Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Refuses To Patch Rootkit-Compromised XP Machines

Posted by timothy on from the define-yourself-as-outside-the-fence dept.

Barence writes "Microsoft has revealed that its latest round of patches won't install on XP machines if they're infected with a rootkit. In February, a security patch left some XP users complaining of endless reboots and Blue Screens of Death. An investigation followed and Microsoft discovered the problems occurred on machines infected with the Alureon rootkit, which interacted badly with patch KB977165 for the Windows kernel. Now Microsoft is blocking PCs with the rootkit from receiving its new patches. 'This security update includes package-detection logic that prevents the installation of the security update if certain abnormal conditions exist on 32-bit systems,' Microsoft cautions in the patch notes."

59 of 330 comments (clear)

  1. First things first by BadAnalogyGuy · · Score: 5, Insightful

    If the rootkit is still on your computer, maybe you should look into having it removed.

    how shall thee pull out the mote that is in thine eye, when thou thyself beholdest not the beam that is in thine eye? Luke 6:42

    1. Re:First things first by Skarecrow77 · · Score: 5, Funny

      no! I need the newest microsoft patch so that there are not any new security holes in my computer! I'll deal with that huge gaping sucking chasm of a security hole that's already there, created by the rootkit, at some later date.

    2. Re:First things first by sopssa · · Score: 2, Insightful

      You need the newest microsoft patch that - because of the rootkit and the .dll files it has damaged - will BSOD your system? Somehow someone turned this news into an rant and like it's a bad thing to really make sure the windows update should be able to patch things before proceeding.

    3. Re:First things first by kseise · · Score: 3, Funny

      Just to be sure that we get this update, I am installing the newest Antivirus 2010 on all of our network machines. This version should pickup the rootkits that Antivirus 2009 left behind. Since I work at the IRS, our systems are absolutely critical to protect this month.

    4. Re:First things first by dhavleak · · Score: 2, Insightful

      What about their malicious software removal tool that supposedly scans on updates

      The user may not have MSRT on their system. Alureon (the rootkit that caused the last issue) is detectable by every AV software out there and removable by MSRT (and others). We're talking about ultra-computer-phobic/challenged users here.

      To me, that makes it obviously WORTHLESS if it can't remove this root-kit what good is it?

      If a tool isn't installed on a machine, I don't expect it to be able to do much :)

      What motives do they have to not remove this root-kit?

      It's not "this rootkit". It could be any rootkit. They are merely checking if the machine has been compromised, before going ahead with applying the patch. Do you want to include an entire rootkit scanner, removal tool, definition files, etc. with every update you send out on windows update? Do you want to delay the sending of patches (to the rest of the world that keeps their machine clean and healthy and cares about these things) while all this is tested?

      What kind of brain detects a root-kits presence, but doesn't remove it? And instead wont install the updates? Why cant they hire capable people with Brains who would have this tool remove the root-kit then install the updates ?

      You seem to have not applied yourself to the questions you're asking. The answers are plain.

  2. Re:Makes sense... by mwvdlee · · Score: 2, Interesting

    To be fair, does the MS virusscanner detect and remove the rootkit?

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  3. The right thing to do by techno-vampire · · Score: 2, Informative

    If Microsoft has a way of detecting the rootkit, they should make it available separately so that people can test their machines before they try to update them. Of course, this is Microsoft we're talking about, so you know they're not interested in what's right unless it's also profitable.

    --
    Good, inexpensive web hosting
    1. Re:The right thing to do by TrancePhreak · · Score: 2, Informative

      If Microsoft has a way of detecting the rootkit, they should make it available separately so that people can test their machines before they try to update them.

      They do just this. Malicious Software Removal Tool.

      --

      -]Phreak Out[-
  4. Lesser of two evils? by HockeyPuck · · Score: 5, Insightful

    Let's see what do I want?

    A) A working machine that has a rootkit installed.
    B) A machine that nolonger works.

    Can you expect MSFT to test their patches against machines that have been modified via rootkits? Or should the patches themselves remove the rootkits. You are assuming that MSFT can remove the rootkit in the first place.

    1. Re:Lesser of two evils? by clone53421 · · Score: 2, Funny

      It most certainly does have an Operating System. In fact if it has disc brakes it even has a Disc Operating System...

