Microsoft Says Recovery from Malware Becoming Impossible

Thom Holwerda 2006-04-04 Privacy, Security 74 Comments

In a rare discussion on the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation. “When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit.”

About The Author

Thom Holwerda

Follow me on Mastodon @[email protected]

74 Comments

2006-04-04 7:08 pm

AxXium
I repair PC’s as a hobby and a way to earn extra money.

Well with having and supporting children, there is no such thing as extra money, hehe.

But I agree with the artical.

I can be a rather complex and daunting task to remove malware.

We all know that several malware removal applications often have their own quirks and I have seen one app that removed them all.

Normally I would have to use at least 3 different malware removal apps to be assured that 99% of the malware has been removed.

Sometimes it’s just better to start from a clean state.

Especially if Grandma’s Norton antivirus subscription ran out two years ago, lol.

Wiping the HDD clean is the only sure way, other than installing Linux that is.

2006-04-04 7:16 pm

abraxas
Normally I would have to use at least 3 different malware removal apps to be assured that 99% of the malware has been removed.

Sometimes it’s just better to start from a clean state.

While this is very true it’s pretty sad. There is rarely ever a time that one antispyware program will remove all threats and even when you use three or four programs to get as much crap as you can out, you are still sometime left with an unusable system. I think that is unacceptable. It’s so easy to completely swamp a Windows PC in spyware that I think it borders on negligent on the part of Microsoft.

2006-04-04 7:46 pm

Anonymous
How is this Microsoft’s fault?

There are no impossible-to-detect rootkits for Linux? 😉

2006-04-04 7:59 pm

JoeBuck
OK, let’s assume that you suspect that your Linux system has an “undetectable rootkit”. You just boot up a live CD version of Linux, which bypasses the cloaking, and you can detect any tampered-with files. On a package-based system (whether based on RPMs like Red Hat or .deb files like Debian or Ubuntu), you can either verify that none of the system files have been tampered with or replace those that are.

This kind of thing isn’t possible on a Windows system because there’s too much undocumented cruft to reliably distinguish between what should be there and what should not be, and there isn’t a Windows equivalent of the live CD (which cannot be tampered with because it is on a read-only device).

2006-04-04 8:09 pm

BluenoseJake
There are several “live” cd products available for windows, the most common one being WinPE, the basis for Barts WinPE CD, it is a free product that runs a bare windows environment customizable with whatever sofware you want to install. I run one with mcafee and Norton, firefox and adaware and spybot, this setup will clean just about any system, just like a liveCD. So it is possible on Windows, and not that hard to get going either
2006-04-04 9:17 pm

Anonymous
What do posts with incorrect statements get modded up? It boggles the mind.

A skilled Windows admin can very well detect what has been tampered with, and what hasn’t, given a Windows live CD (of which there are a few).
2006-04-04 11:02 pm

rattaro
>A skilled Windows admin can very well detect what has been tampered with, and what hasn’t, given a Windows live CD (of which there are a few).

You must know more than Mike Danseglio, as he says it’s better to reinstall, just in case you didn’t RTFA.
2006-04-05 2:43 am

Celerate
And there’s a good reason for that, even the most experinced sysadmins don’t know every single system file in Windows despite what the owner of the comment you quoted said. They change constantly, and even comparing checksums isn’t much good when you have to get system updates.

If there were some kind of online DB with valid files and their checksums offered by Microsoft then software running off a secure liveCD could check. Having a list locally wouldn’t help because it could easily be modified by malware. Other than that there really is not way to be completely sure on Windows.

I’m not even sure Linux has anything that can be used to verify system file integrity, unless packages contain checksum information that can be pulled for each indiviual file worth checking. Linux is only safer because it’s more secure by design, rootkits would require root access and on an up to date system that’s usually something that can only be gotten from the admin.

2006-04-04 9:09 pm

archiesteel
There are no impossible-to-detect rootkits for Linux?

Prove there are.

2006-04-04 9:22 pm

Anonymous
Here’s one that came up as one of the first results on Google: http://www.sans.org/y2k/t0rn.htm

Don’t be blindly faithful towards Linux. As long as a Linux system is root’ed, anything could be done to it that would be very difficult or impossible to detect — it all depends on the skills and tools available to the attacker.

Once a system has been suspected infiltrated, the only safe option is to do a complete re-install.
2006-04-04 9:33 pm

archiesteel
Here’s one that came up as one of the first results on Google:

2006-04-04 10:37 pm

sappyvcv
There are no “impossible to detect” rootkits for Windows either. So what’s your point?

2006-04-04 10:39 pm

Anonymous
I’m not disputing that malware is a problem on the Windows platform. What I’m disputing is people who claim that it is Microsoft’s fault. The only fault of Microsoft in the case of malware on Windows is that they have a huge share of the market, and by default make users Administrators.

There is nothing about the design of the platform itself that makes it more susceptible to malware — just user practice.

2006-04-05 12:18 am

SEJeff
Redhat 6.1, wow that is modern. Now lets see you try that on a modern redhat version like say RHEL4 or Fedora Core 5…. hmmmmm, I don’t think it would be so easy.

Security Features in newer redhat distros:

1.) Exec-shield kernel module to help prevent buffer overflows and utilizing the NX (No Execute) instruction on newer CPUs. (XP SP2 shipped a similar feature to the NX part but not as featurefull as exec-shield).

2.) Packages compiled with a hardened compiler using something called FORTIFY_SOURCE to also prevent buffer overflows.

3.) Extra checks in the C libraries to prevent buffer overflows *yet again*.

4.) SELinux Mandatory Access Control preventing compromised system daemons from doing much harm whatsoever.

6.) Checksums of every single file installed with rpm can be verified by doing ‘rpm -V packagename’. It is easy to tamper with files, it is extremely difficult to tamper with the rpm database.

I won’t even get into firewalls…

This is called proactive security my friend and it is designed to never give hackers a chance. The Microsoft school of security is “reactive” and involves patch patch patch.

Don’t be blindly faithful against things you don’t really know about and you think google will teach you.

2006-04-05 3:14 am

TheMonoTone
catch 22 anyone?

2006-04-04 8:31 pm

ma_d
As a programmer, the concept of cleaning utilities on a computer baffles, confuses, and irritates me.

Seriously, I will never understand how people can use all these utilities and not be bothered.

2006-04-04 8:41 pm

sequethin
it’s become so commonplace that there’s probably more malware pretending to be a cleaning util than anything else. The days of bonzi buddy are gone, long live “free super pc fix it doctor spyware remover tool”

2006-04-04 8:43 pm

abraxas
There are no impossible-to-detect rootkits for Linux? 😉

Show me one Linux PC swamped with malware. Point me in the direction of Linux malware that installs itself into startup. Please show me the magic of making files executable in linux without chmod. After you accomplish that maybe, just maybe I will concede that Microsoft has nothing to do with the malware problems Windows users face today.

2006-04-04 8:56 pm

linuxh8r
A) There is no start up in Linux.

B) Did MS write the malware? NO.

That would be like saying it’s Boeing’s fault that a 747 got hijacked.

Think dude!

2006-04-04 9:06 pm

dylansmrjones
Well, MS _did_ write the malware, sort of. They decided not to care about security at a time where security at home was very new and obviously needed (1997),

MS has for years failed to try to raise the security level. Only _after_ XP was released has MS begun a somewhat decent policy on security. But it’s still a joke compared with other OS’es (apart from hobby OS’es in early development).

Yes, Microsoft is at fault for creating insecure systems which are very difficult to secure.

2006-04-05 7:24 am

Jarsto
“That would be like saying it’s Boeing’s fault that a 747 got hijacked.”

I think I actually would say that if Boeing didn’t provide a sturdy door between the cabin (IE ActiveX) and the cockpit (system ActiveX).

2006-04-05 12:13 am

abraxas
A) There is no start up in Linux.

You are clueless. It’s called INIT.

B) Did MS write the malware? NO.

That’s why I said negligence. Look up the definition.

That would be like saying it’s Boeing’s fault that a 747 got hijacked.

No it’s nothing like that. Actually that might even be the worst analogy I have ever heard.

2006-04-04 7:12 pm

vitae
Wow, what a statement

2006-04-04 7:12 pm

JLF65
This is what I’ve been telling people for a long time. Even when you CAN clean up a system, it’s usually easier and faster to nuke it and start over. After the first dozen reinstalls, you find that reinstalling is much easier than cleaning.

A few pointers to help make it easier and quicker: put all the latest apps you normally install (Firefox, firewall, office apps, etc) on a CDR. Keep it up to date. Most of the MS security updates also have the option of downloading to be run off the drive instead of updating directly across the net. Save those to another CDR as you update your Windows system. Then you don’t have to download them all again when you reinstall.

2006-04-04 7:19 pm

kamper
A few pointers to help make it easier and quicker: put all the latest apps you normally install (Firefox, firewall, office apps, etc) on a CDR. Keep it up to date. Most of the MS security updates also have the option of downloading to be run off the drive instead of updating directly across the net. Save those to another CDR as you update your Windows system. Then you don’t have to download them all again when you reinstall.

A far faster way to do it is to set the system up the way you want it, then image it and use that to restore later.

2006-04-04 8:58 pm

jfryman
The only problem I have with that is patch managment.

Take for example XP. Let’s say that when XP was first released, a system was setup and imaged for backup. Things run smooth until today… a good run of about five years or so.

The image is restored, and within minutes a working computer is brought back to order… only to be infested within minutes of the exploits running around on the Internet.

So, with images, how does one manage patches? Even with XP SP1, there are plenty of patches that need to be installed to bring a computer up-to-date, and without them… the first plug into a network connection could bring the machine down quickly.

I’m sure there are solutions for those who know how to accomplish such things… but what about for Grandma and Grandpa? Even with an image and instructions on how to use it…. they restore an unpached image and it’s game over before it begins.

2006-04-04 7:14 pm

TezKAh
I found it highly amusing that I was advising a friend who got a virus that McAfee (haha yeah, i know…) couldn’t fix (he actually got to the point where he couldnt run / uninstall the program) to simply format (nuke it from orbit… its the only way to be sure).

Lo and behold, even Microsoft advises to do that…

Hope vista is better with this, but I’ve “switched” already.

2006-04-04 7:24 pm

kadymae
Where I work, the public use computers are set to re-image the C: drive every time a person logs out.

Yes, that means a hella-long boot cycle, but damn’d if it hasn’t nipped our problems in the bud.

2006-04-04 8:29 pm

eMagius
We just use DeepFreeze here. If the users can’t make persistent changes, they can’t screw things up.

2006-04-04 7:31 pm

alcibiades
Its what I always tell people – if spyware is detected, the only solution is reinstalling from scratch, but I always felt like a paranoid maniac, or at least, I felt this is what the world thought I was being. So to have it confirmed by the official MS security guy is an enormous relief. Now I can say, MS says….so lets go.

If you go into any computer workshop around here, you will find PCs on benches running anti spyware stuff. The shops, if you mention Linux to them or give them a live CD, look at you as if you were an idiot. If you suggest maybe they can’t be sure they have cleaned them, and it takes too much time, and reinstalling would be simpler, just stop talking to you. Obviously someone who knows nothing.

Good to have ones conclusions confirmed once in a while.

2006-04-04 8:53 pm

Kancept
I ran a shop for over 7 years here. We used linux and other OSes in the backed. The reason we look at you like that is that most of us charge hourly. I generally pull the HD, slap it on another win-system and disinfect from there, so that their filesystem isn’t “live”. It gets done, usually fairly well, and it sucks up enough time that we made our money without having the customer think it was so simple.

And before you tear into that, usually if a job was done too fast, clients would think we were lying to them about the repair being needed and not want to pay. You have to find the right balance in your area of too fast vs. gouging.

Customers are fickle and not loyal for the most part, and you have to find the happy medium.

It’s also not good form to walk into a repair shop and tell them they should try something. With all the machines on the benches being automated for repair for the most part these days, what do you think we do all day? Right, we surf the web, read up on things, and tinker with our own systems. Most shops aren’t a bunch of n00bs with Adaware and spybot.

I now help a library part time and we have DeepFreeze on all their public systems. Every evening when they close, the systems undo anything automatically. All persistent images, nothing gets changed. Works great. The new version allows s writeabre area, which should be fine for most home users once they setup their systems how they want.

Edited 2006-04-04 20:57

2006-04-05 6:42 am

alcibiades
“It’s also not good form to walk into a repair shop and tell them they should try something.”

No I agree. They are friends actually, and I don’t make a general practice of it! But they are a lot less sophisticated than you guys sound. Like most around here, they just load spybot and so on, and then run them on the machines themselves. So you see a couple machines on the bench with each several hundred items detected. You can’t know you have cleaned them. And when they come back, well, there never was, could not be, any guarantee. As for Deep Freeze, don’t think they have heard of it.

It not just the infections, its the hospitals and surgeries as well!

2006-04-05 12:54 pm

aGNUstic
Kancept,

I would have to agree with you on the DeepFreeze. At my work as former lab supervisor at a community college I used deep freeze on all the 125 (5 labs) computers in my area.

It may have been a pain in the @rse to work with in its early version it helped keep my systems clean and ready to go at every reboot.

The online, Internet-capable, labs were always being ripped by one virus or another, malware, surf-by downloads, changed desktops (some not appropriate from one class to another, generally the back rows where hard-core porn addicts sit and surf), etc. After a reboot, DeepFreeze put it back to the clean-and-pristene settings. I was the first to use it there with a 120-user license and then the institution bought a campus-wide license and put it on their online terminals.

Too bad Micros has not really listened. A third-party company had to step up and create a solution for Micros’s rock-solid software. Using DeepFreeze allowed me to get back to doing what a Linux and MS systems administrator should do: working with people and servers.

2006-04-04 7:32 pm

anonymous-bert
Not just Windows.

2006-04-04 9:41 pm

Peragrin
Really? Show me one *nix based system where a single downloaded movie can force a complete reinstall of the system? The only case where this is even considered an acceptable solution is if you have had a rootkit installed.

it generally takes a skilled cracker to get a rootkit installed unlike windows were you can automate the entire through an IRc bot, and an image file.

If Windows and a default secure file system, and default secure separate user accounts, well over half of their problems would dry up. i am still hoping Vista brings us those two very simple ideas, but I have a feeling that they will be cut so it an get out the door.

2006-04-04 10:39 pm

sappyvcv
What’s not secure out NTFS?

2006-04-04 7:42 pm

moleskine
He is right if you get a really nasty infection. OTOH this is also classic Microsoft stuff. They have created a nasty problem, but apparently it is the rest of the IT industry’s responsibility to clear it up, not so much Microsoft’s. The small matter of how much of their monopoly profits are ploughed back into tackling malware isn’t mentioned.

In the meantime, the flaks and fudders suggest just shell out for Vista and malware will be last year’s problem. Corporates with IT managers may be able to use Ghost, auto-installers, etc., to get back running but for the home user this is not a happy state of affairs to put it mildly.

2006-04-04 7:51 pm

JoeBuck
HP’s PCs come with a recovery partition, and a mechanism to restore the system to its state as-shipped just by holding F10 down on boot.

Of course, any security updates have to be re-installed, along with any apps not supplied by HP, and all user files are lost.

2006-04-04 8:23 pm

aGNUstic
“HP’s PCs come with a recovery partition, and a mechanism to restore the system to its state as-shipped just by holding F10 down on boot.”

I removed the MS “license” plate, the MS badge “of shame”, and the HP “MS recovery” partition. I haven’t had a single issue with my computer since then.

2006-04-04 7:52 pm

rattaro
New computers with XP preinstalled don’t include extra copies of XP. Are the restore discs adequate to solve this problem? I did not see this addressed in the article, but I think it’s by far the most important question.

2006-04-04 7:59 pm

Shaman
When you have an OS as hacked-together as Windows (I cringe at what Vista has under it now with all its rewrites, delays and Ballmer cracking the whip), it’s inevitable. You can patch the barn, but the mice will always find their way in.

2006-04-04 8:22 pm

CuriosityKills
Care to point out what is hacked together in Windows? From a Kernel point of view, Windows XP (NT based systems) have one of the most well designed kernel.

Do you really think Linux can handle these Viruses?

Think of a typical scenario:

A user is running as a normal user (not as admin in windows or root in Linux). They visit a website and get this message of free access to pr0n by installing their software. Linux will prompt the user to type the root password and then install the software. Windows XP will fail installation and user will go to admin account and install it.

At the end, user installed the spyware. I don’t see where is the protection?

When i think of protection, digital signing installations can be a way but then again people will cry wolf on that (if microsoft do that). I initially hated their decision to only allow signed drivers on Vista 64-bit but looking at people like you, i think it is a good decision. That is the only way to <STRIKE> prevent </STRIKE> protect casual users.

Do you have any alternative better idea? If yes, enlighten us, if not, then do yourself a favor, stop bit*hing about Microsoft for no reason.

Edited 2006-04-04 20:30

2006-04-05 2:40 am

graigsmith
“A user is running as a normal user (not as admin in windows or root in Linux). They visit a website and get this message of free access to pr0n by installing their software. Linux will prompt the user to type the root password and then install the software. Windows XP will fail installation and user will go to admin account and install it. ”

i dont think this could NEVER happen in ubuntu. because anything that gets downloaded can not run. the ability to run is a permission in linux, and downloaded files simply can not just run. Plus firefox could not install anything but more plugins. it wouldn’t be allowed to play with system permissions. as all that is sandboxed.

the reason why it works in internet explorer is because activex can actually install more than plugins.

2006-04-05 7:12 am

CuriosityKills
You chose to totally ignore all the information i had in my last post. If you can’t run the downloaded binary then the user will make it an executable and run it. ActiveX don’t get installed automatically. User has to click Yes and accept it to run.

The malware author insist users on running as admin to install it and since users know they can only install as admin, they will do it.

Driver signing and some similar methods to validate a binary seems the only way out.

2006-04-05 9:51 am

Ookaze
If you can’t run the downloaded binary then the user will make it an executable and run it

Most won’t because they won’t know how to do it, but Murphy’s law is still there, so it could happen.

This is social engineering though, and has nothing to do with the load of malware that installs itself without user intervention on Windows.

ActiveX don’t get installed automatically. User has to click Yes and accept it to run

Have you never seen an average user on Windows or what ? They are so sick of dialogs popping up they don’t understand, that they automatically validate any of them without reading. So your “click Yes” is no issue to malware writers.

The malware author insist users on running as admin to install it and since users know they can only install as admin, they will do it

Users already runs as admin on Windows, as Windows is unusable if you are not admin.

2006-04-05 7:02 am

Finalzone
Care to point out what is hacked together in Windows? From a Kernel point of view, Windows XP (NT based systems) have one of the most well designed kernel.

Do you really think Linux can handle these Viruses?

Obviously you need to learn about permission system on Linux/*nix. Given the diversity of the distros, virus writers have hard time to target kernel.

A user is running as a normal user (not as admin in windows or root in Linux). They visit a website and get this message of free access to pr0n by installing their software. Linux will prompt the user to type the root password and then install the software. Windows XP will fail installation and user will go to admin account and install it.

At the end, user installed the spyware. I don’t see where is the protection?

No matter the OS, that user deserved it as it shouldn’t even download software of the suspicious website. No OS can protect the users for their own stupidities.

On a distro like Fedora, these spywares are virtually useless because of extras layer of security like NoExec and SELinux.

2006-04-04 8:18 pm

sequethin
you have to reinstall windows once a year regardless of whether or not it has malware, just to keep it from going senile…

2006-04-04 8:26 pm

linuxh8r
That’s funny, I’ve never re-installed Windows. I have Win 2K running on a old K6 since year 2001. If you’re re-installing that often you need to go back to school and learn how to use/set up computers.

Although, with the last kernel upgrade of Linux (non-udev to udev) it totally borked my machine. Yes, I could’ve done brain surgery to make it work but it was easier to re-install.

2006-04-04 8:37 pm

sequethin
I was half-joking, but if you google for “reinstall windows once a year” (with the quotes) you get things like “Many experienced users reinstall Windows once a year”. I also read that in maximum pc magazine, which is not necessarily an authoritave resource… but it’s a great mag and I believe what they say most of the time.

I actually don’t have problems with my windows system at home but it’s a dual-boot system that has freebsd running most of the time so I guess your 5 year old windows install is a better testament to the fact that miracles can indeed happen…

2006-04-04 9:01 pm

linuxh8r
It’s not a miracle if it happened twice (yours and mine) .

2006-04-04 10:09 pm

thabrain
Your analysis is based upon experiental information that does not coincide with established empirical data.

In other words, just because your individual experience did not get the result does not mean that everyone else’s PC’s were set up incorrectly.

Your experience is an exception, not a hard-fast rule.

2006-04-04 8:34 pm

ma_d
My one install finally bit the dust when I switched to an ATI card, from nvidia.

It’d been slowing since, but that was about 3 years.

2006-04-04 8:29 pm

Angel--Fr@gzill@
!!!

Well the guy is right, but, I am not sure he is going to be promoted inside Ms!

!!!

Edited 2006-04-04 20:30

2006-04-04 8:31 pm

CuriosityKills
<STRIKE> Testing strike </STRIKE>

OSNews Staff: Why don’t you let us use STRIKE tag?

Edited 2006-04-04 20:32

2006-04-04 8:39 pm

jfryman
As the attacks are becoming more and more sophisticated, it is becoming more and more difficult to remove 100% of the threat.

If 100% is not removed, then the possibility that some rogue trojan or rootkit is hiding in some NTFS data stream that was overlooked, and within minutes/hours/days… whatever the timeframe for the wakeup to occur, the system is back to where it was, prior to the ‘cleanup’.

Only a full wipe can *guarentee* a clean system, otherwise you’re just taking chances…. even the best guys may miss something, and that is exactly what the attackers are banking on.

2006-04-04 8:52 pm

Shaman
>you have to reinstall windows once a year regardless

>of whether or not it has malware, just to keep it

>from going senile…

Not entirely true, but for many people it is. Those of us who leave all the eye-candy features turned on, add virus checking, shareware utilities, etc. and try out plenty of software (often warez, for Joe Average), Windows doesn’t last. It start slowing down and finally begins to malfunction. It’s true, I’ve seen it on machines owned by friends and family who can’t seem to leave well-enough alone. I blame the registry and DLL confusion.

Doubt I’m telling anyone anything new here.

Credit where credit is due, though. I keep my Windows systems very clean, leave a large amount of space, provide lots of memory and don’t leave software that I don’t intend to use installed. And, I don’t use a virus checker, because I don’t use Outbreak and Exploder, nor do I use warez or any shareware doodads which almost always end up cluttering my workspace. End result? I have less problems and better performance in my Windows experience than anyone I know. Of course, I only use it to run the occassional Galactic Civiilizations II game or maybe a little Homeworld II… and load Firefox now and then.

2006-04-04 9:38 pm

miro
The linux way of installing apps is to get them from a trusted possibly signed repository. ActiveX was a bad idea, just as the open button on malware.exe download dialog. what i hope to see is a save as dialog running in a separate process. this way apps only have to have read&write access to a config file (maybe directory), using fast ipc to “save as” process to open/save other files.

Browser: Opera/8.01 (J2ME/MIDP; Opera Mini/1.2.3214; en; U; ssr)

2006-04-04 11:15 pm

archiesteel
I’m not the one who brought up “impossible-to-detect” rootkits, sappy. If you want to play your usual role as MS apologist, at least make sure you’ve followed the conversation before butting in.

2006-04-04 11:19 pm

archiesteel
There is nothing about the design of the platform itself that makes it more susceptible to malware — just user practice.

False on two accounts. There are at least two design flaws that make the platform more susceptible to malware:

a) making files executables through a file exension

b) the deep integration of IE into the OS

Fortunately, b) is finally being dropped. a) still remains, though.

Anyway, I’ll repeat the usual: if popularity is what makes Windows more vulnerable, then why are MS apologists in favor of its continued dominance? Wouldn’t Linux gaining a larger market share make Windows more secure?

I have yet to receive a single good answer from all the anti-Linux posters and MS apologists out there.

2006-04-05 3:16 am

TheMonoTone
Your missing C) the system is near useless as anything but an administrator level account

2006-04-05 7:15 am

CuriosityKills
Archiesteel:

How does making files runnable by extension makes it more vulnerable? In Redhat, user can download an RPM and package manager will prompt root password to install it. What exactly is your point? Or are you going to point me to different (out of 100s) Linux distro?

Deep IE integration into OS, OK what exactly is deep ingeration into OS? IE is a user land component, it is not ingerated into kernel or something. Again you are simply trying to mislead people due to your strong Linux bias, it seems.

2006-04-05 9:58 am

Ookaze
How does making files runnable by extension makes it more vulnerable?

Have you never heard of mail viruses ? These things are only possible because of that “feature”.

That’s why only Windows is plagued by them.

In Redhat, user can download an RPM and package manager will prompt root password to install it

Yes, and then, the package manager will complain about the package not being signed. Even worse, RH is already ahead, and the default SELinux installation will prevent the rootkit to do any harm, or at least will make life hard for the malware.

Deep IE integration into OS, OK what exactly is deep ingeration into OS? IE is a user land component, it is not ingerated into kernel or something. Again you are simply trying to mislead people due to your strong Linux bias, it seems

Simple terms for you to understand : deep IE integration in the system, is when a browser like IE that works with untrusted data, can manipulate low level OS things like modifying files or formatting the disk.

2006-04-05 12:06 am

SEJeff
I really do hate to say this as I will sound like a fanboi saying it, but I don’t get any viruses on Linux. My parents don’t get any viruses on their 3 linux computers. My buddy doesn’t get any viruses on his linux computer.

None of those machines run antivirus or antispyware software, just a simple firewall with no open ports. XP is a mess, even with SP2, I see machines hopelessly infected with spyware and is sickens me.

Once Vista is (finally) released and more secure, then Linux will have a bit more of a competitor. In the meantime, there isn’t much of a comparison.

2006-04-05 7:22 am

CuriosityKills
SEJeff honestly do you think viruses don’t exist on Linux because its more secure?

I thought people write viruses to cause big impact. What would they get by trying to infect <5% of total desktops that too when 90% of them are run by tech savvy people?

Think…a lil bit more please.

2006-04-05 7:31 am

Jarsto
“I thought people write viruses to cause big impact. What would they get by trying to infect <5% of total desktops that too when 90% of them are run by tech savvy people?”

What would they get by trying to infect Google?

2006-04-05 7:54 am

CuriosityKills
What was the last time Windows 2k3 Servers were infected remotely?

Edited 2006-04-05 07:54

2006-04-05 8:08 am

Jarsto
“What was the last time Windows 2k3 Servers were infected remotely?”

In a test situation with unpatched servers not that long ago:

http://www.osnews.com/story.php?news_id=13929

http://www.techworld.com/security/news/index.cfm?NewsID=5535

In real life with competent admins I wouldn’t know. I think some worms were capable of doing it, at least before patches were released, whether they actually did is more than I can say. The point I was making however is that there are high-profile Linux targets out there.

2006-04-05 10:03 am

Ookaze
SEJeff honestly do you think viruses don’t exist on Linux because its more secure?

I can assert it. Look for “Linux virus howto” to get some clue.

I thought people write viruses to cause big impact. What would they get by trying to infect <5% of total desktops that too when 90% of them are run by tech savvy people?

Think…a lil bit more please

And would people get by writing so much viruses for IIS, infecting < 21 % web servers when 90 % of them are run by tech savvy people ?

Think … a lil bit more please.

