Resistance is Futile

    April 13, 2006

Microsoft says recovery from malware is becoming impossible. Well, duh.

Realistically, the advice to “rebuild from scratch” has always been valid unless you are absolutely confident that you precisely know what has been affected and how. If you lack perfect knowledge of what a given piece of malware does, anything you do to “fix it” leaves you with a suspect and potentially dangerous system. Frankly, with the number of viri et. al. today, and their growing sophistication, I’m not sure you can really trust any automated removal/repair tool. Did they really dissect the code completely and are certain they know what it does under all conditions? Maybe..

Virtual machines will be a palliative solution: for example, right now you can download a secure VMware browser VM. Anything that happens in that VM shouldn’t be able to affect the rest of your system (though see How DRM prepared the way for Xen/Vmware). You could do the same for email, and effectively isolate the at risk activities from the rest of your system. One small caveat: it’s common to configure VM’s so that they have network connectivity to the host OS, but that convenience could be an inviting path for some malware to use to infect that OS also.

One of the reasons malware has become so intractable is because both operating systems and applications are large, complicated and confusing. We may see a return to simple, single purpose OSes designed specifically for a particular VM aplication. For example, an OS that is going to run a browser for me doesn’t necessarily need to be multitasking: if I want more than one instance of the browser, I’ll start up another VM. Wasteful? Sure, but it could be much more secure.

That applies to the host OS too. VMware’s ESX server is exactly that: a stripped down, very small OS configured to securely run other OSes as VM’s. Why have a general purpose OS for that function? Keep it lean and mean, and start carrying the same concept forward to the guests. Sure, it’s wasteful of disk space, but so what? The upside is increased security through simplification, and a greater trend toward modularization.

Right now, Windows Vista is 50 million lines of code. VMware’s ESX server is said to be around 65 thousand. Which is easier to understand, debug, maintain?

Eventually, multipurpose OSes like Windows, Mac OS X and even Linux as we now know it may be quaint relics of the “bad old days”.

*Originally published at

Add to | Digg | Yahoo! My Web


A.P. Lawrence provides SCO Unix and Linux consulting services