Microsoft Says Recovery from Malware Becoming Impossible

[carrot]

It would work well if Windows was written to "write-once" media such as an EEPROM.

My favorite solution to all these problems is to have one partition or hard drive setup with DeepFreeze -- a pretty solid program that reverts any changes to the partition or drive on reboot. The second drive or partition would be the "thawspace" which is not frozen, and so you would save your documents there. I haven't seen anything that can get around DeepFreeze's protection yet.

EVOeight, are you referring to BartPE, or something I haven't heard of yet?

 

[shaman]

As much as everyone hates the "security through obscurity" the reality of it is you never really know how secure an application, a vendor, a company, an OS, a PC (or device) is unless you know all aspects of it. Also the reality of it is that there are critical flaws in all applications, OSes, etc but since they are not #1 of the market share... they don't get the publicity. Its all about whos #1 and who can knock #1 off their pedestal.

Regarding the BIOS, there is the growing potential for problems. The CIH virus was one of the more recent (http://www.cert.org/incident_notes/IN-99-03.html) attempts to get low-level, in the fact that its payload would hit the flash BIOS. In doing so, unless your board manufacturer had a fix... you were out of luck. Of course if someone has physical access to the device then you are as good as compromised anyways (as stated by gadget_lover). It is amazingly easy to do certain things.

Sadly, not even open source software with their source code being freely available are not safe. There have been several well know software apps that have been compromised on the distrobution servers, which then replicated down, then were downloaded etc... Next thing you know you've got a reverse telnet contacting some remote server.

The more controls, checks, and balances you have the better.

***EDIT***
Also, flash disk-like OSes are not that good yet. SD,MMC,USB and the like... have a maximum number of writes. Granted it is not like 100 but when you thing of Windows and its pagefile.sys or linux/bsd and its /tmp then you start to get the picture. Yes you can put the variable/temp files on a hard drive or the like but that normally happens after install... so the vendors would need to start changing the OS,kernel,and caches before a widespread adaption could occur (in my opinion). Bootable CDs,floppies, and now flash drives are everywhere but they are not without there own obstacles.
***EDIT***

Sincerely,

Shaman

 

[cy]

it's getting so, being paranoid is a required trait. nowdays I backup to an external hard drive, then turn off hard drive after backup is complete.

removing physical access is one of the few things you do have control over. if my main drive should ever get corrupt, my external hard drive will be insulated.

 

[shaman]

I've even heard some places dropping super glue or epoxy in the USB slots and keyboard/mouse slots to ensure that their device/server/workstation/kiosk is indeed a bit more physically secure... Sad state indeed.

Sincerely,

Shaman

 

[Sub_Umbra]

I don't think that there's any news here, just posturing. This is just more PR from a PR company. Don't be suprised or shocked. It's just another way of saying that although the decision MS made years (and OSs) ago to save money on support calls by making default installs wide open to anything coming down the pike without any regard for the security of their customer's machines is going to continue into the forseeable future.

Every incarnation of win installs wide open and it's only with XP that MS even went so far as to install with something MS calls a firewall -- even though it's really only half a firewall, since it is intentionally designed to never stop any malware from phoning home. Anyone who is willing to let a PR company like MS determine what they need for security on machines that hold personal, business or otherwise confidential information at this point in the game is living in a dream world. Don't get me wrong, there are ways to make win boxes more secure -- the answer just doesn't have anything to do with MS.

I quess it is a significant announcment to the extent that MS has apparently determined through focus groups that at this point they have reached a state where they feel secure enough in their marketshare that they can actually be straight up about it and tell you up front how they aren't going to change anything and that means that you have gotten full warning that you will be hosed over and over and over as you use all of MS's future products.

It's brilliant.

 

[gadget_lover]

I think Sub_umbra is wrong. Ms is not just posturing.

I think that they are setting the stage for selling DRM as part of the next OS. They will couch it in terms of "if a program's authorized by MS, it's OK" and "Only bad software will not register through MS". This should give them an even stronger hold on the market, since any new product will have to go through their labs to get blessed. They will know what ideas to steal (oops) make that copy (oops! ) make that emulate. They will also know what changes to make to their programs to kill the compatibility with 3rd party products.

This will make the music and major software houses happy. It will kill small companies and restrict your ability to access your old programs, data files and multi-media.

