) very competant people, it'll be managed by complete morons...

      --
      I reserve the right to be wrong.
    10. Re:It's time.... by networkBoy · · Score: 2, Interesting

      "good" malware will transfer themselves to your servers.
      Comment below:
      or you could just use linux

      Server is Linux (SOL 18) Since all data is stored as non active files, critical data in encrypted volumes accesses and unlocked only when needed, then locked when the volume is dismounted, the isses with this problem are minimal. In fact I have never had an outbreak re-infection (and this is with me looking for malware troubles). While I will admit that my system has flaws, they are very minor and not the target of any malware I have yet to come across. I also realise that many small businesses have no resources for this work, but a 2000 client network is not small business and has no excuse for basic protection levels like this.
      -nB

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    11. Re:It's time.... by kimvette · · Score: 3, Interesting

      Aside from idiots who chmod -R 777 /, OS X would remain relatively easy to recover from malware were it to become widespread. YOu might have to delete $home in some cases but being basically a Unix variant, the system itself should be relatively immune from a system-wide infection.

      This presumes of course you don't log into OS X as admin or root on a regular basis, but only for *gasp* administrative tasks.

      I know of one company which continually gets rooted, but they INSIST on running as admin all the time, AND chmod -R 777 / -- why? because they don't LIKE security. They dislike the inconvenience of not sharing out / and having to drop files only in certain folders. *knock knock* McFly, anyone home? THey don't want their machines rooted, they're tired of seeing the mouse cursors move and applications being used if they happen to be there off-hours, and yet they refuse to take most basic precautions and take advantage of OS X's security architecture - instead they work to defeat it, intentionally so, and then blame IT folks because they can't solve the problem. They've gotten to the point where no mac-savvy people will do work for them, and if I know them well, it'd take a reformat/reinstall of EVERY box at this point to get their network cleaned up again.

      --
      The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
    12. Re:It's time.... by shotfeel · · Score: 2, Insightful

      "With regard to scientific equipment: my experience (in a biotech firm) has been quite similar."

      Mine too. Too often once the software's written for a piece of equipment a company wants to sell, the software unit gets disbanded (what, you wanted support?). So then you're stuck with whatever OS was current at the time for the lifetime of the equipment. So we have setups costing 10's to 100's of thousands of dollars controlled by PCs running Win 95/98. It would be nice to have these connected to the network to facilitate transferring data, but who wants to risk that?

      OTOH, we have some old Mac 8100's running OS 9 controlling some equipment. Those have been connected to the network for years, and we haven't had a problem yet (as long as we can find mouse, keyboard and monitor replacements).

    13. Re:It's time.... by Mister+Whirly · · Score: 3, Insightful

      I do think that if the same % population used it as currently uses windows, then there would be more serious problems with it.

      "FYI, That statement has been proven to be FUD for quite some time now."

      Um, how exactly? The only way it could be proven is if Apple had a significant share of the market. Which they don't, and won't. Nothing against Apple or Macs, it's just the numbers.

      --
      "But this one goes to 11!"
    14. Re:It's time.... by heinousjay · · Score: 3, Insightful

      That statement has been proven to be FUD for quite some time now.

      Actually, it hasn't been proven at all. It's not possible to prove it, as a matter of fact, without OS X being the dominant operating system on the market. The usual rebuttal, Apache vs. IIS, doesn't apply to anything but Apache and IIS.

      --
      Slashdot - where whining about luck is the new way to make the world you want.
    15. Re:It's time.... by C0vardeAn0nim0 · · Score: 2, Insightful

      i'm a mac user too and i couldn't disagree more with you, even if i tried.

      i'm also a long time linux user (almost 10 years) and certified solaris administrator, and i can tell you exaclty _why_ a Unix or Unix look-a-like such as GNU/Linux are easiear than windows to clean and restore to a clean, working state: *NIXes are open.

      open in the sense that you know exactly where things are, what they do, when they do and how. thanks in part to the long tradition of storing configurations on well documented clear text files.

      more than once i had to clean gnu/linux machines infested with rootkits, and it was possible to do that in about 1 1/2 hour with a liveCD distro and a redhat/debian/suse/whatever set of disks from where to copy the original, clean packages.

      basicly the proccess is:

      - boot from the live distro;
      - backup everything important (data files, $HOME dirs, /etc dir, and others) if neccessary.
      - copy good binaries of basic stuff from /sbin and /bin dirs from the live CD to the infected box.
      - chroot to the mountpoint where you have the infected disk mounted. just make sure no infected binary gets executed when a profile/init script is executed when you chroot
      - force install of clean packages from a known cd. make sure you replace the kernel and modules with good ones, just in case
      - check the MD5 hashes of every possible package.
      - check every init script or or profile scipts such as .bashrc to make sure they're clean
      - reboot to a clean box.
      - apply every possible update.

      anything that gets executed at boot time will be listed either in /etc/inittab or in a sysV/BSD style init script. there's nothing hiden from an administrator when you're dealing with a *NIX (such as MacOS X). can't say the same for Win* boxes with that maze of misteries called "registry".

      --
      What ? Me, worry ?
    16. Re:It's time.... by TubeSteak · · Score: 2, Funny
      A Mac-user with common sense!
      That's funny. The link for page 2 of TFA says this:
      Next Page: Human stupidity.
      --
      [Fuck Beta]
      o0t!
    17. Re:It's time.... by bk_veggie · · Score: 3, Informative

      Um, there is a STIG on securing MacOSX you know. As someone entrenched within that community, the Gold Disk and SRR are just tools, not the final requirement.

    18. Re:It's time.... by Dare+nMc · · Score: 2, Interesting

      >if your servers are always online for data retrieval, they can copy themselves over there. There is no panacea no matter how hard you try.

      I use for my PC, and all users PC's at my work:

      http://backuppc.sourceforge.net/
      daily images of all on your harddisk, just a click on the log will show the day all your exe files changed, take the files from the day before, clean what else you need from the latest...

      >That's good, but "good" malware will...
      well bad malware would be similar to bad drm, it would go right to the boot sector... thats what I assumed the article meant, until I RTFA, their just worried about difficulty of installing windows, apps, etc. Even my solution isn't so good at that, we got apps that generated some magical PC-ID, that is tied to gosh knows what, and that just doesn't come back without pain.

      boot sector malware is where I think the $100 PC may take over in corporate, throw out the crap to some school/police/investigators/etc, and just buy a standard installed hardware/software package avaliable from multiple vendors for less than a 1/2 day of MIS time, click on my backuppc data files from a good date, gives a zip file, done.

    19. Re:It's time.... by Kadin2048 · · Score: 3, Insightful

      I'm not sure that I buy into this completely. Although there are certainly people out there who write malware for the sake of writing malware, I think that if everyone was running a system that was less inherently vunerable/insecure, that you would see criminals turning towards other ways of making money. The large-scale malware problems we're seeing today (e.g. botnetting) occur because it's profitable to write the malware, gather together a large net of bots, and then sell/lease/rent them out to someone for some malicious purpose. At some point, you can make it difficult or expensive enough to write the malware that it's no longer profitable to do that. It doesn't mean that the problem will disappear, but it might change -- criminals might put more effort into phishing and social engineering, rather than straight botnet+DDoS attacks.

      That's kind of like arguing against putting a better lock on your door, because criminals are always going to figure out a way to break it. It's true, but really you don't need a lock that's strong enough to keep every criminal out, you just need to make it more secure than your neighbor's house. In OS terms, eventually you're just going to make it secure enough that it's easier to go after the user than break the system itself.

      --
      "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
    20. Re:It's time.... by crawling_chaos · · Score: 2, Insightful

      And go to jail. Messing with the military's computers even to do something in a better way is a severe Career Limiting Activity. The military isn't a democracy, and likes things done through the chain of command.

      --
      You can only drink 30 or 40 glasses of beer a day, no matter how rich you are.
      -- Colonel Adolphus Busch
    21. Re:It's time.... by 0racle · · Score: 4, Insightful

      The usual rebuttal, Apache vs. IIS, doesn't apply to anything but Apache and IIS

      Well if one of the best analogies is dismissed as not relevant because they aren't the same as OS's, wouldn't the idea that OS X would have the same problems as Windows also be dismissed because OS X is not the same as Windows? There is either a relation between poor security and popularity or their isn't.

