Call it the worst work-around ever. How else to describe the advice from Mike Danseglio, a Microsoft security guru, to wipe and reinstall Windows on any PC infected with the insidious malware known as a rootkit?
Danseglio grabbed headlines this month when he told an audience at the InfoSec World security conference that once a rootkit digs in, there’s no sure way to get rid of it short of nuking Windows and starting from scratch.
But, it turns out, his suggestion isn’t new. Danseglio’s been giving out that advice for most of a year. He wrote a Microsoft “Security Tip of the Month” that said the same thing last October.
And it’s good advice. But, as a work-around, it’s terrible.
It’s good advice because Danseglio’s probably right: there’s no other way to root out a rootkit. We can try to prevent infections — with firewalls, virus scanners, software patches and updates. But, once a rootkit is in, it’s in. It spreads its hooks everywhere. Rootkits are like cancer. You can cut out the obvious tumour, but there’s no way to be absolutely sure you’ve removed every malignant cell from a patient’s body.
We can’t eliminate biological cancers with a wipe and reinstall. But we can get rid of rootkits that way. And, if there’s nothing better, it’s a realistic tactical approach to the problem.
But it’s still an awful work-around. Why? Because a work-around should be a trade-off, a rational decision about how to use resources. Work-arounds make sense when they cost less than fixing underlying problems. But a work-around’s cost piles up over time. Eventually, you do want those underlying problems fixed.
In Windows that’s not going to happen. The rootkit vulnerabilities go to the core of Windows. They’re not just bugs; they’re flaws in Windows’ basic design. Waiting for Microsoft to fix them is pointless. Microsoft doesn’t have a fix, at least not short of entirely ripping out and replacing the guts of Windows.
And the only trade-off is that we foot the bill for Microsoft’s years of failure to secure Windows.
Yes, some rootkits will be blocked by tighter security in Vista, when it finally arrives — but not all rootkits.
The soonest we can hope for a completely rearchitected, rootkit-proof Windows is literally years from now. And Microsoft has yet to promise anything like that.
Meanwhile, we don’t have just one work-around for the rootkit problem. We can actually try three different approaches.
Option A: Nuke and restore. You can automate the process. It might even become smooth — for IT. But don’t underestimate the cost in lost productivity for users, who’ll still have to adjust settings, rebuild their desktops and shortcuts, and re-install their own applications (yes, they have them, even if they don’t tell IT about them).
Option B: Change your Windows architecture. You can run Windows applications from a terminal server, like Citrix, or virtualise them with Softricity, or move everything to blades. Yeah, it’s a pricey transition, and it’ll shake up users. You’ll also probably need a lot more network bandwidth. But rebuilding all those PCs will be easier, if it’s ever necessary.
Option C: Abandon Windows. Whether that means web-based apps or Linux or Macs, or terminals, it’s likely to be the most disruptive and costly option in the short-term, for both users and IT, and it will radically change what your IT shop does.
None of those options is a true trade-off. The cost and effort is all ours. We’re facing complex and expensive choices, with no certainty that we’ll ever see the underlying flaws fixed. Right now, it’s all Microsoft can do to fix surface-level problems like buffer overflows.
It’s going to require a completely new Windows core to finally purge the rootkit cancer for good. And that’s going to take a very hard, very expensive decision by Microsoft — not just the worst of work-arounds for us.