The latest types of malware are so potent that organisations should forget about trying to cleanse infected systems, a top Microsoft security officer has advised. Mike Danseglio, a program manager in Microsoft's security group, said firms should think about establishing a process for backup and recovering rather than relying on anti-virus tools as a way of recovering from malware infection.
"When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, a program manager in Microsoft's security group, told a security conference in Florida.
Rootkits - forms of malware that attempt to hide their presence on infected systems - are becoming more commonplace. Danseglio argued that such tactics made it too difficult to ensure that infected systems were fully repaired. He cited the example of an unnamed US government agency that found itself trying to fix 2,000 infected machines. "In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast," Danseglio said, eWeek reports.
Even though anti-virus technology is improving, Danseglio conceded that traditional approaches are failing in the face of more sophisticated malware and highly-motivated profit-driven virus writers. The threat has moved on from network worms towards Trojans and other forms of more difficult to detect malware. "Detection is difficult, and remediation is often impossible," he said.
Danseglio's candid admission on the inadequacies of anti-virus technologies in cleansing infected systems is surprising give Microsoft's recent entry into the anti-virus market to say nothing of the fact that Windows PCs remain the principle malware battle ground. However Danseglio laid the blame for the majority of malware infections on human stupidity in the face of social engineering attacks rather than the security shortcomings of Windows, as highlighted by an unpatched Internet Explorer flaw that's become the focus of exploitation by hackers over recent days. ®