Fraudulent Tech Support Call
-
@BRRABill said:
I don't know. That is my question, I guess.
But unless you have a really solid answer, when would you not reinstall?
I'd happy recommend not reinstalling when there is no risk. I just have no means of knowing when that is so will never make that recommendation.
-
@BRRABill said:
Has anyone had this actually happen to someone they knew?
yep this happened to a customer 2 weeks ago. I nuked that thing so fast!!
You can never trust that computer again! You KNOW that it was used/installed on by an untrusted actor. You can never know if you get a root kit out completely short of formatting it and starting over..
And sadly, even that isn't good enough.. as the NSA has software that can install itself into the firmware of some HDDs (and maybe SDDs).
-
@Dashrender said:
And sadly, even that isn't good enough.. as the NSA has software that can install itself into the firmware of some HDDs (and maybe SDDs).
And maybe BIOS.
-
@scottalanmiller said:
@BRRABill said:
I know we've discussed this before, but what are your feelings on reinstallation for malware/virus/etc infections?
My take on it is: reinstall, every time.
Let's say that again for good measure - Every Time.
-
I guess this also comes into play if you can easily do it.
If the infection doesn't seem all that severe and they are home users (without an image, backups, whatever) I typically use one of the sites that specialize in disinfecting these machines, and feel pretty confident.
I'm not saying there isn't a possibility of a problem.
-
@BRRABill said:
I guess this also comes into play if you can easily do it.
Well, I don't do it, that's part of it. I tell people that they should be prepared to reinstall always as part of being a computer owner. If they want to take the risk, it's their call. If they want to put in the effort, it is their call. If they want to be diligent and make this process easy, it's their call.
the problem with being the tech for them is that the things necessary to make this easy are up to them, but the person who pays the price is you. So if it isn't super easy, it's because they are taking advantage of you being free.
See the problem? That you even have this concern, to me, shows the problem with your free system. They don't respect you, if they did, you wouldn't have this problem.
People who take my advice from the beginning can reinstall easily and so they do. Ta da, fixed. of course, those people don't get infected often either.
-
-
Though I am certainly starting to consider the alternatives.
But how do you know the data you are backing up isn't infected?
-
@scottalanmiller said:
@BRRABill said:
I'm not saying there isn't a possible probability of a problem.
Fixed that for you.
Fixed yours. LOL.
-
@BRRABill said:
But how do you know the data you are backing up isn't infected?
You scan them with a healthy scanner from a clean install. The backups are of data, not binaries. You can't be 100% sure, but you can be reasonably sure. If you don't reinstall and scan the data, you can be quite sure that they are in danger.
-
@BRRABill said:
@scottalanmiller said:
@BRRABill said:
I'm not saying there isn't a possible probability of a problem.
Fixed that for you.
Fixed yours. LOL.
What's a possible probability? thats like being almost definitely certain. Either you are almost or definitely.
-
@BRRABill said:
If the infection doesn't seem all that severe and they are home users (without an image, backups, whatever)
This is where image backups are bad. You have to use them as file backups anyway, you should not restore from an image in a case like this. You want the healthy data, not the problematic system.
-
An article worth showing to friends before something bad happens...
http://www.smbitjournal.com/2011/04/why-it-pros-home-computers-are-different/
-
What if, when we as IT people want to help friends and family, we make a document that tells them what we expect them to do before something bad happens. Like "take a backup using one of these tools, run one of these antivirus options, do this, don't do that" and then if they call for help you have something to work from. If they did those things, you help. If they did not, that's fine, but you aren't going to help. Call it the "respecting my time and effort" list. Sure they respect you enough to work for free, but do they respect you enough to treat their computer reasonably so you only have to work when actually needed?
Does your friend keep replacing your engine that you seize up because you refuse to change your oil because you think his time and effort is worthless? Of course not. Does he help when something breaks that isn't your fault? Probably. that's a bit difference.
And document what will happen. they get malware, you can run some tools and they are on their own, you stand by nothing. Or you reinstall for them. They have to keep the media ready, have to be backed up, etc. If they call you, they know it is getting nuked. They signed off on it ahead of time. That's what calling you means.
Get people on the same page. Then maybe assisting them will work more reliably.
-
@scottalanmiller said:
What's a possible probability? thats like being almost definitely certain. Either you are almost or definitely.
It's like jumbo shrimp!
-
Now I want Red Lobster.
-
@scottalanmiller said:
@BRRABill said:
If the infection doesn't seem all that severe and they are home users (without an image, backups, whatever)
This is where image backups are bad. You have to use them as file backups anyway, you should not restore from an image in a case like this. You want the healthy data, not the problematic system.
Eh? I rather like the restore from an image solution - of course, an Image from before the infection - heck, probably from the last time the system was installed. The data of course should all be in the cloud somewhere, or on other media so you don't have to worry about that. etc etc...
But what's wrong with using an image?
-
@Dashrender said:
Eh? I rather like the restore from an image solution - of course, an Image from before the infection -
I don't because at best it means dangerous rollbacks and continuous problems, at worst it means the infection is still there.
Regular reinstalls, even when things do not break, are a good way of breaking a malware chain for people who have no idea that they are infected... it is just good practice. When malware is a known entity, the importance of breaking that chain gets higher because we don't want to have to assume that the end user is certain when the infection actually happened.
-
@Dashrender said:
But what's wrong with using an image?
if you are talking about an image from initial install time that has not been touched since then, sure. But what home user will even talk about doing that? And really, at that point, we are just redefining a reinstallation.
Using images as backups of the system after that point creates a system for retaining cruft and problems.
-
@scottalanmiller said:
@Dashrender said:
But what's wrong with using an image?
if you are talking about an image from initial install time that has not been touched since then, sure. But what home user will even talk about doing that? And really, at that point, we are just redefining a reinstallation.
Using images as backups of the system after that point creates a system for retaining cruft and problems.
yeah I agree with that second part!