Fraudulent Tech Support Call
-
@scottalanmiller said:
@BRRABill said:
If the infection doesn't seem all that severe and they are home users (without an image, backups, whatever)
This is where image backups are bad. You have to use them as file backups anyway, you should not restore from an image in a case like this. You want the healthy data, not the problematic system.
Eh? I rather like the restore from an image solution - of course, an Image from before the infection - heck, probably from the last time the system was installed. The data of course should all be in the cloud somewhere, or on other media so you don't have to worry about that. etc etc...
But what's wrong with using an image?
-
@Dashrender said:
Eh? I rather like the restore from an image solution - of course, an Image from before the infection -
I don't because at best it means dangerous rollbacks and continuous problems, at worst it means the infection is still there.
Regular reinstalls, even when things do not break, are a good way of breaking a malware chain for people who have no idea that they are infected... it is just good practice. When malware is a known entity, the importance of breaking that chain gets higher because we don't want to have to assume that the end user is certain when the infection actually happened.
-
@Dashrender said:
But what's wrong with using an image?
if you are talking about an image from initial install time that has not been touched since then, sure. But what home user will even talk about doing that? And really, at that point, we are just redefining a reinstallation.
Using images as backups of the system after that point creates a system for retaining cruft and problems.
-
@scottalanmiller said:
@Dashrender said:
But what's wrong with using an image?
if you are talking about an image from initial install time that has not been touched since then, sure. But what home user will even talk about doing that? And really, at that point, we are just redefining a reinstallation.
Using images as backups of the system after that point creates a system for retaining cruft and problems.
yeah I agree with that second part!
-
@scottalanmiller said:
Regular reinstalls, even when things do not break, are a good way of breaking a malware chain for people who have no idea that they are infected... it is just good practice. When malware is a known entity, the importance of breaking that chain gets higher because we don't want to have to assume that the end user is certain when the infection actually happened.
Couldn't you drive yourself crazy thinking you are always infected?
I guess that why products like Deep Freeze are popular.
-
@BRRABill said:
I guess that why products like Deep Freeze are popular.
Also why I am an advocate of having work computers for work stuff and home computers for home stuff.
Nothing of importance gets put on my home computer.
-
@MattSpeller said:
Also why I am an advocate of having work computers for work stuff and home computers for home stuff.
Nothing of importance gets put on my home computer.
Yeah, that definitely makes sense.
Though it's often tough in very small businesses.
I'll admit to have a ton of personal stuff on my work computer.
-
@BRRABill Another good way to do it is with VM's and something like virtualbox.
-
@MattSpeller said:
@BRRABill Another good way to do it is with VM's and something like virtualbox.
Or VDI on Amazon!
-
So, if someone really knew what they were doing in the malware world, you don't think they could effectively eradicate the issue enough to make the computer safe?
Places like bleepingcomputer.com for example, where all they do is this stuff every minute of the day.
They look through the files, they figure out what has been done, and they fix it.
Granted, if you have an image, or there is nothing on the machine. Sure, why not just nuke it?
I am talking more specialized systems, or systems where "re-imaging" is not so easy.
-
@BRRABill said:
@scottalanmiller said:
Regular reinstalls, even when things do not break, are a good way of breaking a malware chain for people who have no idea that they are infected... it is just good practice. When malware is a known entity, the importance of breaking that chain gets higher because we don't want to have to assume that the end user is certain when the infection actually happened.
Couldn't you drive yourself crazy thinking you are always infected?
Yes. Which is why you don't assume it all of the time. You only assume it after you know that you were compromised when you know the defenses were breached.
-
-
@BRRABill said:
@MattSpeller said:
@BRRABill Another good way to do it is with VM's and something like virtualbox.
Or VDI on Amazon!
Or Linux!
-
@BRRABill said:
Places like bleepingcomputer.com for example, where all they do is this stuff every minute of the day.
They make reckless decisions every day? Definitely avoid them.
Doing deep dives to learn how things work, good. Doing deep dives and pretending that it is a good business design based on the cost/reward or not absolutely dangerous to leave the poor customer with a potentially hijacked machine? Sounds like negligence.
If a local computer shop did this, I'd say you'd have a lawsuit for professional negligence.
-
@BRRABill said:
They look through the files, they figure out what has been done, and they fix it.
How is that cost effective? How is it reliable?
-
@scottalanmiller said:
They make reckless decisions every day? Definitely avoid them.
No I mean those websites spend their entire day helping users who have been infected. There is a means to infection. There is a way of reversal.
Doing deep dives to learn how things work, good. Doing deep dives and pretending that it is a good business design based on the cost/reward or not absolutely dangerous to leave the poor customer with a potentially hijacked machine? Sounds like negligence.
I would venture to say the sites that do this would have a strong disagreement ... that they do indeed totally disinfect the machine.
-
@scottalanmiller said:
How is that cost effective? How is it reliable?
Depends.
How much would it cost to backup data, reinstall from media, reinstall the data?
-
@BRRABill said:
No I mean those websites spend their entire day helping users who have been infected. There is a means to infection. There is a way of reversal.
Sure, but there is no means of knowing when it has been reversed. Not only is that a dangerous path to go down, someone with the hubris to think that they can know that they got it is exactly who you don't want doing the procedure.
-
@BRRABill said:
I would venture to say the sites that do this would have a strong disagreement ... that they do indeed totally disinfect the machine.
hubris is the enemy of security. The two cannot be found together.
-
@BRRABill said:
How much would it cost to backup data, reinstall from media, reinstall the data?
less that it takes to consider another option.
how much does it cost to have your bank account compromised?
