cramer Premium Member join:2007-04-10 Raleigh, NC Westell 6100 Cisco PIX 501
|
to lorennerol
Re: [Windows] Cryptolockersaid by lorennerol:1. Many people had backups on locally or network attached devices. Those were also attacked. Those were copies, not backups. A backup will not be replica of a directory tree on some other (same filesystem) drive. Real backup software doesn't use a client mounted filesystem for storage -- it goes to the storage server in a manner such that users can't screw with it. 2. The attachment was carefully crafted to look like a PDF file. foo.pdf.exe is not "carefully crafted". However, people have been falling for this crap for YEARS -- as if now seeing " .pdf" isn't a red flag. (thanks to the idiots in Redmond thinking not showing file extensions is a Good Idea(tm).) 3. Shadow copies can save the day, but this is not enabled by default on client versions of Windows. Yes it is. That's how system restore works now. And it's on by default on system drives. (or it is from Dell and HP) |
|
justin..needs sleep Mod join:1999-05-28 2031 |
justin
Mod
2013-Dec-12 10:54 pm
According to wikipedia
"CryptoLocker attempts to delete Windows Shadow Copy backups before encrypting files" |
|
|
to cramer
said by cramer:Real backup software doesn't use a client mounted filesystem for storage -- it goes to the storage server in a manner such that users can't screw with it. Just how many home users do you know who have such a system setup? All of my home user clients are using the software that came with their external/nas drives, or something like acronis. None of which are safe from Cryptolocker, as it encrypts the backup file itself. said by cramer:foo.pdf.exe is not "carefully crafted" The two I worked on used adobe exploits to side load through actual pdf files. And for users who regularly work with lots of emailed pdf files, (realtors in my case) opening one isn't an idiot move, it is required business. On the same note, it is hard to blame end users for not changing the stock "do not show file extensions" option. Microsoft screwed that one up. |
|
lorennerol Premium Member join:2003-10-29 Seattle, WA |
There's an easy way to encourage software companies to ship good code the first time: Make them liable for damages. Yes, their product is complicated and hard to get 'right', but then so are airplanes. And we don't accept Boeing and Airbus shipping shoddy product that falls out of the sky and has to have repairs for severe defects installed on a monthly basis.
The law that exempts software companies from damages really isn't working any longer. |
|
dennismurphyPut me on hold? I'll put YOU on hold Premium Member join:2002-11-19 Parsippany, NJ |
said by lorennerol:There's an easy way to encourage software companies to ship good code the first time: Make them liable for damages. Yes, their product is complicated and hard to get 'right', but then so are airplanes. And we don't accept Boeing and Airbus shipping shoddy product that falls out of the sky and has to have repairs for severe defects installed on a monthly basis.
The law that exempts software companies from damages really isn't working any longer. Sure, if you want your PC to cost what a flight director does ... |
|
lorennerol Premium Member join:2003-10-29 Seattle, WA |
said by dennismurphy:said by lorennerol:There's an easy way to encourage software companies to ship good code the first time: Make them liable for damages. Yes, their product is complicated and hard to get 'right', but then so are airplanes. And we don't accept Boeing and Airbus shipping shoddy product that falls out of the sky and has to have repairs for severe defects installed on a monthly basis.
The law that exempts software companies from damages really isn't working any longer. Sure, if you want your PC to cost what a flight director does ... If you think the cost of Windows is $150, you're mistaken. You'd have to add in all the hidden costs of upkeep, cleanup, lost data and productivity, etc. caused by software defects. Just like health care, the costs are already there, they're just hidden right now. What do you figure the value is to a family that just lost 10 years of irreplaceable family photos due to a defect in Adobe Reader? |
|
|
dennismurphyPut me on hold? I'll put YOU on hold Premium Member join:2002-11-19 Parsippany, NJ |
said by lorennerol:If you think the cost of Windows is $150, you're mistaken. You'd have to add in all the hidden costs of upkeep, cleanup, lost data and productivity, etc. caused by software defects. Just like health care, the costs are already there, they're just hidden right now. What do you figure the value is to a family that just lost 10 years of irreplaceable family photos due to a defect in Adobe Reader? For sure... which is why I buy Macs. The so-called Apple Tax is really the Great Apple Discount in my book. |
|
|
I really don't want to start a Mac v PC debate....REALLY I don't. But, if Mac accounted for 90% of net users, you can be damn sure there would be more Mac viruses. Your argument for owning a Mac does have a lot of merit, they are safer to use. But only because there are too few of them to attract the attention of the criminals. said by lorennerol:The law that exempts software companies from damages really isn't working any longer. I would agree, but only to a point. Adobe software itself didn't damage these systems. Their poorly written crap did let the infection in, but it was a user who chose to install an Adobe product, and a user who clicked to open a 3rd party file. We don't hold Boeing orAirbus responsible for pilot error, whether intentional or not. |
|
lorennerol Premium Member join:2003-10-29 Seattle, WA |
said by Camelot One:We don't hold Boeing orAirbus responsible for pilot error, whether intentional or not. We would if Boeing designed the "Emergency Fuel Dump" lever to look exactly like that "Turn off Seatbelt Light" lever. |
|
cramer Premium Member join:2007-04-10 Raleigh, NC Westell 6100 Cisco PIX 501
|
to Camelot One
said by Camelot One:Just how many home users do you know who have such a system setup? None. (how many actually make backups? Few.) But the average home user isn't the target. All of my home user clients are using the software that came with their external/nas drives, Having dealt with that cheap-shit "comes with the drive" technology, there's a really good chance their backups are worthless from the start. I'll have to look at the list of extensions again, but I don't remember seeing the acronis image ext in there. The two I worked on used adobe exploits to side load through actual pdf files. And who's fault is it they've not updated their buggy versions of adobe? The "news" reports the email attachments are exe's with a pdf icon "to fool people into running them." |
|
|