Microsoft ships malware removal starter kit for SMB market

Microsoft ships malware removal starter kit for SMB market

Summary: Microsoft is offering a new malware removal starter kit aimed specifically at small and medium-sized businesses that struggle to deal with the threat from sophisticated and stealthy malware threats.

SHARE:
11

Microsoft ships malware removal starter kitIn today's world of sophisticated Trojans and stealthy rootkits, cleaning up from a Windows malware attack can be near impossible. For many businesses, the standard procedure is to nuke the systems from orbit and do a complete wipe/reinstall.

In fact, the official advice from Redmond is for bigger enterprises to invest in an automated way to completely wipe and rebuild systems as a practical way to recover from malware infestation. However, for many smaller Windows shops, this just isn't practical because of the cost/resources involved.

This is why I was intrigued to see a new malware removal starter kit from Microsoft, aimed specifically at small and medium-sized businesses that struggle to deal with malware clean-up.

[SEE: Ex-Softies launch anti-malware start-up ]

The kit combines Windows PE (Pre-installation Environment) and Windows Automated Installation Kit (AIK) in tandem with freely available anti-malware scanning tools. It comes with step-by-step guidance that Microsoft believes can provide a "low-cost, effective strategy that you can use to vanquish malware attacks."

The kit goes into considerable detail about how a small business can create and manage an incident response plan; how to determine if you have a problem; how to check for performance issues; and how to deal with an actual infection.

It walks IT managers through the setting up of an offline scanning tool, how to use freely available anti-virus and anti-virus scanners (like Kaspersky or Windows Defender) to sweep the infected machine. If these fail , the kit discusses the use of System Restore to return the computer to a known good state.

Even with this kit, Microsoft makes it clear that there's no guarantee that you'll find/remove every piece of malware:

It is important to understand that no process can guarantee a full recovery from the damage that malicious software can do. For this reason, there is no substitute for solid defenses and reliable backup and recovery processes. In this way, if the worst does happen and you have to rebuild the computer, the impact will be minimized.

I know the SANS Institute, in partnership with Lawrence Baldwin at My|NetWatchman, were working on new certification (and related training) for Certified Malware Removal Experts -- a project aimed at smaller businesses without the resources to do complete wipe/reinstalls.

In tandem with Microsoft's new kit, this is sweet music to the ears of many overwhelmed Windows administrators.

Topics: Microsoft, Malware, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion
  • cleaning vs. wiping

    As a support engineer for several SMB's I still think that in many cases a wipe/reinstall is quicker and more assured to work than the cat and mouse game that you end up playing with a root kit or other stealthy infections. Add to that that the incidence of re-infection seems to be higher on previously infected machines and it seems like a wipe/reinstall would be a better solution except for maybe the simplest of cases.

    It is intriguing that MS is putting this out and since I work for a MS Gold Partner, I'm sure I'll be getting to use this in the near future.
    beatphreek
    • And the cost?

      Stupid question: Is there a significant cost factor attached to wiping/reinstalling versus cleanup? How significant?

      _ryan
      Ryan Naraine
      • In my environment? Some

        but not a lot. Between images as part of the backup routine and separating the OS/Apps from user data, we can wipe/reset a machine pretty quick.
        mdemuth
      • re: cost

        Late post I know, but I wanted to answer.

        I've spent several hours scanning, rebooting, re-scanning, running a new anti-malware scan. Rebooting, re-scanning...... etc. etc. And many times there are still signs of the infection. That's fine if you have unlimited time to work on a system. But when clients are spending ~100/hr it can get expensive.

        Wipe/reinstall takes about 3 hours and is assured to work. So the cost, while definitely not cheap, is much better than the crapshoot of dis-infection. Plus I can then start them off secure so that they can more likely stay secure in the future.
        beatphreek
        • What does 3 hours get you?

          It's nice to turn around a system in 3 hours, but what quality of result can you deliver?

          In a managed IT environment, you'd have a short whitelist of permitted applications, data safe on a server, and users whose opinions on loss of settings etc. can be ignored. You can have a standard image prepared, and just drop this into place, with little or no interactive work required.

          In consumerland, this is a disaster for the user, who may get their PC back in three hours, but spend weeks trying to get back what this process destroyed. In three hours, you can interactively install the OS, drivers and a few apps, but you'd also be left with default settings and other risks.

          Delivering a clean PC is one thing, keeping it clean is another. Whatever the user was doing before, failed; reproducing the same state is likely to fail in the same way, especially if no attempt was made to detect and assess the malware.
          cquirke
    • Formal malware cleanup works

      If the objective is a PC that is not only clean on handback, but stays that way, then formal malware managent can work as well as, or better, than "just" wiping and rebuilding systems.

      In other words, neither approach is 100% successful ;-)

      This kit may mark MS's entry into the field, but some of has have been using these techniques for years, using Bart PE builder and related plugin architecture. See...

      http://cquirke.spaces.live.com/photos/cns!C7DAB1E724AB8C23!197/

      ...for a slide-show of a 2005-era approach to the "sick PC", and...

      http://cquirke.blogspot.com/2006/09/how-to-design-mos.html

      ...on designing a maintenance OS.
      cquirke
  • Deceptive headline, it's not a kit

    The download from Microsoft isn't a "kit" but a Word document that tells you how to build your own CD. A "kit" would IMHO be a downloadable ISO ready to rock-and-roll ....
    bugmenot2
    • Kit

      A kit is actually a set of parts needed to build/assemble something.

      _r
      Ryan Naraine
  • Shouldn't that be...

    "Microsoft ships malware starter kit for SMB market!" ]:) - If you don't see the humor in that, the Golden Gate is calling for your flight lessons.
    Linux User 147560
  • But, will the "kit" remove the malware

    that Microsoft installs to report home to Redmond, and the international links to India?
    Ole Man
  • about reimaging a system

    What's a big deal in having a hidden partition with an image of a fully installed Windows, including the apps and stuff ? If it comes to deal with a bug, you just backup user's data, if it is not on the server already, restore a machine from the image (10-20 minutes) run all new windows updates and off you go.
    dcdavy