      --
      Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  5. Misuse of phrase by girlintraining · · Score: 4, Funny

    What ever happened to backwards compatibility? Why, I remember the day when any virus, worm, or piece of malware, would run no matter what!

    --
    #fuckbeta #iamslashdot #dicemustdie
  6. And the issue is? by dirk · · Score: 5, Insightful

    I really don't have a problem with this. If the system is already rooted, the patch isn't going to actually help anything since their security is already compromised. And with all the bad press MS received last time over something that was not their fault at all, why should they risk it again? If your system has a serious issue like being rooted, then you have to take care of the issue before you can install the patch. Seems logical to me.

    --

    "Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
    1. Re:And the issue is? by rickb928 · · Score: 2, Informative

      If this was all caused by some commercial software, say, Adobe Reader gaining a bug that hosed Windows Update, we would be all over Adobe for breaking Windows Update and denying us our precious patches.

      So far, very little scorn for the rootkit author(s) or their legion of distributors.

      I get alerted to malware of various types, from Javascript exploits to out-and-out rootkits, from several interesting websites I visit frequently. I've been reduced to checking them on my phone, cause so far they haven't taken on an advertiser that delivers Android malware. So far. Even my Ubuntu with Firefox sees attacks.

      Place the blame where it belongs; Malware distributors and authors, lazy/incompetent/naive users clicking away on pretty stuff, and of course the Windows security community for the abject failure that is Windows 'security', in name only. Windows Update is doing the right thing - alerting users to the potential for serious system failure and the cause. Plowing along and bricking systems is irresponsible.

      Rootkits and the ad servers delivering them should be brought up on criminal charges. Surreptitiously installing software on my machine without my permission should be trespass, and punished accordingly, right up the food chain. Yes, that would mean some day a nice man from the FBI coming into a NAP and cutting off fiber connectors. If you run a red light while drunk, you get the full monty. Go all the way and punish malware by shutting down the ad servers that are delivering it, and you will get action.

      Of course, if that fails, then you go to the New York times, for example, and explain why you are shutting down their sites - they chose web ad agencies badly. Tough. Accountability.

      --
      deleting the extra space after periods so i can stay relevant, yeah.
  7. Why bother? by trifish · · Score: 5, Insightful

    Rightfully so. Security patching a rootkit-ed OS is mildly amusing and also a bit redundant. The only way to secure such an OS starts with reformatting the system partition.

  8. Microsoft - Pragmatic solution to hard issue. by irreverant · · Score: 5, Interesting

    I think microsoft acted responsibly in this situation. They merely mitigated any future issues these patches might have, they didn't want the same thing to happen again. In this case it was prevention not intervention. Unfortunately, there are many ways to get a rootkit installed on a computer; however, most of the time it's usually the user that infected themselves. This is why there are measures that a user can take to prevent or minimize the occurrence. Microsoft did make a note to remove the infection and then install the patch. If they don't know how to remove the infection or don't know they can download if not purchase one of many anti-virus solutions or pay someone to do it, then maybe the user's should rethink their web browsing behaviors.

    --
    Of all the things I've lost; I miss my mind the most. - Mark Twain
    1. Re:Microsoft - Pragmatic solution to hard issue. by VGPowerlord · · Score: 2, Insightful

      Microsoft also included some measures in newer versions of Windows to mitigate user stupidity... and even one to mitigate programmer stupidity in Internet Explorer.

      Not that there aren't still holes in those methods... or the user can just be stupid and click Allow.

      --
      GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
  9. Re:The Microsoft way! by sopssa · · Score: 4, Insightful

    I recall slashdotters complaining that they didn't do CRC check or similar (they do, but the rootkit gave 'real' value and it was worthless).

    Now they're doing the right thing and we get news how they refuse to patch the systems which .dll files have been damaged? Welcome to slashdot.

  10. Oddly enough... by HerculesMO · · Score: 3, Interesting

    Their Malicious Software Removal Tool (sent out on Patch Tuesday) can remove the rootkit.

    But I won't stop the Slashdotters here from complaining about it.

    --
    The price is always right if someone else is paying.
  11. Re:The Important Question by BadAnalogyGuy · · Score: 2, Informative

    Code 0xB302392838271

    This is why I come to Slashdot. So many computer-literate people...

  12. Summary title in error by Rockoon · · Score: 5, Informative
    From the article:

    As Microsoft has noted, while the solution prevents users from suffering the misery of Blue Screens of Death, it does leave them unprotected and the company has urged users to download its Malicious Software Removal Tool to clean up their machines and run the patch as soon as possible.

    It isnt that they wont patch these systems, its that they wont automatically install the MSRT, which removes the rootkit, as part of the update.

    ..and to be perfectly honest, who wants the MSRT to be a mandatory component. Things like that are capable of unexpectedly altering the system, something typically frowned upon in enterprise.

    --
    "His name was James Damore."
  13. Attn infected PC users: Can't have it both ways. by techvet · · Score: 5, Insightful

    First, you beat up Microsoft because their patch trashed machines that were *already* infected. Then you beat them up because they backed off on applying the patches to avoid trashing the machines. Get thee to SuperAntiSpyware and Anti-Malwarebytes and get your machine cleaned up before you complain.

  14. Re:Makes sense... by HerculesMO · · Score: 5, Interesting

    The malicious software removal tool will take care of it. Their antivirus will not.

    They are giving you the tool to get rid of it and then saying you should install your patches afterwards. But they are chastised for not coming up with a all-in-one solution? Jeez.

    --
    The price is always right if someone else is paying.
  15. You can't put it off forever! by fred+fleenblat · · Score: 3, Funny

    This just proves that it's a great time for people who have been sticking with XP to take the plunge and upgrade to Windows 2000 Professional.

  16. User Experience FAIL by _KiTA_ · · Score: 2, Insightful

    If they have the ability to detect these things, why in the world doesn't a little popup appear in the systray or security center saying "Your system appears to have a form of Malicious Software installed. Windows Updates are currently disabled. Please see your Network Administrator."

    Seriously, the rogue spyware apps do this all the time, why can't Windows itself do it?

  17. You can't fix stupid by rudy_wayne · · Score: 5, Insightful

    "Microsoft discovered the problems occurred on machines infected with the Alureon rootkit"

    There are many reasons to hate Microsoft, and their QA failure when it comes to security is certainnly one of them. However, the spread of rootkits, viruses and other malware is primarily caused by user stupidity, something that is not Microsoft's fault. In the early days of personal computers I took the time to learn how things worked. If you're having the problem described in this article then you can wipe your hard drive and re-install Windows. If you don't know how to do this, then maybe it's time you learned. If you're not willing to learn, then do the rest of the world a favor and throw your computer out the nearest window.

  18. can't MS come up with a patch to block rooting? by swschrad · · Score: 3, Interesting

    I mean, they already have the malicious software removal tool, so they could blow the roots away if they wanted to. but what is really needed here is to block the rooting mechanism altogether.

    or go back to the saner architecture of nt 3.0/3.1/3.5, where only the kernel and its designated MS helpers ran at level 0 to start with. the world started to go to hell when they allowed the video driver into level 0.

    --
    if this is supposed to be a new economy, how come they still want my old fashioned money?
  19. classically mindlessly anti-microsoft by circletimessquare · · Score: 3, Insightful

    microsoft doesn't refuse to patch rootkitted systems, microsoft is UNABLE to patch rootkitted system. NO ONE can patch a rootkitted system, of ANY OS. you need to wipe the system and reinstall

    it is ok to be against microsoft, but you have to base your opinion on genuine problems. when you base your opinion on mindless propaganda, you are just another useless partisan in this world: loud, dumb, useless

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  20. Re:Makes sense... by clone53421 · · Score: 5, Informative

    And that’s what will happen. Installation of the patch will fail, if the rootkit is detected. The malicious software removal tool will be pushed out and remove the rootkit. And eventually the patch will be installed again since the installation failed the first time, and if the rootkit is gone the patch should install properly.

    --
    Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  21. MSE claimed to work by Bearhouse · · Score: 4, Interesting

    See:

    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus:Win32/Alureon.A

    I've have reasonably good experiences with MSE so far with my Windows users. Anybody else want to weigh in here?

  22. Re:Misleading title by SCPRedMage · · Score: 5, Insightful

    Screw that. Deliver the patch, BSOD the idiots, and get them off the net so that they're not a danger to the rest of the world.

    --
    My sig can beat up your sig.
  23. Re:Makes sense... by Rakishi · · Score: 4, Insightful

    And if the rootkit remover bricks some systems you'd be yelling at Microsoft for not making it a separate update so users could prepare for it, right? I doubt it matters what MS does, you'd find a reason to think they're wrong no matter what.

    Security updates are security update, malware removal is malware removal. Mixing the two is a horrid idea.

  24. And rightly so. by khasim · · Score: 2, Insightful

    But they are chastised for not coming up with a all-in-one solution?

    Yes. Because when patching, you want the process to be as simple as possible for the END USER.

    The more steps the end user has to follow, the more likely that the end user will make a mistake somewhere.

    If it can be done in one step at the end user's level, then it should be done in one step at the end user's level. No delays.

  25. Um, working for whom? by Colin+Smith · · Score: 2, Insightful

    A) A working machine that has a rootkit installed.

    And is sending all key presses and bank account details to criminals.

     

    --
    Deleted
  26. Re:The Microsoft way! by gzipped_tar · · Score: 5, Informative

    If the kernel is fucked, nothing works any more. Any results from on-line determination of the damage status of the machine itself should be assumed fake because the malware is in control of all local resources. To accurately determine the status of the computer, it must be taken offline.

    Never trust what rooted machines say about themselves...

    --
    Colorless green Cthulhu waits dreaming furiously.
  27. Customer Satisfaction by xerio · · Score: 4, Insightful

    I'm strangely ok with this. If they update the computer and the rootkit conflicts with the new patch and makes the computer unusable, they'll just get blasted for breaking people's computers. But if they don't update the computer, then the person is still able to use it. If they're warned that they can't update because they have a rootkit on their system and they do nothing about it, I feel no sympathy for them. At least Microsoft didn't make their system less operational. They should get rid of the rootkit and then update. If Microsoft let people update while knowing that it would make the computers unusable if they had this rootkit. People would still call foul on Microsoft. This way they're at least giving people a warning and chance to fix their problem, not making the problem worse.

  28. Sad by Voulnet · · Score: 2, Insightful

    Seeing the summary and many of the posts here, it's so sad to see how the internet gave every idiot a podium. It's always going to be catch-22 for Microsoft, even if they donated 40 billion dollars for every open source foundation/cancer research facility in the world. It's sad to see CS graduates, sysadmins and programmers with the mentalities of 4channers. Huh

    1. Re:Sad by JustNiz · · Score: 2, Interesting

      The reason is, no matter how much Microsoft give to charity (and I don't believe they do anyway, its actually Bill & Melinda Gates Foundation who is the big philanthropist ) Cancer Research is not Microsoft's primary activity. Software is.

      Microsoft only care about big corporates interests like the RIAA and MPAA. They absolutely don't care about their own home or small business customers interests. Furthermore they do the bare minimum, their products suck, they strangle innovation, they hold the whole industry back just so they can make more money at any cost. They've made that VERY clear MANY times. Give me one reason why I a non-corp customer and a software developer shouldn't criticise Microsoft for failing to care about my interests or the interests of the industry I work in.

  29. Re:The Microsoft way! by HeronBlademaster · · Score: 4, Insightful

    Shouldn't it just determine if the DLL was damaged and replace it with the correct, working patched version if it is? Sorry, but automatically throwing their hands up and saying "you're fucked" is the Microsoft shortcut for not being able to fix their own security problems.

    Isn't that what they did last time, and it caused bluescreens?

    Do you want every single patch, no matter how small, to try to detect rootkits and, if a rootkit is detected, replace every DLL in the system with known clean copies? That's absurd.

    The problem wasn't that the DLL the patch installed caused bluescreens, it's that DLLs the patch didn't touch - because it wasn't patching them - were now incompatible with the clean (patched) DLL (because they were part of the rootkit).

    What do you propose Microsoft do about it? Patch the DLLs anyway, knowing it will cause bluescreens? Provide the entire slew of kernel DLLs for download via Windows Update, and install all of them every time there's a kernel patch?

    I don't mind what MS is doing at all - they're doing their best to make sure that their users won't get bluescreens, even if they're rooted.

