MS Says Malware Recovery Becoming Impossible

GEC: Discuss gaming, computers and electronics and venture into the bizarre world of STGODs.

Moderator: Thanas

User avatar
Einhander Sn0m4n
Insane Railgunner
Posts: 18630
Joined: 2002-10-01 05:51am
Location: Louisiana... or Dagobah. You know, where Yoda lives.

MS Says Malware Recovery Becoming Impossible

Post by Einhander Sn0m4n »

It's Base Delta Zero Time!
POE News wrote:In a rare discussion on the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation.

"When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here.
Time for me to get on the ball about learning Linux, then teaching it to my housemates...
Image Image
User avatar
Dalton
For Those About to Rock We Salute You
For Those About to Rock We Salute You
Posts: 22637
Joined: 2002-07-03 06:16pm
Location: New York, the Fuck You State
Contact:

Post by Dalton »

You know things are getting scary when the suits are quoting from "Aliens".
Image
Image
To Absent Friends
Dalton | Admin Smash | Knight of the Order of SDN

"y = mx + bro" - Surlethe
"You try THAT shit again, kid, and I will mod you. I will
mod you so hard, you'll wish I were Dalton." - Lagmonster

May the way of the Hero lead to the Triforce.
User avatar
brianeyci
Emperor's Hand
Posts: 9815
Joined: 2004-09-26 05:36pm
Location: Toronto, Ontario

Post by brianeyci »

I'm a paranoid fuck. If I could have everything on a USB drive (all my documents) and have my entire drive wipe itself out every single night and reinstall everything from scratch from a recovery CD, I'd do it. But it's too much hassle and I don't even have a CD or DVD drive on my laptop (no it's not an old laptop, it's an ultra-slim one and I have to plug it into my brother's computer and open it up... long story don't ask).

Brian
Ypoknons
Jedi Knight
Posts: 999
Joined: 2003-05-13 06:02am
Location: Manhattan (school year), Hong Kong (vacations)
Contact:

Post by Ypoknons »

Me = 100GB harddrive with Acronis disk image on 250GB hard drive. It's not really pratical updating that every night so I backup my work folder on my ipod pretty much all the time. Makes for a useful mobile personal folder too.
User avatar
Admiral Valdemar
Outside Context Problem
Posts: 31572
Joined: 2002-07-04 07:17pm
Location: UK

Post by Admiral Valdemar »

His advice is sound (I love that quote). But since I'm a Linux user now, this problem isn't something I care about anymore. I keep my XP partition clean for gaming, but all these viruses and malware apps. are redundant when they can't run on my system. Even if they could, I'm not dumb enough to run as root with random code.

MS needs to get a good plan together, because doing clean reinstallations is time consuming.
User avatar
phongn
Rebel Leader
Posts: 18487
Joined: 2002-07-03 11:11pm

Post by phongn »

Admiral Valdemar wrote:His advice is sound (I love that quote). But since I'm a Linux user now, this problem isn't something I care about anymore. I keep my XP partition clean for gaming, but all these viruses and malware apps. are redundant when they can't run on my system.
Be careful, Linux can easily become a target (hell, server-wise it is).
Even if they could, I'm not dumb enough to run as root with random code.
Alas, most people are. Some spyware programs don't require superuser access, anyways.
MS needs to get a good plan together, because doing clean reinstallations is time consuming.
Well, if you can reimage the system it isn't so bad (most companies have standardized images), just start dumping the data and do something else.
User avatar
Jalinth
Jedi Council Member
Posts: 1577
Joined: 2004-01-09 05:51pm
Location: The Wet coast of Canada

Post by Jalinth »

Is Linux really that much more secure than windows, or is it just a much less tempting target due to the overwhelming # of people using windows.
User avatar
Zac Naloen
Sith Acolyte
Posts: 5488
Joined: 2003-07-24 04:32pm
Location: United Kingdom

Post by Zac Naloen »

