Fraudulent Tech Support Call
-
@scottalanmiller said:
@Dashrender said:
But what's wrong with using an image?
if you are talking about an image from initial install time that has not been touched since then, sure. But what home user will even talk about doing that? And really, at that point, we are just redefining a reinstallation.
Using images as backups of the system after that point creates a system for retaining cruft and problems.
yeah I agree with that second part!
-
@scottalanmiller said:
Regular reinstalls, even when things do not break, are a good way of breaking a malware chain for people who have no idea that they are infected... it is just good practice. When malware is a known entity, the importance of breaking that chain gets higher because we don't want to have to assume that the end user is certain when the infection actually happened.
Couldn't you drive yourself crazy thinking you are always infected?
I guess that why products like Deep Freeze are popular.
-
@BRRABill said:
I guess that why products like Deep Freeze are popular.
Also why I am an advocate of having work computers for work stuff and home computers for home stuff.
Nothing of importance gets put on my home computer.
-
@MattSpeller said:
Also why I am an advocate of having work computers for work stuff and home computers for home stuff.
Nothing of importance gets put on my home computer.
Yeah, that definitely makes sense.
Though it's often tough in very small businesses.
I'll admit to have a ton of personal stuff on my work computer.
-
@BRRABill Another good way to do it is with VM's and something like virtualbox.
-
@MattSpeller said:
@BRRABill Another good way to do it is with VM's and something like virtualbox.
Or VDI on Amazon!
-
So, if someone really knew what they were doing in the malware world, you don't think they could effectively eradicate the issue enough to make the computer safe?
Places like bleepingcomputer.com for example, where all they do is this stuff every minute of the day.
They look through the files, they figure out what has been done, and they fix it.
Granted, if you have an image, or there is nothing on the machine. Sure, why not just nuke it?
I am talking more specialized systems, or systems where "re-imaging" is not so easy.
-
@BRRABill said:
@scottalanmiller said:
Regular reinstalls, even when things do not break, are a good way of breaking a malware chain for people who have no idea that they are infected... it is just good practice. When malware is a known entity, the importance of breaking that chain gets higher because we don't want to have to assume that the end user is certain when the infection actually happened.
Couldn't you drive yourself crazy thinking you are always infected?
Yes. Which is why you don't assume it all of the time. You only assume it after you know that you were compromised when you know the defenses were breached.
-
-
@BRRABill said:
@MattSpeller said:
@BRRABill Another good way to do it is with VM's and something like virtualbox.
Or VDI on Amazon!
Or Linux!
-
@BRRABill said:
Places like bleepingcomputer.com for example, where all they do is this stuff every minute of the day.
They make reckless decisions every day? Definitely avoid them.
Doing deep dives to learn how things work, good. Doing deep dives and pretending that it is a good business design based on the cost/reward or not absolutely dangerous to leave the poor customer with a potentially hijacked machine? Sounds like negligence.
If a local computer shop did this, I'd say you'd have a lawsuit for professional negligence.
-
@BRRABill said:
They look through the files, they figure out what has been done, and they fix it.
How is that cost effective? How is it reliable?
-
@scottalanmiller said:
They make reckless decisions every day? Definitely avoid them.
No I mean those websites spend their entire day helping users who have been infected. There is a means to infection. There is a way of reversal.
Doing deep dives to learn how things work, good. Doing deep dives and pretending that it is a good business design based on the cost/reward or not absolutely dangerous to leave the poor customer with a potentially hijacked machine? Sounds like negligence.
I would venture to say the sites that do this would have a strong disagreement ... that they do indeed totally disinfect the machine.
-
@scottalanmiller said:
How is that cost effective? How is it reliable?
Depends.
How much would it cost to backup data, reinstall from media, reinstall the data?
-
@BRRABill said:
No I mean those websites spend their entire day helping users who have been infected. There is a means to infection. There is a way of reversal.
Sure, but there is no means of knowing when it has been reversed. Not only is that a dangerous path to go down, someone with the hubris to think that they can know that they got it is exactly who you don't want doing the procedure.
-
@BRRABill said:
I would venture to say the sites that do this would have a strong disagreement ... that they do indeed totally disinfect the machine.
hubris is the enemy of security. The two cannot be found together.
-
@BRRABill said:
How much would it cost to backup data, reinstall from media, reinstall the data?
less that it takes to consider another option.
how much does it cost to have your bank account compromised?
-
@scottalanmiller said:
Sure, but there is no means of knowing when it has been reversed. Not only is that a dangerous path to go down, someone with the hubris to think that they can know that they got it is exactly who you don't want doing the procedure.
OK, let's take this a step back.
Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?
-
-
@scottalanmiller one thing Webroot does if it identifies an unknown as malware is that it rolls back the changes, hopefully saving you the hassle of a reinstall. But I do understand if you want to nuke it from orbit anyway