Microsoft Says Recovery From Malware Becoming Impossible 631
An anonymous reader wrote to mention an eWeek Story about Microsoft's assertion that PCs may no longer be able to recover from the most aggressive Malware. From the article: "[Danseglio] cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. 'In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,'."
It's time.... (Score:5, Interesting)
Ummmmm, how about switching [apple.com]?
Seriously though, NeXTstep certainly has a long history in certain TLA government agencies and OS X is beginning to make significant inroads there as well. In addition the timing [wsj.com] is right for many businesses as the infrastructure costs to maintaining Windows are simply becoming too high.
And calling these recent instances is a joke. I was having to perform complete system wipes and reconstructions due to malware years ago which is why we have essentially completed a migration to OS X. We do have some windows systems still around, but they are hidden behind OS X machines and are run headless and without connection to the Internet. In fact, it's been interesting that those companies that deliver microscopes (electron, confocal and light) and such that are currently driven by Windows are asking their customers to simply not plug them into networks or the Internet, severely limiting their use. They of course have been suggesting sneakernet to move files and data around, but my solution is to network them all with a dedicated backbone behind a Mac mini that is now shipping with Gigabit Ethernet on board.
Re:It's time.... (Score:5, Insightful)
I'm sure it's much harder to get malware running on OS X, but if it becomes the platform most of your potential audience are using then malware developers will just try harder to make nasties for Mac.
So, in this respect, sometimes I'm glad for Windows + IE - simply because I don't have to use it
Re:It's time.... (Score:2, Funny)
A Mac-user with common sense! This day will go down in Slashdot's annals* as the day that Mac-users are no longer a-priori considered completely gay. *wiping away tears of joy*
* tee-hee, I said "annals"
Re:It's time.... (Score:3, Funny)
Next Page: Human stupidity.
It's not common sense. It's wrong. (Score:5, Insightful)
It's not common sense. It's wrong.
Microsoft is in a unique position. Because it has a virtual monopoly, Microsoft makes more money when its software has a lot of security vulnerabilities. For those who are ruled by money, morality has no force; "Maximizing Shareholder Value" is the way they live their lives.
Microsoft makes more money if it pressures its programmers to work too fast, so that they are sloppy, and then releases buggy software. Many people are fascinated by computers, and easily accept the world that Microsoft has created for them.
Here's a story about a Microsoft VP saying, "Oh, the next Windows operating system will be secure": "Safety and security is the overriding feature that most people will want to have Windows Vista for" [com.com].
So, Microsoft is once again [microsoft.com] telling us "The next version of Windows will be the good one." Before, Microsoft said Windows XP was "Built to be Dependable".
However, Vista will NOT include virus protection [arstechnica.com]. Jim Allchin, co-president of Microsoft's platform products and services division told CRN, an industry magazine [crn.com] this:
CRN: In terms of security, how do you compare security in Vista vs. security in Windows XP SP2?
Allchin: SP2 was a very good system but compared to Vista, it's night and day.
CRN: Is there going to be antivirus in Vista?
Allchin: No, there is not.
CRN: Why?
Allchin: It's a complicated answer as to why not.
CRN: Was the decision based on technical concerns?
Allchin: It wasn't technical.
CRN: Will Vista resolve security problems once and for all?
Allchin: I'm not going to claim perfection or near perfection, but I think we're unrivaled in the work we've done. I believe security will be a huge problem for the industry for years and years and years but this will change the landscape in a fairly dramatic way.
Once again, Microsoft is taking advantage of the fact that most of its customers have little technical knowledge. Mr. Allchin said that "security will be a huge problem for the industry for years and years and years".
Microsoft charges for OneCare Live [windowsonecare.com]. That's another way to make money. Make sloppy software, and then sell protection against the sloppiness.
Note the emphasis on "beta testing" in Mr. Allchin's statements in the CRN interview. Someone said that Microsoft's motto is "The whole world is our beta tester."
--
Before, Saddam got Iraq oil profits and paid part to kill Iraqis. Now a few Americans get Iraq oil profits, and American citizens pay to kill Iraqis. Improvement?
Re:It's not common sense. It's wrong. (Score:3, Interesting)
I think thats a pretty reasonable statement. Computer systems are very complex and subject to economic and human considerations. Mistakes will happen and compromises will be made in the interest of time and cost.
Lots of smart, clever and motivated people will be looking for mistakes and oversights in this system. They'll find ways to exploit it.
A lot of things, including a very secure operating system, are possible an
Re:It's not common sense. It's wrong. (Score:3, Interesting)
Microsoft's monopoly makes it pretty much the only company that can actually plan on getting away with selling a new product by saying:
Of course, you can also switch over to Linux today, which has enough of a separation between user and admin that rootkits are nontrivial to install, but we won't talk about th
Re:It's not common sense. It's wrong. (Score:3, Funny)
Microsoft, I know. Furries get me going too.
Re:It's not common sense. It's wrong. (Score:3, Insightful)
But its really sad to see the Slashdot community to go from a can do, toaster modding bunch of creative tech junkies, into an Apple teet sucking, iPod praising pussies, sucking up Apples marketing crap and pretending it just the natural, uncommercialized evolution from Linux to a solid GUI. And everyone using Windows and a non Apple Ipod is missing something.
Please, please pull that giant Apple marketing dildo out of your collective asses.
Windows is not broken, OSX is not infall
Re:It's not common sense. It's wrong. (Score:3, Insightful)
It's even better if the pistol has a combination trigger lock known only to the GunAdmin, but that's probably only likely in corporate or schoolastic settings...
Re:It's not common sense. It's wrong. (Score:3, Insightful)
Linux, for example, doesn't prevent user stupidity, but it does prevent user stupidity from being trivially escelated into a rootkit installation.
It's a lot harder for someone to light themselves on fire if you have them step out of those gasoline-soaked clothes they've been wearing.
-- Granted, its stupid of them to w
Re:It's time.... (Score:4, Insightful)
I use ghost on my PC, thus when I plan on installing new software I do so, play with it, am sure I like it, then:
Restore latest clean system build image to machine,
Install target application, ensure functionality,
Create new latest clean system build image.
I store all my non-temporary data on a server PC anyway, so this is an ideal solution. One that should work in any enterprise environment as well (assuming that there are only 3-4 different builds).
-nB
Re:It's time.... (Score:3, Interesting)
Comment below:
or you could just use linux
Server is Linux (SOL 18) Since all data is stored as non active files, critical data in encrypted volumes accesses and unlocked only when needed, then locked when the volume is dismounted, the isses with this problem are minimal. In fact I have never had an outbreak re-infection (and this is with me looking for malware troubles). While I will admit that my system has flaws, they are very minor and not the targ
Re:It's time.... (Score:3, Interesting)
I use for my PC, and all users PC's at my work:
http://backuppc.sourceforge.net/ [sourceforge.net]
daily images of all on your harddisk, just a click on the log will show the day all your exe files changed, take the files from the day before, clean what else you need from the latest...
>That's good, but "good" malware will...
well bad malware would be similar to bad drm, it would go rig
Re:It's time.... (Score:4, Interesting)
This presumes of course you don't log into OS X as admin or root on a regular basis, but only for *gasp* administrative tasks.
I know of one company which continually gets rooted, but they INSIST on running as admin all the time, AND chmod -R 777 / -- why? because they don't LIKE security. They dislike the inconvenience of not sharing out / and having to drop files only in certain folders. *knock knock* McFly, anyone home? THey don't want their machines rooted, they're tired of seeing the mouse cursors move and applications being used if they happen to be there off-hours, and yet they refuse to take most basic precautions and take advantage of OS X's security architecture - instead they work to defeat it, intentionally so, and then blame IT folks because they can't solve the problem. They've gotten to the point where no mac-savvy people will do work for them, and if I know them well, it'd take a reformat/reinstall of EVERY box at this point to get their network cleaned up again.
Re:It's time.... (Score:3, Insightful)
i'm also a long time linux user (almost 10 years) and certified solaris administrator, and i can tell you exaclty _why_ a Unix or Unix look-a-like such as GNU/Linux are easiear than windows to clean and restore to a clean, working state: *NIXes are open.
open in the sense that you know exactly where things are, what they do, when they do and how. thanks in part to the long tradition of storing configurations on well documented clear te
Holy Crap!!! Deja Vu! (Score:3)
Re:It's time.... (Score:3, Insightful)
"FYI, That statement has been proven to be FUD for quite some time now."
Um, how exactly? The only way it could be proven is if Apple had a significant share of the market. Which they don't, and won't. Nothing against Apple or Macs, it's just the numbers.
Re:It's time.... (Score:3, Insightful)
Wouldn't this mean you can neither argue for nor against it, since it's only theoretical? It sounds like you're using this as a point to argue against it?
Re:It's time.... (Score:3, Insightful)
Actually, it hasn't been proven at all. It's not possible to prove it, as a matter of fact, without OS X being the dominant operating system on the market. The usual rebuttal, Apache vs. IIS, doesn't apply to anything but Apache and IIS.
Re:It's time.... (Score:5, Insightful)
Well if one of the best analogies is dismissed as not relevant because they aren't the same as OS's, wouldn't the idea that OS X would have the same problems as Windows also be dismissed because OS X is not the same as Windows? There is either a relation between poor security and popularity or their isn't.
Re:It's time.... (Score:3, Insightful)
The simple face is, Apache vs IIS does prove the simple argument that the ratio of users to exploits is higher relative to other competit
Re:It's time.... (Score:4, Insightful)
That's kind of like arguing against putting a better lock on your door, because criminals are always going to figure out a way to break it. It's true, but really you don't need a lock that's strong enough to keep every criminal out, you just need to make it more secure than your neighbor's house. In OS terms, eventually you're just going to make it secure enough that it's easier to go after the user than break the system itself.
Re:It's time.... (Score:5, Informative)
Re:It's time.... (Score:3, Interesting)
Re:It's time.... (Score:3, Informative)
Re:It's time.... (Score:3, Interesting)
Re:It's time.... (Score:3, Insightful)
You have absolutely no idea... (Score:3, Insightful)
On top of that, the people who actually make the decisions, have no fucking clue what they are doing.
Re:It's time.... (Score:3, Informative)
There's a war on. Shouldn't someone in your procurement chain be facing a court martial?
Why? Just because we've invaded some pissant country doesn't really change things. We haven't actually been at war for 60 years.
Re:It's time.... (Score:3, Insightful)
Its like the worst parts of 1984 mixed with the worst parts of Brave New World. Dammit, if you're gonna take away my freedoms, at least give me soma and orgies, not another goddamn war.
Re:It's time.... (Score:2)
Re:It's time.... (Score:3, Informative)
With regard to scientific equipment: my experience (in a biotech firm) has been quite similar. Vendors did not want you to patch the OS, install ANY software (AV or otherwise), and advised against placing the devices on a network. However, biotech generally have a protocol that requires the backing up all the data [waters.com] that comes off the machine.
However, lately, we see more and more vendors moving to Linux for instrumentation control. As a company, we now request non-Windows based control and data acquisition
Re:It's time.... (Score:3, Insightful)
Mine too. Too often once the software's written for a piece of equipment a company wants to sell, the software unit gets disbanded (what, you wanted support?). So then you're stuck with whatever OS was current at the time for the lifetime of the equipment. So we have setups costing 10's to 100's of thousands of dollars controlled by PCs running Win 95/98. It would be nice to have these connected to the network to
Re:It's time.... (Score:4, Insightful)
Personally, I'd love to migrate us to Linux, but until I can replace CAD/CAM systems, accounting packages, design software, drawing packages, etc... that's simply not going to happen, and until it does happen I'm faced with the job of keeping our MS systems secure.