      --
      "I use a Mac because I'm just better than you are."
    22. Re:It's time.... by heinousjay · · Score: 2, Insightful

      The basic problem is that there is no such thing as proof by analogy. It doesn't matter how good the analogy is.

      --
      Slashdot - where whining about luck is the new way to make the world you want.
    23. Re:It's time.... by nial-in-a-box · · Score: 4, Informative
      Rootkits.

      Not removable. I don't care if you can remove them, what I do care about is time. If you have to fix a bunch of people every day, clawing around at the core system trying to find a hidden rootkit and remove all traces of it while not breaking anything worse than it already is will most likely take you far more time than backing up some data and doing a full reinstall.

      Basically, if you're using Internet Explorer and have not got a rootkit yet, you are either using good browsing practices or you do have one and won't admit it. I support 10,000+ students at a university, and we're doing at least one reinstall a day due to rootkit infection. These are mainly young women who are just using the internet like all their peers do; i.e., not looking at porn or searching for warez or cracks.

      --
      I am feeling fat and sassy
    24. Re:It's time.... by Fulcrum+of+Evil · · Score: 2, Informative

      There's a war on. Shouldn't someone in your procurement chain be facing a court martial?

      Why? Just because we've invaded some pissant country doesn't really change things. We haven't actually been at war for 60 years.

      --
      "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
    25. Re:It's time.... by mOOzilla · · Score: 2, Insightful

      Newsflash, you ARE at war. Iraq, Afghanistan etc. Its the united nations and the EU that has to come in and clean up your shit. I say kick the UK out of the EU as a rogue nation, Denmark too and any other rogue nations "at war" under a "flag of convience"

    26. Re:It's time.... by mOOzilla · · Score: 2, Insightful

      So whats this "War on " crap, just because you do not "ration" does not mean you are not at war. Open your eyes fool.

    27. Re:It's time.... by JahToasted · · Score: 2, Insightful
      What an age we live in. You are expected to give up your freedoms and privacy "for the war effort" but you can still have your plasma HDTV.

      Its like the worst parts of 1984 mixed with the worst parts of Brave New World. Dammit, if you're gonna take away my freedoms, at least give me soma and orgies, not another goddamn war.

    28. Re:It's time.... by 10101001+10101001 · · Score: 3, Insightful

      I didn't realize it was analogy. I could have sworn it was a hypothesis with predictions. The prediction was that higher use results in a higher rate of being attacked and hence a higher rate of being exploited. To simple dismiss the Apache vs IIS argument without any basis places everyone else in the position to do the same with Windows vs Linux or Windows vs Mac OS X.

      The simple face is, Apache vs IIS does prove the simple argument that the ratio of users to exploits is higher relative to other competitors doesn't work. Whether or not there is in fact another model that fits is certainly an interesting question. But good luck not making a completely esoteric model that works but only applies to a very small subset of the industry.

      --
      Eurohacker European paranoia, gun rights, and h
    29. Re:It's time.... by v1 · · Score: 2, Insightful

      Um, how exactly? The only way it could be proven is if Apple had a significant share of the market. Which they don't, and won't.

      Wouldn't this mean you can neither argue for nor against it, since it's only theoretical? It sounds like you're using this as a point to argue against it?

      --
      I work for the Department of Redundancy Department.
    30. Re:It's time.... by Technician · · Score: 2, Interesting

      Personally, I'd love to migrate us to Linux, but until I can replace CAD/CAM systems, accounting packages, design software, drawing packages, etc... that's simply not going to happen, and until it does happen I'm faced with the job of keeping our MS systems secure.


      I solved that problem. I have job specific machines. The days of a general purpose computer used for everything under the sun is over. Sure I have a machine for Turbo Tax, and other Windows specific applications.

      My web browsing machine is a Ubuntu machine, not the Windows sitting duck. I use a NAS drive that is common to all machines. All shares are password protected. Some shares are read only (MP3's etc.).

      The Windows machine is not used for general internet browsing. The Internet machine does not have permissions to install malware.

      --
      The truth shall set you free!
  2. Unrecoverable? by ccady · · Score: 4, Funny

    Unrecoverable? What's wrong with FDISK?

    --
    J'aime mieux les méchants que les imbéciles, parce qu'ils se reposent. -- Alexandre Dumas
    1. Re:Unrecoverable? by RetroGeek · · Score: 3, Interesting

      In the days before multi-sync monitors, you had to carefully match the refresh frequency of the video card to the refresh frequency of the monitor.

      There was a virus that did change the refresh frequency and that caused the monitor to fail, sometimes with smoke.

      --

      - - - - - - - - - - -
      I am a programmer. I am paid to produce syntax not grammar. Deal with it.
  3. Sony by From+A+Far+Away+Land · · Score: 5, Insightful

    Companies like Sony pushing rootkits onto unsuspecting customers is part of the trend toward stealth and aggressive rooting of machines. Once a serious worm that can spread quickly and hide deeply gets around, people will realize how serious an issue rootkits are.

    1. Re:Sony by CastrTroy · · Score: 2, Insightful

      Most people don't know what a distributor cap is either, so why should they care. Oh yeah, because without it, your car wouldn't go anywhere. Most people don't know what a capacitor is, so why should they care. Oh, because almost no piece of electronics would work without it. Just because people don't understand rootkits, doesn't mean we should go around like mad, installing them on every computer, just to protect the precious copyrighted music.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  4. no disaster recovery plan? by jacksonai · · Score: 3, Insightful

    Ok, so why was there no diasaster recovery plan in the first place? Surely the thought of an uber virus wrecking Windows had to have been brought up at some kind of meeting? Those who fail to plan plan to fail. Plain & Simple

    --Taladon

    --
    Like Sweepstakes? Try out my service @ http://www.yourpowersweeps.com -- Free 21 day trial, no cc needed.
  5. Ho Hum by Draegonis · · Score: 2, Funny

    The govt's "war" on "cyperspace" is sure going well!

  6. This is news? by pcgamez · · Score: 4, Insightful

    I think any of us that work on computer systems long ago figured out that the rebuilding of a system is far easier than trying to remove each piece of malware. Now, in cases where there is critical data on the machine then it would be worth it to try. The fact is, but the time we hear about the issue, it isn't a matter of removing one or two pieces, it is usually closer to 20 or 30.

  7. Heh by Moby+Cock · · Score: 2, Funny

    Finally! A real reason to upgrade to Vista.

  8. Translation by metamatic · · Score: 5, Insightful

    "Everyone needs to buy a copy of Windows Vista, which will solve the malware problem."

    --
    GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
    1. Re:Translation by kfg · · Score: 2, Funny

      "Everyone needs to buy a copy of Windows Vista, which will solve the malware problem."

      Mostly, after Service Pack 2; and excepting signed malware (a software company has to make a living).

      KFG

  9. Kernel hooks? by tedhiltonhead · · Score: 4, Interesting

    because they often use kernel hooks to avoid detection

    Um, how about making it possible to DISABLE ADDING KERNEL HOOKS? There should at least be a reliable way to get a list of all currently-running kernel hooks, if there's not already.

    1. Re:Kernel hooks? by DaHat · · Score: 2, Insightful

      Sounds nice in theory... but what about those applications that legitimately require kernel hooks? You know... things like hardware and software drivers?

      Which is worse? Allowing virtually anything to hook into the kernel (provided the running user has the rights) and potentially opening it up to rootkitting... or a user accidentally disabling all 3rd party kernel hooks which caused their anti-virus program's filter driver to stop working and not detect a more run of the mill virus causing them much pain and suffering?

    2. Re:Kernel hooks? by Anonymous Coward · · Score: 2, Funny

      Or how about this. We make a single privileged account with the power to add stuff like kernel hooks and keep everyone elses hands out of it. We could even add a feature so that normal users can jump up to this special "privileged" mode by entering a special password. Of course this would be designed in such a fashion that the normal users can still perform day to day tasks like running programs, printing, adding removable storage, etc.

      Wow! I'm surprised no one thought of this before!

    3. Re:Kernel hooks? by hackstraw · · Score: 2, Informative


      I just did a cursory search and found this:

          http://www.sysinternals.com/Utilities/RootkitRevea ler.html

      The sysinternals guys seem to know Windows better than MS. Cool people to know if you are forced to use MS operating systems.

  10. Re:Format C: by jacksonai · · Score: 3, Informative

    Actually, no. MBR viruses and systems with multiple partitions sometimes cannot be guarenteed virus free without wiping all partition tables via fdisk or a low level format. Back in the day, I remember a virus named NYB that stuck around beyond fdisk on scsi drives. The only way to get rid of it was an actual low level format.

    --
    Like Sweepstakes? Try out my service @ http://www.yourpowersweeps.com -- Free 21 day trial, no cc needed.
  11. But you never could... by Anonymous+Brave+Guy · · Score: 4, Insightful

    You could never recover a compromised system reliably anyway. Once someone's got through your security to a certain level, you can't trust anything - including security tools and diagnostic information - that runs at that level or above. For a typical desktop PC or office server, that basically means you can't trust anything left on the system.

    Any sort of virus removal or system clean-up after being cracked is just a calculated risk that the attack will have been completely removed, based on the fact that doing a complete rebuild of a system and restoring all the backed up data is expensive, and while not cleaning up 100% after an attack is potentially more expensive, the probability of this is low.

    And no, running Linux or MacOS X instead of Windows doesn't change this, despite the number of people flippantly suggesting these alternatives. I'd have told you this earlier and saved a dozen posts, but apparently it's been 4 minutes since I last successfully posted a comment, so I can't post another one yet... ;-)

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    1. Re:But you never could... by 99BottlesOfBeerInMyF · · Score: 4, Informative

      You could never recover a compromised system reliably anyway. Once someone's got through your security to a certain level, you can't trust anything - including security tools and diagnostic information - that runs at that level or above. For a typical desktop PC or office server, that basically means you can't trust anything left on the system.

      Actually, this not completely true. You just run your tools on another machine known to be uncompromised. Also, there are hardware level recovery systems that will restore to a known, clean state.

      And no, running Linux or MacOS X instead of Windows doesn't change this, despite the number of people flippantly suggesting these alternatives.

      Running OS X is somewhat beneficial since it is less susceptible to malware due to architectural choices and lesser attention from malware authors. Just not being Windows can be a great help, practically speaking. Also, all OS X machines can be put into Firewire target mode, facilitating easy recovery of data from compromised systems with greatly reduced risk of infection.

      Running Linux can make an even bigger difference. Since Linux supports virtualization technologies, mandatory access schemes, and the like you can not only reliably recover data, but be fairly confident that once a escalation vector is detected and patched, the data from that particular machine will not cause a new machine to be re-infected. This means you can say with reasonable certainty that there will be zero data loss as a result of wiping a machine and the process can be automated.

      This is, of course, on top of the greatly increased security that can be obtained by using certain, secure Linux distributions. Arguing that SELinux or OS X won't make a difference, even though both contain functionality designed to do just that, is simply incorrect. (Note, before someone gets uppity, I am not equating the level of security provided by SELinux with OS X.)

  12. Thin Clients by Citizen+of+Earth · · Score: 5, Insightful

    the U.S. government struggled with malware infestations on more than 2,000 client machines. 'In that case, it was so severe that trying to recover was meaningless.

    Whereas, if they had been using thin clients with no local storage, the only recovery action would have been on the server. And if they had been running non-Windows on the server, they wouldn't have had these infestations in the first place. A full-blown Windows PC on every desktop in an enterprise is just an expensive welfare program for MCSE types.

    1. Re:Thin Clients by DrVomact · · Score: 5, Informative
      I couldn't agree more. I look around my workplace (the software development group of a large healthcare firm), and see thousands of PCs, each subtly different from the other, that have to be individually maintained by our not-too-bright IT staff. They run an OS that was never designed for collaborative use, has never had true "multi-user" capability, and barely manages to do something remotely like multitasking.

      I compare this to the environment I enjoyed in the early 90s: diskless Sun workstations connected to Unix servers (Convexen), and I long for the good old days. Heck, I had a PC at home--but it was for play; the real computers were at work, and I knew it. The OS had been designed from the ground up as a multi-user collaborative environment, with a simple, sensible and reasonably effective security scheme. Thanks to my .profile and my private cache of scripts and macros, I could personalize my X Windows and command line environment to my heart's content.

      Yes, there were some drawbacks. Sometimes, response was sluggish--who started that damn compile at three in the afternoon? And of course, if the server went down, everyone was SOL. I think the first concern could be addressed by the much faster processors of today (and some judicious load-balancing). Our networks have gotten much faster and more efficient, so I don't think response time would be much of a problem. As far as downtime, it has to be at least a wash--and when a large mob bearing torches and pitchforks descends on IT, they tend to get problems fixed with amazing alacrity.

      Balancing the two environments, today's seems to be the obvious loser. Why are companies throwing billions down the Wintel rathole each year when they could have efficient centralized servers running a real collaborative OS? How did this happen?

      I think I know part of the answer. The first signs of the Great Fall came when a few managers bought PCs so they could run MS Office applications--primarily spreadsheets at first, then--oh wonder of wonders--PowerPoint and Word. But now management found that they had been sundered from their underlings, who were working in a completely different environment from theirs. Incompatibility reared its head: You had to buy one set of apps for the PHBs, and another for the geeks. Worse, underlings could not read communications sent to them in Word format by their bosses, and they could not produce beautiful PowerPoint presentations on demand. They could--alas--only do their jobs. Management found this Wasteful and Inefficient, so they decreed that henceforth, everyone shall use computers just like theirs, running an operating system just as powerful and capable as theirs. And so now we live in compatibility Hell.

      --
      Great men are almost always bad men--Lord Acton's Corollary
  13. Fools... by chazzf · · Score: 2, Interesting

    I see the first few comments suggesting a switch to Linux or Macintosh. At least where I work, in the educational sector, that's impossible. The time spent retraining faculty and staff alone would outweigh the security benefits, especially when you consider all the specialized software floating around that hasn't been ported (curse you, Department of Education).

    That being said, we haven't had much trouble with malware, and we're mainly an XP Pro/2K shop. We don't allow our users to run as administrators--period. That includes techs. Those who need the ability to install stuff have a local account which is prohibited from actually logging into the computer and has no rights to the domain. Ever since we implemented that things have been pretty quiet. In the rare case when somebody's machine does go down we can take a ghost image for backup purposes (if they aren't storing stuff on the network), and then re-ghost with a clean image. Average turnaround time: two hours.

    --
    No statement is true, not even this one.
    1. Re:Fools... by MrWim · · Score: 2, Insightful
      [snip] At least where I work, in the educational sector, that's impossible. The time spent retraining faculty and staff alone would outweigh [snip]

      As you work in the educational sector one would expect that retraining could be done in house and on the cheap. Also one would imagine that the vast majority of your users (i.e students) are to be taught how to use windows, so there is no difference as you would just teach them to learn gnome, etc. instead.

      It sound like a case of you can't be bothered

    2. Re:Fools... by xdroop · · Score: 3, Insightful
      I see the first few comments suggesting a switch to Linux or Macintosh. At least where I work, in the educational sector, that's impossible. The time spent retraining faculty and staff alone would outweigh the security benefits, especially when you consider all the specialized software floating around that hasn't been ported (curse you, Department of Education).
      Nothing is impossible.

      It's a gamble. Building the new system represents a cost (in time and labor if nothing else). Retraining staff is a cost. Finding new apps, or secure work-arounds for existing apps, represents another cost. Dealing with the transition (helpdesk, troubleshooting, whining users, fixing incompletely transitioned apps) represents yet another cost.

      On the balance side is the cost of a security breech which (insert your company's worst nightmare here). Or the cost of denying all your users all your computers for a period of time while things are all rebuilt. Of course it isn't guaranteed that either doomsday scenario is going to happen; simultaneously, it isn't guaranteed that either doomsday scenario is going to be limited to a single incident.

      It's called risk management.

      Put another way: is it worth taking a known, calculable, solid kick in the nuts to mitigate the risk that you might be repeatedly shot in the arm, chest, or head?

      What is your business worth?

      --
      you should read everything on the internet as if it had "but I'm probably talking out of my ass" appended to it.
    3. Re:Fools... by Syberghost · · Score: 4, Interesting

      I see the first few comments suggesting a switch to Linux or Macintosh. At least where I work, in the educational sector, that's impossible.

      Wouldn't matter anyway. Best practices for recovering from UNIX intrusion have always been to wipe the disks, reinstall the OS, and recover the last known-good backup. Nothing has changed here but Microsoft's attitude; they're starting to grow up a little.

      (sniff). I remember when they were knee-high.

    4. Re:Fools... by Herkum01 · · Score: 2, Insightful

      At least where I work, in the educational sector, that's impossible. The time spent retraining faculty and staff alone would outweigh the security benefits

      Translation: I never have the time to do it right, but I always have the time to fix it!

    5. Re:Fools... by smoker2 · · Score: 2, Informative
      The time spent retraining faculty and staff alone would outweigh the security benefits, especially when you consider all the specialized software floating around that hasn't been ported (curse you, Department of Education).
      It always makes me laugh - retraining people to click things on a screen. It makes me laugh even harder when these people are supposed to be *educators* .

      What's wrong with giving people a set of printed manuals and a linux partition and informing them that they will be expected to be up to speed on the new system in $x months ? No-ones asking them to contribute to kernel development !

      On the other hand, it was a major problem to work out how to use that brand new piece of software called iTunes wasn't it !</sarcasm>

      Where I come from (the past obviously), a tradesman is responsible for his own tools/knowledge. These days it seems to be that no-one has either the time, or the inclination to improve their own skill set.

      Excuses, excuses ...

  14. So they just lick their wounds and move on? by gcauthon · · Score: 5, Interesting

    Why is there never any retaliation against the companies that produce this software? If someone overseas comes up with a way to play a DVD on his own computer then he's pursued endlessly. If someone puts out a warning about how Adobe's encryption is not so secure then they're drug over to the US for trial. But if someone writes malware that destroys thousands of computers, including government property, then absolutely nothing is done. It just seems a little odd to me.

    1. Re:So they just lick their wounds and move on? by aussersterne · · Score: 3, Interesting

      Artifacts of modernity/capitalism. Institutions and corporations are more human than are their human constituents. Inter-institutional and inter-corporate grappling is seen in a darwinistic way -- nature dictates that they "survive" or "compete" on the open market and this is seen as ultimately most beneficial for society. Once the dogma begins to flow its banks, however, any contradiction or interference in the macro-ecosystem of political economics by individuals humans begins to be seen as parasitic, something "unnatural" to the process that interferes in the evolutionary process that governs institutions and corporations.

      Don't ever let yourself think that it isn't purely ideological because it is, it's the same philosophy that guides the IMF and Bush's conquest of the Middle East.

      One more result is the belief that malware from companies/organizations = marketplace should decide, and that's good, while malware from individuals = individual must be punished for causing (seen to be parasitic) difficulties for aforementioned companies/organizations.

      --
      STOP . AMERICA . NOW
    2. Re:So they just lick their wounds and move on? by Software · · Score: 2, Informative
      >If someone puts out a warning about how Adobe's encryption is not so secure then they're drug over to the US for trial.

      Are you referring to the Skylarov case? If so, you're off. First, he cracked the encryption; he didn't just issue a warning. Second, he was not dragged to the US for trial. He went to the US of his own free will and was arrested in the US.

      I'm not saying whether Skylarov's actions were justified or not, but your version of the events is not correct.

    3. Re:So they just lick their wounds and move on? by borderpatrol · · Score: 2, Interesting
      From TFA:
      Danseglio said malicious hackers are conducting targeted attacks that are "stealthy and effective" and warned that the for-profit motive is much more serious than even the destructive network worms of the past. "In 2006, the attackers want to pay the rent. They don't want to write a worm that destroys your hardware. They want to assimilate your computers and use them to make money.

      And therein lies the problem. I've said time and again that you can forget about viruses and worms in the sense of traditional mail mailing worms and the likes. The "antivirus" market has for the most part finally gotten through to consumers and they've been educated enough to contain virus outbreaks to small flareups, but not major outbreaks.

      But when you've got a multi-million dollar company, permission based marketing, and some unscruplious hackers with ties to the russian mafia, the spy/adware outbreak is causing far more havok and is going pretty much unnoticed.

      When I do virus/spyware removal at my job (I work for a service center at a retail electronics chain, so I deal with "average customers", not IT staff) it always comes to removing 100 pieces of spyware. The consumers all seem to just think that it's just the system getting old. When I tell them they're infected with spyware, most of their responses are to simply by a new PC (and get infected once more). I can tell you hundreds of horror stories, like the system I did last week that was turned into a server, uploading over 14k files to the Kazaa network, or the customer's system that was so badly infected it would cause all network traffic to halt on her home network because the system was sending out so much data traffic.

      It's alot harder to bury a company like 180 solutions, Aluria, and the like when they've got million in revenue, backing of big companies like Ford and eBay using their advertising, and being able to hide in the EULA of some screensaver program.

      The age of the half-hacker virus writer is dead. It's gotten much more organized once the money started coming in.

      Suggested Reading: Sunbelt Blog

      --
      Yeah I've been starving them, teasing them, singing off key. Me may mah mo, me mo ma me.
    4. Re:So they just lick their wounds and move on? by jcr · · Score: 3, Insightful

      Why is there never any retaliation against the companies that produce this software?

      Probably because the license agreement guarantees NOTHING, in great big capital letters. They exclude all warranties, including the statutory implied warranty of fitness for a particular purpose.

      Software is sold on a "if it sucks, you lose" basis.

      -jcr

      --
      The only title of honor that a tyrant can grant is "Enemy of the State."
    5. Re:So they just lick their wounds and move on? by Rick.C · · Score: 2, Interesting
      Why is there never any retaliation against the companies that produce this software?

      Years ago a friend was following another car down the interstate at a high rate of speed. A cop pulled up behind them and turned on his flashers. My buddy hit the brakes; the other guy hit the gas. The cop pulled my buddy over and wrote him a ticket. Buddy asked cop why he didn't go after the other guy, who was obviously avoiding arrest. Cop's reply: I was only going to be able to get one of you and you were the easiest.

      Law enforcement is always going to go after the low-hanging fruit first. That means the "DVD Jons" and the Dmitry Sklyarovs - the little guys of the world - not the corporations, not organized crime, not even the savvy spammers who are able to do a fair job of covering their tracks.

      As the old joke goes, when the bear is chasing the two of us, I don't have to outrun the bear, I only have to outrun ~you~.

      --
      You were 80% angel, 10% demon. The rest was hard to explain. - Over The Rhine
      "Math in a song is good."-Linford
    6. Re:So they just lick their wounds and move on? by shotfeel · · Score: 2, Insightful

      Why is there never any retaliation against the companies that produce this software?

      Or it could be in the cases you cited, what was done was done very publicly, so the person responsible was easy to find. Now if you know who is responsible for the malware in question, why don't you let the FBI know and see what happens?

      Its no odder than the fact that I got a speeding ticket when I sped past an unmarked police car, but they haven't found the person who broke several windshields in the neighborhood a while back.

  15. Wow. Really? by HaloZero · · Score: 3, Informative

    The EDS solution (while EDS isn't the best organization, this solution is highly effective in malware prone environments); GigE to the console, unified desktop system. You have three or four builds of different machines (Laptop, High-performance desktop, 'Information worker' desktop, kiosk) with an imaged pushed every night. Users data is stored nonlocally, in mapped network drives. Expensive to implement? Sure. Cost savings in the long run? You betcha! Plus, the helpdesk ends up with LEGITIMATE user issues, not 'Wah, I don't want to read the onscreen directions, you do it!'.

