Tuesday, April 04, 2006

This is a job for... Robot Genius!

The head of MSFT's security solutions group admits that sophisticated malware is uncleanable using current methods, and suggests that enterprises just get used to wiping and cleaning infected machines.

I think his group will be very interested in our technology. Thanks to an unnamed former string theorist for sending us the article :-)

E-week article: "When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here.

Offensive rootkits, which are used hide malware programs and maintain an undetectable presence on an infected machine, have become the weapon of choice for virus and spyware writers and, because they often use kernel hooks to avoid detection, Danseglio said IT administrators may never know if all traces of a rootkit have been successfully removed.

He cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. "In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast," Danseglio added.

Danseglio, who delivered two separate presentations at the conference—one on threats and countermeasures to defend against malware infestations in Windows, and the other on the frightening world on Windows rootkits—said anti-virus software is getting better at detecting and removing the latest threats, but for some sophisticated forms of malware, he conceded that the cleanup process is "just way too hard."

...We've seen the self-healing malware that actually detects that you're trying to get rid of it. You remove it, and the next time you look in that directory, it's sitting there. It can simply reinstall itself," he said.

2 comments:

Anonymous said...

Google adsense I have found a proven method anyone can implement to very easily earn an extra $500, $1,000 or even $5,000+ every single week, with only 15 minutes of your time, and create a significant ongoing monthly income. This method is a no-nonsense, set it and forget it system, which will virtually run on 100% autopilot. People just like you are earning enough money to quit their jobs within the first month. Stop worrying about the bills, cancel your daily commute, never leave your family for a job that is making someone else rich, and start living your life the way YOU choose! Affiliate Cash Vault! New fail-safe system virtually runs 100% on autopilot. Just set it and forget it! Otherwise you will need good debt consolidation

metromon said...

Dog Food
Job
Building Materials
Car Audio
Real Estate

Blog Archive

Labels