We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

MS: infected hard drives must be 'nuked'

Company offers radical solution to malware

Companies should put automated processes in place to "nuke" their PCs' hard drives once they're infected with some kinds of malware, since that's the only reliable way of recovering from such infestations, a Microsoft security expert has advised.

The problem largely down to rootkits, which are tools allowing a - usually malicious - user to erase all indications of his or her presence on a system. Most computer users were unaware of rootkits a year ago, but the threat has gained ground since then, according to security experts. The issue got its biggest publicity kick from the storm of controversy over Sony BMG's use of "rootkit-like" software in its copy-management system .

Rootkits have become widespread enough that organisations should put systems into place to automatically recover when they are hit, said Mike Danseglio, programme manager with Microsoft's Security Solutions group, in a presentation at the InfoSec World conference in Florida, according to industry journal eWeek. The problem is that in most cases recovery means wiping and re-installing.

"When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch," Danseglio reportedly said. "In some cases, there really is no way to recover without nuking the systems from orbit."

Security experts have long advised not to bother trying to remove rootkits - not to mention the malware they're usually there to disguise. That's partly because the modifications carried out by such malware makes it effectively impossible to know whether a system has been successfully cleaned or not.

As Russ Cooper, founder of the NTBugtraq mailing list, put it last year, "only a person with very little knowledge would try to remove a rootkit." Danseglio made similar comments last spring.

A year later, however, organisations face having to nuke large numbers of systems. Danseglio used the example of a branch of the US government which had unremovable malware infections on more than 2,000 client machines.

He advised using detection tools such as SpyBot Search & Destroy, RootkitRevealer and Microsoft Windows Defender, and said prevention is the best approach, according to the report.

This story first appeared on Techworld.com

IDG UK Sites

Windows 10 release date, price, features UK: Staggered release with PCs coming first this summer -...

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

MacBook Pro 15in preview: better battery life, faster storage and a new discrete graphics chip may...