Slashdot Mirror
Using Distributed Computing To Thwart Ransomware
I Don't Believe in Imaginary Property writes "The folks at Kaspersky labs are turning to distributed computing to factor the RSA key used by the GPcode virus to encrypt people's files and hold them for ransom. There are two 1024-bit RSA keys to break, which should require a network of about 15 million modern computers to spend a year per key factoring them. Unfortunately, there appear to be no vulnerabilities in the virus' use of RSA, unlike some previous cases. Perhaps more interestingly, there's some debate over whether people should bother cracking it. After all, what if they were trying to trick us into factoring the key for a root signing authority? Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk."
Surely all the have to do is start using a new key every so often, and the task becomes pointless?
Encourage people to make backups of their data on disc, tape, or portable harddrives. I know that's a radical idea, but it just might be crazy enough to work.
SJW: Someone who has run out of real oppression, and has to fake it.
Where's Jack Bauer when you need him ???
Votez ecolo : Chiez dans l'urne !
If only I hadn't erased Jack Bauer's cell from my contact list after the last season...
My 0.02 cents
I'm glad at the enormous figures involved here (one year x 15 million computers). Hopefully, it'll teach people to backup systematically, cleanly and frequently - after all, the arms race on malware/virii has led to better computer security policies and techniques, even if there were many casualties.
Commodore64_love: I don't comprehend people who're so frightened of death that they'll bankrupt themselves to stay alive
Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk.
That depends on whether you think it is acceptable to compel someone to reveal something like that. If, as for example in the US, someone cannot be forced to incriminate himself, then he can just refuse and there is no further recourse. That is, if the only way of getting information out of someone is to ask them nicely for it.
How are we going to do that? Everyone knows that things aren't nearly as fun as they used to be... people are even complaining about waterboarding now! what's this world coming to? Shoot, I remember when you could put a man on the rack - no problem.
You are using English. Please learn the difference between loose and lose; they're, there, and their; your and you're.
But, surely the writers of the malware are also partly to blame.
Oh, wait...
The people who did that sit in a country ending in -stan. Countries ending in -stan have real problems and don't care for problems their citizens cause abroad.
You can trust me on that one, I've tried. I've even had so much as the name of the person to prosecute. Nothing came out of it. Despite including our federal police and interpol.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
How? I thought torture was disallowed.
---- Booth was a patriot ----
They are best off using a large botnet then. Perhaps modify the extortion virus itself so that it's part of solution rather than part of the problem.
The sadists who ran Saddam's network of torture and death chambers are out of work at the moment.
.... persuade these people to talk.
Surely they could be employed to
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
15 million CPU years per key? And the attacker can just make up new keys as often as he likes. He could even make a different key for each target if he wanted.
15 million CPU years is a lot to spend when you could just restore from backups.
The size of the keyspace doubles per bit, 2^1024 is the size of keyspace.. Brute factoring the key is not happening..
Fortunately, we had Interbank Data Recovery Services. And Interbank does more than just acquire the decryption key.
That's because Interbank vows to find out who sent you the ransom and hunt them down like animals. Like filthy, dirty animals. That's the Interbank difference. See, I don't care how Interbank's secret police get things done. I just care that they get things done. For us.
Plus, because we'd enrolled in their Premiere Membership program, Interbank also hunted down friends and relatives of the guy who had encrypted our data, dragged them from their beds in the middle of the night, and set fire to their homes.
As long as security is valued at zero dollars when the IT bean counters are evaluating platforms and vendors crapware will proliferate.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Don't forget the corollary.
... how about just including a simple script that will look at how it's installed TODAY and back it up to a location chosen by the user? And then that script will generate a script to install that backup should you need it to. Along with license keys and decoding keys and unlocking keys, etc.
Encourage the application writers to make their applications EASY TO BACKUP.
The problem I keep seeing is that TELLING someone to back up their data is easy to do. FINDING ALL of the data is just about impossible.
You'll never know if you got it all until AFTER a problem.
