digg

Facebook Connect Join Digg About

Microsoft Says Recovery from Malware Becoming Impossible

eweek.com From TFA: "In a rare discussion on the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall malware-infested operating systems."

Who dugg this? Made popular Apr 4, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

139 Comments

show profanity settings
expand all
  • schwit, on 10/12/2007, -3/+38This is the start of the "You need Vista because XP is unsafe" campaign.

    Does anybody think that Vista will solve this problem? Of course not ... this is a people problem, not technology problem.
  • swindmill, on 10/12/2007, -13/+36"When are all of the Mac & Linux ZEALOTS going to realize that it's not the OS itself, but the size of the audience that's enticing to these idiots?"

    When are all the Windows zealots going to realize that there are differences with OS architecture, and that UNIX base OS's are inherently more secure?

    Use the OS of your choosing and get over it.
  • kelly, on 10/12/2007, -3/+21Size is only half the reason... Microsoft is attacked so freequently because their default configuration makes it so easy.
  • TAGG, on 10/12/2007, -5/+19Wow! Finally they have realized this.
    I hope now all this AntiVirus / AntiMailware crap with annual subscriptions will die.
  • Jozer99, on 10/12/2007, -1/+12Known it for a long time. I work in IT, and in almost all severe cases, there is very little to do but reformat. This is not to say that if you find a single tracking cookie on your computer to take your hard-drive out back and shoot it, but that in cases where there is LOTS of spyware, just removing the offending programs won't fix the problem. After you rip 100 spyware programs out of their hiding places in the windows directory and registry, your OS is left in shambles. Often, the TCP/IP components of windows are damanged. Taskmgr.exe usually work work. Explorer is slow and laggy, in other words, the symptoms persist. A clean install is the last refuge.

    Please, Mac people, don't gloat here, we have already heard it all. The fact that you have 5% market share is all that saves your brushed aluminum @$$es from an onslaught of spyware and viruses, not some sort of mythically perfect OS.
  • Antz0rz, on 10/12/2007, -5/+15"Malware detected. Your computer has been automatically formatted."

    ...I'm sorry, but this is the stupidest idea ever.
  • 16x9, on 10/12/2007, -2/+12Schwit is correct, of course.

    Say what you will against Microsoft, no one can claim that they aren't loaded to the gills with marketing sense.
  • hchaudh1, on 10/12/2007, -3/+12If you look on the second page, Mike Danseglio, program manager in the Security Solutions group at Microsoft, basically calls Windows users and the victims of malware/spyware/phishing stupid. I don't know where they get the balls to call their own supporters and customers stupid and get away with it.
  • phpirate, on 10/12/2007, -7/+15Because everyone knows the smart people don't actually BUY windows ;)
  • smellinator, on 10/12/2007, -2/+10You have it wrong. The blurb says "automated process to wipe hard drives and reinstall malware-infested operating systems". So we are going to reinstall malware!

    "Your computer has been automatically formatted. NOW Malware is detected. "
  • mark1372, on 10/12/2007, -1/+8I hate to say it, but they made their bed, so now they have to lie in it.

    Microsoft has unbelievable talent at their disposal, a virtually unlimited bank account, and have known about security problems for many, many years. As far as I'm concerned, they have no excuse at this point. They haven't done enough by now because too many people were asleep at the switch. Unacceptable.

    Unfortunately, it's created a culture where users now just accept that they're gonne get viruses, malware, and be forced to buy anti-virus software. Shame.
  • DiggerTheDog777, on 10/12/2007, -7/+14It's disturbing that the most common operating system in the world is so vulnerable. That's the reason why I won't use it but at the same time I wonder about all the other people who use it and haven't a clue to its serious issues. I guess the old saying "ignorance is bliss" is on the mark.

    I know a CAD/CAM firm who uses Windows for their workstations, they are networked together but have NO connections to the outside world. They use Windows for their Workstation platform because they are forced to by their application vendor. The rest of their computers are a mixture of OS-X and BSD and are connected to the outside world. Files that have to be transferred to the Workstations are scanned then sneaker-netted to the Workstations. Archaic but effective.