  30. Re:The Microsoft way! by Rockoon · · Score: 4, Informative

    You don't know how computers work, do you?

    The blue screen crashing that this rootkit caused after the previous update was not due to rootkit modifications to the files that were being patched.

    The problems occured because code that was NOT being patched (the rootkit!) was making direct jumps into kernel memory, to offsets that were no longer relevant after the patch.

    --
    "His name was James Damore."
  31. Re:The Microsoft way! by Khyber · · Score: 2, Interesting

    'Never trust what rooted machines say about themselves..."

    Funny, that's usually how I spot a rooted machine. There's a fine difference between "I just don't want to work because I'm a piece of shit" and "I don't want to work because I'm controlled by someone other than you."

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  32. Re:Makes sense... by chaboud · · Score: 2, Insightful

    Man, this so exemplifies the distorted user perspective of the ease of software development. There is a completely workable workflow here: run update twice, but you want Microsoft to code up a little custom fix (possibly requiring a double-restart) that seems like a triviality, right?

    Wrong.

    It takes a long time to write, debug, test, and deploy even small software changes. When non-coders (or even coders) talk about how easy it would be for someone else to do something, alarm bells go off. Microsoft is doing a completely reasonable thing. I won't say that it's the "right thing," because that would imply that there is only one good course of action. Still, this approach is completely fair, easy to use, and safe.

  33. Re:The Microsoft way! by Lil'wombat · · Score: 2, Funny

    So this is a vendor software issue? Those rootkit developers should have a better testing process. I'm not going to go to all of the trouble of rooting 100k servers just to have my botnet BSOD on the next update. I demand a refund

    --

    Truth: If it's not one thing, it's another

  34. Re:The Microsoft way! by nigelo · · Score: 4, Funny

    "I'm a people-person. What the hell is wrong with you people?"

    --
    *Still* negative function...
  35. Re:Makes sense... by clone53421 · · Score: 2, Interesting

    Well... I really can’t say I have high hopes for that.

    I’ve had numerous updates (okay, 4 or 5) on Windows 7 that failed to install, with no explanation whatsoever. It seemed like more than it really was because it attempted to install the same 3 updates again the next time I shut down. And the next time. And the next. And... every time until I finally went into the update history to figure out what the deal was.

    (In my case I’ve always been able to go onto the Microsoft website, download the update manually, and install it with no problem... just in case anybody else was having this problem. But as far as error messages go... not helpful at all.)

    --
    Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  36. Re:Makes sense... by 0p7imu5_P2im3 · · Score: 2, Interesting

    Have you ever tried to code up a message box in Visual C++? It's worse than pulling teeth, especially when your application doesn't need to be interactive otherwise.

    --
    Resistance is futile. Your technological distinctiveness will be added to our own. You will become one with the morgue
  37. Re:The Microsoft way! by maxwell+demon · · Score: 5, Funny

    What if it hides in the documents?

    --
    The Tao of math: The numbers you can count are not the real numbers.
  38. Obligatory.... by bmo · · Score: 2, Informative

    http://technet.microsoft.com/en-us/library/cc512587.aspx

    >You can't clean a compromised system by patching it.

    >You can't clean a compromised system by removing the back doors.

    >You can't clean a compromised system by using some "vulnerability remover."

    >You can't clean a compromised system by using a virus scanner.

    >You can't clean a compromised system by reinstalling the operating system over the existing installation.

    >You can't trust any data copied from a compromised system.

    >You can't trust the event logs on a compromised system.

    >You may not be able to trust your latest backup.

    >>>>>The only way to clean a compromised system is to flatten and rebuild.

    Jesper M. Johansson, Ph.D. [YES, HE'S A DOCTOR], CISSP, MCSE, MCP+I

    Security Program Manager
    Microsoft Corporation

  39. Re:The Microsoft way! by Yaddoshi · · Score: 5, Insightful

    I agree, I thought the title of this submission was skewed - especially after reading the rest of the article. Microsoft does not appear to be "refusing to patch rootkit infected computers".

    A more accurate title would be something along the lines of: Microsoft attempts to prevent inadvertently bricking XP systems with Windows Updates

    Bear in mind I'm terrible at coming up with titles. Also bear in mind I'm not a big fan of Windows.

  40. Re:The Microsoft way! by Bert64 · · Score: 3, Interesting

    Do they notify the users that they're rootkitted?
    If anything, a bluescreen is a good thing since the rootkitted machine is now offline and no longer sending spam or whatever other malicious things it might be doing.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  41. Re:Makes sense... by petermgreen · · Score: 4, Insightful

    mmm, and what's this bloody obsession with error codes. I was having trouble with windows update giving an error recently and the only expanatory information was an error code.

    After some time searching online and finding various speculation I eventually found that the code basically translated as "connection problem" and that I should try again later. Why couldn't they have just fucking told me that in the first place?!

    --
    note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
  42. XP support by Happy+Nuclear+Death · · Score: 2, Insightful

    Meh. I'm just glad they're still patching Windows XP.

  43. Re:Hmmmm.... by VGPowerlord · · Score: 2, Insightful

    I hate to say it, but it's more like this:

    A: Release New OS
    B: No One Adopts New OS
    C: Release Another New OS
    D: Support Expires for Old OS
    E: "SOMEONE" Develops a rootkit\virus\malware that targets old OS.
    F: Anti-Virus keeps the old OS limping along
    G: Anti-Virus vendors keep releasing updates to prevent new viruses\rootkits\etc.
    H: Over time thousands, if not millions of Old OS systems get infected by root kits that the large population isn't aware of.
    I: Create a new patch that specifically, when coupled with the largely ignored\unnoticed rootkit\virus\malware, makes Old OS unuseable.
    J: Choice: switch to Linux or upgrade to New OS.
    K: Laugh histerically as at least 50% upgrade to New OS and you bath in $20 bills soaked in Champaign.
    L: Profit.

    --
    GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
  44. Re:The Microsoft way! by dhavleak · · Score: 3, Insightful

    That's good for the world in general but bad for the owner of the machine. You're suggesting MS make the decision to fuck over some individual for the good of many? They don't have that mandate.

  45. Re:The Microsoft way! by dhavleak · · Score: 2, Interesting

    Well, by refusing to patch an already compromised system they open that system up to getting further malware infections...

    They're not 'opening up' the system -- they're just leaving it open. It was already like that when they found it.

    If the system breaks at least it's now offline and will cease sending spam or whatever other malicious things its doing.

    Good for us. Bad for the owner. MS cannot fuck the owner on our behalf.

  46. Re:The Microsoft way! by jibjibjib · · Score: 3, Insightful

    So now they're actively leaving rootkits online and fucking over the rest of the world for the good of the guy who can't maintain his machine properly? You could argue that they don't have that mandate either.

  47. Re:Rooted means always wipe, reinstall. by 0123456 · · Score: 2, Interesting

    Once a machine gets owned it's gone. Total wipe, reinstall from good backup. No matter what OS or even WIndows it is.

    Joe Sixpack doesn't have a backup.

    Also, Joe Sixpack probably don't have XP CDs, so he has to install from the 'recovery partition'; I wonder whether any rootkits are installing themselves into the recovery partition so they'll automatically be reinstalled if someone tries to wipe their system and reinstall from scratch?

  48. Re:The Microsoft way! by dhavleak · · Score: 2, Funny

    To do nothing? They need a mandate to not touch a system they don't own?

  49. Re:The Microsoft way! by smash · · Score: 2

    Well, the proper solution for a rootkitted box IS to replace every DLL and configuration item on the system once the rootkit is removed. Its called an OS wipe and reinstall.

    --
    I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
  50. Re:The Microsoft way! by xQx · · Score: 2, Insightful

    Say someone pisses in your pool...

    How do you get the piss out of the pool?

    You don't. It's fucked. You drain the pool and start again.

    Any server administrator worth their salt knows if someone gets in to root / administrator who is not supposed to be there there is only one course of action: Unplug and rebuild.

    You do not try to fix a server that has been compromised in this way, regardless of Operating System. For some reason we get compassionate about home-users who can't afford to fix their computer ... and then we get upset when these computers are used for botnets and spam propagation... WTF?!

    I think it's utterly RESPONSIBLE of Microsoft to withdraw support for someone silly enough to want to keep running an operating system that's been rootkitted.

    Hell, if it were my network I'd be using the rootkit to permanently disable all network connectivity to avoid any further damage. User be damned.