ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    MS Adds Ransomware Protection to OneDrive

    Scheduled Pinned Locked Moved News
    onedrivemicrosoftransomware
    38 Posts 5 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BRRABillB
      BRRABill @scottalanmiller
      last edited by

      @scottalanmiller said in MS Adds Ransomware Protection to OneDrive:

      @brrabill said in MS Adds Ransomware Protection to OneDrive:

      Well, most people upon reading that title would assume the OP meant the files themselves were protected from ransomware while on OneDrive.

      That doesn't even mean anything. Why would people think something like that?

      Because no one else thinks like MLNEWS? (I'll leave you out of it. 🙂 )

      scottalanmillerS 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @BRRABill
        last edited by

        @brrabill said in MS Adds Ransomware Protection to OneDrive:

        @scottalanmiller said in MS Adds Ransomware Protection to OneDrive:

        @brrabill said in MS Adds Ransomware Protection to OneDrive:

        Well, most people upon reading that title would assume the OP meant the files themselves were protected from ransomware while on OneDrive.

        That doesn't even mean anything. Why would people think something like that?

        Because no one else thinks like MLNEWS? (I'll leave you out of it. 🙂 )

        But what DO they think?

        1 Reply Last reply Reply Quote 0
        • BRRABillB
          BRRABill
          last edited by

          If I said to you

          "Cloud Storage Service XYZ now offers virus protection" ... what would you think that means?

          scottalanmillerS 2 Replies Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @BRRABill
            last edited by

            @brrabill said in MS Adds Ransomware Protection to OneDrive:

            If I said to you

            "Cloud Storage Service XYZ now offers virus protection" ... what would you think that means?

            That it has some technology that reduces the risk of getting a virus infection when using that platform.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @BRRABill
              last edited by

              @brrabill said in MS Adds Ransomware Protection to OneDrive:

              If I said to you

              "Cloud Storage Service XYZ now offers virus protection" ... what would you think that means?

              I guess the bigger question is... what would you think that it means? I just think that it means what it says.

              1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender
                last edited by

                OK I see what's going on here.

                @BRRABill is looking at this as if this new protection is like antivirus on an endpoint - AV's job is to stop virus from getting in in the first place - so Bill is reading Scott's post to mean that MS is preventing cryptolocking the files at all.

                While I suppose I can see where Bill is coming from - I didn't see it that way at all.
                You can't prevent cryptolocking, short of preventing the malware that's causing it in the first place, which MS can't do when it comes to OneDrive because users don't execute things on OneDrive, they simply store files there. OneDrive has no clue if the file is encrypted or not when syncing. I mean sure MS could try to open every file as it's saved and see if it requires a password, or simply fails - but what about file types that MS doesn't know about? That idea of MS knowing encrypted/not encrypted seems crazy.

                scottalanmillerS 3 Replies Last reply Reply Quote 0
                • DashrenderD
                  Dashrender
                  last edited by

                  Perhaps Bill would rather see a title like:

                  MS adds Ransomware Recovery to OneDrive.

                  I think that directly conveys that if you get ransomware, that you have a recovery option.

                  1 Reply Last reply Reply Quote 1
                  • scottalanmillerS
                    scottalanmiller @Dashrender
                    last edited by

                    @dashrender said in MS Adds Ransomware Protection to OneDrive:

                    OK I see what's going on here.

                    @BRRABill is looking at this as if this new protection is like antivirus on an endpoint - AV's job is to stop virus from getting in in the first place - so Bill is reading Scott's post to mean that MS is preventing cryptolocking the files at all.

                    That's not what AV does, though. Nor is it what "protection" implies. AV's job is NOT to stop virus from getting there in the first place, it's to limit its ability to hurt you once it is there.

                    DashrenderD 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @Dashrender
                      last edited by

                      @dashrender said in MS Adds Ransomware Protection to OneDrive:

                      • so Bill is reading Scott's post to mean that MS is preventing cryptolocking the files at all.

                      That would be called prevention, not protection.

                      1 Reply Last reply Reply Quote 1
                      • scottalanmillerS
                        scottalanmiller @Dashrender
                        last edited by

                        @dashrender said in MS Adds Ransomware Protection to OneDrive:

                        You can't prevent cryptolocking, short of preventing the malware that's causing it in the first place, which MS can't do when it comes to OneDrive because users don't execute things on OneDrive, they simply store files there.

                        Right, claiming to stop it from happening ever makes no sense. What would that even mean?

                        Like AV, it works to protect against bad things happening. Like AV, it can't prevent, it just protects.

