Microsoft Chief Executive Steve Ballmer vs. Malware
June 8th, 2006At a recent Windows Vista reviewers conference, Microsoft Platforms Vice-President Jim Allchin shared a story about Microsoft Chief Executive Steve Ballmer’s experience trying to clean a computer infected with malware.
Steve Ballmer was at a friend’s wedding reception when the bride’s father complained that his PC had slowed to a crawl and asked Steve if he would be able to take a look.
Ballmer spent almost two days trying to rid the PC of worms, viruses, spyware, malware and severe fragmentation without success.
He then took the computer to Microsoft’s headquarters and gave it to a team of engineers who spent several days on the machine, finding it infected with more than 100 pieces of malware, some of which were nearly impossible to eradicate.
“This really opened our eyes to what goes on in the real world,” Allchin told the audience.
If Microsoft’s Chief Executive and a team of Microsoft’s best engineers faced defeat, what chance do ordinary people have of keeping their computers malware-free?
Lessons Learned:
1) Microsoft’s top executives were not really aware as too the difficulties regular computer users face when trying to deal with security threats. Only when they came in contact with a “real world” computer did they become aware as to the extent of the problem.
Security professionals need to emerge from behind their intrusion detection systems, log reports, automatic vulnerability scanners and honeypots and view these security threats through the eyes of everyday users.
Three researchers from Harvard and Berkeley attempted to do exactly that in order to better understand why Phishing attacks are so successful. Rachna Dhamija, J. D. Tygar and Marti Hearst used 22 participants and had them interact with a number of web sites. Some were fake site which were created by the team, and some were real. After watching their actions and behaviors, the researchers quizzed the users as to the motivations for their actions and behaviors. The results are eye-opening, to say the least. I highly recommend everyone read their results: Why Phishing Works.
2) Recovery solutions are clearly lacking. The standard response to malware infection is now to trash the entire system and perform a completely new installation. In fact, Microsoft is now claiming that recovery from malware is becoming impossible.
Mike Danseglio, Microsoft Program Manager in the Security Solutions group said in a presentation at the InfoSec World Conference that, “When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit.”
“We’ve seen the self-healing malware that actually detects that you’re trying to get rid of it. You remove it, and the next time you look in that directory, it’s sitting there. It can simply reinstall itself,” Danseglio said. He conceded that the cleanup process is “just way too hard.”
“Detection is difficult, and remediation is often impossible.”
June 9th, 2006 at 4:02 pm
Clearly, prevention is better than detection and remediation. If this was not bad enough, things are bound to get even worse.
June 19th, 2006 at 1:20 pm
I laughed when I saw this. I nuke nearly 70% of the computers infested with spyware. I constantly run into these “self healing” spyware programs. Often I get customers stating that they got a “message” saying that there computer is infected. This is actualy a pop-up window. They unknowingly install it thinking that it will fix the problem. Then I get the computer and find that key system files are missing. It is sad…
November 29th, 2006 at 10:31 am
If you simply cannot nuke the OS, pull the hard drive and connect it as a slave drive on an existing, known clean system. (I also lock the clean system down as much as possible during this process.) Then scan and clean the drive with that system. This typically works because none of the viri & spy ware programs are running so can’t re-load themselves.
November 29th, 2006 at 3:20 pm
In lew of pulling the hard drive, why not use a bootable CD? You’re garrented a read-only boot device (so it can’t become infected). Many linux distributions provide a “rescue” option on their install CDs that lets you fix almost anything, I can’t see why the Windows security companies couldn’t do something similar.
You could of course just install linux (or get a Mac) and avoid all the Windows virii completely, though admittedly that’s not an option for everyone at this point.
November 29th, 2006 at 4:51 pm
Until about a year ago I worked as a technician for small - medium businesses and home users. I was often surprised out how apathetic clients often seemed about what data might have been mined from their shopping and working habits.
More to the point, I wonder what percentage of these people actually have their data abused as a very high percentage of them used very stock standard, and usually dated brand of Virus scanner that seems to come pre-installed on all laptops, and no anti-spyware to speak of… or firewalls.
Just severe amounts of spyware.
July 27th, 2008 at 11:55 am
The core of the problem is that fact that Microsoft allows the web browser to do neat tricks like save files (viruses) on the users system, and then embed IE everywhere, so that if the government forced Microsoft to remove IE, it would disable the system. Now users are foisted with this backdoor (Internet Explorer engine) to almost every aspect of their computing, which exposes them to unecessary vulnerability.