2006-04-05 3:06 pm

SEJeff
Are you honestly that ignorant of the facts, or are you just trolling? <5% desktops is an irrelevant figure as there are quite a bit of Linux servers on the internet. It’s funny how most of the exploits you see are for crappy php software or web applications instead of Apache. Can the same be said for IIS?

I listed a number of reasons *why* linux is more secure. The only comparable feature XP has is that it uses the NX (No eXecute) bit on newer cpus. I listed 6 reasons why linux is more secure and XP only has one of those. I didn’t get into default users being administrators OR firewalls whatsoever so that could be a few more. Linux is more secure because security was built-in from the start, not bolted on as an afterfact. Linux spawns from the ideas of Unix/minix with full multiuser, security, and networking. Windows spawns from DOS, single user, no security, and (initially) no networking.

Linux is more secure because it is built on a more solid foundation.

Maybe *you* should think a lil bit more please?

2006-04-05 7:41 am

Darkelve
Isn’t it so that the Windows XP CD-Rom only allows for eight to ten reinstalls? Something to do with copy protection if I remember.

That would seriously, erm… ‘compromise’ the usefulness of this solution for a lot of people.

2006-04-05 7:56 am

mcrbids
Once a *nix system has been rooted, the only way to be *SURE* you are clean is to wipe and reload.

Sure, you could remote the drive in rescue mode or something to remove cloaking, but even then, are you *sure* you found everything?

Really?

If you just answered yes twice, then you are naive, and I’m glad you aren’t admin to any of my systems. Yes, Unix/Linux tools are far superior, and yes, they are much, much more secure. Oh, and yes, the reliability is legendary. No, I don’t have problems with viruses. I’ve kicked out black hats on more than one occasion, and generally had good results.

But, once you are rooted, the best thing to do is to prepare a replacement ASAP. It’s not just the system files – *ANY* script or file on the system is potentially untrustable, and all it takes is a *single* file out of place, and you potentially right back at square one.

2006-04-05 12:18 pm

fishpond
Reinstalling an image to a windows boot drive is definitely the best way to ensure a clean system.

However, the effort required to set up a Windows environment such that all user related files are stored on a partition other than the boot drive is quite remarkable and hardly feasible with just the OS-supplied tools.

Large companies with dedicated IT support staff usually do this, for small companies it’s quite an investment and it does not happen for home environments unless there’s someone with relevant IT skill and quite a bit of time. Also because, without an additional disk imaging solution, the OS reinstall forces reinstall of all SW packages as well.

If Microsoft really sees things as stated in the article, I’d expect an installation procedure offering by default to clearly distribute OS/user settings, files and directories over two different partitions.

2006-04-05 4:11 pm

archiesteel
I was going to reply to your personal-attack-disguised-as-an-argument, but Ookaze already did.

If you don’t understand how having the right file extension makes the system more vulnerable, then you obviously know little about computer security.

As far as deep integration into the OS, well, if it wasn’t before, why is MS claiming that IE7 will no longer be?

I am not trying to mislead anyone, I was simply highlighting the Windows design flaws that have had an impact on security. It is true that I have a pro-Linux bias, but I use both OSes equally, and apart from these security liabilities (and the fact that it is proprietary) I think that Windows is a fine OS. Unlike you, it seems I am able to be objective about these issues…

2006-04-05 4:17 pm

archiesteel
Virus propagation is easier in Windows because e-mail attachments can be made executable by affixing the right file extension. Since Windows hides file extensions by default, a naive or distracted user can double-click on an attachment without realizing that they’ve just installed a trojan. This isn’t possible on *nix systems.

That said, if you really believe that popularity is the only factor why Windows has 1000x the number of viruses Linux has, then you should really be advocating that more people use Linux. Following your logic, by decreasing Windows’ market share, you will make it more secure. Don’t you agree?

One fact is indisputable: malware isn’t a real problem for Linux as we speak, and it is a crippling problem for Windows. So if you want to be secure, switch to Linux now. When the OS becomes more popular and possibly more virus-prone, you can always switch back to Windows, which will have become more secure by then (always according to your logic).