Jalinth wrote:Is Linux really that much more secure than windows, or is it just a much less tempting target due to the overwhelming # of people using windows.
its no more secure, some would argue its less so. Its just that attacking linux is no fun.
Image
Member of the Unremarkables
Just because you're god, it doesn't mean you can treat people that way : - My girlfriend
Evil Brit Conspiracy - Insignificant guy
User avatar
Ace Pace
Hardware Lover
Posts: 8456
Joined: 2002-07-07 03:04am
Location: Wasting time instead of money
Contact:

Post by Ace Pace »

Jalinth wrote:Is Linux really that much more secure than windows, or is it just a much less tempting target due to the overwhelming # of people using windows.
One of the best advanteges is in Linux is apprently far easier to seperate modules you don't need and disable them, leaving less possible holes open.
Brotherhood of the Bear | HAB | Mess | SDnet archivist |
User avatar
DaveJB
Jedi Council Member
Posts: 1917
Joined: 2003-10-06 05:37pm
Location: Leeds, UK

Post by DaveJB »

Also, any discerning Linux user will run a limited account, wheras 90% of Windows software forces you to use an administrator account if you want to actually do anything useful.
User avatar
Pu-239
Sith Marauder
Posts: 4727
Joined: 2002-10-21 08:44am
Location: Fake Virginia

Post by Pu-239 »

phongn wrote:
Even if they could, I'm not dumb enough to run as root with random code.
Alas, most people are. Some spyware programs don't require superuser access, anyways.
One can do plenty of damage w/ malware on the user's data- system data is replacable anyway.

ah.....the path to happiness is revision of dreams and not fulfillment... -SWPIGWANG
Sufficient Googling is indistinguishable from knowledge -somebody
Anything worth the cost of a missile, which can be located on the battlefield, will be shot at with missiles. If the US military is involved, then things, which are not worth the cost if a missile will also be shot at with missiles. -Sea Skimmer


George Bush makes freedom sound like a giant robot that breaks down a lot. -Darth Raptor
User avatar
Solauren
Emperor's Hand
Posts: 10392
Joined: 2003-05-11 09:41pm

Post by Solauren »

The obviously solution would be for Microsoft to rebuild WIndows from stratch, with the basic functionally that Windows 3.11 had, and then add on more from there, using a small team of programmers on a given section, and a given section is not allowed to talk with another (Media player can't be used to access web sites, etc)

It's the amount of freaking redunancy that causes the security holes
User avatar
EmperorMing
Sith Devotee
Posts: 3432
Joined: 2002-09-09 05:08am
Location: The Lizard Lounge

Post by EmperorMing »

You could always runa virtual installation of winbloze or other favorite OS and let that get infected. Then blow it away and restore the virtual machine from a backuyp. Of course, that entails certian other issues that the average user does not want to deal with...
Image

DILLIGAF: Does It Look Like I Give A Fuck

Kill your God!
User avatar
phongn
Rebel Leader
Posts: 18487
Joined: 2002-07-03 11:11pm

Post by phongn »

Solauren wrote:The obviously solution would be for Microsoft to rebuild WIndows from stratch, with the basic functionally that Windows 3.11 had, and then add on more from there, using a small team of programmers on a given section, and a given section is not allowed to talk with another (Media player can't be used to access web sites, etc)
Surely you can't be serious.
It's the amount of freaking redunancy that causes the security holes
Uh, no. It may be poor design or poor programming, but it ain't redundancy.
User avatar
Einhander Sn0m4n
Insane Railgunner
Posts: 18630
Joined: 2002-10-01 05:51am
Location: Louisiana... or Dagobah. You know, where Yoda lives.

Post by Einhander Sn0m4n »

phongn wrote:
Solauren wrote:It's the amount of freaking redunancy that causes the security holes
Uh, no. It may be poor design or poor programming, but it ain't redundancy.
I think he means the integration and interconnectedness, allowing easy conduction of an attack from one vector to any other or the whole machine. That is the poor design right there.
Image Image
User avatar
Vendetta
Emperor's Hand
Posts: 10895
Joined: 2002-07-07 04:57pm
Location: Sheffield, UK

Post by Vendetta »

Jalinth wrote:Is Linux really that much more secure than windows, or is it just a much less tempting target due to the overwhelming # of people using windows.
Little from column A, little from column B.