Or even
The screenshot at http://news.cnet.com/8301-10784_3-9965381-7.html?tag=nefd.top says that the victim pays to download a 'decryptor'. Either the decryptor contacts, in real time, the extortionist (at a server location that can be linked to them), or the private key is included in the decryptor program, and should be able to be sussed out...
I've been an advocate for this method for quite some time. "Tell me Mr. Extortionist, how can your write a virus with ten broken fingers?..."
So, there are two possibilities here:
Either way, this seems like a pretty strong (if harsh) lesson for end users. If #1, use better software, like your geek friends have been telling you this for years. That doesn't have to mean installing Ubuntu; it could just mean upgrading from IE6 to Firefox (or IE7), or from Outlook Express to Thunderbird (or Gmail). If #2, then haven't you been told about 1,000 times not to do that? Now do you see why?
I truly feel bad for people who get nailed for this, in almost exactly the same way I feel bad for my kids when they touch the stove after I've told them it was hot.
Dewey, what part of this looks like authorities should be involved?
Since the virus seems to only use one key, can't we just infect a file with known content and reverse the key by comparing the original/infected versions?
If we take known data and expose it to this virus, it will encrypt it so well that it takes 15 million computers to figure out the key?
I assume the folks at Kaspersky labs know what they are doing, but known data? Even if we get several samples of known data and compare it to it's encrypted counterpart, it takes 15 million computers?
I mean Colossus only had suspected known data, such as, "Nothing to report" and broke the enigma code. That's impressive!
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
When we do find that guy, we can waterboard him to get the private key. According to the man, that's not torture!
Why are government bodies so busily working on pointless shit like this, when instead they could be doing work that actually brings value to society ... like shutting down the money pipe that keeps spammers and extortionists (of all kinds) in business? Can't somebody just invoke the specter of scary terrorists and money being funneled to Osama or something?
If libertarians are so opposed to effective government, why don't they all move to Somalia?
So the encryption is sound, but did he just delete the old files after encrypting them or did he scrub the drive too.
Someone try to undelete the files with a disk recovery tool and see what you get. Just because the file is encrypted does not mean that the original was correctly destroyed.
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
I suppose if the file in question was something like a manuscript for a novel, where the owner can more or less verify it by eye, and (importantly) there isn't that much downside if our opponent sneaks some changes in, that might be worthwhile. But in general...
"Not an actor, but he plays one on TV."
AKA Rubberhose Decryption. Works every time.
Isn't that the way most frauds are cracked - by finding out where the money goes? Or is this particularly nasty SPECTRE-like extortion not illegal in the country of origin?
1. Track down the virus' creator.
2. Encrypt his/her data with a similar algorithm plus a key logger.
3. The keylogger phones home with the key the perpetrator used to decrypt his/her data.
4. Profit!
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
They might talk, but if there are any passwords involved, they are protected by the 5th amendment from having to divulge them.
Colin Dean Go a year without DRM
Is it targeted manually, or is it a specifically directed attack? If it's out in the wild being spread [cough] virally, rather than being inserted into specific targets, then what happens when a mobster's double book accounting system gets infected. Some people have mentioned ruthless CEO's - but if this infected the wrong system, these folks could have someone after them with no restraint, deep pockets, and the resources and experience to root them out. Do I smell a TV movie in the offing?
...still there's no real proof for the authenticity of the keys. infections are rare... who tells me that these aren't keys used by some CA. or anything else important.
For the Registry, you can "export" the entries for that app to a file and, later, you can import that file into the Registry.
The problem with the Registry is the same as you've noted with the file system. Stuff gets put EVERYWHERE. And there is no way to KNOW that you have EVERYTHING until AFTER you attempt to restore it. AND that doesn't include anything "updated" when you get a patch or point-zero-one release "upgrade".
Now, the installer can put that stuff everywhere
And I don't want to hear that that is to prevent "piracy". Just encrypt the stuff with the unlocking key or whatever. That way I can keep a TEXT file of app-name -- key code on my USB drive along with the backups.
Then I got a virus.
Since then, I make regular backups. Back in my childhood I did regular backups of my family's computer.
Then we got a virus.
Then we realized that the virus was a time bomb that was already present in dormant form even in the oldest several-months old backups.
Sometimes you have parents that are both computer geeks, and they teach you the important of offline backups. Never the less, shit happens anyway.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Although, you have to admit, retrieving your backup tapes from the Phoenix Lander is going to be a tad more expensive than the usual backup plans. More so if civilisation on earth has collapsed.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Where's Jack Bauer when you need him ???
Recovering from post traumatic stress disorder, a number of wounds, and radiation poisoning.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
The article mentioned that despite the IP addresses of the email are from China, the fact is the people behind the GPcode campaign are Russian. That makes me wonder that how many computers in China has been turned into Russian zombies. That may well explain the reason why most attacks against U.S. Government networks are originated in China.
"The New Age. The New Beginning."
Why waste time factoring RSA?? The RSA simply wraps an RC4 key.
RC4 brute force is far easier. There are several known problems with RC4 which may possibly work to our advantage in cracking the data as well..
I said no... but I missed and it came out yes.
I don't know, but I bet there's a lady chained to a radiator, crying, somewhere near by.
It would be far more energy efficient to find the perp and lightly tap his kneecaps with a hatchet from the local hardware store...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Nuclear force? After all, I heard those Nazis were really into encryption.
I just read Slashdot for the articles.
Enterprise-level backup apps are almost always 3rd-party, not "some kind of unreliable M$ thing". Any serious solution also has a means to restore to bare metal, so in effect you need no OS at all to do this.
(and when was the last time anybody kept any current work on a floppy? Cripes - 1992 called and they want their backup devices back).
Quo usque tandem abutere, Nimbus, patientia nostra?
cant that be used to bruteforce that keys MUCH faster? i mean,from what i read its like.. 20 times faster than a regular pc cpu
Factoring a 1024-bit RSA modulus would be a major achievement. The current record seems to be 663 bits.
There was a day many years ago when thieves and other miscreants would find their head on a pike for all the other miscreants to see as a warning that plying their trade in that city would result in the same happening to them.
We're much too genteel to do such a thing anymore, at least so overtly. But we still have spies, don't we? Guys that operate under the radar? Can't we send them to track the bastards down and publicly terminate them? It would accomplish the same thing, sending a clear messages to all the other script-kiddies that you will meet a similar fate if you try it yourself.
I know it sounds all "kill the bastards!" and all, but we need to make examples of these scumbags. We don't need to slap them on the hand anymore.
A clever person solves a problem, A wise person avoids it. -Einstein
"...track down the people who wrote the virus and force them to talk."
Or, more likely, beat them within an inch of their life, break their fingers, cut off their toes...then ask them for the key or else you will get really nasty.
These geeks aren't going to fear the results of their actions until they begin seeing their cohorts disappearing without a trace or being put on display as an example to the others.
Bearded Dragon
Given the choice between fifteen million CPU years spent breaking keys and about ten minutes of breaking fingers, it seems pretty clear which one is more efficient.
Frankly, I'd be deploying 4096 bit - it's not like verifying the signature every now and then is going to bring the Internet to its knees.
"It doesn't cost enough, and it makes too much sense."
Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk.
You, sir, need to stop watching 24
Especially since this kind of thing isn't just for Fatty McPimpleface down the road anymore. It's a lucrative business, akin to busting up stores and homes for 'protection money' (but with fewer guns). Yes, kill the bastards. Kill them, arrest them, just get them the hell away from anything with blinking LEDs.
Alternatively, a lot of effort could be saved by keeping weekly backups on another machine. It probably wouldn't even take up much space, so long as you only saved files you made. What good are any of those viruses/worms/email scams, so long as people understand best practices?
I just read Slashdot for the articles.
Uhm, since nobody else cared to mention it. Why don't we pressure the Chinese Government to get involved. Like maybe go to the site where that email server is sitting and gain access to the computer and track down the real IP of the people sending the emails. Then go to their homes and arrest them. Then after beating them sufficiently, extradite them from country to country to be put on trial. Force the private key out of them and force them to disclose the rest of the people involved in the scheme.
Track them down and kill them.
You should probably get the private key from them first.
