Fraudulent Tech Support Call
-
@scottalanmiller said:
@BRRABill said:
I'm not saying there isn't a possible probability of a problem.
Fixed that for you.
Fixed yours. LOL.
-
@BRRABill said:
But how do you know the data you are backing up isn't infected?
You scan them with a healthy scanner from a clean install. The backups are of data, not binaries. You can't be 100% sure, but you can be reasonably sure. If you don't reinstall and scan the data, you can be quite sure that they are in danger.
-
@BRRABill said:
@scottalanmiller said:
@BRRABill said:
I'm not saying there isn't a possible probability of a problem.
Fixed that for you.
Fixed yours. LOL.
What's a possible probability? thats like being almost definitely certain. Either you are almost or definitely.
-
@BRRABill said:
If the infection doesn't seem all that severe and they are home users (without an image, backups, whatever)
This is where image backups are bad. You have to use them as file backups anyway, you should not restore from an image in a case like this. You want the healthy data, not the problematic system.
-
An article worth showing to friends before something bad happens...
http://www.smbitjournal.com/2011/04/why-it-pros-home-computers-are-different/
-
What if, when we as IT people want to help friends and family, we make a document that tells them what we expect them to do before something bad happens. Like "take a backup using one of these tools, run one of these antivirus options, do this, don't do that" and then if they call for help you have something to work from. If they did those things, you help. If they did not, that's fine, but you aren't going to help. Call it the "respecting my time and effort" list. Sure they respect you enough to work for free, but do they respect you enough to treat their computer reasonably so you only have to work when actually needed?
Does your friend keep replacing your engine that you seize up because you refuse to change your oil because you think his time and effort is worthless? Of course not. Does he help when something breaks that isn't your fault? Probably. that's a bit difference.
And document what will happen. they get malware, you can run some tools and they are on their own, you stand by nothing. Or you reinstall for them. They have to keep the media ready, have to be backed up, etc. If they call you, they know it is getting nuked. They signed off on it ahead of time. That's what calling you means.
Get people on the same page. Then maybe assisting them will work more reliably.
-
@scottalanmiller said:
What's a possible probability? thats like being almost definitely certain. Either you are almost or definitely.
It's like jumbo shrimp!
-
Now I want Red Lobster.
-
@scottalanmiller said:
@BRRABill said:
If the infection doesn't seem all that severe and they are home users (without an image, backups, whatever)
This is where image backups are bad. You have to use them as file backups anyway, you should not restore from an image in a case like this. You want the healthy data, not the problematic system.
Eh? I rather like the restore from an image solution - of course, an Image from before the infection - heck, probably from the last time the system was installed. The data of course should all be in the cloud somewhere, or on other media so you don't have to worry about that. etc etc...
But what's wrong with using an image?
-
@Dashrender said:
Eh? I rather like the restore from an image solution - of course, an Image from before the infection -
I don't because at best it means dangerous rollbacks and continuous problems, at worst it means the infection is still there.
Regular reinstalls, even when things do not break, are a good way of breaking a malware chain for people who have no idea that they are infected... it is just good practice. When malware is a known entity, the importance of breaking that chain gets higher because we don't want to have to assume that the end user is certain when the infection actually happened.
-
@Dashrender said:
But what's wrong with using an image?
if you are talking about an image from initial install time that has not been touched since then, sure. But what home user will even talk about doing that? And really, at that point, we are just redefining a reinstallation.
Using images as backups of the system after that point creates a system for retaining cruft and problems.
-
@scottalanmiller said:
@Dashrender said:
But what's wrong with using an image?
if you are talking about an image from initial install time that has not been touched since then, sure. But what home user will even talk about doing that? And really, at that point, we are just redefining a reinstallation.
Using images as backups of the system after that point creates a system for retaining cruft and problems.
yeah I agree with that second part!
-
@scottalanmiller said:
Regular reinstalls, even when things do not break, are a good way of breaking a malware chain for people who have no idea that they are infected... it is just good practice. When malware is a known entity, the importance of breaking that chain gets higher because we don't want to have to assume that the end user is certain when the infection actually happened.
Couldn't you drive yourself crazy thinking you are always infected?
I guess that why products like Deep Freeze are popular.
-
@BRRABill said:
I guess that why products like Deep Freeze are popular.
Also why I am an advocate of having work computers for work stuff and home computers for home stuff.
Nothing of importance gets put on my home computer.
-
@MattSpeller said:
Also why I am an advocate of having work computers for work stuff and home computers for home stuff.
Nothing of importance gets put on my home computer.
Yeah, that definitely makes sense.
Though it's often tough in very small businesses.
I'll admit to have a ton of personal stuff on my work computer.
-
@BRRABill Another good way to do it is with VM's and something like virtualbox.
-
@MattSpeller said:
@BRRABill Another good way to do it is with VM's and something like virtualbox.
Or VDI on Amazon!
-
So, if someone really knew what they were doing in the malware world, you don't think they could effectively eradicate the issue enough to make the computer safe?
Places like bleepingcomputer.com for example, where all they do is this stuff every minute of the day.
They look through the files, they figure out what has been done, and they fix it.
Granted, if you have an image, or there is nothing on the machine. Sure, why not just nuke it?
I am talking more specialized systems, or systems where "re-imaging" is not so easy.
-
@BRRABill said:
@scottalanmiller said:
Regular reinstalls, even when things do not break, are a good way of breaking a malware chain for people who have no idea that they are infected... it is just good practice. When malware is a known entity, the importance of breaking that chain gets higher because we don't want to have to assume that the end user is certain when the infection actually happened.
Couldn't you drive yourself crazy thinking you are always infected?
Yes. Which is why you don't assume it all of the time. You only assume it after you know that you were compromised when you know the defenses were breached.
-