Microsoft Says Recovery from Malware Becoming Impossible

[zespectre]

I'm hoping that virtual machine technology has some of the answers.
-Build a VM.
-Make a copy of the VM (and store it in a safe place).
-Run the VM and if something ruins it just copy over it with the known safe version.

Maybe that's the real purpose of multi-core chips, to run VM???

 

[James S]

I'm hoping that virtual machine technology has some of the answers.
-Build a VM.
-Make a copy of the VM (and store it in a safe place).
-Run the VM and if something ruins it just copy over it with the known safe version.

I've been doing this for years It's the only way I run windows. And I only do it for software testing when a client needs a windows version of something I'm writing for them. I run windows in VirtualPC on my Mac load it all fresh and nice into a disk image. Duplicate disk image and save. Boot and test from copy, when done or if problems develop, throw away copy and make a fresh copy from original.

SO easy, and WAY faster than reinstalling on the actual hardware. VPC doesn't play games with much speed, but it's perfectly fine for testing and debugging non 3D applications. There are actually a great many software engineers that do this exactly the same way on a Mac for exactly that reason.

 

[cyberhobo]

What's next nasties hiding in the bios?

They already exist. I use IOSS RD1 Pro to quickly recover if infected.

 

[shaman]

The way I understand it, many of the big vendors are saying Virtual PC/Computing is the future (Or at least they are trying to make it that way). With VMware giving away VMware server and player, M$ doing the same with Virtual Server, Xen coming up strong, UML being visible in the background, and Qemu having a loyal fanbase... It is definitely a part of computing as we speak. Not to mention as James S stated, virtual PC are becoming the norm for R&D shops. Some really big players are banking on the Virtual PC realm, going so far to say that even devices will soon become virtual (Routers, firewalls, PBX, IPS/IDS, etc... as well as multi OS & architecture systems.) AIX allows for virtual partitions if my memory serves me correctly, and RedHat has intergrated Xen into their distro. Again, as I understand it, some vendors are saying that in the future you'll just create your needed network device from unused CPU/processing power (Much like you can create your own virtual network or virtual honeynet). It will be like a blade-like environment where you have a rack of processors, a rack of storage, and a rack of *insert-other-requirement-here*, then you have all virtual servers/devices. Rather interesting indeed, but a good ways to go (not enough standardization to achieve it just yet).

Though Virtual computing is good, it is not a silver bullet to the rootkits, exploits, nor vulnerabilities prevalent today. The virtual pc may be housing some sensitive information yet the OS could be vulnerable to a type of attack or exploit, then you have a virtual problem on your hands (pun intended

Kernel/Stack protection and jailed memory allocations seem to be promising additions to some of the problems (OpenBSD seems to be leading the way in this realm). That way if your chrooted webserver gets violated, they can't get to anything outside the jail.

Carrot: I agree, way to many licenses... Seems like to many are being created for the bragging rights and nothing more. No many can be the other edge of the sword (whereas the 'not enough' is the other side).

Sincerely,

Shaman

 

[snakebite]

There is a solution that would stop this madness, or at least slow it down considerably....public hangings of hackers. It sounds morbid but I know I would enjoy watching that.

CRACKERS! not hackers.get it right.

 

[gadget_lover]

HACKERS works for me. Whomever releases a worm or other malware should be the target no matter what they call themselves.

BTW, to mince labels forgets one minor fact. In the last 30 years the labels have changed many times. A label has never been about what a miniscule part of society wants to be called. It's what the majority calls it.

99% would say a hacker causes problems. By definition that sets the definition.



Still say hang em high.

Daniel

(BTW, A Cracker is a southern redneck bigot.... Get it? RIGHT! )

 

[shaman]

A label has never been about what a miniscule part of society wants to be called.

Doesn't a played-out cliche seem to fit nicely regarding following the majority? Bug,virus,trojan, CD, hacker, cracker,etc all have multiple definitions to the word, and yes the majority chooses. But how mny other things do the majority also choose that... well... is not correct? I have had many say that a virus, trojan, or spyware is nothing to concern them... just a thorn. I have also heard the majority say that there is nothing worse than "having my identity stolen" that could happen to them on the net. At the time I couldn't have thought they were more wrong.

Sincerely,

Shaman

 

[zespectre]

This amusing link seems to fit in :lolsign:

 

[flashlite]

From Wikipedia:

"A black hat (also called a cracker or Darkside hacker) is a malicious or criminal hacker. This term is seldom used outside of the security industry and by some modern programmers. The general public use the term hacker to refer to the same thing."

