User Panel
Posted: 4/5/2006 6:48:19 PM EDT
www.eweek.com/article2/0,1895,1945808,00.asp
Microsoft Says Recovery from Malware Becoming Impossible By Ryan Naraine LAKE BUENA VISTA, Fla.—In a rare discussion about the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation. "When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here. So, who thinks Mike is a member here? |
|
when you really need to get rid of pesky viruses and spyware, it's the only way to be sure.
www.nukeitfromorbit.com/ |
|
i completley agree with his statement
i see the damage of trojan, spyware infected machines daily. i've given up on trying to fix the majority of them. and end up doing a fresh install antivirus is a false sense of security. you still need it, but absolutely non of them will catch everything. |
|
Mmmkay. You know the situation has to be getting desperate if the powers at MS are admitting so. But to throw up ones hands and say "oh just reformat, it's ok" is BS.
|
|
I'm pretty good at removing malware using a multi tiered approach.
If I have to spend more than 45 minutes on it, though, it's getting re-imaged. Edited to add: The worst cases are self infllicted. |
|
so are you a computer tech |
|
|
The problem I keep running into in these situations, is that the owner has lost all of their or some of their original software, it never fails |
|
|
Yep, and the moron who self-inflicted themselves will spend the whole 45 minutes over your shoulder repeating over and over, "I don't understand it, I didn't do nothin." |
|
|
Yes, but I am not commenting on your statement. I am commenting on Microsofts comments. By those comments alone, they are admitting they either 1)can no longer stop the onslaught and/or 2)don't care. |
||
|
Maybe if they spent more time on security, instead of shoving tons of completely unecessary features into their applications, and rushing the latest version of Windows to market, this wouldn't have happend. |
|
|
Thank God I work under a site license! I'm the security admin, and I run Linux on my PC. 99.9% of the rest of the machines are all Winblows though. |
||
|
DOS 3.11 Rocks!! |
||
|
It was pretty good, I'll admit. Last time I really liked Microsoft's products. |
|
|
Why don't they see the answer? It's so simple a kid can see it.
1: The core software (kernel) is developed together as a series of highly interconnected files, each of which has its own cryptographic unit in it. Each file is encrypted and each file has the keys to open the other files that it will need access to. All files are cross-checked for integrity by several other files. Plus they're heavily write protected. Even the write process is encrypted. 2: The kernel watchdo software watches everything and NOTHING gets installed without explicit permission from the keyboard (via direct monitoring of the hardware keyboard port) or by the launching of a trusted program which itself is initialized from the keyboard, mouse, or other monitorable input device. 3: NO CHANGES TO THE KERNEL SOFTWARE ARE PERMITTED. Any attempt on the part of any software to do this will be rejected. And remember, the write process is encrypted so it won't be hacked easily. Necessary kernel updates require the update to submit a strong encryption key to the kernel. The kernel "phones home" to doublecheck the update and its key and only if all is in order will any updates be performed. No software can install itself without explicit permission given by the operator of the computer. No software can author changes to any part of the kernel. The encryption applied to the write process will help. OK, it's not THAT simple but it's understandable. Heavy kernel protection with interdepenent protection mechanisms built in. Nothing is allowed to change within the kernel and the method of writing new files is itself under heavy security. CJ |
|
DOS 6.0 was good, I remember waiting for it to come out so I could use doublespace |
||
|
Common sense works fucking wonders... To bad most people dont have it
|
|
Uggg! I can't tell you how many people I talked to that hosed themselves with stacker/doublespace. |
|||
|
I installed a very effective anti-malware tool on my computer. It is called linux!
All kidding aside, I think most people could make do with a simple linux installation. Unfortunately linux is still a really big pain the ass when it comes to driver support and software installation. I spend a lot of time fooling with linux and cursing it, but one thing I've never spent time doing in linux is looking out for viruses or malware. Galland |
|
Users hate mandatory access control. Let me give you an example: How many people do you know that run trusted solaris/aix by choice? How about Open BSD? Even people that really need that level of access control will shortly find themselves looking for a way to circumvent it. Hell, most organizations can't even get a handle on something like version control. Forget patch management and intelligent backups. |
|
|
The beauty of it is, that the people who fuck their systems through incompetance and negligence inviting all this garbage into their operating system are the same tards that don't keep fresh images of their installs anyway.
Darwin at work. |
|
When there's a mass-distribution with all the ease and familiarity of Windows, and 80% of the world is running Linux, bet your ass there will be viruses and vicious ware for it. Windows isn't a tight ship, but as it stands it's the one being attacked en masse. THAT is the whole problem. |
|
|
Agreed... ONce something starts become popular people will attack it. Its only a matter of time before all this crap hits MAC, Linux firefox and so on..... |
||
|
Also, a good portion of folks who use Windows are computer-retarded and they don't know the first thing about computer security. For instance, they think having McAfee virus scan software "automatically" keeps all the virii away and that firewalls will stop all virii and hackers cold . In addition, we have a lot of folks running around on the Internet who don't even know what a port is, let alone how to open/close one. It's just the majority of average joes are using Windows and the same majority doesn't really know jack about the technical issues, which explains why computer/software companies are able to make so much money off of gullible people . |
||
|
Oh yeah, I remember it too, but with my 107MB HD I was looking forward to it. Then I found out it didn't offer much usefull compression and just slowed everything down. The worst part was not really knowing how much free space you really had. |
||||
|
you could say the exact same thing about anything more technical than a toothpick |
|
|
Harder to write the code for a Mac virus, however, it's relatively simple for Linux and that could provide some insights into writing them for the Mac. I worry about the fact that Apple has decided to use Intel chips, I think that brings the Mac one step closer to being easily taken down. |
|||
|
May be, but there out there and growing in number |
||||
|
I've had plenty of my friends (who all use Windows, I'm a Mac guy) get virii, the common factor is that they received or downloaded a strange file, then opened same.