Linux (and MacOS) have as many vulnerabilities to attack as Windows does, but due to the fact that they're not designed ass backwards, giving out root permissions to anyone who promises candy, it usually requires a little more determination and/or skill to actually exploit them.

If there is a determined switch in the malware community, you can expect some entertaining system collapses.

On the original topic, I agree with the guy from Microsoft. It's so easy for malware to embed itself so deep into Windows that nuking the install from orbit really is the only practical way of sorting the mess out.

Things would be immensely improved by not having a central system registry open to every Tom, Dick, and Harry as well. Program state information should be seperate from system state information, and programs should not have write access to system information.
User avatar
phongn
Rebel Leader
Posts: 18487
Joined: 2002-07-03 11:11pm

Post by phongn »

Einhander Sn0m4n wrote:I think he means the integration and interconnectedness, allowing easy conduction of an attack from one vector to any other or the whole machine. That is the poor design right there.
In and of itself that is not neccessarily bad - for example, KDE has a tightly-integrated and interconnected design yet is rather more secure than Windows.
Vendetta wrote:Linux (and MacOS) have as many vulnerabilities to attack as Windows does, but due to the fact that they're not designed ass backwards, giving out root permissions to anyone who promises candy, it usually requires a little more determination and/or skill to actually exploit them.
Fortunately, Vista will now create new accounts as user/limited-user by default. That is likely to break a lot of not-well-written software, however. Programs are still storing state information in their application directory and HKLM instead of %userprofile% and HKCU.
On the original topic, I agree with the guy from Microsoft. It's so easy for malware to embed itself so deep into Windows that nuking the install from orbit really is the only practical way of sorting the mess out.
IMHO, it'll still happen, except this time malware will come with explicit instructions to have the user type in the superuser password. If people want their Bonzai Buddy, they'll figure out a way :x
Things would be immensely improved by not having a central system registry open to every Tom, Dick, and Harry as well. Program state information should be seperate from system state information, and programs should not have write access to system information.
It is separate. HKCU is not HKLM ... but a lot of programmers use HKCU anyways. Microsoft is beginning to enforce these separations, but is encountering much backwards-compatibility resistance even six years after W2K's release.
User avatar
Vendetta
Emperor's Hand
Posts: 10895
Joined: 2002-07-07 04:57pm
Location: Sheffield, UK

Post by Vendetta »

phongn wrote: IMHO, it'll still happen, except this time malware will come with explicit instructions to have the user type in the superuser password. If people want their Bonzai Buddy, they'll figure out a way :x
True.

There are, however, a significant contingent of computer owners out there who will take one look at a list of instructions that requires them to do anything more complicated than dribble on the keyboard and give up (either completely or to come and whinge at tech support because they can't make the magic box work.
bilateralrope
Sith Acolyte
Posts: 6184
Joined: 2005-06-25 06:50pm
Location: New Zealand

Post by bilateralrope »

Jalinth wrote:Is Linux really that much more secure than windows, or is it just a much less tempting target due to the overwhelming # of people using windows.
Even if linux gets to the same market share that windows has, it will not be with one disto, but with many different distros. For the most part, a vulnerability in one distro will not be present in most of the other distros.
User avatar
Darth Wong
Sith Lord
Sith Lord
Posts: 70028
Joined: 2002-07-03 12:25am
Location: Toronto, Canada
Contact:

Post by Darth Wong »

This is going to sound ironic since Microsoft gets blasted for integrating too much material into the OS, but one of Linux's security strengths is that a typical distro already includes virtually all the software you'll ever use. As a result, when you go to your vendor's security update site and click "updates", you'll bring up every single app on your machine to the latest patch level.

On a Windows box, you have to spend hours installing shit in order to make it work well, and then you have to keep those apps separately updated. Hell, even something as tightly bundled as Office has a completely separate Updates site.
Image
"It's not evil for God to do it. Or for someone to do it at God's command."- Jonathan Boyd on baby-killing

"you guys are fascinated with the use of those "rules of logic" to the extent that you don't really want to discussus anything."- GC

"I do not believe Russian Roulette is a stupid act" - Embracer of Darkness

"Viagra commercials appear to save lives" - tharkûn on US health care.

http://www.stardestroyer.net/Mike/RantMode/Blurbs.html
User avatar
Xon
Sith Acolyte
Posts: 6206
Joined: 2002-07-16 06:12am
Location: Western Australia

Post by Xon »

The whole "nuke the site from orbit" is the only thing you can do one any system has been rootkitted.

