On mySimon: Issey Miyake Automatic Watch for Men
BNET Business Network:
BNET
TechRepublic
ZDNet

April 6th, 2006

Microsoft recommends throwing in the towel on desktop clean up

Posted by Richard Stiennon @ 12:53 pm

Categories: Podcasts, Spyware, marketing

Tags:

 

I find the comments made this week by Mike Danseglio,  program manager in the Security Solutions group at Microsoft, a little disturbing.  According to one journalist he said:

 

"When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit,"

 

Which is a great quote but sounds like an admission of defeat coming from the company that is getting ready to end the need for third party defenses on its platform (Vista+OneCare+Windows Defender, etc.).

 

While it is true that it is fairly easy to corrupt a Windows machine into an irrecoverable state most effective spyware and adware are installed systematically and logically. Good research, such as that practiced by most AV and anti-spyware companies involves a thorough comparison between the machine before and  after infection to discover what has changed. The more sophisticated malware has to be watched from a process and system call level to make sure you can remove its components in the correct order to avoid:

 

"We’ve seen the self-healing malware that actually detects that you’re trying to get rid of it. You remove it, and the next time you look in that directory, it’s sitting there. It can simply reinstall itself,"

 

He sites a government installation that was so infected they had to re-image 2,000 machines.  Then he goes on to give advice to CIOs:

 

He recommended using PepiMK Software’s SpyBot Search & Destroy, Mark Russinovich’s RootkitRevealer and Microsoft’s own Windows Defender, all free utilities that help with malware detection and cleanup, and urged CIOs to take a defense-in-depth approach to preventing infestations.

 

I can see how re-imaging can be easier than using multiple point products with no central management in a large environment. Is this the sort of solution Microsoft is going to continue to offer? This is what industry pundits were recommending three years ago when the spyware scourge first surfaced inside the enterprise. Today there are very effective managed solutions that can be deployed in Windows environments (back to Win98 in some cases) that do not require re-imaging.  My advice to CIOs is ask your fellow CIOs how deployments of those solutions faired in their environments.  Don’t ask Microsoft for advice on enterprise defense.

 

Can the best of breed solutions get them all? Can they clean a system after ntdll.dll has been over written? I don’t know. I have been out of the space for five weeks. But knowing how things stood a month ago I can tell you they are much further along than Microsoft is.

Richard Stiennon is an industry consultant. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 11 Talkback(s)
Been around for awhile yes
Oh gee I never knew it was that easy. The desktop support people at the companies I have worked at must be chuckling. When my laptop gets totaly whacked with spyware they make me ship it to them for ... (Read the rest)
Posted by: RStiennon Posted on: 04/10/06 You are currently: a Guest | | Terms of Use
Nothing new here, same with any other OS  george_ou | 04/06/06
So true  anythingbutmine0 | 04/06/06
Is that your solution?  RStiennon | 04/07/06
What infrastructure is that?  george_ou | 04/07/06
Been around for awhile yes  RStiennon | 04/10/06
Quit being a MSFT apologist  RStiennon | 04/07/06
Hardly an apologist  george_ou | 04/07/06
As opposed to?  Justin James | 04/07/06
I'd say tricky, but not impossible  Mr. Roboto | 04/07/06
anti-spyware  geldo | 04/07/06
Trouble is  RStiennon | 04/07/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

Top Rated

    advertisement

    Archives

    Favorite Links

    ZDNet Blogs

    White Papers, Webcasts, and Downloads

    • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
    • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
    • Smart People The best and worst moves in the management and strategy trenches. Learn More