We've found that preventing web based scripts from running has kept us virus free for nearly two years now, but even then we're expecting to be hit by something sooner or later. If you're running a Microsoft network, it's worth putting a few weeks aside to get RIS / Ghost working well. Right now we're looking to take things a step further by running all our clients off a set of blade servers running virtual machines. There are cost savings to be had with the ease of maintenance and disaster recovery suddenly becomes a whole lot simpler.
Re:It's time.... (Score:3, Interesting)
I solved that problem. I have job specific machines. The days of a general purpose computer used for everything under the sun is over. Sure I have a machine for Turbo Tax, and other Windows specific applications.
My web browsing machine is a Ubu
Rebuilding PCs isn't that bad... (Score:3, Informative)
There's a relatively inexpensive product for which you can purchase a license called 'WinINSTALL'. Not a lot of people seem to know about it for some reason, but the currently available version of the product makes it relatively painless to completely rebuild a PC's OS, complete with applications and various profile settings (shortcuts, your favorite background images, and so on).
It doesn't have the pain associated with image solutions; you don't have to worry about re-ima
Re:It's time.... (Score:5, Informative)
Not removable. I don't care if you can remove them, what I do care about is time. If you have to fix a bunch of people every day, clawing around at the core system trying to find a hidden rootkit and remove all traces of it while not breaking anything worse than it already is will most likely take you far more time than backing up some data and doing a full reinstall.
Basically, if you're using Internet Explorer and have not got a rootkit yet, you are either using good browsing practices or you do have one and won't admit it. I support 10,000+ students at a university, and we're doing at least one reinstall a day due to rootkit infection. These are mainly young women who are just using the internet like all their peers do; i.e., not looking at porn or searching for warez or cracks.
Unrecoverable? (Score:5, Funny)
Re:Unrecoverable? (Score:3, Interesting)
There was a virus that did change the refresh frequency and that caused the monitor to fail, sometimes with smoke.
Sony (Score:5, Insightful)
Re:Sony (Score:2)
Re:Sony (Score:3, Insightful)
no disaster recovery plan? (Score:3, Insightful)
--Taladon
It's Microsoft's operating system. (Score:2)
Ho Hum (Score:2, Funny)
This is news? (Score:5, Insightful)
Re:This is news? (Score:2)
When I had a hopelessly-hosed machine (at least for my level of expertise), I decided it was time to spoil myself with a bigger hard drive. Installed it, loaded windows, then connected the old one as a slave. Copied all the data I needed (stuff from c:\games and c:\music) that wasn't infected and lived happily ever after.
Re:This is news? (Score:2)
SOP? It's failure and lock in. (Score:3, Insightful)
This is an admission of failure on Microsoft's part. The complexity and inflexibility of such a system is unacceptable and the efficacy is questionable. What's keeping the bad guys off your image server? If they root that, they have every
Really? (Score:2)
Is this implying that there are people who don't do a complete rebuild after a system is compromised?
Heh (Score:3, Funny)
Re:Heh (Score:2)
Translation (Score:5, Insightful)
Kernel hooks? (Score:5, Interesting)
Um, how about making it possible to DISABLE ADDING KERNEL HOOKS? There should at least be a reliable way to get a list of all currently-running kernel hooks, if there's not already.
Re:Kernel hooks? (Score:3, Insightful)
Which is worse? Allowing virtually anything to hook into the kernel (provided the running user has the rights) and potentially opening it up to rootkitting... or a user accidentally disabling all 3rd party kernel hooks which caused their anti-virus program's filter driver to stop working and not detect a more run of the mill virus causing them much pain and
Re:Kernel hooks? (Score:3, Informative)
I just did a cursory search and found this:
http://www.sysinternals.com/Utilities/RootkitReve
The sysinternals guys seem to know Windows better than MS. Cool people to know if you are forced to use MS operating systems.