This has been standard practice for *Nix admins for decades now.
"Okay, I'll have the truth with a side order of clarity." ~ Dr. Daniel Jackson.
"Reality has a well-known liberal bias." ~ Stephen Colbert
"One Drive, One Partition, the One True Path" ~ ars technica forums - warrens - on hhd partitioning schemes.
User avatar
Edi
Dragonlord
Dragonlord
Posts: 12461
Joined: 2002-07-11 12:27am
Location: Helsinki, Finland

Post by Edi »

As was already pointed out, the biggest problem is the end user, but the shitty security design in Windows isn't helping any.

I'm working at a computer repair and maintenance shop for the fourth week now, and I've gotten to see a lot of spyware in action. No rootkits yet, but even some of the standard malware is fucking annoying to completely remove because you need four to six separate programs to do it, more if you're only using freeware and/or trial versions of stuff. So the nuke from orbit option is often the fastest wayto do things. Especially if you're dealing with standard OEM packages you can reinstall from a recovery CD. The only problem that leaves is data recovery.

Personally, I keep all of my data on a separate partition from the OS, so even if I need to nuke the OS, I don't need to worry about much. All I'll have to do is back up my Thunderbird profile to save my emails (since that has been stuck on he C-drive since teh dark ages), press the big red button and reinstall. Putting all the apps, games and such back is always a pain, but at least I won't have lost anything permanently.

Edi
Warwolf Urban Combat Specialist

Why is it so goddamned hard to get little assholes like you to admit it when you fuck up? Is it pride? What gives you the right to have any pride?
–Darth Wong to vivftp

GOP message? Why don't they just come out of the closet: FASCISTS R' US –Patrick Degan

The GOP has a problem with anyone coming out of the closet. –18-till-I-die
User avatar
Einhander Sn0m4n
Insane Railgunner
Posts: 18630
Joined: 2002-10-01 05:51am
Location: Louisiana... or Dagobah. You know, where Yoda lives.

Post by Einhander Sn0m4n »

The only flaw in that plan, Edi, is the idiots who port over all their data before repartitioning an OEM install. Then there's the question as to whether reverting to OEM will also revert everything into one giant partition, destroying all data the user just went to such great lengths to try to save.
Image Image
User avatar
Darth Wong
Sith Lord
Sith Lord
Posts: 70028
Joined: 2002-07-03 12:25am
Location: Toronto, Canada
Contact:

Post by Darth Wong »

I'm told Windows security will improve with the new iteration, but honestly, why did it have to take almost 13 years for Microsoft to finally talk about adding an "su"-like feature to their multi-user operating system? There are millions of WinNT, Win2k, and WinXP users out there who log in and surf the internet as Administrator because it's a huge pain in the ass to do it any other way. And it's not as if this couldn't have been anticipated; the people who designed the original NT codebase had extensive knowledge of UNIX and the basic design concept for a secure multi-user operating system.
Image
"It's not evil for God to do it. Or for someone to do it at God's command."- Jonathan Boyd on baby-killing

"you guys are fascinated with the use of those "rules of logic" to the extent that you don't really want to discussus anything."- GC

"I do not believe Russian Roulette is a stupid act" - Embracer of Darkness

"Viagra commercials appear to save lives" - tharkûn on US health care.

http://www.stardestroyer.net/Mike/RantMode/Blurbs.html
User avatar
Uraniun235
Emperor's Hand
Posts: 13772
Joined: 2002-09-12 12:47am
Location: OREGON
Contact:

Post by Uraniun235 »

I'm not sure if it was introduced in Win2k or XP, but I know that in XP Pro you can right click an application and click "Run As...", bringing up a dialog box which allows you to run the program as whatever user you want it to (if you have the password, of course).
Post Reply