Microsoft's Russinovich: How to stop a real 'Zero Day' disaster

The technical fellow has penned a scarily realistic malware disaster novel and shares with InfoWorld his tips for avoiding his characters' fates

Page 2 of 2

InfoWorld: In the book, one of the companies hit with the virus has an "excellent firewall" and does a daily update of everything, "seeing to patches and running system security scans." In addition to those actions, what do you recommend companies and home users do to keep up with the rising threats?

Russinovich: Keeping antivirus and patches up to date is a priority. Using the latest versions of software, whether it's the operating system or the browser, gets you the latest in antimalware defense, which is something many people don't consider. And of course using complex and different passwords for different sites, or at least for different tiers of accounts according to their value, and strong passwords and encryption for wireless networks is important. For companies, applying the concept of "least privilege," where users and administrators get access to only what they need to accomplish their job limits exposure.

InfoWorld: The average IT admin isn't trained to perform the diagnostic work that the book's main character does to locate the viruses and rootkits that took out the firm he is working with. Do you believe it is essential for IT admins to become more adept at looking into the internals of a system through tools like Sysinternals? As a side question, those tools are a bit complicated at times, so can you recommend something to assist in learning them?

Russinovich: Unfortunately, targeted attacks and highly polymorphic malware mean that antivirus software is more and more unlikely to identify malware. I'd say it's more important that IT pros audit access and analyzing access logs for anomalous behavior to identify penetrations. Basic malware analysis capabilities, like those that I teach in my Sysinternals malware cleaning presentations, is of course helpful for cleaning junk malware and maybe even confirming that you've got an infestation, but if you suspect a breach of a sensitive area of your network, it pays to play it safe and hire some experts to take a look.

InfoWorld: Anything else coming down the pipe on the fiction side? A "Zero Day" movie, perhaps, or maybe another book?

Russinovich: As a matter of fact, yes. "Zero Day" has done really well, so the publisher, St. Martin's Press, optioned the sequel. I've just completed a draft of "Trojan Horse," which picks up with Jeff and Daryl, the main characters of "Zero Day," a couple of years later and has them hot on the trail of state-sponsored espionage, something that's been in the news a lot lately with all the cyber attacks and penetrations suspected to have been perpetrated by China.

This article, "Microsoft's Russinovich: How to stop a real 'Zero Day' disaster," was originally published at Read more of J. Peter Bruzzese's Enterprise Windows blog and follow the latest developments in Windows at For the latest business technology news, follow on Twitter.

| 1 2 Page 2