Microsoft Says Recovery from Malware Becoming Impossible

[plun]

Well....

About spywarebombardment and rootkits:
http://www.eweek.com/article2/0,1895,1945808,00.asp

"Social engineering" and "human stupidity"
http://www.eweek.com/article2/0,1895,1945812,00.asp

I didn´t believe this until today when I met a PC which was
totally impossible to handle, System restore from command prompt worked
but the task manager was "locked by admin" within all scenarios
probably beacuse of some sort of malware. Everthing else also "out of
order" ;(

No way to start or do anything.......... just to wipe this PC.

Dear MS, is it possible to use TPM for malware protection ?

regards
plun

 

[Guest]

thank you plun for these interesting and very sobering links.best regards

 

[plun]

Hi

Well, those URL are terrible but maybe it´s time to also
inform others then Infosec visitors about "human stupidity".

Directly without to be polite, speak out clear MS.....

We can staple protection and patches on each other but not protect
against users which are "stupid".......

Never ending story with more and more advanced hijacks.

So maybe it´s also time to stop helping to clean a Smitfraud or
Vundo infested PC ............. Let the user wipe it instead.




regards
plun

 

[Guest]

Good day,plun. That wiping the computer seems a bit judgemental and negative
to me. Why not clean Vundo and SpyAxe when they CAN be cleaned? I know you
think the user is responsible because they vist bad sites and download
pirated software, but what about other vulnerabilities in old Java platforms
and other new Windows vulnerabilites that have not been patched? Not every
user has up to date info or at least is getting conflicting info from
Microsoft versus other sources. I see now where Mac has release a program
where you can run Windows on a Mac partition and switch back to Mac whenever
you want. That seems as interesting possibility, but also a new opening for
exploits for them. Maybe the solution is to have a rescue partition or to
stress making complet backups of user systems in case they have to wipe
everything.

 

[plun]

Hi Old Rebel

This is indeed a challenge, for a company and a corporate network
time is money, it´s much easier to just take a clean PC and then take
the infested PC to a wiping station and reinstall with a companys
standard applicatins.

Within mostly all larger companys with a modern PC architecture My
Documents is on a fileserver, either C: is blocked with GPOs or all
employees are instructed to not save anything on C:.

The challenge is for small business and home users and if you check the
latest Vundo with rootkits this is indeed difficult to remove.

If you mixes Vundo or Smitfraud infests with some other severe infests
this PC is nearly "dead".

And what comes after Vundo and Smitfraud ????

All security vendors has also intelligence and they probably exchange a
lot of information. No one of them "touches" Smitfraud and Vundo for a
total removal, Symantec has a tool for some infests but all of them
seems to only build RTP blocks and/partly removals.

All operators also knows where the bad guys lives
for example, Coolwebsearch just change "home".
http://isc.sans.org/diary.php?storyid=1245

Of course all of them also knows about for example amanea.com.

But all major vendors probably realize that this is a "backyard"
problem for a group of users which must learn, ie "Human Stupidity"....

Maybe it´s time to let some users wipe instead of repair, they must
learn !?

Behind this we have a few Mega Companys for digital media and a large
P2P market, it must be better if these companys lowers price so users
get out of p2p. And also prOn and gamblingsites with different quality.

With Sun Java it is a really stupid situation and MS and Sun must make
a
agreement if it´s possible to upgrade Sun Java with Windows Update.

And we also have a TPM chip which could be great for malware protection
but this is "hidden" beacuse of the industry..............

Hopefully for example Symantec uses it directly for Vista

regards
plun

 

[Guest]

Thanks for the reply and the info.. I don't know why, but I no longer get
emails notifying me that there has been a reply even though I always
check"notify me of replies." There must be something screwed up in the
newgroups system. What you are describing is the reason I suspeded studying
malware removal for a day to learn more about the Dell PC restore feature. I
don't visit bad sites, but you never know when a new vulnerability will bring
the bad site to you. At least I would have a chance on this home PC, since I
can activate the Dell PC restore without ever logging into Windows. Hopefully
that would "wipe" enough off local disc (C to regain use of the PC. I only
know basic stuff and have never had to deal with servers, etc.,- just basic
home stuff. I'm running "lean and mean" and mostly do research and forums and
newgroups on the net, but you never know when you might hit a mailcious link,
even in this newsgroup.

 

[plun]

Hi Old Rebel

The most important issue is to learn to backup a PC.
All personal files such as everthing within My Documents and maybe also
drivers.

I always make complete backups of notebooks after first install,
Windowsupdate, antivirus/antispyware and maybe MS office. (one DVD)

If something happens you always have a backup.

With DVD recorders this is a easy.

One trap is that some users backups to an external disk and
this is dangerous if a virus hits.

So if a new Vundo hits you always have backups no problems.

(and some work to reinstall)

regards
plun