Besides the edible wafers and the rock band, I never heard of a Cracker until now.

 

[carrot]

Nice link, zespectre.

The majority almost always reflects the opinions and knowledge of idiots. In order to get anywhere, it is and always has been the minority that drags the majority forward. Change does not happen if one sits idle.

Hackers are the whitehats and experienced coders. Crackers are the blackhats, script kiddies, and virus programmers. I believe in the computer world it is harder to define right and wrong, since many tools and techniques can be harnessed for good and bad. Breaking into a network or server can be used to assess and improve security, or it can be used in various malicious manners.

 

[flashlite]

Given the title and content of this thread, was there ever a question of what kind of hacker we're talking about?

 

[shaman]

Given the title and content of this thread, was there ever a question of what kind of hacker we're talking about?

Maybe cy could answer this with his other thread "Sony, Rootkits and Digital Rights Management Gone Too Far" ?

Sincerely,

Shaman

 

[WNG]

Hardware is now cheap relative to cost/processing power.
And I simply keep at least 2 systems actively running and up to date.
Like flashlights, I can't have just one. Being a DV engineer has something to do with it.

If one goes down, I'm not dead in the water.

I've found what works well has been creating disk images of fresh OS installs, then fully software configured, and timely backups. Especially before new software installs. Powerquest Disk Image is what I use and it's been satisfactory.

My next approach is using VMware and running virtual machines. I find this to be an excellent strategy for protecting one's core system.

Nothing new, and been mentioned before, but thought I'd put my vote in for these methods.

 

[shaman]

My next approach is using VMware and running virtual machines. I find this to be an excellent strategy for protecting one's core system.

Now is a good time WNG and thanks for the additional info! There seems to be a competition for this technology, so typically with competitions the consumer wins... And thus why VMware player and VMWare server is free to download and use right now. VMware palyer you cannot create disk images with the software (but you can use other software to do so) yet you can play them. VMware Server I believe you can. If memory serves me correctly, both can run on windows as well as linux.

Sincerely,

Shaman

 

[James S]

Seems like an awful lot of trouble just to run windows... If people would just express to the developers of the software that isn't available for alternative platforms their desire to have the software ported to an alternate platform so that they dont have to go through this dance, wasting whatever percentage of their daily billable hours, they will do it.

There are some great apps that run on windows, but given a demand they could run on any of the other operating systems around. There isn't anything that windows has that linux or macos doesn't have as far as capability.

When enough people get fed up, then the software companies will move their work to other platforms. But it's up to you to get fed up and ask them to do it. You're not just going to wake up and find an alternative to all this windows garbage fully formed unless you let those companies know what you want.

But this is like a frog in a sauce pan. They have been turning up the heat on your slowly for years, and so you're always willing to accept just a little bit more and you dont even realize how much time you're wasting just so you can use windows for web surfing and email... It's not worth it, and hasn't been to me for many years. I suffer not at all not running windows anywhere here except for software testing in VPC

 

[tron3]

Spy Sweeper by Web Root. I use it and it will scan for the root kits. It does see the Novell client for networks as a root kit, but I just unclick the box and clean the rest of the stuff it might find.

My job largely entails scanning, finding, and cleaning this stuff off computers. Not to mention the constant patches. Even after it's all gone, the computer never seems 100%.

Firewalls and all that anti-anything software helps, but sooner or later SOMETHING get's on your machine. Something the scans can't find. I notice when pc's slow down, and I become suspicious when the scans come up empty. Registy Mechanic helps, but doesn't always fix the issue.

Face it, the internet protocol was invented in the 50's and though it has been updated, it does little on the internet level to stop all the "noise" looking for an open system. Security seems to be the responsibility of the end user, and they are using an open and flawed O/S to stop this stuff.

Maybe if we start giving writers of this software the death penalty the others will stop when they see us kill off the 1st couple of people. Hackers should not become glorified criminals who get high paying jobs with government agencies in exchange for their freedom. That is a disgraceful resume to reward.

Sbybot has an "immunize" feature that stops a lot popups and junk from loading on your pc. It uses the Explorer security feature to do this, so it is invisible to the user and doesn't use any system resorces because this is no software to run. Explorer will simply check incoming traffic against the list and block the bad stuff. VERY cool and easy.