    Microsoft really needs to write a new OS from the ground up. Maybe they could even dump the registry, shared libraries and activeX along the way.
  • mark1372, on 10/12/2007, -0/+7From the article: "...a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems"

    Why is this a transference to the consumer? Microsoft should provide this "automated process" instead of creating yet another addition to the lucrative Windows "security" industry.

    And this whole "if you have malware, it's your fault because you installed it" is a ***** corporate argument and needs to stop.
  • SilentBobSC, on 10/12/2007, -2/+8Step 4 - Shoot #@&hole fanbois

    I don't know about you, but I have enough of my time taken up with showing people how to send e-mail, I'm not about to explain to them how to compile and install their own apps.... You lil Linux asstards need to quit your yapping and come up with a SOLUTION and not 5,000,000 distros with confusing names. You can't support an OS when you have so many damn itterations! I have enough problems getting people to know if they are running 95/98/ME/XP.
  • mark1372, on 10/12/2007, -1/+7You can blame Microsoft because the default installation of Windows, as well as simply USING Internet Explorer and Outlook in their default states can infect your PC just by visiting a site or reading email in the preview pane. Service Pack 2 closed a lot of holes, but left a whole whack of known holes wide open.

    Don't blame the user. Most people aren't IT experts, nor should they be expected to be.
  • spectre_25gt, on 10/12/2007, -2/+8I'll be modded down by the MS fanboys I'm sure, but I'm really curious why Apple hasn't released ads of a similar nature. They've mentioned things like that in a round-about way, but they've never come out and said "Our OS is more secure. Buy it."
  • zbeast, on 10/12/2007, -1/+7Most of this can't get rid of malware trouble is windows itself.
    Microsoft's "System Restore" feature causes malware to be automatically reinstalled after it's been removed by
    anti-spyware and anti-virus tools.
    Windows lets commonly used tools run with root privileges making it easy to infest systems.
  • mistshadow2k4, on 10/12/2007, -1/+6"bad solution - If everybody were to switch to Mac, Linux, OS/2, whatever... then all spyware developers would simply start developing malware for those operating systems"

    And how could it work? You'd have to give it your express permission and type in your root password for it to even install itself. Most of the recent rash of OS X exploits proved that. That's not how *most* spyware gets installed on Windows; most of it comes from just being online. No *nix OS allows anything to install itself on a system without permission.

    People seem to think "well if I don't click anything my computer will be fine" but they're dead wrong. They love to talk about the clueless users but they're really just as clueless if the think their systems are safe because they avoid opening email attachments and downloading screensavers. I wish to God these people would wise up and stop spreading this nonsense around. Yes, safe browsing helps, but it's not enough.
  • SilentBobSC, on 10/12/2007, -2/+7Actually, if you ever have worked with the masses, you would know how accurate that statement is. Most of us can tell when a popup is trying to look like an official error message but Old Lady Hubbard wouldn't know any better. See... Windows, while you may bash it, is now the primary OS. The long tail of users (people who have trouble installing AOL) is now getting comfortable with Windows, no matter how buggy or insecure. They are not going to actively go out and learn a linux distro or even sometimes OSX, it's different and people in general don't like change. They do anything to avoid it.

    So they take their old Pentium III system to the repair store, the guy tells them that they're better off with a new system, maybe they consider Apple, but upon seeing $1000-$3000 for a Mac (not counting a monitor and KB/Mouse-less mini mac) or a $500 Dell/HP/Gateway/EMachine/Whatever... guess which they choose. Only person to blame here is Apple for not having had the forward vision to license their OS to multiple manufacturers.
  • rewritable, on 10/12/2007, -6/+11I use it because I want to play new games now, not 3 or 4 years from now. or with linux never...... OH LOOK ASTEROIDS!!!!!!!!!!! WOW I WANT LINUX SO BAD NOW!
  • deadbaby, on 10/12/2007, -1/+6Microsoft is right.. It's a waste of time to even try recovering from a serious malware infection on Windows. I figured that out about 3 years ago. Even if you can remove the malware you're never going to be 100% sure the system is clean until you format it. Virus scanners aren't magic.. they do NOT pickup 100% of infections. If you are seriously owned you should assume your system is infected until you reformat.
  • mark1372, on 10/12/2007, -1/+6"I don't understand the aversion to wiping your hard drives and reinstalling your OS."