But you never could... (Score:5, Insightful)
You could never recover a compromised system reliably anyway. Once someone's got through your security to a certain level, you can't trust anything - including security tools and diagnostic information - that runs at that level or above. For a typical desktop PC or office server, that basically means you can't trust anything left on the system.
Any sort of virus removal or system clean-up after being cracked is just a calculated risk that the attack will have been completely removed, based on the fact that doing a complete rebuild of a system and restoring all the backed up data is expensive, and while not cleaning up 100% after an attack is potentially more expensive, the probability of this is low.
And no, running Linux or MacOS X instead of Windows doesn't change this, despite the number of people flippantly suggesting these alternatives. I'd have told you this earlier and saved a dozen posts, but apparently it's been 4 minutes since I last successfully posted a comment, so I can't post another one yet... ;-)
Re:But you never could... (Score:5, Informative)
You could never recover a compromised system reliably anyway. Once someone's got through your security to a certain level, you can't trust anything - including security tools and diagnostic information - that runs at that level or above. For a typical desktop PC or office server, that basically means you can't trust anything left on the system.
Actually, this not completely true. You just run your tools on another machine known to be uncompromised. Also, there are hardware level recovery systems that will restore to a known, clean state.
And no, running Linux or MacOS X instead of Windows doesn't change this, despite the number of people flippantly suggesting these alternatives.
Running OS X is somewhat beneficial since it is less susceptible to malware due to architectural choices and lesser attention from malware authors. Just not being Windows can be a great help, practically speaking. Also, all OS X machines can be put into Firewire target mode, facilitating easy recovery of data from compromised systems with greatly reduced risk of infection.
Running Linux can make an even bigger difference. Since Linux supports virtualization technologies, mandatory access schemes, and the like you can not only reliably recover data, but be fairly confident that once a escalation vector is detected and patched, the data from that particular machine will not cause a new machine to be re-infected. This means you can say with reasonable certainty that there will be zero data loss as a result of wiping a machine and the process can be automated.
This is, of course, on top of the greatly increased security that can be obtained by using certain, secure Linux distributions. Arguing that SELinux or OS X won't make a difference, even though both contain functionality designed to do just that, is simply incorrect. (Note, before someone gets uppity, I am not equating the level of security provided by SELinux with OS X.)
Thin Clients (Score:5, Insightful)
Whereas, if they had been using thin clients with no local storage, the only recovery action would have been on the server. And if they had been running non-Windows on the server, they wouldn't have had these infestations in the first place. A full-blown Windows PC on every desktop in an enterprise is just an expensive welfare program for MCSE types.
Re:Thin Clients (Score:5, Informative)
I compare this to the environment I enjoyed in the early 90s: diskless Sun workstations connected to Unix servers (Convexen), and I long for the good old days. Heck, I had a PC at home--but it was for play; the real computers were at work, and I knew it. The OS had been designed from the ground up as a multi-user collaborative environment, with a simple, sensible and reasonably effective security scheme. Thanks to my .profile and my private cache of scripts and macros, I could personalize my X Windows and command line environment to my heart's content.
Yes, there were some drawbacks. Sometimes, response was sluggish--who started that damn compile at three in the afternoon? And of course, if the server went down, everyone was SOL. I think the first concern could be addressed by the much faster processors of today (and some judicious load-balancing). Our networks have gotten much faster and more efficient, so I don't think response time would be much of a problem. As far as downtime, it has to be at least a wash--and when a large mob bearing torches and pitchforks descends on IT, they tend to get problems fixed with amazing alacrity.
Balancing the two environments, today's seems to be the obvious loser. Why are companies throwing billions down the Wintel rathole each year when they could have efficient centralized servers running a real collaborative OS? How did this happen?
I think I know part of the answer. The first signs of the Great Fall came when a few managers bought PCs so they could run MS Office applications--primarily spreadsheets at first, then--oh wonder of wonders--PowerPoint and Word. But now management found that they had been sundered from their underlings, who were working in a completely different environment from theirs. Incompatibility reared its head: You had to buy one set of apps for the PHBs, and another for the geeks. Worse, underlings could not read communications sent to them in Word format by their bosses, and they could not produce beautiful PowerPoint presentations on demand. They could--alas--only do their jobs. Management found this Wasteful and Inefficient, so they decreed that henceforth, everyone shall use computers just like theirs, running an operating system just as powerful and capable as theirs. And so now we live in compatibility Hell.
Fools... (Score:3, Interesting)
That being said, we haven't had much trouble with malware, and we're mainly an XP Pro/2K shop. We don't allow our users to run as administrators--period. That includes techs. Those who need the ability to install stuff have a local account which is prohibited from actually logging into the computer and has no rights to the domain. Ever since we implemented that things have been pretty quiet. In the rare case when somebody's machine does go down we can take a ghost image for backup purposes (if they aren't storing stuff on the network), and then re-ghost with a clean image. Average turnaround time: two hours.
Re:Fools... (Score:4, Insightful)
It's a gamble. Building the new system represents a cost (in time and labor if nothing else). Retraining staff is a cost. Finding new apps, or secure work-arounds for existing apps, represents another cost. Dealing with the transition (helpdesk, troubleshooting, whining users, fixing incompletely transitioned apps) represents yet another cost.
On the balance side is the cost of a security breech which (insert your company's worst nightmare here). Or the cost of denying all your users all your computers for a period of time while things are all rebuilt. Of course it isn't guaranteed that either doomsday scenario is going to happen; simultaneously, it isn't guaranteed that either doomsday scenario is going to be limited to a single incident.
It's called risk management.
Put another way: is it worth taking a known, calculable, solid kick in the nuts to mitigate the risk that you might be repeatedly shot in the arm, chest, or head?
What is your business worth?
Re:Fools... (Score:5, Interesting)
Wouldn't matter anyway. Best practices for recovering from UNIX intrusion have always been to wipe the disks, reinstall the OS, and recover the last known-good backup. Nothing has changed here but Microsoft's attitude; they're starting to grow up a little.
(sniff). I remember when they were knee-high.
Re:Fools... (Score:3, Insightful)
At least where I work, in the educational sector, that's impossible. The time spent retraining faculty and staff alone would outweigh the security benefits
Translation: I never have the time to do it right, but I always have the time to fix it!
Retraining? (Score:3, Insightful)
Re:Fools... (Score:3, Informative)
It always makes me laugh - retraining people to click things on a screen. It makes me laugh even harder when these people are supposed to be *educators* .
What's wrong with giving people a set of printed manuals and a linux partition and informing them that they will be expected to be u
So they just lick their wounds and move on? (Score:5, Interesting)
Re:So they just lick their wounds and move on? (Score:4, Interesting)
Don't ever let yourself think that it isn't purely ideological because it is, it's the same philosophy that guides the IMF and Bush's conquest of the Middle East.
One more result is the belief that malware from companies/organizations = marketplace should decide, and that's good, while malware from individuals = individual must be punished for causing (seen to be parasitic) difficulties for aforementioned companies/organizations.
Re:So they just lick their wounds and move on? (Score:3, Informative)
Are you referring to the Skylarov case? If so, you're off. First, he cracked the encryption; he didn't just issue a warning. Second, he was not dragged to the US for trial. He went to the US of his own free will and was arrested in the US.
I'm not saying whether Skylarov's actions were justified or not, but your version of the events is not correct.
Comment removed (Score:4, Insightful)
Re:So they just lick their wounds and move on? (Score:3, Interesting)
Years ago a friend was following another car down the interstate at a high rate of speed. A cop pulled up behind them and turned on his flashers. My buddy hit the brakes; the other guy hit the gas. The cop pulled my buddy over and wrote him a ticket. Buddy asked cop why he didn't go after the other guy, who was obviously avoiding arrest. Cop's reply: I was only going to be able to get one of you and you were the easiest.
La
Re:So they just lick their wounds and move on? (Score:3, Insightful)
Or it could be in the cases you cited, what was done was done very publicly, so the person responsible was easy to find. Now if you know who is responsible for the malware in question, why don't you let the FBI know and see what happens?
Its no odder than the fact that I got a speeding ticket when I sped past an unmarked police car, but they haven't found the person who broke several windshields in the neighborhood a while ba
Missing the point (Score:3, Interesting)
Most computers are actually used in a workplace, rather than at home.
How hard is it to automate wipe/reload??? (Score:2)
"Quick, bob, run to the store and get Ghost..."
They had to design a process real fast (Score:2)
Re:They had to design a process real fast (Score:3, Insightful)
Once you've worked with a real X11 window manager, you can never go back to the crude hacks used on other platforms. Are you talking about an icon theme or something? Maybe you're thinking of KDE circa 1998?
You're talking about "de facto standards", not standards. Standards are publicly documented and have been the prime focus of Linux systems since before day 1. Undocumented, un-POSIX-compliant applications
Wow. Really? (Score:4, Informative)
Re: (Score:2)
MMSF (more Microsoft FUD)(TM) (Score:5, Interesting)
Exactly (Score:2)
PC vs. Windows (Score:5, Interesting)
...and who do we have to thank for that? (Score:2)
"Microsoft"!!!
Seriously now, the situation gets worse by the minute. Yesterday I run lavasoft's adware, spybot search & destroy, symantec antivirus and sysinternals rootkit detector. I found several problems, and I run behind a firewall. The rootkit detector found many hidden APIs.
For how long, Microsoft?
Didn't we already know this? (Score:2, Funny)
There is so much malware out there that bypasses antivirus and spyware checkers, case in point when I used to use windows (I moved to Gentoo/Solaris 10 about 3 months ago) I was running ClamAV, and Norton AV, additionally I had 2 spyware checkers, all these products updated every night.
One morning I executed a crack program (I know but I was half asleep, oh and before people start complaining that I shouldn't use the crack, I
Obvious (Score:3, Interesting)
On Windows boxes I still see many spyware infections on computers where the users don't even have administrative access. This includes the adding and changing of system services that users don't (read as shouldn't) have access to change as well as totally screwing over the Windows system restore which I might add helps malicious software coders than the users actually trying to restore system files. All this from surfing a malicious site in IE.
It really is impossible to trust an infected machine even after every effort has been made to remove the spyware. This is something every Microsoft admin I know has known for some time, this should be a non story except that it's about a government branch that had 2000 spyware infected client machines and no disaster recovery plan - heads should be rolling.
Re:Obvious (Score:3, Interesting)
And the answer is really simple: Windows simply refuses to make it easy to partition a drive so that data is over THERE ---> and only the OS is on this parition. Yes, I know you can do it. But you try explaining to home users who are terrified of any sort of change on their computer that their documents are on the D: drive. And no, they d
Reading between the lines... (Score:3, Insightful)
"When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here."
Now those sound like the words of someone who has 'been there and done that' more than a few times. If Microsoft is having those kinds of problems with the hardware, software, and expertise they have at their disposal, imagine the kinds of problem that 'Sam's Plumbing and Heating Co.' is having.
Will it get to the point? (Score:4, Insightful)
When a *nix box gets rooted, generally standard practice says that you rebuild the box. I'm unsure if this is the case with Windows rootings. That is just the way it is.
Malware wants to be "sticky". I'm surprised it has taken this long to become truly difficult if not downright impossible to remove.