The problem with that is that if you didn't do it at the beginning ... and before/after every update ...
And anyone organized enough to do it at the beginning and prior to every update is organized enough to not need to do it.
It took me a bit of work, but I think I got it. Can someone double check my work? This is the key that I came up with:
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
That's where many weaknesses in cryptographic software have been found. With any luck the virus writers just borrowed the encryption code out of OpenSSL in the Debian tree.
"a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk."
How about tracking down the people behind the Operating System and holding them to account.
davecb5620@gmail.com
I've never seen a company that uses an "M$" thing, reliable or not, mostly because the built-in backup tool in Windows has always sucked for everything other than simple personal archiving. I use it to back up my "home" directory to an external USB drive (not a floppy, those are not in use anymore), but it's less than 10GB.
There are hundreds of pro backup solutions for Windows that range from the more advanced (or simple to use) personal, to small/mid-size business and enterprise (think the massive EMC2/SAN solutions here for example). Local or remote/network, with or without schedulers, agents and so on. It's quite the active niche for many companies. If "M$" added something actually usable to Windows no doubt people like you would be at the front of the pack yelling "anti-competitive behavior" anyway.
I don't understand the rest of your post, sorry. "Many of them will simply pay and wait for their computer to fail some other way" just doesn't make any sense at all.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
(I actually did this once. Surprisingly, it worked. YMMV)
1. Plug in portable hard drive (or equall or greater size)
2. If using NT, Win2000 or XP, tell windows to reformat your *portable* drive as NTFS. (If you're using Vista, I don't think this will work)
3. Boot from a live CD (or DVD) Linux
4. Open a command or terminal window
5. Type: dd if=/dev/sda0 of=/dev/sdb0
To restore:
1. Plug in portable hard drive containing the backup
2. Boot from a live CD (or DVD) Linux
3. Open a command or terminal window
4. Type: dd if=/dev/sdb0 of=/dev/sda0
Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
Kaspersky Labs should build this distributed key code into their antivirus products: there is distributed infrastructure for sending/receiving keys with update service and tons of mostly idle PCs! Kaspersky, make this version free or cheaper version than your regular AV product and voila!
Uhhhhh....let us presume for a moment that the hackers are trying to trick us into factoring a root signing authority's RSA key. Isn't it, like, bad that that's possible?
But severoon, you protest, in all but the most bizarre circumstances those keys are safe! It takes 15 million computers a year to break that key! No one person could do it!
Yea, after all, when was the last time the government corralled massive compute power to do something stupid (-ahem- tee off AT&T's web traffic and do deep packet inspection)? And when was the last time we saw a 15 million X increase in compute power (-ahem- since 10 years ago)?
I no likey this thread...it makes me nervous. I'm going to go drink away the bad thoughts.
but have you considered the following argument: shut up.
You want some help getting the sand out of your vagina? It sounds pretty bad - you should call 911 and ask for the coast guard. It might not be too late.
Is this some kind of clever troll? How is it "interesting"? It reads as twitter had never been inside a SME or larger. Every company I've ever worked for - including a small start-up - had comprehensive backups. My last company wasn't that big and it had 100% disk recovery across all platforms, including Windows, HPUX, IRIX, Linux, classic Mac, Mac OS X.
Patriotism is a virtue of the vicious
Data was safe. The problem was the EXE files. A huge proportion of them was infected. But went unnoticed before the time bomb activates. We had to find install floppy to reinstall all the nuked software.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
lots of companies don't allow USB keys to be used on the premises.
Corporate users - the ones twitter references - are usually the ones with access to the ultra-reliable backups.
Patriotism is a virtue of the vicious
Back in the 80s the main OS on PCs was MS-DOS, which wasn't multitasking.
.EXE/.COM file, thus being executed each time an infected file was ran and ending up being constantly run even if there weren't autostart and/or multitasking facility in MS-DOS.
...except the whole point was moot at a time when "sneaker net" was the only way to communicate between computers and getting a recent antivirus was hard.
That meant that most of the malware wasn't worms (autonomous program propagating over the network, as 99.9% of todays malware) because you couldn't run a separate worm process in the background.
Instead the malwares were of the viral kind, which piggybacked on legit executables, by injecting it's own code inside the
Some times the code injection would fail and the executable would stop functioning thus revealing the presence of virus even before the virus manage to do something.
Some times the code injection would succeed and the virus would stay unnoticed until its payload kicked in.
Similarly, cleaning an infected EXE file was not guaranteed to succeed all the time. So generally once a PC was infected, it meant that all the infected programs were definitely hosed except a couple few lucky who went the whole infect/clean process without being damaged.
What was worse, the first time we had a virus infection, the payload was able to physically damage the hard drive but otherwise remain silent (no taunts displayed on the screen, no EXE becoming suddenly suspiciously corrupted), so we went through a couple of warranty claims before realising that there was a virus sleeping even in the old backups.
That would have been a nice lesson about systematically scanning all incoming floppies and keeping one's antivirus pattern files up to date...
I was the only kid around having an antivirus so I didn't have anybody to swap patterns with.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Your first known-plaintext attack would be against the RC4 key that the RSA key protects ; then you'd have to attack the RSA key.
Security only needs to be good enough that the cost of breaking it is more than the reward of breaking it. Could you expect to make the hundreds of millions of dollars it would cost to have 15 million modern PCs running for a year from knowing a root signing authority's key? I doubt it and the signing authorities must doubt it too, or they'd be using more bits.
Chernobyl 'not a wildlife haven' - BBC News
I wrote about it here years ago. It's called incremental imaging. I covered it in my journal. It works.
Basically during a very careful system build you make a series of snapshot images of the system. If you do the steps in the right order and label your images correctly you can restore your system to any point that you saved in the system building process. It's much preferable to revert to an image that didn't contain a software package and install the new version than to uninstall the old version and install the new. These days building the whole thing in a virtual machine is also a common recommendation. It makes the snapshots quick and easy and virtual machines can be moved from any platform that supports that style of virtual machine to any other without reinstallation. Do pay attention to your licensing though.
If you're hoping for a system where you can take a Windows installation and run one restore that adds back to it all your applications, no you can't do that unless you have a system snapshot with backup software and a "differential backup" with all your software installed. I don't recommend this because the slightest missed trick and applications will fail inexplicably.
Basically my opinion is that if you're restoring applications from backup you've already horribly failed. You're better off with a clean image and/or a clean install for reliable performance. And by reliable performance I mean best replicating the environment that ended with you restoring in the first place. If you're rebuilding for some reason other than catastrophic hardware failure or platform migration your efforts might be better spent in a total rethink of why you're doing what you're doing and how.
Help stamp out iliturcy.
I think this is more a job for Nikita. Time to create a new section.
Twitter (and his many aliases) is a well-known troll, and takes every opportunity to talk about how terrible anything having to do (even remotely) with Microsoft is. As an example:
http://slashdot.org/comments.pl?sid=562692&cid=23524480
It is pitch black. You are likely to be eaten by a grue.
It's an installation packager or package builder. It monitors all of these things for you and builds a script that basically replicates the installation.
I've tried several and my experience is so spotty that I can't recommend one. There are issues with interdependent packages, user account issues, variability in platforms and auditability of success among other things.
Still, they can be useful sometimes and can get around installer stupidness like only installing from CD or floppy, multi-reboot installs and building a single installer that installs almost all of your apps. Developing a process like this for an enterprise is at least one full time job. For a household or small business it's just not worth the effort.
Help stamp out iliturcy.
I tried to download the encrypted files from the Kaspersky forum.
It required a log-in.
I used a bugmenot.com login(obviously).
Result: my IP got banninated until 19.11.2009
I'm vain enough to consider myself a "crypto expert", and that sort of treatment is a turnoff. Kaspersky, either learn to respect my privacy or learn to live without me.
AC jokes, but that's awfully close to how some early computer memory actually worked.
Delay Line Memory, it was called. Basically, you push bits onto a wire loop, and then when they come back around again on the guitar you read them and push them back on again.
That said, the seek time on your version is awful...
--
I don't want to rule the world... I just want to be in charge of mayonnaise.
