Topic: Infected Windows PC? Just nuke it

[Clive]

The Register
By John Leyden
Published Wednesday 5th April 2006 12:51 GMT

The latest types of malware are so potent that organisations should forget about trying to cleanse infected systems, a top Microsoft security officer has advised. Mike Danseglio, a program manager in Microsoft's security group, said firms should think about establishing a process for backup and recovering rather than relying on anti-virus tools as a way of recovering from malware infection.

"When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, a program manager in Microsoft's security group, told a security conference in Florida.

Rootkits - forms of malware that attempt to hide their presence on infected systems - are becoming more commonplace. Danseglio argued that such tactics made it too difficult to ensure that infected systems were fully repaired. He cited the example of an unnamed US government agency that found itself trying to fix 2,000 infected machines. "In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast," Danseglio said, eWeek reports.

Even though anti-virus technology is improving, Danseglio conceded that traditional approaches are failing in the face of more sophisticated malware and highly-motivated profit-driven virus writers. The threat has moved on from network worms towards Trojans and other forms of more difficult to detect malware. "Detection is difficult, and remediation is often impossible," he said.

Danseglio's candid admission on the inadequacies of anti-virus technologies in cleansing infected systems is surprising give Microsoft's recent entry into the anti-virus market to say nothing of the fact that Windows PCs remain the principle malware battle ground. However Danseglio laid the blame for the majority of malware infections on human stupidity in the face of social engineering attacks rather than the security shortcomings of Windows, as highlighted by an unpatched Internet Explorer flaw that's become the focus of exploitation by hackers over recent days. ®

http://www.theregister.co.uk/2006/04/05/ms_security_mea_culpa/

[Simon]

I'm half convinced that it's the anti-virus firms themselves who develop a lot of these viruses, in the hope that you will then buy their product to protect your PC.  If a virus writer comes up with some malware that nothing current can get rid of, surely the AV firm that comes up with the solution, can then sell their products at a premium, claiming they are the only ones to offer such protection.  Hmmm...  :susp:

[chorleydave]

Well, it does seem rather odd to me that some jumped up kid playing about in their bedroom has so much expert technical knowledge that they are able to create programs that experts on mega salaries can't crack.   :shock: