Fraudulent Tech Support Call
-
@MattSpeller said:
@BRRABill Another good way to do it is with VM's and something like virtualbox.
Or VDI on Amazon!
-
So, if someone really knew what they were doing in the malware world, you don't think they could effectively eradicate the issue enough to make the computer safe?
Places like bleepingcomputer.com for example, where all they do is this stuff every minute of the day.
They look through the files, they figure out what has been done, and they fix it.
Granted, if you have an image, or there is nothing on the machine. Sure, why not just nuke it?
I am talking more specialized systems, or systems where "re-imaging" is not so easy.
-
@BRRABill said:
@scottalanmiller said:
Regular reinstalls, even when things do not break, are a good way of breaking a malware chain for people who have no idea that they are infected... it is just good practice. When malware is a known entity, the importance of breaking that chain gets higher because we don't want to have to assume that the end user is certain when the infection actually happened.
Couldn't you drive yourself crazy thinking you are always infected?
Yes. Which is why you don't assume it all of the time. You only assume it after you know that you were compromised when you know the defenses were breached.
-
-
@BRRABill said:
@MattSpeller said:
@BRRABill Another good way to do it is with VM's and something like virtualbox.
Or VDI on Amazon!
Or Linux!
-
@BRRABill said:
Places like bleepingcomputer.com for example, where all they do is this stuff every minute of the day.
They make reckless decisions every day? Definitely avoid them.
Doing deep dives to learn how things work, good. Doing deep dives and pretending that it is a good business design based on the cost/reward or not absolutely dangerous to leave the poor customer with a potentially hijacked machine? Sounds like negligence.
If a local computer shop did this, I'd say you'd have a lawsuit for professional negligence.
-
@BRRABill said:
They look through the files, they figure out what has been done, and they fix it.
How is that cost effective? How is it reliable?
-
@scottalanmiller said:
They make reckless decisions every day? Definitely avoid them.
No I mean those websites spend their entire day helping users who have been infected. There is a means to infection. There is a way of reversal.
Doing deep dives to learn how things work, good. Doing deep dives and pretending that it is a good business design based on the cost/reward or not absolutely dangerous to leave the poor customer with a potentially hijacked machine? Sounds like negligence.
I would venture to say the sites that do this would have a strong disagreement ... that they do indeed totally disinfect the machine.
-
@scottalanmiller said:
How is that cost effective? How is it reliable?
Depends.
How much would it cost to backup data, reinstall from media, reinstall the data?
-
@BRRABill said:
No I mean those websites spend their entire day helping users who have been infected. There is a means to infection. There is a way of reversal.
Sure, but there is no means of knowing when it has been reversed. Not only is that a dangerous path to go down, someone with the hubris to think that they can know that they got it is exactly who you don't want doing the procedure.
-
@BRRABill said:
I would venture to say the sites that do this would have a strong disagreement ... that they do indeed totally disinfect the machine.
hubris is the enemy of security. The two cannot be found together.
-
@BRRABill said:
How much would it cost to backup data, reinstall from media, reinstall the data?
less that it takes to consider another option.
how much does it cost to have your bank account compromised?
-
@scottalanmiller said:
Sure, but there is no means of knowing when it has been reversed. Not only is that a dangerous path to go down, someone with the hubris to think that they can know that they got it is exactly who you don't want doing the procedure.
OK, let's take this a step back.
Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?
-
-
@scottalanmiller one thing Webroot does if it identifies an unknown as malware is that it rolls back the changes, hopefully saving you the hassle of a reinstall. But I do understand if you want to nuke it from orbit anyway
-
@scottalanmiller said:
@BRRABill said:
Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?
If it finds one that infected me, absolutely. Every time, no question. I feel like we've asked this before
That seems like a lot of overkill if your AV has caught the virus and stopped it before doing any harm...
-
-
@DustinB3403 said:
@scottalanmiller said:
@BRRABill said:
Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?
If it finds one that infected me, absolutely. Every time, no question. I feel like we've asked this before
That seems like a lot of overkill if your AV has caught the virus and stopped it before doing any harm...
But if the virus has infected the machine, it has done harm. So yes, that might sound like a lot for a circumstance not being discussed
-
The problem is these guys may be installing some random off the wall app that's custom written and not picked out as an actual virus.
-
@DustinB3403 said:
@scottalanmiller said:
@BRRABill said:
Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?
If it finds one that infected me, absolutely. Every time, no question. I feel like we've asked this before
That seems like a lot of overkill if your AV has caught the virus and stopped it before doing any harm...
Risk vs Reward
99/100 it'll be fine, but I don't like looking foolish* even 1% of the time.
*Sod's law is the 1% will be a C level or other important wanker.