                        1 Reply Last reply Reply Quote 0
                        • BRRABillB
                          BRRABill
                          last edited by

                          I'd like to see...

                          MS adds versioning to Onedrive, and versioning can help if you get infected with malware

                          Of course, in a sexier title!

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @scottalanmiller
                            last edited by

                            @scottalanmiller said in MS Adds Ransomware Protection to OneDrive:

                            @dashrender said in MS Adds Ransomware Protection to OneDrive:

                            OK I see what's going on here.

                            @BRRABill is looking at this as if this new protection is like antivirus on an endpoint - AV's job is to stop virus from getting in in the first place - so Bill is reading Scott's post to mean that MS is preventing cryptolocking the files at all.

                            That's not what AV does, though. Nor is it what "protection" implies. AV's job is NOT to stop virus from getting there in the first place, it's to limit its ability to hurt you once it is there.

                            I currently don't agree that AV is limit it's ability to hurt you. If the AV never understands a specific virus, it will limit anything with regard to that virus.
                            You'll need to sell me on this belief.

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @BRRABill
                              last edited by

                              @brrabill said in MS Adds Ransomware Protection to OneDrive:

                              I'd like to see...

                              MS adds versioning to Onedrive, and versioning can help if you get infected with malware

                              Of course, in a sexier title!

                              But other than putting a full explanation of HOW something is achieved, what is the point of that?

                              Especially given that the article it linked to was about ransomware protection.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @Dashrender
                                last edited by

                                @dashrender said in MS Adds Ransomware Protection to OneDrive:

                                @scottalanmiller said in MS Adds Ransomware Protection to OneDrive:

                                @dashrender said in MS Adds Ransomware Protection to OneDrive:

                                OK I see what's going on here.

                                @BRRABill is looking at this as if this new protection is like antivirus on an endpoint - AV's job is to stop virus from getting in in the first place - so Bill is reading Scott's post to mean that MS is preventing cryptolocking the files at all.

                                That's not what AV does, though. Nor is it what "protection" implies. AV's job is NOT to stop virus from getting there in the first place, it's to limit its ability to hurt you once it is there.

                                I currently don't agree that AV is limit it's ability to hurt you. If the AV never understands a specific virus, it will limit anything with regard to that virus.
                                You'll need to sell me on this belief.

                                So what do you think the purpose of AV is?

                                Any not all AV uses virus specific data, so how does that apply?

                                DashrenderD 1 Reply Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in MS Adds Ransomware Protection to OneDrive:

                                  @dashrender said in MS Adds Ransomware Protection to OneDrive:

                                  @scottalanmiller said in MS Adds Ransomware Protection to OneDrive:

                                  @dashrender said in MS Adds Ransomware Protection to OneDrive:

                                  OK I see what's going on here.

                                  @BRRABill is looking at this as if this new protection is like antivirus on an endpoint - AV's job is to stop virus from getting in in the first place - so Bill is reading Scott's post to mean that MS is preventing cryptolocking the files at all.

                                  That's not what AV does, though. Nor is it what "protection" implies. AV's job is NOT to stop virus from getting there in the first place, it's to limit its ability to hurt you once it is there.

                                  I currently don't agree that AV is limit it's ability to hurt you. If the AV never understands a specific virus, it will limit anything with regard to that virus.
                                  You'll need to sell me on this belief.

                                  So what do you think the purpose of AV is?

                                  Any not all AV uses virus specific data, so how does that apply?

                                  I think the purpose is to stop it at the edge. Once it's in - you can't trust the system anymore, the bug could get under the AV and AV will never be able to stop it.
                                  You don't need virus specific data - heuristics catch that crap too. It's one of the reason that some virus today have time delays built in. Sure you can watch what the virus does for 20 seconds, doesn't appear malicious, so you just let it in, then time bomb explodes.

                                  If the virus doesn't actually disable the virus - then when the AV becomes aware of it, AV can try to mitigate it.

                                  I like Webroot's approach though - see's new file - watches it for a few seconds - OK you seem OK, but before allowing that new file touch/change files on the system, Webroot journals those files for recovery later (until the journal runs out of space).

                                  scottalanmillerS 2 Replies Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @Dashrender
                                    last edited by

                                    @dashrender said in MS Adds Ransomware Protection to OneDrive:

                                    @scottalanmiller said in MS Adds Ransomware Protection to OneDrive:

                                    @dashrender said in MS Adds Ransomware Protection to OneDrive:

                                    @scottalanmiller said in MS Adds Ransomware Protection to OneDrive:

                                    @dashrender said in MS Adds Ransomware Protection to OneDrive:

                                    OK I see what's going on here.