    --
    Informatus Technologicus
  16. MMSF (more Microsoft FUD)(TM) by zappepcs · · Score: 4, Interesting

    This is just one more attempt to soften up the consumer marketplace, tenderize it like a NY strip steak, so that joe average will be ready to buy a new PC, capable of running Vista so they don't have to worry about malware anymore, thanks to those really nice folks at Microsoft. The longer that MS has to soften the marketplace with FUD and 'smoke and mirrors' about how they are going to eliminate malware etc. with Vista, the more likely that people will 'wait for' Vista to ship rather than switch to before 2010, when Vista actually does ship SP2 so that it works. MS always makes more money by selling an OS license with new hardware then they ever did selling just the OS. We all know how that works.. so look forward to more of this MMSF in the coming months from the superheros in Redmond....

  17. PC vs. Windows by WindBourne · · Score: 4, Interesting

    I wish that the industry would say this proper. A PC is a personal computer. That includes apple and most linux boxes. OTH, the PCs that are having problems are Windows based PCs. Basically, the press should be saying that it impossible to remove malware from windows.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  18. Didn't we already know this? by liliafan · · Score: 2, Funny

    Is this really news? seems to me it is a lot like saying, MS says the sky is blue.

    There is so much malware out there that bypasses antivirus and spyware checkers, case in point when I used to use windows (I moved to Gentoo/Solaris 10 about 3 months ago) I was running ClamAV, and Norton AV, additionally I had 2 spyware checkers, all these products updated every night.

    One morning I executed a crack program (I know but I was half asleep, oh and before people start complaining that I shouldn't use the crack, I purchased the software but it requires activation everytime you reinstall your machine and they won't supply a key after 10 reinstalls) my machine was infected right away with spyware and adware all through the system, my virus checkers didn't catch it, my spyware checkers didn't catch it, I was running all the anti-malware applications I could trying to clean the system nothing was working I was manually cleaning the registry. In the end I had to reinstall the system. I have a pretty secure network my PC had all the protection I could reasonably use but still I was heavily infected the only cure a complete reinstall.

    --
    GeekServ Unix Consulting Services (http://www.geekserv.com)
  19. Obvious by John+the+Kiwi · · Score: 2, Interesting

    For some time it has been easier to wipe and reinstall rather than repair an infection, of course this is dependant on knowing where your data is to begin with - hint: this is why we have servers. A reinstall (automated of course) will take less than 2 hours and everything is guaranteed to be working properly afterward. Properly eradicating most spyware takes a lot longer than this and doesn't guarantee that you or the program/s you use have gotten everything. Why even take the risk of repairing a spyware infection?

    On Windows boxes I still see many spyware infections on computers where the users don't even have administrative access. This includes the adding and changing of system services that users don't (read as shouldn't) have access to change as well as totally screwing over the Windows system restore which I might add helps malicious software coders than the users actually trying to restore system files. All this from surfing a malicious site in IE.

    It really is impossible to trust an infected machine even after every effort has been made to remove the spyware. This is something every Microsoft admin I know has known for some time, this should be a non story except that it's about a government branch that had 2000 spyware infected client machines and no disaster recovery plan - heads should be rolling.

    1. Re:Obvious by dodongo · · Score: 2, Interesting

      You know, every damn time I sit down to fix a nice, rich malware infestation anymore, I think to myself "Should I just suggest we wipe the drive and move along?"...

      And the answer is really simple: Windows simply refuses to make it easy to partition a drive so that data is over THERE ---> and only the OS is on this parition. Yes, I know you can do it. But you try explaining to home users who are terrified of any sort of change on their computer that their documents are on the D: drive. And no, they don't have a new hard drive. And yes, it's a Good Thing to have it that way. Grrrar.

      Perhaps the simplest (to implement on their end) improvement MS could make to Vista is just to have it ask if you want user files and OS files on the same paritition or different ones.

      Then the easy-to-use, always answer for "can you remove this spyware" is "Yes, and I can do it cheap if you're willing to reinstall your software CDs yourself."

  20. Re:Format C: = The Matrix by From+A+Far+Away+Land · · Score: 4, Interesting

    Formating doesn't come close to elimination real malware though. The boot sector isn't overwritten first of all unless you specify /s
    Additionally, the malware could have virtualized your PC and whatever changes you make are to the virtual computer you are running on while the virus has real run of your hardware and resources. Even if that doesn't exist yet, one day it will because it is possible using software that is even freely available today, with some tweaks that bad people would only be too eager to implement.
    Talk about the mother of all rootkits eh? Your computer would be like The Matrix, a virtual world where you think you are in charge but are really running a pawn cause you're pwn3d.

  21. Reading between the lines... by dtjohnson · · Score: 2, Insightful

    ...it sounds like rootkits are becoming a BIG problem at Microsoft:

    "When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here."

    Now those sound like the words of someone who has 'been there and done that' more than a few times. If Microsoft is having those kinds of problems with the hardware, software, and expertise they have at their disposal, imagine the kinds of problem that 'Sam's Plumbing and Heating Co.' is having.

  22. This is exactly why... by gwayne · · Score: 2, Funny

    personal computers don't belong in the business workplace. Whatever genius (M$) decided it was better to move away from the terminal-server model to individual PC workstations and its subsequent adoption in corporate America is ultimately responsible for high TCO, virus and malware outbreaks, disruption of business continuity, etc. The capabilities of modern personal computers are not necessary for most work and only serve as a distraction, resulting in even lower productivity.

    Oh, and death to all virus/malware writers!

  23. Heads SHOULD roll by laplandsix · · Score: 2, Interesting

    I take care of a couple hundred machines and the FIRST thing I did when I was hired was to set up an automatic install. It's a pretty tiny investment when you think about it. I didn't even do the standard hard drive cloning, I did it the HARD way and scripted a full XP install, which then hooks into automatic application install after XP is done. This is BASIC stuff. I can't believe the outright negligence of an IT department that doesn't have some sort of restore process.

    --
    Free The Lapland Six!!!
    http://www.whatiwore.com
    What I wore, now with 100% more pool project!
  24. Its official by hackstraw · · Score: 2, Interesting

    Microsoft has screwed up for so long, in such a bad way, that now they can't even recommend using their operating system anymore?

    Yes, I know I'm borderline troll, here, but lets look at the progress over the years here with Microsoft OSes:

    1) DOS

    Not much of an operating system. In fact, it does not meet my definition of an operating system. It started out as a purchased in house rip off of CPM or whatever, and IBM was conned into bundling it with their monopoly PC biz at the time. It took years to add features like memory management, disk caching, multi-tasking was a joke. Reliability was abysmal. Yuck. How did a company start from that?

    2) Windows 1.0 - 3.x where x 1

    Junk. Nobody used it, except towards the 3.x days, and even then people dropped to DOS much of the time.

    3) Windows 3.1 and 3.11. Yes, this was the first viable product from the company, but barely. This came out in 1993. Yes, 1993. And it only then almost had the functionality of a Xerox Star from 1981.

    4) NT 3.51. The first time I sat behind one of these, I was amazed. This was the first solid 32bit offering I used and it just felt solid and real. Same ugly interface for 3.1x, but this was a real operating system.

    5) Windows 95. Its claim to fame was that Mac people called it MacOS from 1984. Honestly, it was their greatest achievement to date after conning their way with IBM. I was pleased when it came out. It had issues, but was OK for the time.

    6) NT 4.0. Late to market, but OK. basically 3.51 with 95 UI and some other enhancements. decent for a small company or workstation I guess at the time.

    7) Win 98. Better than 95, especially with OSR2 or whatever it was called. Introduced USB and plug and play, but neither worked well.

    8) Win ME. No comment besides this was the alpha quality OS that was the beginning of the merge between DOS/Win to NT. Everybody knows this was junk.

    9) Win2k Added stability for the first time to their systems. This is where they took a bad UI and started making it worse. Slow as a dog.

    10) XP. Never really used it, but again, more stability, aside from the fact that the legacy support from bullet #1 is now an infectious target for malware, viruses, spyware, worms, trojans, you name it, if you don't want it, it will be on your newly installed computer in seconds without a firewall. Sometime after XP came out, MS took a week or two off of writing cutting edge code to get their security in gear. We all appreciate that, right?

    11) Vista. Looks like a revamping of Win2k. Bad UI made worse, and will be slow as a dog. Nothing to see here, please move along.

    What I noticed in typing this, is that MS is _always_ about 10 years behind where the progress should be. Its now 2006, and XP is a clowny looking thing from the mid 90s. I will say that they sure know how to sell stuff to people. They get an A++ for that, but innovation and quality have never been their forte.

