We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,078 News Articles

MS: infected hard drives must be 'nuked'

Company offers radical solution to malware

Companies should put automated processes in place to "nuke" their PCs' hard drives once they're infected with some kinds of malware, since that's the only reliable way of recovering from such infestations, a Microsoft security expert has advised.

The problem largely down to rootkits, which are tools allowing a - usually malicious - user to erase all indications of his or her presence on a system. Most computer users were unaware of rootkits a year ago, but the threat has gained ground since then, according to security experts. The issue got its biggest publicity kick from the storm of controversy over Sony BMG's use of "rootkit-like" software in its copy-management system .

Rootkits have become widespread enough that organisations should put systems into place to automatically recover when they are hit, said Mike Danseglio, programme manager with Microsoft's Security Solutions group, in a presentation at the InfoSec World conference in Florida, according to industry journal eWeek. The problem is that in most cases recovery means wiping and re-installing.

"When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch," Danseglio reportedly said. "In some cases, there really is no way to recover without nuking the systems from orbit."

Security experts have long advised not to bother trying to remove rootkits - not to mention the malware they're usually there to disguise. That's partly because the modifications carried out by such malware makes it effectively impossible to know whether a system has been successfully cleaned or not.

As Russ Cooper, founder of the NTBugtraq mailing list, put it last year, "only a person with very little knowledge would try to remove a rootkit." Danseglio made similar comments last spring.

A year later, however, organisations face having to nuke large numbers of systems. Danseglio used the example of a branch of the US government which had unremovable malware infections on more than 2,000 client machines.

He advised using detection tools such as SpyBot Search & Destroy, RootkitRevealer and Microsoft Windows Defender, and said prevention is the best approach, according to the report.

This story first appeared on Techworld.com


IDG UK Sites

Swatch to release its own line of smartwatches to rival iWatch

IDG UK Sites

From the iPhone 6 to the iWatch and a new Apple TV we look at the products Apple is set to launch...

IDG UK Sites

Miranda July's Somebody app offers a very unusual take on messaging

IDG UK Sites

The 7 most ridiculous iPhone 6 rumours: what Apple WON'T reveal on 9 September