funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Point of No Return? Microsoft Says Recovery from Malware Becoming Impo ssible

From: James Kehl <shykta () dione ids pl>
Date: Wed, 5 Apr 2006 14:01:50 +0200 (CEST)


On Tue, 4 Apr 2006, Drsolly wrote:


"When you are dealing with rootkits and some advanced spyware programs,
the only solution is to rebuild from scratch. In some cases, there
really is no way to recover without nuking the systems from orbit," Mike
Danseglio, program manager in the Security Solutions group at Microsoft,
said in a presentation at the InfoSec World conference here.


Maybe MS should do "Windows for Grannies", along the lines of grannix.
If all the software is on CD Rom and you can't install software on the
hard disk, then you've moved quite a long way to hardeing the system.


There's been some thought about this, but not enough... when every
motherboard has a flash-based BIOS, or worse still, EFI - there really is
no way to recover. Nuke it from orbit, buy a new one.

Hard disk imaging isn't enough - come to think of it, even hard disks
and CD-ROM drives accept firmware upgrades these days. I suspect not
even TCPA could detect and protect against a hard disk rootkit...

James
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: