Microsoft Says Recovery from Malware Is Becoming Impossible
Editor's note: We found some of these quotes in an article on eWeek.com written by Ryan Naraine. While Ryan addresses business computers this information also applies to home users. Talk to your favorite Geek about how you can back up your system regularly!

According to a Microsoft security official, businesses should consider investing in processes to wipe hard drives and reinstall operating systems as a cost effective way to recover from malware infestation.

Malware is the term used these days for spyware, viruses, Trojans and internet worms.

Mike Danseglio, program manager in the Security Solutions group at Microsoft, said "When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," at the InfoSec World conference.

Offensive rootkits, which are used hide malware programs and make their presence undetectable on an infected machine, make up more than 20 percent of all malware removed from Windows XP SP2 (Service Pack 2) systems according to Jason Garms, architect and group program manager in Microsoft's Anti-Malware Technology Team.

Because Rootkits use kernel hooks to avoid detection, Danseglio said computer repair personnel may never know if all traces of a rootkit have been successfully removed.

He cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. "In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast".

Danseglio, said that removing the malware is "just way too hard."

"We've seen the self-healing malware that actually detects that you're trying to get rid of it. You remove it, and the next time you look in that directory, it's sitting there. It can simply reinstall itself," he said.

"Detection is difficult, and remediation is often impossible. If it doesn't crash your system or cause your system to freeze, how do you know it's there? The answer is you just don't know. Lots of times, you never see the infection occur in real time, and you don't see the malware lingering or running in the background."

Danseglio said hackers are conducting attacks that are "stealthy and effective" and warned that malware is much more serious than viruses and worms we’ve seen before. "In 2006, the attackers want to pay the rent. They don't want to write a worm that destroys your hardware. They want to assimilate your computers and use them to make money.

"At Microsoft, we are fielding 2,000 attacks per hour. We are a constant target, and you have to assume your Internet-facing service is also a big target," according to Danseglio.