What I wonder is if people will just tolerate the unremovable malware instead of the frustration and/or time of reinstalling the OS and applications and getting everything just right all over again. It's one thing for system administrators and geeks to reinstall. It another thing entirely for the average user to have full/incremental backups or cloned drives or some set of procedures for reinstallation.
This is definitely an interesting situation.
these the guys whose registration is anti-Ghost? (Score:3, Insightful)
MS has finally awakened and smells the coffee.
but I have no cup for them any more.
Boot from CD (Score:3, Insightful)
What does a home/home office do? (Score:4, Interesting)
I didn't have the foresight to make a Ghost image of my system from the factory. It's a DELL and the restore-to-factory-from-secret-hidden-partition doesn't work once I added a new partition to the drive (with Partition Magic).
So now it looks like I have to:
1. Make sure I have up to date backups of my data (always a good idea)
2. Purchase another copy of Windows even though I already paid for one
3. Dig through my records collecting all the keys to all my applications
4. Spend an entire day reinstalling Windows and all my applications. Anyone who says it only takes an hour to reinstall Windows must have a secret version I don't have access to. I have to babysit the install through ten reboots and many hours.
Is this the best way?!
What about after that? I can Ghost the Windows partition, but I'd still have to reinstall any applications installed after the Ghost was made. And it's no use putting the applications in another partition because the applications depend on cruft in the registry.
Viruses will corrupt data at some point ... (Score:3, Interesting)
A good virus won't be found out for awhile, and without knowing when it infected the system, you won't easily be able to tell how far back to go in the backups to pull 'clean' files.
This would have a devastating effect on the trust people have in any part of the system. What good is 'rebuilding' the system if you can't trust the data backups either?
Speaking from experience. (Score:3, Interesting)
For example, the most recent cleanup I did entailed a laptop that had no antivirus software running on it. They did have a bundled AOL spyware app installed, but as far as I could tell it had never been run. I installed Avast! and Ad-aware from CD and ran full scans on the system. The result was over 300 virus and over 3,000 malware captures. Amazing that the computer could even launch an initial Windows Explorer session at all.
If things continue their downward spiral (i.e. - Microsoft dominance, widespread Internet exploits, monetary incentive for malware deployment, and foreign government turning a deaf ear on abuse reports) I would require that anyone with a Windows-based Internet-exposed PC have to earn an operator license. Much like someone would have to do to operate an automobile, motorcycle, ham radio, etc. This would include mandatory security training. And for God's sake, a brief explanation of imaging and recovering their hard drive in case they get hit with something later.
Seriously though, this scenario isn't viable. But perhaps virtualization technology offer a safe haven. Folks could just reboot their virtual image if they get slammed with something and get back to square one. Until the malware authors get one step ahead of that at least there would be some breathing room...
Re:Format C: (Score:3, Informative)
Re:Format C: = The Matrix (Score:5, Interesting)
Additionally, the malware could have virtualized your PC and whatever changes you make are to the virtual computer you are running on while the virus has real run of your hardware and resources. Even if that doesn't exist yet, one day it will because it is possible using software that is even freely available today, with some tweaks that bad people would only be too eager to implement.
Talk about the mother of all rootkits eh? Your computer would be like The Matrix, a virtual world where you think you are in charge but are really running a pawn cause you're pwn3d.
Re:What Do You Expect? (Score:2)
Please tell what such an "alternative operating system" is? It is a given that if your UNIX-based system has been compromised, the only way to be sure it has been cleaned is to re-install from scratch. Basic security.
-Em
Re:What Do You Expect? (Score:5, Funny)
Vista, of course. It has Trusted Computing, so I know I'll never have to worry about security again.
Re:Its official (Score:3)
DOS at the time was great, there were no other options other then Unix, which at the time was very expensive and very hard to use. For the most part he goes comparing OSs that really never went anywhere (like the Xerox OS's) with an marketed product. Yeah it's great Xerox has those features in 1981, but you have to put the product to market and have it accepted b
Re: (Score:3, Interesting)
Re: (Score:3, Interesting)