Final Proof, As If We Needed It, That Windows OS Malware Is Out of Control
….. and apparently beyond control.
This is really sad:
Microsoft Says Recovery from Malware Becoming Impossible
April 4, 2006LAKE BUENA VISTA, Fla.—In a rare discussion on the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation.
Offensive rootkits, which are used (to) hide malware programs and maintain an undetectable presence on an infected machine, have become the weapon of choice for virus and spyware writers and, because they often use kernel hooks to avoid detection, Danseglio said IT administrators may never know if all traces of a rootkit have been successfully removed.
He cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. “In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,” Danseglio added.
Danseglio, who delivered two separate presentations at the conference—one on threats and countermeasures to defend against malware infestations in Windows, and the other on the frightening world on Windows rootkits—said anti-virus software is getting better at detecting and removing the latest threats, but for some sophisticated forms of malware, he conceded that the cleanup process is “just way too hard.”
“We’ve seen the self-healing malware that actually detects that you’re trying to get rid of it. You remove it, and the next time you look in that directory, it’s sitting there. It can simply reinstall itself,” he said.
“Detection is difficult, and remediation is often impossible,” Danseglio declared. “If it doesn’t crash your system or cause your system to freeze, how do you know it’s there? The answer is you just don’t know. Lots of times, you never see the infection occur in real time, and you don’t see the malware lingering or running in the background.”
God help us if that “unnamed US Government branch” was Homeland Security. Why would I not be surprised if it was?
Other cheerful news from Redmond covered by eWeek:
- December 6, 2005 — Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes
- March 10, 2006 — VM (Virtual Machine) Rootkits: The Next Big Threat?
I just hope all the IT departments are looking at Total Cost of Ownership, including the periodic wipes and reinstalls that are now apparently required to keep Windows systems going, when evaluating whether to stay with Windows or to move to Linux or Mac systems.
The old saying back in mainframe and minicomputer days of the 1970s and 1980s was that “nobody ever got fired for recommending IBM.” That evolved to “nobody ever got fired for recommending Windows” by the mid-1990s when Windows 95 made its debut. I wonder if the conventional wisdom will hold up in the face of what is for all practical purposes a Microsoft-recommended periodic surrender to the bad guys.
This economy is way too dependent on Microsoft and Windows, and we may in the middle of paying a serious price for that dependence on a company that is shirking a serious minimum-expectations responsibility.
