dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
11
share rss forum feed


Kilroy
Premium,MVM
join:2002-11-21
Saint Paul, MN
reply to lorennerol

Re: [Windows] Cryptolocker

That's not going to happen, the encryption was well done, expect to see a lot more of this in the future.

I have a hard time feeling sorry for people who lost data. These are the same people who don't back up their data. They are the one who opened up the infection to cause the problem.

If it happened to me I'd be unhappy, but wouldn't cry about it. I've got old drives with my data sitting on a shelf, I just need to slap them in and copy my data over. Sure I might lose some things, but nothing too important. Family photos have been burned to disk and given to people for Christmas. Not only a nice gift, but a great off site back up.
--
"Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something." - Robert A. Heinlein


lorennerol
Premium
join:2003-10-29
Seattle, WA

said by Kilroy:

I have a hard time feeling sorry for people who lost data. These are the same people who don't back up their data. They are the one who opened up the infection to cause the problem.

In this case, I think that's a bit harsh.

1. Many people had backups on locally or network attached devices. Those were also attacked.
2. The attachment was carefully crafted to look like a PDF file.
3. Shadow copies can save the day, but this is not enabled by default on client versions of Windows.
4. AV software blows chunks right now and most people don't realize that (because AV vendors tell them otherwise). It is, realistically, little better than something that alerts a user after an infection.
5. There's little to get in the way of this infection on XP boxes. If Vista hadn't so badly sucked, more people would be running it now instead of XP. MS fail (and again with Win8).
6. Dell, HP, Microsoft, and other giant tech corporations lead people to believe they can buy a computer and never worry about it again. We know that's just wrong. But most people don't. Because they've been led to believe otherwise.

Be careful of casting stones. They have a way of hitting things unintended.

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8

said by lorennerol:

1. Many people had backups on locally or network attached devices. Those were also attacked.

Those were copies, not backups. A backup will not be replica of a directory tree on some other (same filesystem) drive. Real backup software doesn't use a client mounted filesystem for storage -- it goes to the storage server in a manner such that users can't screw with it.

2. The attachment was carefully crafted to look like a PDF file.

foo.pdf.exe is not "carefully crafted". However, people have been falling for this crap for YEARS -- as if now seeing ".pdf" isn't a red flag. (thanks to the idiots in Redmond thinking not showing file extensions is a Good Idea(tm).)

3. Shadow copies can save the day, but this is not enabled by default on client versions of Windows.

Yes it is. That's how system restore works now. And it's on by default on system drives. (or it is from Dell and HP)


justin
..needs sleep
Australian
join:1999-05-28
kudos:15

According to wikipedia

"CryptoLocker attempts to delete Windows Shadow Copy backups before encrypting files"



Camelot One
Premium,MVM
join:2001-11-21
Greenwood, IN
kudos:2
reply to cramer

said by cramer:

Real backup software doesn't use a client mounted filesystem for storage -- it goes to the storage server in a manner such that users can't screw with it.

Just how many home users do you know who have such a system setup? All of my home user clients are using the software that came with their external/nas drives, or something like acronis. None of which are safe from Cryptolocker, as it encrypts the backup file itself.

said by cramer:

foo.pdf.exe is not "carefully crafted"

The two I worked on used adobe exploits to side load through actual pdf files. And for users who regularly work with lots of emailed pdf files, (realtors in my case) opening one isn't an idiot move, it is required business. On the same note, it is hard to blame end users for not changing the stock "do not show file extensions" option. Microsoft screwed that one up.

lorennerol
Premium
join:2003-10-29
Seattle, WA

There's an easy way to encourage software companies to ship good code the first time: Make them liable for damages. Yes, their product is complicated and hard to get 'right', but then so are airplanes. And we don't accept Boeing and Airbus shipping shoddy product that falls out of the sky and has to have repairs for severe defects installed on a monthly basis.

The law that exempts software companies from damages really isn't working any longer.



dennismurphy
Put me on hold? I'll put YOU on hold
Premium
join:2002-11-19
Parsippany, NJ
kudos:3
Reviews:
·Verizon FiOS

said by lorennerol:

There's an easy way to encourage software companies to ship good code the first time: Make them liable for damages. Yes, their product is complicated and hard to get 'right', but then so are airplanes. And we don't accept Boeing and Airbus shipping shoddy product that falls out of the sky and has to have repairs for severe defects installed on a monthly basis.

The law that exempts software companies from damages really isn't working any longer.

Sure, if you want your PC to cost what a flight director does ...

lorennerol
Premium
join:2003-10-29
Seattle, WA

said by dennismurphy:

said by lorennerol:

There's an easy way to encourage software companies to ship good code the first time: Make them liable for damages. Yes, their product is complicated and hard to get 'right', but then so are airplanes. And we don't accept Boeing and Airbus shipping shoddy product that falls out of the sky and has to have repairs for severe defects installed on a monthly basis.

The law that exempts software companies from damages really isn't working any longer.

Sure, if you want your PC to cost what a flight director does ...

If you think the cost of Windows is $150, you're mistaken. You'd have to add in all the hidden costs of upkeep, cleanup, lost data and productivity, etc. caused by software defects. Just like health care, the costs are already there, they're just hidden right now. What do you figure the value is to a family that just lost 10 years of irreplaceable family photos due to a defect in Adobe Reader?


dennismurphy
Put me on hold? I'll put YOU on hold
Premium
join:2002-11-19
Parsippany, NJ
kudos:3
Reviews:
·Verizon FiOS

said by lorennerol:

If you think the cost of Windows is $150, you're mistaken. You'd have to add in all the hidden costs of upkeep, cleanup, lost data and productivity, etc. caused by software defects. Just like health care, the costs are already there, they're just hidden right now. What do you figure the value is to a family that just lost 10 years of irreplaceable family photos due to a defect in Adobe Reader?

For sure... which is why I buy Macs.

The so-called Apple Tax is really the Great Apple Discount in my book.


Camelot One
Premium,MVM
join:2001-11-21
Greenwood, IN
kudos:2

said by dennismurphy:

For sure... which is why I buy Macs.

I really don't want to start a Mac v PC debate....REALLY I don't. But, if Mac accounted for 90% of net users, you can be damn sure there would be more Mac viruses. Your argument for owning a Mac does have a lot of merit, they are safer to use. But only because there are too few of them to attract the attention of the criminals.

said by lorennerol:

The law that exempts software companies from damages really isn't working any longer.

I would agree, but only to a point. Adobe software itself didn't damage these systems. Their poorly written crap did let the infection in, but it was a user who chose to install an Adobe product, and a user who clicked to open a 3rd party file. We don't hold Boeing orAirbus responsible for pilot error, whether intentional or not.

lorennerol
Premium
join:2003-10-29
Seattle, WA

said by Camelot One:

We don't hold Boeing orAirbus responsible for pilot error, whether intentional or not.

We would if Boeing designed the "Emergency Fuel Dump" lever to look exactly like that "Turn off Seatbelt Light" lever.


Kilroy
Premium,MVM
join:2002-11-21
Saint Paul, MN
reply to lorennerol

said by lorennerol:

1. Many people had backups on locally or network attached devices. Those were also attacked.

So they are not following the 3-2-1 Backup Rule
The accepted rule for backup best practices is the three-two-one rule. It can be summarized as: if you’re backing something up, you should have:

3 - At least three copies,
2 - In two different formats,
1 - with one of those copies off-site.

said by lorennerol:

2. The attachment was carefully crafted to look like a PDF file.

This one falls partly to Microsoft for hiding the extensions of known files by default. Something that should be turned off immediately on first boot.

said by lorennerol:

3. Shadow copies can save the day, but this is not enabled by default on client versions of Windows.

If you had a good back up this doesn't matter.

said by lorennerol:

4. AV software blows chunks right now and most people don't realize that (because AV vendors tell them otherwise).

No argument here, but this and most other things that are common today aren't viruses, they are malware. Anyone writing this type of software is going to run it through a few of these to ensure that it gets past. This is no longer curious children, this is a business.

said by lorennerol:

5. There's little to get in the way of this infection on XP boxes. If Vista hadn't so badly sucked, more people would be running it now instead of XP. MS fail (and again with Win8).

Windows XP is now over a decade old, that is forever in the computer world. Even if they skipped Vista, Windows 7 is a valid upgrade option that has been available for over four years. Windows Vista is still over five years old. Personally there was nothing wrong with it. The real issues were the lack of hardware manufacturers providing 64-bit drivers and it was a change.

said by lorennerol:

6. Dell, HP, Microsoft, and other giant tech corporations lead people to believe they can buy a computer and never worry about it again.

Anyone who has been using computer knows better. They may not know what they need exactly, but they know there is more than bringing it home and setting it up.

The maximum effective range of an excuse is 0.0 meters. Cryptolocker is preventable. The problem is Cryptolocker attacks the weakest link in the security chain, the user.
--
"Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something." - Robert A. Heinlein

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8
reply to Camelot One

said by Camelot One:

Just how many home users do you know who have such a system setup?

None. (how many actually make backups? Few.) But the average home user isn't the target.

All of my home user clients are using the software that came with their external/nas drives,

Having dealt with that cheap-shit "comes with the drive" technology, there's a really good chance their backups are worthless from the start. I'll have to look at the list of extensions again, but I don't remember seeing the acronis image ext in there.

The two I worked on used adobe exploits to side load through actual pdf files.

And who's fault is it they've not updated their buggy versions of adobe? The "news" reports the email attachments are exe's with a pdf icon "to fool people into running them."

PinkyThePig
Premium
join:2011-05-02
Tempe, AZ
Reviews:
·Cox HSI
reply to Kilroy

said by Kilroy:

»en.wikipedia.org/wiki/Windows_XP>Windows XP is now over a decade old, that is forever in the computer world. Even if they skipped Vista, Windows 7 is a valid upgrade option that has been available for over four years. Windows Vista is still over five years old. Personally there was nothing wrong with it. The real issues were the lack of hardware manufacturers providing 64-bit drivers and it was a change.

I had more issues than that. I had 32 bit version and had a never ending stream of weird driver issues. For my entire stint on vista I had a pretty crippling graphics bug that would garble my screen when I was playing a game and clicked anywhere inside a youtube video. Switched that computer to win 7 and almost every single problem vanished. Vista was garbage through and through. It was just worse on 64 bit than it was on 32, but both versions were still awful.