dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
20
cramer
Premium Member
join:2007-04-10
Raleigh, NC
Westell 6100
Cisco PIX 501

cramer to lorennerol

Premium Member

to lorennerol

Re: [Windows] Cryptolocker

said by lorennerol:

1. Many people had backups on locally or network attached devices. Those were also attacked.

Those were copies, not backups. A backup will not be replica of a directory tree on some other (same filesystem) drive. Real backup software doesn't use a client mounted filesystem for storage -- it goes to the storage server in a manner such that users can't screw with it.

2. The attachment was carefully crafted to look like a PDF file.

foo.pdf.exe is not "carefully crafted". However, people have been falling for this crap for YEARS -- as if now seeing ".pdf" isn't a red flag. (thanks to the idiots in Redmond thinking not showing file extensions is a Good Idea(tm).)

3. Shadow copies can save the day, but this is not enabled by default on client versions of Windows.

Yes it is. That's how system restore works now. And it's on by default on system drives. (or it is from Dell and HP)

justin
..needs sleep
Mod
join:1999-05-28
2031

justin

Mod

According to wikipedia

"CryptoLocker attempts to delete Windows Shadow Copy backups before encrypting files"

Camelot One
MVM
join:2001-11-21
Bloomington, IN

Camelot One to cramer

MVM

to cramer
said by cramer:

Real backup software doesn't use a client mounted filesystem for storage -- it goes to the storage server in a manner such that users can't screw with it.

Just how many home users do you know who have such a system setup? All of my home user clients are using the software that came with their external/nas drives, or something like acronis. None of which are safe from Cryptolocker, as it encrypts the backup file itself.
said by cramer:

foo.pdf.exe is not "carefully crafted"

The two I worked on used adobe exploits to side load through actual pdf files. And for users who regularly work with lots of emailed pdf files, (realtors in my case) opening one isn't an idiot move, it is required business. On the same note, it is hard to blame end users for not changing the stock "do not show file extensions" option. Microsoft screwed that one up.
lorennerol
Premium Member
join:2003-10-29
Seattle, WA

lorennerol

Premium Member

There's an easy way to encourage software companies to ship good code the first time: Make them liable for damages. Yes, their product is complicated and hard to get 'right', but then so are airplanes. And we don't accept Boeing and Airbus shipping shoddy product that falls out of the sky and has to have repairs for severe defects installed on a monthly basis.

The law that exempts software companies from damages really isn't working any longer.

dennismurphy
Put me on hold? I'll put YOU on hold
Premium Member
join:2002-11-19
Parsippany, NJ

dennismurphy

Premium Member

said by lorennerol:

There's an easy way to encourage software companies to ship good code the first time: Make them liable for damages. Yes, their product is complicated and hard to get 'right', but then so are airplanes. And we don't accept Boeing and Airbus shipping shoddy product that falls out of the sky and has to have repairs for severe defects installed on a monthly basis.

The law that exempts software companies from damages really isn't working any longer.

Sure, if you want your PC to cost what a flight director does ...
lorennerol
Premium Member
join:2003-10-29
Seattle, WA

lorennerol

Premium Member

said by dennismurphy:

said by lorennerol:

There's an easy way to encourage software companies to ship good code the first time: Make them liable for damages. Yes, their product is complicated and hard to get 'right', but then so are airplanes. And we don't accept Boeing and Airbus shipping shoddy product that falls out of the sky and has to have repairs for severe defects installed on a monthly basis.

The law that exempts software companies from damages really isn't working any longer.

Sure, if you want your PC to cost what a flight director does ...

If you think the cost of Windows is $150, you're mistaken. You'd have to add in all the hidden costs of upkeep, cleanup, lost data and productivity, etc. caused by software defects. Just like health care, the costs are already there, they're just hidden right now. What do you figure the value is to a family that just lost 10 years of irreplaceable family photos due to a defect in Adobe Reader?

dennismurphy
Put me on hold? I'll put YOU on hold
Premium Member
join:2002-11-19
Parsippany, NJ

dennismurphy

Premium Member

said by lorennerol:

If you think the cost of Windows is $150, you're mistaken. You'd have to add in all the hidden costs of upkeep, cleanup, lost data and productivity, etc. caused by software defects. Just like health care, the costs are already there, they're just hidden right now. What do you figure the value is to a family that just lost 10 years of irreplaceable family photos due to a defect in Adobe Reader?

For sure... which is why I buy Macs.

The so-called Apple Tax is really the Great Apple Discount in my book.

Camelot One
MVM
join:2001-11-21
Bloomington, IN

Camelot One

MVM

said by dennismurphy:

For sure... which is why I buy Macs.

I really don't want to start a Mac v PC debate....REALLY I don't. But, if Mac accounted for 90% of net users, you can be damn sure there would be more Mac viruses. Your argument for owning a Mac does have a lot of merit, they are safer to use. But only because there are too few of them to attract the attention of the criminals.
said by lorennerol:

The law that exempts software companies from damages really isn't working any longer.

I would agree, but only to a point. Adobe software itself didn't damage these systems. Their poorly written crap did let the infection in, but it was a user who chose to install an Adobe product, and a user who clicked to open a 3rd party file. We don't hold Boeing orAirbus responsible for pilot error, whether intentional or not.
lorennerol
Premium Member
join:2003-10-29
Seattle, WA

lorennerol

Premium Member

said by Camelot One:

We don't hold Boeing orAirbus responsible for pilot error, whether intentional or not.

We would if Boeing designed the "Emergency Fuel Dump" lever to look exactly like that "Turn off Seatbelt Light" lever.
cramer
Premium Member
join:2007-04-10
Raleigh, NC
Westell 6100
Cisco PIX 501

cramer to Camelot One

Premium Member

to Camelot One
said by Camelot One:

Just how many home users do you know who have such a system setup?

None. (how many actually make backups? Few.) But the average home user isn't the target.

All of my home user clients are using the software that came with their external/nas drives,

Having dealt with that cheap-shit "comes with the drive" technology, there's a really good chance their backups are worthless from the start. I'll have to look at the list of extensions again, but I don't remember seeing the acronis image ext in there.

The two I worked on used adobe exploits to side load through actual pdf files.

And who's fault is it they've not updated their buggy versions of adobe? The "news" reports the email attachments are exe's with a pdf icon "to fool people into running them."