Fraudulent Tech Support Call

BRRABill

@scottalanmiller said:

They make reckless decisions every day? Definitely avoid them.

No I mean those websites spend their entire day helping users who have been infected. There is a means to infection. There is a way of reversal.

Doing deep dives to learn how things work, good. Doing deep dives and pretending that it is a good business design based on the cost/reward or not absolutely dangerous to leave the poor customer with a potentially hijacked machine? Sounds like negligence.

I would venture to say the sites that do this would have a strong disagreement ... that they do indeed totally disinfect the machine.

BRRABill

@scottalanmiller said:

How is that cost effective? How is it reliable?

Depends.

How much would it cost to backup data, reinstall from media, reinstall the data?

scottalanmiller

@BRRABill said:

No I mean those websites spend their entire day helping users who have been infected. There is a means to infection. There is a way of reversal.

Sure, but there is no means of knowing when it has been reversed. Not only is that a dangerous path to go down, someone with the hubris to think that they can know that they got it is exactly who you don't want doing the procedure.

scottalanmiller

@BRRABill said:

I would venture to say the sites that do this would have a strong disagreement ... that they do indeed totally disinfect the machine.

hubris is the enemy of security. The two cannot be found together.

scottalanmiller

@BRRABill said:

How much would it cost to backup data, reinstall from media, reinstall the data?

less that it takes to consider another option.

how much does it cost to have your bank account compromised?

BRRABill

@scottalanmiller said:

Sure, but there is no means of knowing when it has been reversed. Not only is that a dangerous path to go down, someone with the hubris to think that they can know that they got it is exactly who you don't want doing the procedure.

OK, let's take this a step back.

Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?

scottalanmiller

@BRRABill said:

Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?

If it finds one that infected me, absolutely. Every time, no question. I feel like we've asked this before

Nic

@scottalanmiller one thing Webroot does if it identifies an unknown as malware is that it rolls back the changes, hopefully saving you the hassle of a reinstall. But I do understand if you want to nuke it from orbit anyway

DustinB3403

@scottalanmiller said:

@BRRABill said:

Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?

If it finds one that infected me, absolutely. Every time, no question. I feel like we've asked this before

That seems like a lot of overkill if your AV has caught the virus and stopped it before doing any harm...

Jason

@IRJ said:

@BRRABill said:

I had a user come to me with a parent who fell victim to one of the "your computer is infected" type scams.

1. Not your problem

2. I would recommend a complete wipe and nothing less.

Exactly not a company owned device.

scottalanmiller

@DustinB3403 said:

@scottalanmiller said:

@BRRABill said:

Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?

If it finds one that infected me, absolutely. Every time, no question. I feel like we've asked this before

That seems like a lot of overkill if your AV has caught the virus and stopped it before doing any harm...

But if the virus has infected the machine, it has done harm. So yes, that might sound like a lot for a circumstance not being discussed

dafyre

The problem is these guys may be installing some random off the wall app that's custom written and not picked out as an actual virus.

MattSpeller

@DustinB3403 said:

@scottalanmiller said:

@BRRABill said:

Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?

If it finds one that infected me, absolutely. Every time, no question. I feel like we've asked this before

That seems like a lot of overkill if your AV has caught the virus and stopped it before doing any harm...

Risk vs Reward

99/100 it'll be fine, but I don't like looking foolish* even 1% of the time.

*Sod's law is the 1% will be a C level or other important wanker.

scottalanmiller

@dafyre said:

The problem is these guys may be installing some random off the wall app that's custom written and not picked out as an actual virus.

The guys claiming to clean the computer?

dafyre

@scottalanmiller said:

@dafyre said:

The problem is these guys may be installing some random off the wall app that's custom written and not picked out as an actual virus.

The guys claiming to clean the computer?

Yea.

scottalanmiller

@MattSpeller said:

@DustinB3403 said:

@scottalanmiller said:

@BRRABill said:

Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?

If it finds one that infected me, absolutely. Every time, no question. I feel like we've asked this before

That seems like a lot of overkill if your AV has caught the virus and stopped it before doing any harm...

Risk vs Reward

99/100 it'll be fine, but I don't like looking foolish* even 1% of the time.

*Sod's law is the 1% will be a C level or other important wanker.

That's really the thing. 1% failure rate when we are talking about things that steal your bank account info is a horrible failure rate.

And reward... is there one? Does all this extra effort amount to making things better? I think that we end up with higher risk AND negative reward most of the time. That's a pretty horrible trade off.

MattSpeller

@scottalanmiller said:

@MattSpeller said:

@DustinB3403 said:

@scottalanmiller said:

@BRRABill said:

Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?

If it finds one that infected me, absolutely. Every time, no question. I feel like we've asked this before

That seems like a lot of overkill if your AV has caught the virus and stopped it before doing any harm...

Risk vs Reward

99/100 it'll be fine, but I don't like looking foolish* even 1% of the time.

*Sod's law is the 1% will be a C level or other important wanker.

That's really the thing. 1% failure rate when we are talking about things that steal your bank account info is a horrible failure rate.

And reward... is there one? Does all this extra effort amount to making things better? I think that we end up with higher risk AND negative reward most of the time. That's a pretty horrible trade off.

Presumably the reward would be faster return to work for the user & less time outlay for IT.

I think there's reward in doing the nukes every time, albeit less if I had to quantify it. Same process every time means you're good at it, and do it damn fast. Also with a single process (nuking) you're far less likely to botch it as there's less to remember (vs cleaning, testing, whatever). Also shows your users that viruses are serious and a PITA for them, they may actually learn to be more careful (HAHahahahahahahahaha)

scottalanmiller

@MattSpeller said:

Presumably the reward would be faster return to work for the user & less time outlay for IT.

But is that true? The point of rapid imaging is that time is not wasted investigating, time is not wasted manually attempting to repair, time is not wasted attempting to verify and then there isn't the risk of time being wasted doing it all again (on top of the security risks of not having gotten it flawless.)

If we image immediately, we get people back up and running very, very quickly while having the best chance of eliminating the danger.

scottalanmiller

An important difference with the "reinstall and go" approach is that it is highly reliable. We can pretty much predict how much time it will take to get back up and running. The margin of error is very small. Cleaning a system is "well... you know... thirty minutes to a week, give or take." The "known" is small so the ability to estimate time is very poor.

Dashrender

@DustinB3403 said:

@scottalanmiller said:

@BRRABill said:

Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?

If it finds one that infected me, absolutely. Every time, no question. I feel like we've asked this before

That seems like a lot of overkill if your AV has caught the virus and stopped it before doing any harm...

I'll agree if the AV sees the virus in a file that hasn't been allowed to execute, I won't bother reinstalling, but if the AV scan finds it in some random file that wasn't in the process of being executed for the first time (and I know because only I can install things), then it's nuking time.