You know it’s bad when a Microsoft representative uses a classic quote from the movie Aliens to describe the best way to remove malware from your PC:
LAKE BUENA VISTA, Fla.—In a rare discussion on the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation.
“When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit,” Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here.
Similar advice was given by Ripley when questioned on the best way to deal with the aliens that had overrun a planetary colony in the film Aliens, “I say we take off and nuke the entire site from orbit. It’s the only way to be sure.” The fact that it applies equally well to malware these days is a sad testament to how shitty security is under Windows.
Danseglio, who delivered two separate presentations at the conference—one on threats and countermeasures to defend against malware infestations in Windows, and the other on the frightening world on Windows rootkits—said anti-virus software is getting better at detecting and removing the latest threats, but for some sophisticated forms of malware, he conceded that the cleanup process is “just way too hard.”
“We’ve seen the self-healing malware that actually detects that you’re trying to get rid of it. You remove it, and the next time you look in that directory, it’s sitting there. It can simply reinstall itself,” he said.
“Detection is difficult, and remediation is often impossible,” Danseglio declared. “If it doesn’t crash your system or cause your system to freeze, how do you know it’s there? The answer is you just don’t know. Lots of times, you never see the infection occur in real time, and you don’t see the malware lingering or running in the background.”
I can usually tell within the first ten minutes of working with a PC if it’s going to take a Save and Pave to clean it up. Not only is it commonly faster than trying to remove the malware using various tools, but it’s also the only way to be 100% certain it’s really gone.
What amused me most about Danseglio’s comments was the one on Human Stupidity:
Danseglio said the success of social engineering attacks is a sign that the weakest link in malware defense is “human stupidity.”
“Social engineering is a very, very effective technique. We have statistics that show significant infection rates for the social engineering malware. Phishing is a major problem because there really is no patch for human stupidity,” he said.
I’m so tempted to make that the new tagline for SEB. There is no patch for human stupidity! Love it!