Feeds

Infected Windows PC? Just nuke it

Forget repairing virus infected systems, says MS security manager

Website security in corporate America

The latest types of malware are so potent that organisations should forget about trying to cleanse infected systems, a top Microsoft security officer has advised. Mike Danseglio, a program manager in Microsoft's security group, said firms should think about establishing a process for backup and recovering rather than relying on anti-virus tools as a way of recovering from malware infection.

"When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, a program manager in Microsoft's security group, told a security conference in Florida.

Rootkits - forms of malware that attempt to hide their presence on infected systems - are becoming more commonplace. Danseglio argued that such tactics made it too difficult to ensure that infected systems were fully repaired. He cited the example of an unnamed US government agency that found itself trying to fix 2,000 infected machines. "In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast," Danseglio said, eWeek reports.

Even though anti-virus technology is improving, Danseglio conceded that traditional approaches are failing in the face of more sophisticated malware and highly-motivated profit-driven virus writers. The threat has moved on from network worms towards Trojans and other forms of more difficult to detect malware. "Detection is difficult, and remediation is often impossible," he said.

Danseglio's candid admission on the inadequacies of anti-virus technologies in cleansing infected systems is surprising give Microsoft's recent entry into the anti-virus market to say nothing of the fact that Windows PCs remain the principle malware battle ground. However Danseglio laid the blame for the majority of malware infections on human stupidity in the face of social engineering attacks rather than the security shortcomings of Windows, as highlighted by an unpatched Internet Explorer flaw that's become the focus of exploitation by hackers over recent days. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.