                                    @BRRABill is looking at this as if this new protection is like antivirus on an endpoint - AV's job is to stop virus from getting in in the first place - so Bill is reading Scott's post to mean that MS is preventing cryptolocking the files at all.

                                    That's not what AV does, though. Nor is it what "protection" implies. AV's job is NOT to stop virus from getting there in the first place, it's to limit its ability to hurt you once it is there.

                                    I currently don't agree that AV is limit it's ability to hurt you. If the AV never understands a specific virus, it will limit anything with regard to that virus.
                                    You'll need to sell me on this belief.

                                    So what do you think the purpose of AV is?

                                    Any not all AV uses virus specific data, so how does that apply?

                                    I think the purpose is to stop it at the edge.

                                    That's not where AV stops it. So while that's a nice theory, it doesn't apply to AV, or to ransomware protection here.

                                    1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @Dashrender
                                      last edited by

                                      @dashrender said in MS Adds Ransomware Protection to OneDrive:

                                      Once it's in - you can't trust the system anymore, the bug could get under the AV and AV will never be able to stop it.

                                      No, getting in is of zero concern. Being executed and allowed to run is when you have issues.

                                      The whole "it can't get onto the network" fear is 100% FUD.

                                      DashrenderD 1 Reply Last reply Reply Quote 1
                                      • DashrenderD
                                        Dashrender @scottalanmiller
                                        last edited by

                                        @scottalanmiller said in MS Adds Ransomware Protection to OneDrive:

                                        @dashrender said in MS Adds Ransomware Protection to OneDrive:

                                        Once it's in - you can't trust the system anymore, the bug could get under the AV and AV will never be able to stop it.

                                        No, getting in is of zero concern. Being executed and allowed to run is when you have issues.

                                        The whole "it can't get onto the network" fear is 100% FUD.

                                        OK I see what you're saying - it's FUD because if you download it, who cares - only when you execute it that it's a problem.

                                        And by edge I meant the edge of the device, not the edge of the network.

                                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @Dashrender
                                          last edited by

                                          @dashrender said in MS Adds Ransomware Protection to OneDrive:

                                          @scottalanmiller said in MS Adds Ransomware Protection to OneDrive:

                                          @dashrender said in MS Adds Ransomware Protection to OneDrive:

                                          Once it's in - you can't trust the system anymore, the bug could get under the AV and AV will never be able to stop it.

                                          No, getting in is of zero concern. Being executed and allowed to run is when you have issues.

                                          The whole "it can't get onto the network" fear is 100% FUD.

                                          OK I see what you're saying - it's FUD because if you download it, who cares - only when you execute it that it's a problem.

                                          And by edge I meant the edge of the device, not the edge of the network.

                                          I see. But even there, most traditional AV don't behave like edge, they allow the malware to make it all the way to disk, and clean up either on scan or before executing.

                                          DashrenderD 1 Reply Last reply Reply Quote 0
                                          • DashrenderD
                                            Dashrender @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in MS Adds Ransomware Protection to OneDrive:

                                            @dashrender said in MS Adds Ransomware Protection to OneDrive:

                                            @scottalanmiller said in MS Adds Ransomware Protection to OneDrive:

                                            @dashrender said in MS Adds Ransomware Protection to OneDrive:

                                            Once it's in - you can't trust the system anymore, the bug could get under the AV and AV will never be able to stop it.

                                            No, getting in is of zero concern. Being executed and allowed to run is when you have issues.

                                            The whole "it can't get onto the network" fear is 100% FUD.

                                            OK I see what you're saying - it's FUD because if you download it, who cares - only when you execute it that it's a problem.

                                            And by edge I meant the edge of the device, not the edge of the network.

                                            I see. But even there, most traditional AV don't behave like edge, they allow the malware to make it all the way to disk, and clean up either on scan or before executing.

                                            yeah, the scan once the file is complete seems to be the more normal way I see it go down - I I wonder if this is for end user experience?
                                            Could the file be scanned reliably while in transit?

                                            UTMs claim to do this - the UTM downloads the file, and trickle's the content of the file to the end user until the whole file is downloaded and scanned by the UTM, then the UTM blasts it to the end device as fast as the local network will allow - at least that was my last experience with them.

                                            So not sure why normal AV can't/doesn't do the same?

                                            scottalanmillerS 2 Replies Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post