And they'll claim it's to make you safer.

I could, of course, be wrong.

Daniel

 

[carrot]

They will also know what changes to make to their programs to kill the compatibility with 3rd party products.

Remember the Windows 2K Pro code leak? Some people took a good look at it and proclaimed that the Microsoft code would be pretty good (from what they saw) if only they took out all the hacks and patches that ensured compatibility with 3rd party programs that use undocumented API features/quirks. So all Microsoft really has to do is remove all that backwards compatibility and sell their own replacements.

 

[shaman]

So all Microsoft really has to do is remove all that backwards compatibility and sell their own replacements.

Wasn't this how Apple was like a few (10) years ago? You couldn't get hardware or software without meeting their guidelines, restrictions, or minimum requirements.

In my humble opinion it is not about any single company, but it is about schools of thought. Changing a small company may take ones entire being yet it is only afterwards, one finds that their success is merely a "drop in the bucket". If every consumers thoughts were to change, then the companies would follow. There is too much money to be made (spyware, information mining, etc) and not enough accountability in actions. It is a balancing act, on one side you have potential for profits (long-term survival), and the other is potential for problems (loss of clients). Funny thing is, how do you convince people it is not always about money?

That is why F/OSS and other projects are so unique (not to say they are better, just unique) , the are making money (the majority) through support rather than from the product itself. After all, isn't it easier to support a product that does fail that often? And isn't it easier to sell support to those who need it because when it does fail it is due to a serious problem? The above are just examples mind you, but interesting none the less.

Schools of thought, again just my opinion. I think were are in the early stages of the rollercoaster called adaption, sure will be an interesting ride. I for one don't want to be sitting in the back, cause I'm sure people will be getting sick on this one.


Sincerely,

Shaman

 

[Luff]

I think that they are setting the stage for selling DRM as part of the next OS.

Daniel just shined a light in the darkness. MS is already positioning Vista Ultimate to be the most secure computing platform available. They've begun soft-selling their new virus and malware scanner, planned to be a 'free' part of Vista. Their track record in security leaves me more than a little worried. I think many, many people will opt to use it and 'save' by not buying protection from a competitor (almost all of whom have been more successful in the arena).

Granted, Ultimate is only one of six versions of Vista Microsoft will unleash upon the world, but IIRC, each shares the DRM and virus scanning weaknesses. I, and those I advise, will sit on the sidelines for quite a while after this product launch to protect our installations. It's becoming a mantra regarding every MS product launch ... don't upgrade until SP1 has been running on other people's systems successfully for six months.

Another of Vista Ultimate's upcoming major promotional strengths also worries me ... whole disk encryption tied to a silicon chip sitting on the motherboard. It's as close to an unbreakable security system as exists. On the one hand, it's great for sensitive data. On the other, data recovery becomes nearly impossible if something goes wrong. I wonder what folks will do when an hostile rootkit sneaks past the MS virus scanner, changes the software 'password key' residing in the hive, thereby making all the data on the hard disk unreadable and absolutely unrecoverable.

If you buy the Vista Ultimate version when you get the chance, you should become scrupulous about making bit-for-bit disk image backups. Otherwise, it could all be gone in an instant.

Daniel, I think you've got it right more than any of us may now know.

 

[carrot]

I think Apple is still a little bit like this. I've been using OSX for over half a year now, and I've figured out exactly why using a Mac over a PC is so pleasant -- every application follows the same strict guidelines of keyboard shortcuts (for the most part, anyway) and simple yet powerful UI. Though Apple has a much more limited section of users, those followers are quite comfortable with their machines. The same can't really be said for Windows users.

And of course, F/OSS just inspires fanatacism. My only real gripe about F/OSS is a lack of standardization, which is a double-edged sword... What I think really propels F/OSS is that most developers work on the software to make it better for themselves, and have less to gain by making it unreliable.

Again, it ties back to schools of thought, as you say -- OSX is about less choice and more uniformity, whereas F/OSS is about choice and customizability. I think Windows safely falls in the middle of this dichotomy.

I don't foresee a great move from Windows, as you seem to be hinting at. While I would love to see it happen, it just won't. Games propel OS sales, and since Windows is still the only choice of operating systems for any serious gamer, both gamers and companies will see little reason to migrate. But I wouldn't be surprised if all the Windows woes people are bound to experience with Vista bring some more over to the open source side. It's certainly what encouraged me to make the move to *nix-based operating systems.

Edit: Speaking of DRM, that hardware-based DRM... Palladium (sp?) has got me on edge. The HDMI standard too.

 

[Sub_Umbra]

carrot said,
"I think Apple is still a little bit like this. I've been using OSX for over half a year now..."

Welcome to UNIX, carrot!

 

[Mike Painter]

I don't think that there's any news here, just posturing. This is just more PR from a PR company.

You are aware that rootkits are not something developed on MSFT platforms and that they can be a part of *any* operating system?

No matter how much security you place on a system if you can install a program then you can unintentionally install a rootkit and never know about it.

The inane pr comments should be ignored but I'm weak. MSFT has given people products that work and work well for 99% of the people who want to do something productive rather than play with an operating system originally designed to run telephones and *hugely* marketed through the singer sewing machine" approach look it up.
Every iteration of their products has reduced the need for expensive people with arcane knowledge.
People who used to get paid to write assembly language routines to get a simple printer running are no longer needed.
People who used to get paid to install software and drivers are no longer needed.
People who used to get paid a lot to set up networks (and spend 12 horus formatting a huge 5 Mb hard drive to run with Novel) are no longer needed.

And people who used to write dBase programs, finally became aware that the "singers" were wrong. Look up singer while you're at it, although someone aware of marketing should not have to.

 

[carrot]

carrot said,
"I think Apple is still a little bit like this. I've been using OSX for over half a year now..."

Welcome to UNIX, carrot!

Been using Linux for over two years now. I'll consider your words a welcome to *BSD.

 

[gadget_lover]

The problem with whole disk encryption as a security feature is that it has some rather trivial weaknesses.

It is not protected from it's own OS, so if the OS is hacked the system is hacked.

It has no intrinsic defense against snooping (electronic or physical) to determine your key.

If someone has physical access you your system, the system can be compromised.

Given enough computing power and a known format/contents of the data on the disk, any encryption will eventually fall.

It sort of reminds me of the car parked next to mine today. It was a good looking german car, doors were unlocked and the cellphone and detachable radio front were sitting on the seat. It had security devices, it had two part authentication in the radio, it had value. It was totally unprotected.


Daniel

 

[Sub_Umbra]

Hi Mike,

I'm aware that all OSs may be root kitted.

Are you aware that the entire win TCP/IP stack came from FreeBSD? All free and legal. Your winbox couldn't go online at all without the UNIX code you shun. I don't know why MS would want to sell you free UNIX code which you think was written to run telephones over thirty years ago but I am sure that I paid less for it than you did. Can you guess how much MS code is in FreeBSD? You have probably never gotten an email that didn't go through a UNIX program at some point either.

So, how do you think MS's definition of a firewall stacks up with the rest of the industry's? Do you think that XP users could be served any better by a firewall that comes closer to actually being one? This thread is about MS and Malware and we are talking about a company that blows smoke up it's users butts and tells the poor darlin's that they're safer now because they've added a firewall to XP. Except that they didn't add a firewall -- just half of one.

Then later on MS is crying the blues and says that they're at a loss as to how do deal with Malware. Of course, they won't add a real firewall and that's fine with a whole bunch of their users. I actually agree with you on this, Mike, because I don't care if you run without a firewall either. I also agree with your comments about the productivity that MS has given you, too. You can take some of that time saved and spend it endlessly patching your winbox. You can take some of that time and become your own security expert and try to figure out what you need to disable on any default win install to keep it from being compromised in the first week of use.

You mentioned all of the things that you no longer have to worry about with MS software -- how fewer professionals are needed, but I'd like you to tell me how any newb can actually secure his new winbox without hiring a professional or taking a huge chunk out of his life for research. The estimated numbers of infected machines are titanic and that would indicate that they are not easy to secure for the average user. If doctors gave their patients the same caliber of help that MS gives it's users we'd all be dead.

 

[shaman]

I don't foresee a great move from Windows, as you seem to be hinting at.

As good as that may be , my hints were along the line that the change may be coming in the form of licensing, regulation, and possibly the overall change of computing as we see it. I'm with you about a big change in M$.