    1. Re:Its official by PPGMD · · Score: 2
      I can't believe this is being modded interesting. The user has no clue, nor any perspective, and obviously is either a Linux or a Mac OS fan boy.

      DOS at the time was great, there were no other options other then Unix, which at the time was very expensive and very hard to use. For the most part he goes comparing OSs that really never went anywhere (like the Xerox OS's) with an marketed product. Yeah it's great Xerox has those features in 1981, but you have to put the product to market and have it accepted by the consumers.

      NT 4.0: "I guess it's good for small businesses," I find it quite funny since the Windows Server I know with the longest uptime was an NT 4.0 box, it's going on 4 years of uptime, just chugging along, I wish I could claim that for my systems, I'm happy to get a year before some hurricane knocks out power to the site.

      Mac vs Windows: It's great that Mac OS had a descent GUI, but thats useless unless you do something with it, up until recently Mac Developer support sucked, where as Microsoft embraced developers during that time period, the MSDN crew had a ton more leeway back then to get developers on board with their products, even going so far as giving away full PCs with the development environment installed on it. The developers brought their software to the PCs, and Microsoft even bought a few key products (Excel) to enhance it's portfolio.

      Based on your opinion of 2000 and XP, you make clear you bias, 2000 slow? Hardly 2000 Pro was the best stripped down Microsoft OS, I still have it installed on some of the lower end laptops used around my Office. XP is also an excellent OS (though I don't like the default colors, the GUI is great IMO), along with 2003, sure they both have their issues, but in the hands of a competent admin, you can really make them sing.

      The jury is still out of Vista, personally I will likely disable Aero Glass, and move to the XP style start menu, no side panel, and the Windows 2000 color scheme. But the beta builds that I have been getting have been pretty good, and they seem to be making progress.

  25. Will it get to the point? by mytec · · Score: 3, Insightful

    When a *nix box gets rooted, generally standard practice says that you rebuild the box. I'm unsure if this is the case with Windows rootings. That is just the way it is.

    Malware wants to be "sticky". I'm surprised it has taken this long to become truly difficult if not downright impossible to remove.

    What I wonder is if people will just tolerate the unremovable malware instead of the frustration and/or time of reinstalling the OS and applications and getting everything just right all over again. It's one thing for system administrators and geeks to reinstall. It another thing entirely for the average user to have full/incremental backups or cloned drives or some set of procedures for reinstallation.

    This is definitely an interesting situation.

  26. these the guys whose registration is anti-Ghost? by swschrad · · Score: 2, Insightful

    the guys who with XP-SP1 tried to isolate everybody who had a common serial number?

    MS has finally awakened and smells the coffee.

    but I have no cup for them any more.

    --
    if this is supposed to be a new economy, how come they still want my old fashioned money?
  27. Boot from CD by Nom+du+Keyboard · · Score: 2, Insightful

    I'm coming to the point where I feel that the core Windows environment needs to be booted from CD, or some other read-only media that can't be altered. Yes, additional drivers and installed programs will need to boot from the hard drive, however, a Safe Boot option to run your virus scan from as part of the read-only boot could then be used to much more easy remove the malware.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  28. A solution by blutrot · · Score: 2, Informative

    Where I used to work, we solved the problem by running with a solution that reinstalls the software on the machine remotely.

    We used a Windows domain and DFS to ensure the users did not lose their data when rebuilding a machine. We then sent an OS image to the system remotely and remotely installed all the software on the system. We would regularly update our image to include all security patches. This was also complemented by a Windows Update Server to push security patches to deployed systems. This was complimented by antivirus and safer policies enforced on the systems. The system also scaled well to several thousand computers.

    This may seem like a lot of work, but there are several turn key solutions to do this. (e.g. we used altiris). In addition, the work we did upfront saved us an immense amount of time later on. We were able to reinstall the software on hundreds of computers in 30 minutes. Every now and then we would get a straggler but dealing with 2 or 3 stragglers is much easier than trying to fix or reinstall all the computers by hand. It also allowed us to recover from major virus-related disasters. It wouldn't be difficult to fix 2000 computers and have time to enjoy lunch. (If you are wondering where the bandwidth comes from, we multicast.)

  29. Re:They had to design a process real fast by croddy · · Score: 2, Insightful
    If Linux suddenly got a real UI

    Once you've worked with a real X11 window manager, you can never go back to the crude hacks used on other platforms. Are you talking about an icon theme or something? Maybe you're thinking of KDE circa 1998?

    and gained the ability to run industry standard applications

    You're talking about "de facto standards", not standards. Standards are publicly documented and have been the prime focus of Linux systems since before day 1. Undocumented, un-POSIX-compliant applications may be popular, but they are not "standards".

    it's popularity would likely increase to the level where malware authors would notice it.

    A nice try, but Unix-like systems have something that we call a "security model". Except in the case of people who refuse to apply updates or do things like purposefully disabling the firewall, this provides a level of protection that most other systems simply can't rival.

    Think about it for a second. Apache with Linux or BSD run a huge majority of the servers on the Web. If you wanted to deliver spyware, you'd exploit and infect these systems with a delivery mechanism. The reason malware authors have to target the client OS with email worms and things that start their own mini-webservers is that it's just too freaking difficult to compromise Unix-like systems.

    Of course, as long as the majority of client systems *do* run a swiss-cheesed NT variant with the security-hackaround-of-the-week, it's entirely theoretical as to whether a widespread change in client platforms would affect malware viability in that market.

  30. Re:The Process by statemachine · · Score: 2, Funny

    1) Post bad "underpants gnome" style joke on /.
    2) Karma!

  31. What does a home/home office do? by hoggoth · · Score: 3, Interesting

    How does the ordinary user do this?

    I didn't have the foresight to make a Ghost image of my system from the factory. It's a DELL and the restore-to-factory-from-secret-hidden-partition doesn't work once I added a new partition to the drive (with Partition Magic).
    So now it looks like I have to:
    1. Make sure I have up to date backups of my data (always a good idea)
    2. Purchase another copy of Windows even though I already paid for one
    3. Dig through my records collecting all the keys to all my applications
    4. Spend an entire day reinstalling Windows and all my applications. Anyone who says it only takes an hour to reinstall Windows must have a secret version I don't have access to. I have to babysit the install through ten reboots and many hours.

    Is this the best way?!

    What about after that? I can Ghost the Windows partition, but I'd still have to reinstall any applications installed after the Ghost was made. And it's no use putting the applications in another partition because the applications depend on cruft in the registry.

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
  32. A better headline by HotBBQ · · Score: 2, Funny

    I think a better headline would read World Says Recovery From Microsoft Becoming Impossible

  33. Re:The Process by footissimo · · Score: 2, Funny

    Shirley you mean, 1) Post bad "underpants gnome" style joke on /. 2) ???? 3) Karma! ;)

  34. Vista with built-in self-destruct by KnightTristan · · Score: 2, Funny

    Exactly, MS's solution is to build in an auto self-destruct that's activated the moment malware is detected.

    "Hi there, this is Eddy your shipboard^H^H^H^H^H^H^H^H^Hdesktop computer, and I'm delighted to inform you that I'm going to self destruct in 5 seocnds. Sorry, you don't have time to close all applications to save your precious data. We have a real emergency situation here! It would be pointless to save anything anyway, because we're going to format your entire harddisk to make sure every tinsy bit of malware is destroyed. Share and Enjoy!"

  35. Viruses will corrupt data at some point ... by mgkimsal2 · · Score: 2, Interesting

    making relying on backups far less useful (pointless, perhaps?). I've talked with people before about having Windows viruses that don't sap resources (at first) or kill the machine, but which quietly change data in files. Modify a "3" to a "7" in a few Excel files. Change meeting times in Outlook by 10 minutes here or there. Eventually, get more malicious and start changing other bits of data in files (mainly MS Office files for maximum compatibility/reach).

    A good virus won't be found out for awhile, and without knowing when it infected the system, you won't easily be able to tell how far back to go in the backups to pull 'clean' files.

    This would have a devastating effect on the trust people have in any part of the system. What good is 'rebuilding' the system if you can't trust the data backups either?

