Companies should put automated processes in place to "nuke" their PCs' hard drives once they're infected with some kinds of malware, since that's the only reliable way of recovering from such infestations, a Microsoft security expert has advised.
The problem largely down to rootkits, which are tools allowing a - usually malicious - user to erase all indications of his or her presence on a system. Most computer users were unaware of rootkits a year ago, but the threat has gained ground since then, according to security experts. The issue got its biggest publicity kick from the storm of controversy over Sony BMG's use of "rootkit-like" software in its copy-management system .
Rootkits have become widespread enough that organisations should put systems into place to automatically recover when they are hit, said Mike Danseglio, programme manager with Microsoft's Security Solutions group, in a presentation at the InfoSec World conference in Florida, according to industry journal eWeek. The problem is that in most cases recovery means wiping and re-installing.
"When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch," Danseglio reportedly said. "In some cases, there really is no way to recover without nuking the systems from orbit."
Security experts have long advised not to bother trying to remove rootkits - not to mention the malware they're usually there to disguise. That's partly because the modifications carried out by such malware makes it effectively impossible to know whether a system has been successfully cleaned or not.
As Russ Cooper, founder of the NTBugtraq mailing list, put it last year, "only a person with very little knowledge would try to remove a rootkit." Danseglio made similar comments last spring.
A year later, however, organisations face having to nuke large numbers of systems. Danseglio used the example of a branch of the US government which had unremovable malware infections on more than 2,000 client machines.
He advised using detection tools such as SpyBot Search & Destroy, RootkitRevealer and Microsoft Windows Defender, and said prevention is the best approach, according to the report.
This story first appeared on Techworld.com