Forget repairing virus infected systems, says MS security manager
Page 1 of 4 123 ... LastLast
Results 1 to 10 of 32

Thread: Forget repairing virus infected systems, says MS security manager

  1. #1
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243

    Forget repairing virus infected systems, says MS security manager

    The latest types of malware are so potent that organisations should forget about trying to cleanse infected systems, a top Microsoft security officer has advised. Mike Danseglio, a program manager in Microsoft's security group, said firms should think about establishing a process for backup and recovering rather than relying on anti-virus tools as a way of recovering from malware infection.

    http://www.theregister.com/2006/04/0...ity_mea_culpa/
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Posts
    856
    I never had a virus when I ran Windows (that I know of), nor have I had one since running Linux. But if I did, I feel that a new install would be the best option. Otherwise, I would probably always be wondering if I had missed something. When people come to this site and ask for help dealing with such issues, and I read the advice they're given (boot into safe mode, run this, run that, etc) it seems to me that it's more trouble than it's worth. Reinstall, and be done with it. Be more careful next time.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  3. #3
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    I find it a telling admission, preacherman. Microsoft's really dropped the ball when it comes to security. Sheesh, this guy even implies antivirus apps are about useless anymore.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by brokencrow
    I find it a telling admission, preacherman. Microsoft's really dropped the ball when it comes to security. Sheesh, this guy even implies antivirus apps are about useless anymore.
    The more you post... the more I question your knowledge level with computers... Where has Microsoft dropped the ball with security? What they have said is very true and quite correct... It applies to all operating sytems... not just MS ones.

    When a virus infects your computer... you CANNOT tell the extent of the damage... AV software doesn't remove everything... Trend Micro provides about the best AV protection you can get and even they don't catch anything... Let's look at this realistically..


    Option A:
    Set up a weekly back-up of your files... (Quantum's GoVault is a great personal back-up option... and it's brand new on the market... once others make similar products a price drop will be seen on this already reasonably priced product)... or use an external hard drive (5 - 10 minutes to start)
    Reinstall when you're infected (60 minutes tops)

    Total Time: 1 Hour and 15 minutes (we'll round each of these up to the nearest quarter hour)

    Option B:
    Take a weekly ghost image ( 5 - 10 minutes to start)
    Restore your ghost image (30 minutes... maybe 60 if you include all your applications as well as the base OS... all depends on if it's restored from CD or across the network)

    Total Time: 45 Minutes or 1 hour and 15 minutes.

    Option C:
    Scan with AV Software (At least one Online Variant and One Installable Variant)... (2- 3 hours)
    Scan with a couple of types of malware remover (System Cleaner (Trend Micro), Spybot S&D, AdAware (Lavasoft), Defender (Microsoft)... (1 - 2 hours)

    There are still plenty of other steps to be taken.... total time (so far) is already 5 hours on the high end... Seems like reinstalling is the right thing.. Especially in an Enterprise environment (which again is where Microsoft's interests lie)...

    You cannot be sure that you've removed a virus/worm/trojan/rootkit after it's installed... a rogue registry key, a file in an obscure portion of the operating system...

    Maybe it used something like H.D. Moore's Slacker... "Slacker - First ever tool that allows you to hide files within the slack space of the NTFS file system."

    They always say if you're system is hacked reinstall... because you don't know what they've left behind... a virus is no different... if you're infected with a virus.... essentially you've been hacked... You don't know what that Virus has done.. has it provided a reverse-shell to the attacker... and they've left something behind...

    Any sys admin with the slightest bit of intelligence will tell you that you should reinstall after a hack... and as I've said (and proven above) a virus is no different than a hack... people just don't think of it that way... which is wrong..

    Therefore the proper thing to do is restore your system after a virus... it's the safest thing to do... and usually takes the least amount of time..

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #5
    Senior Member
    Join Date
    Feb 2002
    Posts
    856
    I find it a telling admission, preacherman. Microsoft's really dropped the ball when it comes to security. Sheesh, this guy even implies antivirus apps are about useless anymore.
    He really isn't admitting that "Microsoft has dropped the ball...." Actually he is questioning the worth of antivirus repair tools (not all antivirus apps).
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  6. #6
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Well, Danseglio obviously falls in the blame-it-on-stupid-users school, that's for sure. I'm ALWAYS leary of outfits that blame their own customers.

    Me? I still think M$ pushes some bad product out the door...

    “Everybody is ignorant, only on different subjects.” — Will Rogers

  7. #7
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    However Danseglio laid the blame for the majority of malware infections on human stupidity in the face of social engineering attacks rather than the security shortcomings of Windows, as highlighted by an unpatched Internet Explorer flaw that's become the focus of exploitation by hackers over recent days

    That is still the main problem...uneducated user's, or slack IT procedures....I have yet to have to do a reinstall on a production machine (all WinXP Pro's), as long as you limit the potential for damage by the user, the PC's are fine, WinXp is a durable OS for all of it's supposedly flawed holes, who remember Win95 and 98 and always having problems with dll's and the registry,or the first round of popups and adware, now those I had to do a lot of formats and reinstalls.

    As for:
    He cited the example of an unnamed US government agency that found itself trying to fix 2,000 infected machines. "In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden
    It's Gov't so they get what they pay for, doesn't surprise me they had over 2,000 infected machines, I would be willing to bet it was more, the "lowest bidder doesn't usually get the job" is well crap, Gov't 's will always go cheap, and not all dept's are able to get the bang for our buck. Also IMO Gov't's are notorious for being behind the learning curve on newer technology, (unless it's got something to do with weapons) and so are slow to implement policies.Consequently things get overlooked.
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  8. #8
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Historically, the gov't has usually paid top-dollar, especially the military. I doubt those 2000 gov't units were military computers. Didn't MS sell the Pentagon a 'secure' version of Windows to the Pentagon? Those boys aren't stupid. Outnumbered maybe, but not stupid.

    Why can't they sell a secure version of XP to the public? Secure out of the box.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Why can't they sell a secure version of XP to the public? Secure out of the box.
    Because the public wouldn't accept the restrictions... Just like they don't use Linux because it would mean they have to learn something about their computer rather than just use it....

    No brainer really....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Folks didn't like seatbelts back in the day either. Caused too many wrinkles in your clothes.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •