After a long, three-day battle, my war with the SafeStrip Trojan ended in a victory for me and the army of solution providers and vendors that rallied to my flag. The final resolution required the use of Sunbelt Software’s Vipre, a determined Ziff Davis Enterprise admin (Charish Patel) who wouldn’t let the Trojan get the better of him and copious amounts of advice from the channel and security communities.

I’ve written about malware for years and even had a few injections, but nothing as severe as this scareware incident. It amazed me that it required such vast resources to restore just one machine. Equally amazing was the futility of using conventional security software to battle this nasty Trojan.

To recap, my work PC was hit with a piece of drive-by malware while I was ironically reading a report on Web browser security published by NSS Labs. It started with a noticeable slowdown in PC performance (applications came to a crawl), followed by the dreaded “blue screen of death.” The Trojan kept presenting bogus warnings about virus infections and popping up a trial version of a faux app called “Advanced Virus Remover.” To make matters worse, the Trojan disabled Symantec Endpoint Protection 11 and the Windows Task Master.

Monitoring the traffic revealed that the Trojan wasn’t stealing any information or opening backdoors. Rather, SafeStrip was simply digging into the registry and making it exceedingly hard to remove the scareware AV app that wanted $69 to remove the bogus viruses it was reporting.

After posting my annoyance on Facebook, Sunbelt CEO Alex Eckelberry offered his assistance and recommended using Vipre. He claimed the freeware version would correct the problem. It worked better than any of the previous apps tried, but only went as far as to stop the pop-ups and the scareware notices. Ziff admin Charish Patel has to manually go into the registry and remove the app and reset Windows to finish the job.

In my previous blog entries on this experience, some people have criticized me for some of my habits and blamed me for the incident. One person said that I was ignorant because I must have willfully visited malicious Web sites and allowed the download. Another person chastised me for not routinely backing up my data, which would have made a machine rebuild much easier. I am innocent of the first charge, but completely guilt of the second.

I believe this incident is indicative of a real-world experience. As my good friend Kathleen Martin likes to say, “common sense isn’t commonly practiced.” The reality is users regardless of awareness and experience level will find ways of circumventing security controls to meet their individual needs or interests. Further, Internet and malware threats are so pervasive that a malware infection is an absolute certainty regardless of user actions.

The numbers are against the user. According to a recent report by Panda Software, 35 million computers are infected each month with rogue software and scareware. Cybercriminals are making more than $34 million a month on scareware fees. And there will be more than 637,000 new scareware samples by the end of September (by comparison, there were only 55,000 in all of 2008).

When I recounted this incident with Randy Cochran, Symantec’s head of North America channels, he said rightfully that this was absolute justification for using backup software, such as Backup Exec. If I had been routinely backing up my files (at least my most critical files), I could have immediately nuked the system and rebuilt from the ground up. But because I wasn’t backing up on a regular basis, I had to go through the pain and trouble of remediating and restoring my PC.

Earlier this year, Symantec reported that as many as 30 percent of small businesses do not have any antivirus software on their networks or clients. I believe incidents like this not only serve as examples of the need for antivirus software protection (or even multiple, overlapping engines), but also justification for the investment in backup software. As Cochran said, backup isn’t about storage, but rather data assurance.

What this incident has taught me is the necessity of malware protection and data availability means having a complete data integrity package - and that’s increasingly a combination of antivirus and automated backup software.