Click the comments link on any story to see comments or add your own.
Subscribe to this blog
08 Jan 2012
The upcoming Windows 8 will include new features to Reset or Refresh your computer. Reset wipes out your entire disk and restores it to they way it was when the computer was new, Refresh keeps some files and settings, but wipes and restores everything else. Given the propensity of Windows machines to become overrun with malware, rogue toolbars, cramware, and other unwanted annoyances, a way to get rid of it all quickly seems like a great idea. But ...
They also include a program called recimg.exe, which replaces the reset image with a copy of the current state of the computer. The plan is that you load up your new computer with all the software you've bought then use recimg to create a reset image including all that software. Later, when you Reset, you'll still have all your software installed.
I don't claim to be an evil genius, but if I were writing malware, my malware would run recimg after it was installed, so now the malware is a permanent part of the computer, helpfully reinstalled every time you Reset. I expect that recimg will pop up warning banners to alert the user what it's doing and ask whether to go ahead. No problem, the malware pops up its own fake warning that a serious security problem has just been patched, so the user better update the Reset system right away, and because we're so nice, we'll even run the updater, you just have to click OK on a few security warnings. (That's something all Windows users have been trained to do.)
So, what am I missing here? The ability to restore the comptuer from a known-good image is a dandy idea, but that image has to be someplace that bad guys can't mess with, like on a DVD.
My other sites
© 2005-2014 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.