What is so amusing to me is I had been formulating a post in my mind recently, to post here asking if viruses are no longer a concern;are they a thing of the past; dare I put my work computers on the internet....
I prefer the generic term
malware these days, as the difference between true viruses in the traditional meaning of the word; and trojans, worms, hijackers, and rootkits, is becoming blurred as so much of the new garbage out there combines multiple aspects of all of these.
Also, another big difference is that there seems to be less purely malicious malware, but a lot more monetized malware. The SmitFraud / Vundo families alone account for dozens of different subgroups and variants, all of which are tedious to remove. I suspect the script kiddies who used to enjoy busting chops for the sheer joy of it have now discovered money and have become entepreneurs.
So I've taken to doing more broad-based malware cleaning and maintenance, because most of the infected machines I treat have multiple problems, including but not limited to multiple families of malware. SmitFraud / Vundo variants are among the more common right now, but there are plenty of others. Most of these, among other damage that they do, disable security software; so infected machines can become a real mess.
Also, I'm finding that some variants reinstall themselves after a number of reboots if you don't completely purge them; so I've gotten quite excellent at booting into ERD or a Live Linux distro, viewing the system directories in detail view by date, and manually deleting the junk. Only once, many months ago, did I have to restore from backup: It just seems that you develop a nose for what shouldn't be in there. Other colleagues who've taken to this "machete" approach say the same thing. You just sort of know when something is malicious, rather than belonging to some obscure but benign application.
I also delete all the temp garbage, check the host file, and so forth, remove the startup entries, purge system restore, and do some general maintenance as well. The general maintenance usually consists of registry cleaning, a CHKDSK and checking to see how fragged the MFT is. If it's less than five or six fragments, I'm inclined to leave it alone until the next visit, as I don't detect any real performance degradation on most machines until the MFT fragments exceed six or eight, and it's a little time-consuming to do (requires bootable media and can take 10 or 15 minutes on some machines). But on the other hand, I've seen machines in which the MFT was busted in 60 or more fragments, which horribly degrades performance.
I only mention this because I do tend to spend more time on these machines than what is strictly necessary to remove the particular malware in question. But because the machines tend to have other problems, it's usually worth the time to perform the extra work and watch the client's eyes bug out when they see how much faster the machine runs.
Microsoft is still missing the boat on security, in my opinion. Vista corrects a few problems, but only applies a bandaid approach to the major one, which is the vulnerability of the critical system directories to infection. I understand that they want to maintain backward compatibility, but it's absurd that literally any malicious garbage that someone wants to plant in the system's most critical directories will be welcomed by Windows as if it came from Redmond.
Between that ongoing vulnerability and that of the Registry, I don't think it's possible to make Windows a
truly secure OS in its own right. Yes, we can tweak it, use third-party security tools, and so forth, but it'll always be a constant battle.
Rich
