Ryan Naraine at eWeek:
LAKE BUENA VISTA, Fla. – In a rare discussion about the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation.
Yikes – don’t encourage them! My experience with large corporate IT departments is that their answer to just about any nontrivial problem is wiping the machine. Of course, the statement is actually more explicit:
“When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit,” Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here.
He cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. “In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,” Danseglio added.
I guess the government isn’t keeping up with the private sector in this regard. I hope they at least had automated data backup. More details on Danseglio’s view of the current state of the malware situation and remediation measures by following the link.