While talking with Randy Cochran yesterday about a partner program announcement Symantec will be making next week, he started talking about how “good enough” antivirus simply wasn’t acceptable because the malware risks are too great. At that point, I let it slip that just 24 hours earlier I got whacked by a nasty piece of scareware. Cochran, vice president of North America channels for Symantec, say, “You obviously weren’t running Norton 360?”

Not missing a beat, I replied, “No, I’m not. I’m actually running Symantec Endpoint Protection 11.” D’oh!

I recount this exchange with all due respect to Cochran, who’s a really good guy and represents a fine product line (look for his announcement regarding Symantec's SMB channel program changes on Channel Insider). In fact, I have a lot of respect for the antivirus and security software community, which provides a certain but not guaranteed level of protection against Internet-born threats. It’s a pretty steep qualifier because security isn’t about eliminating threats, but rather mitigating the potential damage from the inevitable incident - something consumers of security technology tend to forget, overlook or ignore.

Symantec Endpoint Protection isn’t the only product that failed to remove SafeStrip, the Trojan that infiltrated my PC Wednesday evening while I was reading a report on Web browser security (can you say irony). SEP says it’s quarantined the bugger, but the malware continued to reside in memory, providing me with a steady stream of bogus pop-up warnings about serious virus infections and lures to get me to buy the faux antivirus application. It’s also turned off my Task Master, interfering with Endpoint Protection scans and blocking certain Web sites, such as Bing (no great loss for me; I’m a loyal Google guy).

The IT staff at Ziff Davis Enterprise (my parent company) first tried scanning and sweeping the Trojan from our Symantec server. When that was unsuccessful, an admin took my ThinkPad X61 into the shop for invasive surgery. They tell me that they tried five times to manually clean out the registry of the worm, per remediation instructions provided by several security vendors. They also downloaded Ad-Aware, Spyware Doctor and MalwareBytes. When all those failed, the exacerbated admin surrendered for the day and told me we may have to go nuclear when we return to the office Friday.

Last night, I posted my frustration on my Facebook page, to which Sunbelt Software CEO Alex Eckelberry chimed in with a solution -- the VIPRE Rescue Program, a freeware app that scans and cleans malware infections. Vipre Rescue is a gateway app in the sense that it’s supposed to impress the user to the point of buying the full version. Guess what? It worked, sort of.

It took a little bit of work to get Vipre Rescue downloaded and running (Trojan interference), but once it completed its scan, it isolated 69 variants of the Trojan and eliminated the pop-ups. However, I can still feel the effects of the Trojan. The Task Master is still disabled. Web sites are still being blocked. And Advanced Virus Remover, the scareware app at the heart of this Trojan, is still listed in the directory (but not the tool tray). My guess is the Ziff admins will still nuke my machine today for good measure. (Thanks Alex and Sunbelt, assistance much appreciated).

What this entire incident has taught me is that no security software is perfect and that this entire game is about data protection, integrity and availability. Going back to my conversation with Randy Cochran, he also talked up the virtues of Symantec’s other hit product - Backup Exec, which he said is maybe not named correctly because it’s not about backup but rather data assurance and recovery. He’s right, and here I’m the idiot. I have years of bad habits that I’ve never been able to break - one of them is working entirely off the desktop. As a result, I rarely backup my local files to the network or an off-client disk. Now that the nuclear option is a near certainty, I’m wishing that I had the clarity of mind to push my files to a server every now and then.

The other thing this incident has taught me is that we need better tools and information on malware removal. I’ve had a few security solution provider chime about their frustration with having to use different tools, techniques and workarounds for every new malware variant. While it sounds like a recipe for driving up billable service hours, the real result is customer frustration that the VAR must deal with. Inconsistent instruction and disparate tools are counterproductive for both the VAR and customer given the exponential growth of malware over the last 24 months.