Microsoft Says Recovery from Malware Becoming Impossible
Ben Scott
dragonhawk at gmail.com
Wed Apr 19 15:49:01 EDT 2006
On 4/19/06, Bill Sconce <sconce at in-spec-inc.com> wrote:
> "When you are dealing with rootkits and some advanced spyware
> programs, the only solution is to rebuild from scratch. In some
> cases, there really is no way to recover without nuking the systems
> from orbit,"
>
> (Other than installing Linux, of course, but if he said that Bill Gates
> would have to kill him... )
*sigh* I hate FUD, even when it's FUD for Linux and against Microsoft.
Linux has the same problem. Every system ever invented has the same
problem. The problem is that if you've had a full system compromise
(whether you call your superuser "root", Administrator, or
SUPERVISOR), you can no longer trust the computer to check itself.
The attacker can subvert the system to lie to you about itself.
What Microsoft is saying -- you need to reinstall from trusted media
after a root compromise -- have been Standard Operating Procedure in
the security community for decades, on all platforms, nix and doze
included. See, for example, this classic guide from CERT:
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
We've had this same situation be discussed *on this list*, multiple
times, going back at least a few years.
If anything, Microsoft is to be commended for telling it like it is.
-- Ben
More information about the gnhlug-discuss
mailing list