One actually received a link on AIM that was supposedly a picture, in reality, it was a .EXE file set to auto-execute after being downloaded, the person's computer was non-functional for about a month. The thing that all of these have in common is that people were going to unknown web pages, downloading/opening unknown files, etc. Moral of the story: don't open weird stuff, especially if you're running Windows. Exercise common sense. |
|
So true. I have owned Windows machines for over 10 years, I've NEVER been hit with a destructive virus. Read, learn, act, and don't do something stupid. It's not rocket science, but people sure like to act carelessly with their computers. I run Macs for work, and we've been hit there with a virus twice - so they're not immune just not as likely. Yes, I work with idiots. |
|
|
Yep, most of the people they get to do work on computers aren't the best and the brightest, hence the lack of common sense . I've yet to ever get a virus, and I've literally been using Macs since I was 3 years old (yes, I'm really that young). First Mac I ever used was a Mac SE Plus (had two 512kb floppy drives ) running System 6.0.8 . |
||
|
hehehe....you are a youngin, I still have an SE sitting in my basement somewhere. My start on Macs was even earlier than that. I work in graphic arts so Macs still rule my world, tho PC's are more and more prevalent. |
|
|
I learned to write simple BASIC programs on 8088s |
|||
|
In some respects I still prefer DOS. I know what's going to happen when I type in a DOS command.
I can't say that for Windows every time. I prefer to use a unix workstation for internet browsing. How many worms, viruses, trojans, and other malware will run on a Sun Ultra 10 or SGI O2? Not many! And both machines run Netscape just fine so there's all the internet access I need. CJ |
|
How about severe, strict-liability felony penalties for distributing, using, or profiting from these programs? Sort of a Sarbanes-Oxley for the corporate cocksuckers who own whatever is being advertised/sold/done, with an opportunity to cut their sentences down to 10 yrs in FPYITAP by identifying the authors, who pull 20, no questions asked? As far as I'm concerned, writing, using, and/or profiting from what amounts to the theft of a computer and web connection is not much different from a burglary.
|
|
It's viruses, not virii. |
|||
|
+1 'Windows Vista' = We re-designed the user interface AGAIN to try and make it better for people who can't stop their VCR from blinking 12:00 & need a user guide to pop microwave popcorn.... Oh, and we bundled in even MORE software to try and make Windows the only program you need (besides the rest of the MS catalog)... MS, you can keep it, I'll keep XP untill technology moves to the point where I have to update... I can see myself not updating OS software (Windows side) untill PC software goes truely 64bit... |
||
|
Here is an idea for Microsoft. Shitcan ActiveX and Jscript and you will solve 95% of your security problems.
|
|
I'm rolling back to my 1Mhz Z80CPU running CP/M! (later upgraded to EZCPR.)
TC |
|
I have DOS 2.2 in the original factory box with all papers..... I doubt I will install it though I usually run a Linux build, and for Windows I ahve it imaged and it gets wiped every 6 weeks without fail. I am on my MIL's computer now, and it makes me sick how infested it is |
|
|
We already have that with Ghost.. Saving images and backing up your data is the only way to go... |
|
|
I wipe all my computers about once every year or so.
I did my brother-in-laws a month ago. It went from crawing to sprinting for about three weeks. Now it's fucked again. Why? His 16 year old daughter installed AOL IM to chat with her friends. Needless to say its screwed. |
|
Altiris works well too. In about 30 minutes I could have a machine wiped, reloaded, and back on the network. Within a couple of hours they would have all of their machine specific aps back. |
||
|
We got hit last year with an Adware/Spyware bomb. We had to take 140 machines down to bare metal and rebuild each one. We are now deploying Novell's Zenworks across the enterprise. When completed, we should be able to rebuild every machine in the building within a few hours (or less). Keep your fingers crossed.
|
|
Vista is supposed to be set up with more attention to security and holes than XP was.
|
|
I'll hold my breath. |
|
|
What version of Zen are have you deployed? The reason I ask is I am about to do the same thing here, I run Win XP on desktops, NW 6.5 servers, GroupWise 7 Email, and ZenWorks 7. Spyware and Adware eats Xp alive and spending hours removing it is complete nonsense. I have close to 400 PCs and 4 hours to remove infections is out of the question. |
|
|
My dad got one that I could not remove. When I finally broke down to format the drive, it turned out that the malware had partitioned a tiny, invisible drive and the program was running off of that. I don't really understand how these companies don't get their doors kicked in and their machines smashed.
|
|
We use Altiris at work, too. Usually, we don't even have to go to the machine. Remotely, we can reimage a machine then install all of the software back onto it with a couple of mouse clicks. The only thing we have to do manually is set the user's Outlook back up.
|
|
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.