Are you aware that the entire win TCP/IP stack came from FreeBSD? All free and legal.

This is where the kicker is, has the BSD license been followed while creating all of these wonderful new features and such? SCO and RedHat are already going head-to-head regarding licensing and lawsuits. The GPL was here recently tested in an overseas court (IIRC). The current course cannot be maintained unless validation and testing occurs... in other words what is the purpose of a license if it is not valid, tested, nor meaningful? Sad part is that this is going to be a long road, alot of time and energy are going to be lost.

The schools of thought/adaption are within what gives the company/code power... namely the license,EULA, and intellectual property.

DRM is just going to be a annoyance until it is perfected both via hardware and software means... If you can see it, or hear it... then it can be duplicated... (unless all hardware has the same DRM in it).

Sincerely,

Shaman

 

[chesterqw]

this makes me think of the "new" ibm's thinkpad that comes with a recovery button.(go read more )

 

[gadget_lover]

You are aware that rootkits are not something developed on MSFT platforms and that they can be a part of *any* operating system?

No matter how much security you place on a system if you can install a program then you can unintentionally install a rootkit and never know about it.

The inane pr comments should be ignored but I'm weak. MSFT has given people products that work and work well for 99% of the people who want to do something productive rather than play with an operating system originally designed to run telephones and *hugely* marketed through the singer sewing machine" approach look it up.
Every iteration of their products has reduced the need for expensive people with arcane knowledge.
People who used to get paid to write assembly language routines to get a simple printer running are no longer needed.
People who used to get paid to install software and drivers are no longer needed.
People who used to get paid a lot to set up networks (and spend 12 horus formatting a huge 5 Mb hard drive to run with Novel) are no longer needed.

And people who used to write dBase programs, finally became aware that the "singers" were wrong. Look up singer while you're at it, although someone aware of marketing should not have to.

There is not much in this post that is NOT to some degree incorrect. For others that may need the facts (not targeting Mike Painter) I'll offer the following. This comes from 25 years in the Unix biz.

0) "Every iteration of their products has reduced the need for expensive people with arcane knowledge. " .... Say what???? MS even has their own certifications. Every corporation with an IT department has at least one exchange expert and one server expert. Since MS 'tweeks' the standards, the knowledge reqiured is indeed 'arcane'.

1) "People who used to get paid to write assembly language routines " ... These guys are still writing the drivers that you install with every new printer. You are just using someone else's expertise.

2) "People who used to get paid to install software and drivers " Look at any corporation and you'll see an "IT" deparment full of people who install software and drivers and patches for MS products.

3) "People who used to get paid a lot to set up networks"... They are called network engineers and are getting $60 to $125 an hour on contract.

4) It used to take all day to format a 5 MB drive simply because the hardware was slow. Faster drives predated MS by several years. MS did not create faster hardware.

The productivity has gone up as a result of better hardware and more software in general, not just MS. I use almost no MS products and am very, very productive.

As for the origins of Unix.... Would you believe that a couple of nerds wanted to play a computer game, but the system they played it on was being retired? They came up with the basics of Unix so they could continue playing on the newer computers. Look up Kernigan and Ritchie. It's out there.


OK, For Mike.... Try Linux for a few days. You may like it.

Daniel

 

[carrot]

Hmm... shared TCP/IP stacks... Teardrop, anyone?

That's not the only thing that Windows "borrows" from open source. If you poke around enough in the Windows directory, you'll find a lot of terminology borrowed from *nix. C:\Windows\System 32\drivers\etc comes to mind as an example. Then tab-completion in CMD wasn't originally in MS-DOS, yet it has been added in Windows XP. Plenty of other things MS uses from *nix, but I don't quite remember other examples as well.

I think licensing is really screwy in the open source movement, between BSD and GPL... why bother reimplementing something almost exactly the same way if it's already out? *BSD and Linux, if united in their efforts, would be a much greater threat to Microsoft. But of course, their licensing terms are completely different. I don't really lean to either side of licensing, but I do think GPL is a bit... overzealous, perhaps.

btw, chesterqw, did you see the Thinkpad ads during the Olympics? I thought they were really freaking cool.

 

[flashlite]

There is a solution that would stop this madness, or at least slow it down considerably....public hangings of hackers. It sounds morbid but I know I would enjoy watching that.