    Because it's a goddamn pain in the ass, and should be unnecessary. Not only that, but the vast majority of users have absolutely no idea what's going on when this happens, or how to fix it if they muck it up. And that's not their fault.
  • spectre_25gt, on 10/12/2007, -1/+6One of the goals of Vista was originally going to be dumping the registry. I can't remember why, but they ended up scrapping it.
  • anagami, on 07/02/2008, -2/+7social engineering + default root access for all users + mediocre code = malware
  • MindTrigger, on 10/12/2007, -0/+4
    My company already keeps our employee's desktops and laptops mostly generic. All files are saved to the network, and apps can be easily reinstalled. I've had to wipe a few machines that received the malware smackdown.

    In a many cases, it's not a matter of malware being impossible to remove, but a matter of how long diagnosing and removal will take compared to just wiping the machine and reinstalling. That's how I roll, anyway.
  • 0Troy, on 10/12/2007, -0/+4"I don't get how they can have such a huge staff of the "best and the brightest" and still have no clue how to recover a windows installation without a reinstall."

    Good friggin point. The "I dunno, just rebuild it" used to be the cop-out answer from the uninformed... Now you have to use one of your incidents to get to a level 3 support tech so he can say "You've got a good backup right? Just rebuild it." :-P
  • tryferos, on 10/12/2007, -0/+4I never even thought of that...good call schwit, that sounds like a perfect scare tactic to get the ignorant masses - like Mr. Jerry Taylor from Tuttle, Oklahoma - to rush to get Vista.
  • el_jefe, on 10/12/2007, -0/+4@crass

    "Why woudn't the most used OS also be the most vulnerable? If an operating system has a small audience, why would anyone bother to attack it? These malware producers are after information, mostly. And where will they get the most information? The massive windoze clientel, of course."

    Ok, Cass, why don't they go after web servers? Most web servers, if not just a good chuck run some form of *nix. Why not attack web servers? I mean take down a server cluster and that will be noticed, right?

    I'm guess they go after the easy target. Machines with little security, little chances that they will be seen (logged), and have a high rate of success?

    But then again, there is no arguing with fanaticism....

    Oh, and don't think I dislike MS. I love them. Their OS keeps me employed. If I had just my linux servers and desktops to watch, I wouldn't be needed. And I don't care what Os you use, run as "admin" or root for your daily tasks and you are just asking for it.

  • SilentBobSC, on 10/12/2007, -3/+7As fishtanks

    http://www.applefritter.com/image/tid/114
  • geekee, on 10/12/2007, -1/+5"Wow! Finally they have realized this.
    I hope now all this AntiVirus / AntiMailware crap with annual subscriptions will die."

    RTFA. They're saying, once you are infected, the best solution is to start fresh rather than trying to replace infected files. People have known this for awhile.
  • websitepro, on 10/12/2007, -1/+4If they are smart, they will put the kernel and associated
    files into a rom where it can't be touched.

    That way the core of the operating system is "never" compromised and the
    computer is never totally inaccessible.

    In addition, the rest of the operating system should
    reside on its own hard drive and the drive should be
    locked.

    Files and programs should be installed on a second drive.

    Should help a bit I'd say.

    Dan McTaggart
  • longman2g, on 10/12/2007, -7/+10it is very easy to not get a malware infested computer. Don't go to porn sites. Don't click on free ipod links. Don't take surveys for money. Don't try to shoot little moving targets. Do not click on a link even if you are sure you really won the lithuanian lottery. But if you simply must do some of these, get some basic protection for your computer, which is a good thing to have anyway in case you do go to some random website with malware on it.
  • jaydee, on 10/12/2007, -0/+3a large percentage of people reading this site make their living from windows being *****.. I know I do.

    If MS ever managed to fix Windows I'd be out of work, I'm just pleased that the re-install from scratch method has been advocated by MS, its what I do for my customers 9 times outa 10 anyway

    Long live ***** windows and all its problems
  • lydon, on 10/12/2007, -1/+4It's not that they couldn't figure it out, it's that it takes TIME to figure it out, and it really is a lot easier most of the time just to format a workstation and start all over. We use Novell ZenWorks so if something goes wrong with a pc, we just set it to re-image on startup, it gets a PXE signal from the server when it boots, and about 5 minutes later they're on a brand spankin new install of windows. The alternative is for me to drive to that office, manually install windows and all of their apps, and it just happen again in 3 weeks. All the data is kept on a server anyway, so what does it really matter? Look, your users are mostly idiots who want to view their friends on mySpace or win an iPod, you can't help that. You can only make your job easier.
  • spectre_25gt, on 10/12/2007, -1/+4That's a very good point. Why are all these kernel hooks there that people can use to create rootkits anyway? Is it truly necessary?
  • mdshort, on 10/12/2007, -0/+3I guess that rules out ID's entire line of games (Quake and Doom), the most RECENT unreal titles (ut2004)... Theres a plethora of free games (good ones too) that won't force you to reinstall because of malware (like it would in windows). I can think of dozens more, America's Army, Armagetron Advanced, Barrage, Chromium 3d, Crack-Attack, Cube, Fish Fillets, Frozen Bubble, Gweled, XMame, LBreakOut, NetHack, Supertux, and Trackballs, and TONS more (including a tank game I can't remember the name off)... and the fact is you don't have to pay a dime for linux.
  • el_jefe, on 10/12/2007, -0/+3@bignate

    "Also, don't give me your crap about "don't run as root user." Guess what? A lot of windows software developers (NOT MS) write their software so that you HAVE to be a local administrator to run the software (can anyone say AutoCAD?). It's not entirely Microsoft's fault that we all run around getting infected."

    And why do developers have to write their software to require admin rights? Perhaps it because the OS developers didn't allow for them not to. Oh, and viruses and malware exist for *nix and OS X. Thats right they do. Why don't you hear about them more? Oh, maybe its because the users don't surf the web or open their email as "admin", therefore unless they type in the password when prompted to install the software they have no idea about, they don't get infected.

    But really, you get infected, you have no one to blame but yourself. Windows, you get infected because you opened your email or surfed to the shady site as an admin. Therefore the malware or virsus doesnt need your permission to install itself. In *nix or OS X, if you are stupid enough to enter your "admin" password and install the software that just popped up when you visited the site, you have no one to blame but yourself.

    Now, sure more market share = more users. More users = higher or lower average intelligence of users. All of it = greater chances someone will enter their "admin" password because they just opened an email and all of a sudden its asking for my password. "I don't know why it wanted to know, so I just typed my password and hit enter and the pop up went away."

  • Berkana, on 10/12/2007, -0/+3Quoted from the article:
    _______________________________________
    "The easy way to deal with this is to think about prevention. Preventing an infection is far easier than cleaning up," he said, urging enterprise administrators to block known bad content using firewalls and proxy filtering and to ensure security software regularly scans for infections.

    ______________________________________________________________
    The best way to prevent Windows malware is to switch to Linux or Mac. If even for the simple fact that as minority platforms, there is less malware for them, this is an advantage worth taking. Linux and Macintosh are likely to remain minority platforms for the forseeable future, so I don't see this side-effect benefit going away any time soon. And even if viruses and spyware were being written for these two platforms, the number of Windows threats would still outnumber Linux and Mac threats for the forseeable future. (On top of that, spyware can't do many of the tricks seen on Windows due to better API's and access control on Macs and Linux, so many of the threats seen on Windows simply can't exist for Linux or the MacOS.)
  • inactive, on 10/12/2007, -2/+5LONG LIVE THE POPUP!!

    (Are you sure you want to run this program?)
    (Are you sure you meant to click that last popup?)
    (You sure you're sure? You know this program wants to access your registry.)
    (Positive?)
    (Ok here goes...*****...sorry I ***** up, can you click that again?)
  • 0Troy, on 10/12/2007, -1/+4@deadbaby

    You don't even have to copy your home folder; you can just put it on another partition, and reinstall using the old home directory partition as your new one. All your settings transferred easily. No fuss, no odd settings, no registry keys, no BS...
  • WiseWeasel, on 10/12/2007, -1/+3The vast majority of Mac applications install and run without root permissions. In MacOS X, developers use the sudo function to escalate privileges for a specific task requiring root access, prompting the entry of an admin login/pass. The escalated privileges are only active for the particular task at hand, and then expired. Any data owned by the current user is fair game, but anything deeper is off-limits without an admin password, which is never actually needed for typical applications (since they stick to the userspace).

    Since the applications most-commonly used by the user can be stored in the root applications folder (which a non-admin user can't write to), the only real vulnerable data is the user's documents and prefs, which are very rapidly restored from backup. This makes MacOS X much easier to manage from a security perspective.
  • inactive, on 10/12/2007, -4/+6"bad solution - If everybody were to switch to Mac, Linux, OS/2, whatever... then all spyware developers would simply start developing malware for those operating systems"

    I'm not totally convinced you understand the inherent differences in operational security and restrictions between an OS like Windows and OSX/linux/unix.
  • Toloran, on 10/12/2007, -1/+3"In a rare discussion on the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall malware-infested WINDOWS systems."

    Fixed that for you. (all caps for what was changed)
  • LiquidPenguin, on 10/12/2007, -2/+4@mistshadow2k4

    Prior to OSX, I believe most of the Linux issues dealt with escalating privileges. All it takes is one potentially uncompromisable bit of software listening on an open port. I admit I don't keep track of OSX all that much though. After that ***** fiasco about a system "compromised" in, IIRC, 15 minutes because some guy was pounding away at the keyboard itself. I simply lost interest in watching any security issues with OSX.

    Of course, Linux and OSX users need to stop deluding themselves that these OS's are impenetrable boxes of steel and Windows users need to learn to be a little bit more savvy. Really, the only secure box is an unplugged box hidden away where no one can find it.
  • Reddog_x2000, on 10/12/2007, -0/+2@Don't go to porn sites.

    God damnit. That's why I got a computer in the first place.
  • mistshadow2k4, on 10/12/2007, -2/+4And absolutely none of the above will protect you from viruses like Blaster that download themselves straight into your system.

    You need to learn more about how Windows actually works -- yes, some malware can and does download itself into your computer without you even knowing. And it's not as rare as most people seem to think. Don't be believe me? Uninstall your antivrus, anti-spyware and firewall. Browse around online for just two days like that, even on the "nice" sites. Then reinstall the antivirus and anti-spyware, update them, and scan your system. I absolutely guarantee that you will find spyware and I'd bet money that you'll find a virus too.

    And yes I'm a *nix-user, but I have to point out that with any other OS in the world you can go to any site you want without needing to worry about that crap.
  • SilentBobSC, on 10/12/2007, -2/+4Yeah, now explain that to your 80yr old grandmother over the phone.... Not everyone is a geek, and just because you own a computer doesn't mean you have to be an all-knowing uber-geek, that would be like requiring a engineering degree to drive a car. Get a better solution for the masses and then MAYBE you'll stand a shot.
  • mark1372, on 10/12/2007, -3/+5"If you don't know, then you should learn... the "vast majority of users" shouldn't own a PC to begin with..."

    Horrible argument. Sure, it would be nice, but computers are intimidating to most people right off the bat, and people know that trying to tinker where they shouldn't necessarily be means a computer that doesn't work.

    Your argument is like saying people should know how to run diagnostics on their cars or know how to fix the engine. Yes, that would be nice and all, but totally unlikely. Not only that, but if something breaks in the car, causing it to crash or catch on fire, you don't go blaming the driver, you blame the manufacturer. Some car defects ARE caused by driver error (i.e. overinflating the tires) but the mechanicals are usually not, which is why there are so many recalls.

    We wouldn't stand for it with our cars, so why do we settle with our operating systems?
  • cpawl, on 10/12/2007, -0/+2Amplix,
    It's a networking trick used by most places who know what's good for them. You create a user log in, and reload a fresh image on every log in. This is not practical for the average home user nor is it even a full proof work around.
  • Fetching more discussions...
    Show 51 - 100 of 140 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.