At a recent Windows Vista reviewers conference, Microsoft Platforms Vice-President Jim Allchin shared a story about Microsoft Chief Executive Steve Ballmer’s experience trying to clean a computer infected with malware.
Steve Ballmer was at a friend’s wedding reception when the bride’s father complained that his PC had slowed to a crawl and asked Steve if he would be able to take a look.
Ballmer spent almost two days trying to rid the PC of worms, viruses, spyware, malware and severe fragmentation without success.
He then took the computer to Microsoft’s headquarters and gave it to a team of engineers who spent several days on the machine, finding it infected with more than 100 pieces of malware, some of which were nearly impossible to eradicate.
“This really opened our eyes to what goes on in the real world,” Allchin told the audience.
If Microsoft’s Chief Executive and a team of Microsoft’s best engineers faced defeat, what chance do ordinary people have of keeping their computers malware-free?
1) Microsoft’s top executives were not really aware as too the difficulties regular computer users face when trying to deal with security threats. Only when they came in contact with a “real world” computer did they become aware as to the extent of the problem.
Security professionals need to emerge from behind their intrusion detection systems, log reports, automatic vulnerability scanners and honeypots and view these security threats through the eyes of everyday users.
Three researchers from Harvard and Berkeley attempted to do exactly that in order to better understand why Phishing attacks are so successful. Rachna Dhamija, J. D. Tygar and Marti Hearst used 22 participants and had them interact with a number of web sites. Some were fake site which were created by the team, and some were real. After watching their actions and behaviors, the researchers quizzed the users as to the motivations for their actions and behaviors. The results are eye-opening, to say the least. I highly recommend everyone read their results: Why Phishing Works.
2) Recovery solutions are clearly lacking. The standard response to malware infection is now to trash the entire system and perform a completely new installation. In fact, Microsoft is now claiming that recovery from malware is becoming impossible.
Mike Danseglio, Microsoft Program Manager in the Security Solutions group said in a presentation at the InfoSec World Conference that, “When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit.”
“We’ve seen the self-healing malware that actually detects that you’re trying to get rid of it. You remove it, and the next time you look in that directory, it’s sitting there. It can simply reinstall itself,” Danseglio said. He conceded that the cleanup process is “just way too hard.”
“Detection is difficult, and remediation is often impossible.”