Some readers may be having difficulty understanding some of the discussion of this article because they don't understand the concept of public-key encryption. Such readers can find a simple-to-understand overview on my website. The overview is a presentation (available in PowerPoint and PDF formats) that should be self-teachable. It has an open-source license, so feel free to reuse and modify it.
I have a friend who uses a floppy. so sad :-(
null
Would a properly backed up file allow you to recover the key? Would it then be possible to run a honey pot and checking it for encrypted files?
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
That would give an exponential gain in the cpu time it takes to break it, right?
15M^2=2.25*10^14.
Shouln't be that hard to implement either.
Normally, I'm all for responding after reading just the headline and not the body of the message. After all, this is /.!
But if you had read the actual content of my post, neither example I present requires the key breaker to make hundreds of millions of dollars from breaking the key.
First up, we have the government, which specializes in spending hundreds of millions of dollars, not making it, and they'll drop that much cash in a heartbeat, without much research, and on fairly stupid things (Bridge to Nowhere, anyone?).
Next up, we have everyone else. In 5 years, "millions" of computers will have fallen to "thousands". And the cost of compute cycles will have fallen significantly as well, meaning that anyone who understands how to deploy to Amazon's EC2 or Google's App Engine could easily mount such an attack with fairly modest resources.
Your point about signing authorities using more bits is exactly the heart of the issue. They're not allowed to use more bits—my understanding is that data encrypted with more than 56-bits may not cross in or out of the US (though I seem to remember this has been raised to 128 or 256?), and more than 1024 even within the country is not legal. Actually, I can't even remember if this law was eventually struck down altogether...but the fact that it ever was even suggested makes me wonder exactly why the government would concern itself with restricting and/or regulating such things.
Why, indeed.
but have you considered the following argument: shut up.
....a 15 million X increase in compute power....
Is not really needed for this. Just find the culprit(s) and use the rubber hose decryption key on him/them.
All theory is gray
Right click, restore previous versions, pick the right date, problem solved.
Give a man a fish, he'll eat for a day, but teach a man to phish...
I'm not a business owner, but i am paranoid, especially about computer viruses.
I've got a nice approach right now to always keep my drives clean. it's an old IDE hdd, that has a clean install of windows with just the basics. it happens to be a maxtor, so i can use the 'max blast' software. seagate owns maxtor now, though and seagate has the same nice drive utility suite. most HDD vendors offer a comparable suite. but, since i am paranoid, i don't use these 'windows' solutions to purge a drive. i use darik's boot and nuke.
as for where i keep my valuable data? dvd-roms, and possibly on a usb HDD, in the event that i even think an infection has taken place, i dump all my data to a linux drive, format every windows drive, including the USB one i use for backups when a dvd-rom isn't enough.
the usb drive never sees a windows system that is connected to the net, and i use separate windows drives, for playing online games, and for playing movies/backing up dvds. the dvd system is never on the net either. for a while i was using diff, and linux to verify my system wasn't being compromised, but that takes a lot of disc space, especially if you keep all the old files, and it doesn't scan problems that can occur within the NTFS itself, there is a program called ntfs clone for linux that can check the metadata for infections, but with my new ability to wipe my system clean within 30 minutes, tops and then only have to configure a few things i left unconfigured...
well, it may not be as impressive a system as what 'enterprise' users use, but i can clean a system, even wipe it's bios, (i've had to do that before, when a system was rooted for a long time) without using anything microsoft based... the only problem, is vista, vista needs it's CD/DVD media when it's been copied by HDD utilities.
that will be annoying, but knowing that at any given moment i can clean my systems completely, without hackers being able to stop me, is something i really needed to have, even medicated.
https://www.gnu.org/philosophy/free-sw.html
Actually, not necessarily. Veritas Netbackup (as a typical commercial solution) and Bacula (as a pure GPL solution) can run on Windows or Linux as the server(or in Bacula's case, IIRC even on OSX).
Quo usque tandem abutere, Nimbus, patientia nostra?
It doesn't matter what the backup software can run on. The typical corporate desktop is still Windows, so the client side of the backup solution has to run on Windows.