Our Editor in Chief Marilyn Cohodas posed some questions on the state of malware prevention in the industry to our readers in her weekly editorial. Below is one of the responses. Read the original editorial.
The rootkits that write to the registry are killing us. It requires way too much time to repair these puppies and the originators are getting better and better at passing our defenses by using the ANTI programs to see how to get around them. I always thought that all we would need is a registry program that locks the registry so nothing can write to it unless we give it authority. Sorry to say that the effort to "allow or deny" writings to the registry will put a dent in productivity with all the time users will need to determine if what they are allowing is real, fake, needed or not but that's where we are today. I have often thought of setting up workstations like I have my enterprise set up. The use of virtual machines and extracting the data to the physical unit would allow us the option of creating a new session every time we log in. This would destroy the previous session and any malware with it. It would be/is like ghosting every time you log in to your pc.
This was first published in October 2005