Microsoft says fighting malware is impossible

Mike Danseglio, program manager in the Security Solutions group at Microsoft, who was spotted in the wild at the InfoSec World conference, told eWeek that rootkits and some advanced spyware programs, were getting impossible to kill.

He said that the only solution is to rebuild from scratch, but often it was better to "nuke them from orbit".

Danseglio said that that offensive rootkits use kernel hooks to avoid detection and IT administrators may never know if all traces of a rootkit have been successfully removed.

One US government department found malware infestations on more than 2,000 client machines and recovery was impossible, he said.

Danseglio said that the cleanup process is "just way too hard" and some self-healing malware detects that you're trying to get rid of it. You remove it, and the next time you look in that directory, it's sitting there. It can simply reinstall itself.

If you wanted to give it a go he recommended PepiMK Software's SpyBot Search & Destroy, Mark Russinovich's RootkitRevealer and Vole's own Windows Defender.

More here. µ