  36. Missing the point by Gorimek · · Score: 2, Interesting

    The original point is that this causes genuine harm to every computer owner, including large wealthy corporations, as well as the government itself.

    Most computers are actually used in a workplace, rather than at home.

  37. Re:What Do You Expect? by shotfeel · · Score: 4, Funny

    Please tell what such an "alternative operating system" is?

    Vista, of course. It has Trusted Computing, so I know I'll never have to worry about security again.

  38. Why would Micro$oft say something like that? by rssrss · · Score: 2, Interesting

    Q: Why would Micro$oft say something like that?

    A: Because they are about to release a new OS that will "solve" the problem.

    Nah, they wouldn't do something like that.

    --
    In the land of the blind, the one-eyed man is king.
  39. Rebuilding PCs isn't that bad... by fleeb_fantastique · · Score: 2, Informative

    ... especially if you're using XP.

    There's a relatively inexpensive product for which you can purchase a license called 'WinINSTALL'. Not a lot of people seem to know about it for some reason, but the currently available version of the product makes it relatively painless to completely rebuild a PC's OS, complete with applications and various profile settings (shortcuts, your favorite background images, and so on).

    It doesn't have the pain associated with image solutions; you don't have to worry about re-imaging your machines every time you change the software that you want installed on the boxes (although you do have to deal with setting up the software packages, which can be a little bit of a pain, depending on what you're installing, and how friendly your vendors have been towards corporate environments). You can even reset the employee's PC from you own PC, without having to visit their box. It just needs to be turned on.

    It doesn't require you have some incredible mondo-server to make it run; you can use pretty much any Windows 2000 or better machine. Certainly, any of the machines being cranked out today can handle WinINSTALL. Hell, I've seen it work on circa-1999 machines without issue (I think that's about 500Mhz Pentiums with 64 megs of RAM). It's slow on such machines, but it seemed to work.

    It's also likely to be around for a while; the product was first introduced to the Windows market back when Windows 3.11 was popular, maybe even before then. It used to win a lot of awards, but I think it just fell off everyone's radar over the years.

    You can find more information about it here:

    http://www.ondemandsoftware.com/

    This is a product designed to deal with problems like this.

    --
    And so it goes.
  40. Holy Crap!!! Deja Vu! by porkThreeWays · · Score: 2

    I think I saw this same post and response for the last 137 windows virus related stories. Does this mean there's a glitch in the matrix?

    --
    If an officer ever threatens to taze you, say you have a pacemaker.
  41. Retraining? by matt+me · · Score: 2, Insightful

    When people discuss the costs of *retraining* to use linux they're implying they've already trained their staff once before to use Windows. In many cases this isn't true - most users can't use Windows in the sense one can use Linux. Most windows users never add hardware, uninstall software, change the registry, edit a config file, update a package, etc... basic system tasks, but just click blindly in front them towards the light, or else they wouldn't shout "i've deleted the internet" , or get infected with malware by clicking "hot pics!!!!, downloading, install? , yes."

    of course, the poor it department burdered with fixing their mess, a power windows users. but why? certainly all their jobs - adding scheduled tasks, performing a system upgrade, fixing the server are much easier in linux.

  42. You have absolutely no idea... by Polarism · · Score: 2, Insightful

    IT in the government is an absolute fucking joke. Take it from me, because I work in it. The amount of money that is pissed away on useless, broken, or otherwise unecessary shit is astounding.

    On top of that, the people who actually make the decisions, have no fucking clue what they are doing.

    --
    All your base are belong to Google.
  43. Re:I don't get it.... by pandrijeczko · · Score: 2, Interesting
    I have seen what some peoples machines look like, completely crippled and unusable with Malware... What the hell are these people doing?

    My missus and I both have an XP desktop each (amongst a few Linux boxes of mine). She's pretty regular with virus-scanning and spyware checkers, I'm totally paranoid and do regular checks on everything (Linux and Windows). Suffice it to say, going through this process one or twice a week, I never really find any problems - occasional suspect registry keys, odd dodgy cookie but probably put those down to over-zealous spyware programs.

    Cue the visit from my sister one weekend, along with 13-year old niece and 11-year old nephew. Naturally, they navigate themselves to the XP desktops after asking for (and getting) permission from the missus to do so.

    They're messing about on the PCs most of the day (cold Winter's day in England) and I occasionally look in on them - chatting with friends on MSN, playing the odd Flash game, looking at music sites (niece) and soccer and WWF wrestling sites (nephew). They seem to spend a lot of time in a chat site called something like "The Doll Palace" where they pick avatar characters and drag them to different rooms of the palace to chat - keeping an eye on them, just a lot of kids going "Cool", "Wow" and nattering about music, nothing suspect.

    After they've gone home, I check the machines just to check they've been doing nothing suspect - nope, just kids being kids. Then I virus/spyware check both machines - three viruses (2 on one machine, 1 on the other) and about two dozen suspect spyware bits and pieces - I couldn't believe it, especially as one of the viruses needed a safe reboot of the PC, deleting a registry entry and then a couple of files.

    God knows where they came from but I suspect a lot of this stuff is attached to seemingly innocent sites where kids flock to - "The Doll Palace" is definitely one I'd like to know more about...

    --
    Gentoo Linux - another day, another USE flag.
  44. It's not common sense. It's wrong. by Futurepower(R) · · Score: 5, Insightful

    "A Mac-user with common sense!"

    It's not common sense. It's wrong.

    Microsoft is in a unique position. Because it has a virtual monopoly, Microsoft makes more money when its software has a lot of security vulnerabilities. For those who are ruled by money, morality has no force; "Maximizing Shareholder Value" is the way they live their lives.

    Microsoft makes more money if it pressures its programmers to work too fast, so that they are sloppy, and then releases buggy software. Many people are fascinated by computers, and easily accept the world that Microsoft has created for them.

    Here's a story about a Microsoft VP saying, "Oh, the next Windows operating system will be secure": "Safety and security is the overriding feature that most people will want to have Windows Vista for" .

    So, Microsoft is once again telling us "The next version of Windows will be the good one." Before, Microsoft said Windows XP was "Built to be Dependable".

    However, Vista will NOT include virus protection. Jim Allchin, co-president of Microsoft's platform products and services division told CRN, an industry magazine this:

    CRN: In terms of security, how do you compare security in Vista vs. security in Windows XP SP2?

    Allchin: SP2 was a very good system but compared to Vista, it's night and day.

    CRN: Is there going to be antivirus in Vista?

    Allchin: No, there is not.

    CRN: Why?

    Allchin: It's a complicated answer as to why not.

    CRN: Was the decision based on technical concerns?

    Allchin: It wasn't technical.

    CRN: Will Vista resolve security problems once and for all?

    Allchin: I'm not going to claim perfection or near perfection, but I think we're unrivaled in the work we've done. I believe security will be a huge problem for the industry for years and years and years but this will change the landscape in a fairly dramatic way.

    Once again, Microsoft is taking advantage of the fact that most of its customers have little technical knowledge. Mr. Allchin said that "security will be a huge problem for the industry for years and years and years".

    Microsoft charges for OneCare Live. That's another way to make money. Make sloppy software, and then sell protection against the sloppiness.

    Note the emphasis on "beta testing" in Mr. Allchin's statements in the CRN interview. Someone said that Microsoft's motto is "The whole world is our beta tester."

    --
    Before, Saddam got Iraq oil profits and paid part to kill Iraqis. Now a few Americans get Iraq oil profits, and American citizens pay to kill Iraqis. Improvement?

    1. Re:It's not common sense. It's wrong. by Keeper · · Score: 2, Insightful

      Malware doesn't thrive on bugs and vulnerabilities. It thrives on user stupidity.

    2. Re:It's not common sense. It's wrong. by Suidae · · Score: 2, Interesting

      I believe security will be a huge problem for the industry for years and years and years

      I think thats a pretty reasonable statement. Computer systems are very complex and subject to economic and human considerations. Mistakes will happen and compromises will be made in the interest of time and cost.

      Lots of smart, clever and motivated people will be looking for mistakes and oversights in this system. They'll find ways to exploit it.

      A lot of things, including a very secure operating system, are possible and even desirable. That doesn't mean that they are the solution that will be chosen in the kind of environment that we have. The solution that appears will probably be a sub-optimal but fairly effective use of the available resources.

    3. Re:It's not common sense. It's wrong. by Richard+Steiner · · Score: 2, Insightful

      While it's true that user stupidity is a main factor, it's also true that a stupid person with a loaded pistol will usually do less damage if the pistol has a working safety. :-)

      It's even better if the pistol has a combination trigger lock known only to the GunAdmin, but that's probably only likely in corporate or schoolastic settings...

      --
      Mainframe/UNIX Bit Twiddler and long time Windows/Linux Hobbyist.
      The Theorem Theorem: If If, Then Then.
    4. Re:It's not common sense. It's wrong. by Stephen+Samuel · · Score: 2, Insightful
      User stupidity helps but if Windows didn't, for example, insist on binding OS and applications so closely, it would be a lot harder for any tom dick and harry virus to install rootkits.

      Linux, for example, doesn't prevent user stupidity, but it does prevent user stupidity from being trivially escelated into a rootkit installation.

      It's a lot harder for someone to light themselves on fire if you have them step out of those gasoline-soaked clothes they've been wearing.
      -- Granted, its stupid of them to walk into a restaurant wearing gasoline-laced clothes, but you could probably still launch a lawsuit against the idiot that sold them the clothes in the first place under the guise of "it's the industry standard -- We've got everybody wearing them!"

      --
      Free Software: Like love, it grows best when given away.
    5. Re:It's not common sense. It's wrong. by Stephen+Samuel · · Score: 2, Interesting
      Yep. It's a backhanded sales tactic for Vista.

      Microsoft's monopoly makes it pretty much the only company that can actually plan on getting away with selling a new product by saying:

      Our current product is so slime-infested that, if you don't buy our new product (next year, or so), you'll never be able to get any usefull work done!
      Of course, you can also switch over to Linux today, which has enough of a separation between user and admin that rootkits are nontrivial to install, but we won't talk about that...
      ____

      Microsoft and Brazilian bikinis are about the only two products where you can get away with charging people hundreds of dollars for almost nothing -- Of course, I know which one I'd rather see my girlfriend use...

      --
      Free Software: Like love, it grows best when given away.
    6. Re:It's not common sense. It's wrong. by Arandir · · Score: 2, Insightful

      Microsoft makes more money when its software has a lot of security vulnerabilities

      But only so long as people refuse to demand secure quality software. Microsoft isn't evil, it's only producing what the consumer is demanding.

      People aren't demanding secure software. They may say they are, but their actions speak differently. They don't read their EULAs, don't firewall their systems, don't use good passwords, are indiscriminant in their browsing, are indiscriminant in providing personal information to anyone who asks, and according to all observation, only mildly annoyed at crashes, hangs, and malware. What they demand instead are new features, even if they're only superficial changes to the UI. Even otherwise savvy IT personnel exhibit these behaviors. As long as they're not alone in their insecurity people won't much care.

      When people place so little value and security and quality, it shouldn't surprise anyone when Microsoft similarly devalues them.

      --
      A Government Is a Body of People, Usually Notably Ungoverned
    7. Re:It's not common sense. It's wrong. by cptgrudge · · Score: 2, Funny
      Microsoft and Brazilian bikinis are about the only two products where you can get away with charging people hundreds of dollars for almost nothing -- Of course, I know which one I'd rather see my girlfriend use...

      Microsoft, I know. Furries get me going too.

      --
      Qualitas edurus commercium, nullus penitus net rimor, nullus deus beneficium
    8. Re:It's not common sense. It's wrong. by Keeper · · Score: 2, Interesting

      The problem with stupid people is the first thing they do is turn off the safety. The safety is there to prevent accidental discharge of the weapon. Stupid people thing to themselves "if I need to shoot something, this is only just going to get in my way" and proceed to turn it off.

      You would be surprised at the number of people who end up shooting themselves with their own gun every year ...

    9. Re:It's not common sense. It's wrong. by quakeroatz · · Score: 2, Insightful

      Mod me into oblivion, please.

      But its really sad to see the Slashdot community to go from a can do, toaster modding bunch of creative tech junkies, into an Apple teet sucking, iPod praising pussies, sucking up Apples marketing crap and pretending it just the natural, uncommercialized evolution from Linux to a solid GUI. And everyone using Windows and a non Apple Ipod is missing something.

      Please, please pull that giant Apple marketing dildo out of your collective asses.

      Windows is not broken, OSX is not infallable, and Ipods are ubertrendy.
      If you're going to be a whore, that's fine. But don't do it under the guise that it's the right thing, trying to rationalize your weakness to flutter into the mainstream.

      If you can't list 100 reasons why OSX is better than Windows and vice versa, another 20 why an Ipod is better than its -$100 counterpart and vice versa, you have lost all objectivity. You are now an ignorant whore, and you've lost the plot.

      The sky is not falling, Microsoft is not purposely making shitty code, the man is not stealing your hard earned dollars.
      The line between the weekend commando, dressing their kids up in cammo in the paranoia of pretecting themselves from democracy, and the M$ hater genuinely thinking that Bill is purposely ruining the world, is paper thin.

      Both MS and APPLE are here for one reason, increasing shareholder value. Whoever convinces the market that they aren't wins.

      Respect to Steve Jobs, for convincing some of what I thought were the most objective people on the internet, to think different.

  45. Speaking from experience. by gregarican · · Score: 2, Interesting

    At my workplace sometimes folks bring in their home PC's for me to clean off on my lunch break. A quick job pays a 6-pack of Mickey's. A longer job pays a 6-pack of Guinness. From those cleanup jobs I can vouch that the typical home user with an always-on DSL/cable Internet connection is in a world of hurt. I try to show folks how to Ghost their hard drive onto a DVD-R so that they can restore their system to a usable state rather than search through the haystack for all of the malware needles.

    For example, the most recent cleanup I did entailed a laptop that had no antivirus software running on it. They did have a bundled AOL spyware app installed, but as far as I could tell it had never been run. I installed Avast! and Ad-aware from CD and ran full scans on the system. The result was over 300 virus and over 3,000 malware captures. Amazing that the computer could even launch an initial Windows Explorer session at all.

    If things continue their downward spiral (i.e. - Microsoft dominance, widespread Internet exploits, monetary incentive for malware deployment, and foreign government turning a deaf ear on abuse reports) I would require that anyone with a Windows-based Internet-exposed PC have to earn an operator license. Much like someone would have to do to operate an automobile, motorcycle, ham radio, etc. This would include mandatory security training. And for God's sake, a brief explanation of imaging and recovering their hard drive in case they get hit with something later.

    Seriously though, this scenario isn't viable. But perhaps virtualization technology offer a safe haven. Folks could just reboot their virtual image if they get slammed with something and get back to square one. Until the malware authors get one step ahead of that at least there would be some breathing room...

  46. Re:admin privs by pandrijeczko · · Score: 2, Interesting
    Microsoft REALLY should have worked on making guest accounts more manageable.

    The whole account/priveliges issue on Windows is so convoluted as to be totally incomprehensible to the UNIX mind - I can't understand how the damn thing works!

    "Me", "All My Mates", "Everyone Else In The World" and "If you're really good I'll let you run this as 'root'" is all I've ever needed to cover all the account bases...

    --
    Gentoo Linux - another day, another USE flag.
  47. SOP? It's failure and lock in. by twitter · · Score: 2, Insightful
    At a large come huge company I used to work for, every Friday night all of the workstations enterprise-wide were reimaged whether they needed it or not. ... Once you get people on standardized desktops and saving only to network drives, this ceases to much of an issue.

    This is an admission of failure on Microsoft's part. The complexity and inflexibility of such a system is unacceptable and the efficacy is questionable. What's keeping the bad guys off your image server? If they root that, they have every machine in your organization. The same kind of thing can be said of local image copies, you are moving the target not fixing the root problem which is an unacceptably poor security model. The cost of all of this is a complete loss of user freedom within the organization. If your users can't chose the tools they need, they can't do the work that makes the company run. "Standardized desktop" a euphemism for vendor lock in.

    --

    Friends don't help friends install M$ junk.