Fraudulent Tech Support Call
-
@BRRABill said:
They look through the files, they figure out what has been done, and they fix it.
How is that cost effective? How is it reliable?
-
@scottalanmiller said:
They make reckless decisions every day? Definitely avoid them.
No I mean those websites spend their entire day helping users who have been infected. There is a means to infection. There is a way of reversal.
Doing deep dives to learn how things work, good. Doing deep dives and pretending that it is a good business design based on the cost/reward or not absolutely dangerous to leave the poor customer with a potentially hijacked machine? Sounds like negligence.
I would venture to say the sites that do this would have a strong disagreement ... that they do indeed totally disinfect the machine.
-
@scottalanmiller said:
How is that cost effective? How is it reliable?
Depends.
How much would it cost to backup data, reinstall from media, reinstall the data?
-
@BRRABill said:
No I mean those websites spend their entire day helping users who have been infected. There is a means to infection. There is a way of reversal.
Sure, but there is no means of knowing when it has been reversed. Not only is that a dangerous path to go down, someone with the hubris to think that they can know that they got it is exactly who you don't want doing the procedure.
-
@BRRABill said:
I would venture to say the sites that do this would have a strong disagreement ... that they do indeed totally disinfect the machine.
hubris is the enemy of security. The two cannot be found together.
-
@BRRABill said:
How much would it cost to backup data, reinstall from media, reinstall the data?
less that it takes to consider another option.
how much does it cost to have your bank account compromised?
-
@scottalanmiller said:
Sure, but there is no means of knowing when it has been reversed. Not only is that a dangerous path to go down, someone with the hubris to think that they can know that they got it is exactly who you don't want doing the procedure.
OK, let's take this a step back.
Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?
-
-
@scottalanmiller one thing Webroot does if it identifies an unknown as malware is that it rolls back the changes, hopefully saving you the hassle of a reinstall. But I do understand if you want to nuke it from orbit anyway
-
@scottalanmiller said:
@BRRABill said:
Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?
If it finds one that infected me, absolutely. Every time, no question. I feel like we've asked this before
That seems like a lot of overkill if your AV has caught the virus and stopped it before doing any harm...
-
-
@DustinB3403 said:
@scottalanmiller said:
@BRRABill said:
Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?
If it finds one that infected me, absolutely. Every time, no question. I feel like we've asked this before
That seems like a lot of overkill if your AV has caught the virus and stopped it before doing any harm...
But if the virus has infected the machine, it has done harm. So yes, that might sound like a lot for a circumstance not being discussed
-
The problem is these guys may be installing some random off the wall app that's custom written and not picked out as an actual virus.
-
@DustinB3403 said:
@scottalanmiller said:
@BRRABill said:
Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?
If it finds one that infected me, absolutely. Every time, no question. I feel like we've asked this before
That seems like a lot of overkill if your AV has caught the virus and stopped it before doing any harm...
Risk vs Reward
99/100 it'll be fine, but I don't like looking foolish* even 1% of the time.
*Sod's law is the 1% will be a C level or other important wanker.
-
@dafyre said:
The problem is these guys may be installing some random off the wall app that's custom written and not picked out as an actual virus.
The guys claiming to clean the computer?
-
@scottalanmiller said:
@dafyre said:
The problem is these guys may be installing some random off the wall app that's custom written and not picked out as an actual virus.
The guys claiming to clean the computer?
Yea.
-
@MattSpeller said:
@DustinB3403 said:
@scottalanmiller said:
@BRRABill said:
Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?
If it finds one that infected me, absolutely. Every time, no question. I feel like we've asked this before
That seems like a lot of overkill if your AV has caught the virus and stopped it before doing any harm...
Risk vs Reward
99/100 it'll be fine, but I don't like looking foolish* even 1% of the time.
*Sod's law is the 1% will be a C level or other important wanker.
That's really the thing. 1% failure rate when we are talking about things that steal your bank account info is a horrible failure rate.
And reward... is there one? Does all this extra effort amount to making things better? I think that we end up with higher risk AND negative reward most of the time. That's a pretty horrible trade off.
-
@scottalanmiller said:
@MattSpeller said:
@DustinB3403 said:
@scottalanmiller said:
@BRRABill said:
Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?
If it finds one that infected me, absolutely. Every time, no question. I feel like we've asked this before
That seems like a lot of overkill if your AV has caught the virus and stopped it before doing any harm...
Risk vs Reward
99/100 it'll be fine, but I don't like looking foolish* even 1% of the time.
*Sod's law is the 1% will be a C level or other important wanker.
That's really the thing. 1% failure rate when we are talking about things that steal your bank account info is a horrible failure rate.
And reward... is there one? Does all this extra effort amount to making things better? I think that we end up with higher risk AND negative reward most of the time. That's a pretty horrible trade off.
Presumably the reward would be faster return to work for the user & less time outlay for IT.
I think there's reward in doing the nukes every time, albeit less if I had to quantify it. Same process every time means you're good at it, and do it damn fast. Also with a single process (nuking) you're far less likely to botch it as there's less to remember (vs cleaning, testing, whatever). Also shows your users that viruses are serious and a PITA for them, they may actually learn to be more careful (HAHahahahahahahahaha)
-
@MattSpeller said:
Presumably the reward would be faster return to work for the user & less time outlay for IT.
But is that true? The point of rapid imaging is that time is not wasted investigating, time is not wasted manually attempting to repair, time is not wasted attempting to verify and then there isn't the risk of time being wasted doing it all again (on top of the security risks of not having gotten it flawless.)
If we image immediately, we get people back up and running very, very quickly while having the best chance of eliminating the danger.
-
An important difference with the "reinstall and go" approach is that it is highly reliable. We can pretty much predict how much time it will take to get back up and running. The margin of error is very small. Cleaning a system is "well... you know... thirty minutes to a week, give or take." The "known" is small so the ability to estimate time is very poor.