Mark Russinovich, of Sysinternals’ fame, tweeted a link to this rather in-depth (and I’m not kidding) article about Frank Boldewin’s extirpation of malware on a friend’s computer.
To get to that level requires a deep understanding of the Windows OS innards and reminds me of Nietzsche’s famous quote about abysses. Nevertheless, it got me thinking: of the Systems Administrators I know, which one of us (I include myself) would have been able to tackle such a dye-in-the-wool malware infection? Let’s try none.
At this level, it’s rather simpler to throw one A/V after the other at the problem and hope this fixes it, all the while exhibiting a large measure of faith that the issue had indeed been resolved. Barring this, there’s the always elegant “nuke and pave” method for fixing problems with which Windows administrators are quite familiar.
A short hike from this philosophical position leads to the question of whether this is a Good Thing™. Should I, as a systems administrator of one of the world’s most widely used Operating Systems, be able to routinely handle the kinds of issues met and defeated by the hero in the aforementioned article? Further, bearing in mind that the scenario encountered is nothing esoteric and in fact, is an everyday occurrence in many Windows “shops” nationwide. Yet, only a very small number of admins could perform all of the tasks in the manner outlined.
I haven’t decided on answer. Requiring all systems administrators to understand their OS to this depth may be asking for too much from someone who’s not an OS developer. Then again, why not? Why should sysadmins be able to handle what is gradually becoming an everyday issue for users without blindly resorting to sometimes expensive third-party “solutions” or destroying the OS and data in performing an OS reinstallation?
I try to imagine what a UNIX administrator would do with this kind of scenario? Would the average UNIX admin be able to dive that deep and not drown? Are these kinds of scenarios commong in that arena? I don’t remember as it’s been quite a while.
Whatever the case, this is indeed heart surgery and if I were allowed to abuse the analogy a bit, a surgeon is no ordinary doctor. To perform that kind of work requires extensive schooling and experience, something 99% of MDs don’t have, and perhaps don’t want. The parallels begin to fray though, when you consider that if the occurrence of heart surgery was as common as malware infection is in Windows, perhaps anyone who called themselves a doctor would indeed be required to perform heart surgery.
What do you think?