All-Radio 4.27 Portable Can't Be Removed? Then Your PC Is Severely Infected

CaptainDork shares a report from Bleeping Computer: Starting yesterday, there have been numerous reports of people's Windows computers being infected with something called "All-Radio 4.27 Portable." After researching this heavily today, it has been determined that seeing this program is a symptom of a much bigger problem on your computer. If your computer is suddenly displaying the above program, then your computer is infected with malware that installs rootkits, miners, information-stealing Trojans, and a program that is using your computer to send send out spam.

Unfortunately, while some security programs are able to remove parts of the infection, the rootkit component needs manual removal help. Due to this, if you are infected with this malware, I strongly suggest that you create a malware removal help topic in our Virus Removal forum in order to receive one-on-one help in cleaning your computer. Some of the VirusTotal scans associated with this infection have also indicated that an information stealing Trojan could have been installed by this malware bundle as well. Therefore, it is strongly suggested that you change your passwords using a clean machine if you had logged into any accounts while infected. 6/29/18: The story has been updated to specify that this malware campaign is targeting Windows computers.

Nuke & Pave

How about you *don't* go to their forum and instead format everything and start again.

Re: Nuke & Pave

Security Program Manager, Microsoft Corporation

I Got Hacked, What Do I Do?
https://technet.microsoft.com/en-us/library/cc700813.aspx

Re: Nuke & Pave

The same can be said for Windows...you just have to not call support. Use the online resources, the MS KB has everything though you might have to read some forums to figure out exactly what you need.

Also, removing rootkits is fun if you have a day to burn. I killed one using Cheat Engine once...it was hiding from Task Manager (duh rootkit) but CE pulled up the real process list and let me inject a huge text file like a DLL. Apparently programs don't like that because after I did that I was able to find and delete all files added that day and it was over.

Not making new files often saved my ass, there were so many files and missing any 1 restored the rest on next boot. There were even trojanized versions of every command exe for cmd.exe. I came up with "just delete everything from today" after a few hours...

Re: Nuke & Pave

[OrangeTide]

To be fair, it's less work for everyone involved to format and re-install, even if you can manually fix something major. And with a Windows box you'll probably have to re-install sometime in the next 5 years anyways.

Re: Nuke & Pave

My peepee did fall off. Say, you're pretty good!

Re: Nuke & Pave

You may as well pxe/usb boot into a fresh install on an vhd style volume. It's not like the hardware costs even a hundred bucks at this point.

Re: Nuke & Pave

Should have installed Apk's Hosts File Engine++, which protects from this threat and others while speeding up your computer. All the stalkers here like to mod down Apk and attack him but he's right.

Re:Nuke & Pave

Reinstalling doesn't remove rootkits... that's what rootkits were designed for... to survive OS reinstalls.

Re: Nuke & Pave

Security Program Manager, Microsoft Corporation

I Got Hacked, What Do I Do?
https://technet.microsoft.com/en-us/library/cc700813.aspx

So the parent was modded up before, suddenly it gets modded down. Really slashdot moderation has been trashed recently. It's worth saying why this was the money post. The only post in the whole thread which really mattersL:

The key quote you have to follow is:

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications). Alternatively, you could of course work on your resume instead, but I don’t want to see you doing that.

But it's the bit before that which really matters:

You can’t clean a compromised system by using a virus scanner. To tell you the truth, a fully compromised system can’t be trusted. Even virus scanners must at some level rely on the system to not lie to them. If they ask whether a particular file is present, the attacker may simply have a tool in place that lies about it. Note that if you can guarantee that the only thing that compromised the system was a particular virus or worm and you know that this virus has no back doors associated with it, and the vulnerability used by the virus was not available remotely, then a virus scanner can be used to clean the system. For example, the vast majority of e-mail worms rely on a user opening an attachment. In this particular case, it is possible that the only infection on the system is the one that came from the attachment containing the worm. However, if the vulnerability used by the worm was available remotely without user action, then you can’t guarantee that the worm was the only thing that used that vulnerability. It is entirely possible that something else used the same vulnerability. In this case, you can’t just patch the system.

Below there are people proposing reverse engineering the malware and then, if you know what it does, you can clean it up by reversing that. However, one thing most malware does is open up to the network and let the malware authors do what they want, so even if you know what this malware does you don't know what all malware does. Anything more could have happened to your system.

Reinstall from original installation media and pray to god that your system's onboard firmware is not compromised.

Re: Nuke & Pave

[Mike+Frett]

As someone that worked in a PC shop, all we ever did for a solution was run a virus scan, format then reinstall Windows. It usually fixed 99% of the problems and you payed us a nice, fat sum for it.

Re: Nuke & Pave

[rally2xs]

Reinstall? I think it would probably take me months to re-install all my programs, fight with the companies that have "activation" while attempting to explain why I need to re-active the old program, maybe $100's or $1000's to re-purchase the software where I was unsuccessful at fighting with the companies that have the "activation" nonsense, re-install stuff, and just generally get my computer back to the way it was. I have LOTS of stuff on my computer - my backup file is around 800 Gb, and it doesn't even back up some directory structures that are already backed up and never change. Reinstall? I'd rather buy a whole new computer and start from scratch, and that's saying something since this one is high-end and cost near $4K to build 3 years ago.

Of course since the latest Windows 10 update broke my computer, forced a call to Microsoft help to fix it, required rolling back to the previous version, and locking out further updates lest they re-install the "upgrade" and I once again start getting memory management BSOD's, I'm probably looking at replacing this computer in a couple years as it is frozen in time, receiving no further updates, and will, I expect, probably become obsolete. But Microsoft has to keep dicking around and "upgrading" the damned thing until they make some change that's incompatible with some driver which can't be determined which it is, and for which there may be no update to fix it anyway, and... instant obsolescence. Would rather they just "upgrade" by coming out with Windows 10, 11, 12, etc and so if these don't work, then I can revert to the previous version which will at least be maintained for a while.

If it weren't for Linux being compatible with nothing I'm interested in (there's no Linux solution for a ham radio program I use called "Winlink", I understand) (No, I DON'T want to run it in some damned emulator and add another level of complexity to the question of why it doesn't work, I just want it to work...) I'd abandon Windows. But either way, stay with Windows or jump ship to Linux, it all looks like an incredible hassle.

Re: Nuke & Pave

[Joce640k]

I'm amazed at how they still haven't managed to load antivirus software before the viruses.

It's what, 2018 now?

(and also amazed that Windows "safe" mode still loads everything in the "run at startup" registry key... safe or otherwise)

Re: Nuke & Pave

[Joce640k]

Why bother with a virus scan if you're going to format? Did nobody explain even the basic concepts to you?

Re:Nuke & Pave

[Joce640k]

Ummm.... no.

Re: Nuke & Pave

Run at startup registry key? What OS are you running that you think is Windows?

Re: Nuke & Pave

[Anonymous+Brave+Guy]

Reinstall from original installation media and pray to god that your system's onboard firmware is not compromised.

Sadly today that last part is also very significant. Thanks to the mess of modern infrastructure like UEFI, everybody's device having embedded functionality that can be updated, and processors-within-processors, it's basically impossible to ever fully trust a system that has been compromised now, no matter how drastic your recovery procedures might be. Of course, for similar reasons it's also basically impossible to trust a system that you don't know has been compromised either. Security in modern tech is broken, and the tech industry and security services broke it.

Re: Nuke & Pave

[Raistlin77]

The lazy fuck ran a virus scan just to show the customer that there was a virus. You missed the point of his post - he just flat out told you how he would intentionally screw customers and get paid.

I'll bet the "PC shop" he worked for was Geek Squad. So yes, someone likely did explain the basic concepts to him: do as little work as possible, charge as much as possible, rinse, repeat.

Re: Nuke & Pave

Reinstall? I'd rather buy a whole new computer and start from scratch, and that's saying something since this one is high-end and cost near $4K to build 3 years ago.

A fool and his money are soon parted.

Re: Nuke & Pave

Reinstall? I think it would probably take me months to re-install all my programs, fight with the companies that have "activation" while attempting to explain why I need to re-active the old program, maybe $100's or $1000's to re-purchase the software where I was unsuccessful at fighting with the companies that have the "activation" nonsense,

Ah yes, the pitfalls of paying for software. If those licences are worth anything to you - keep receipts to show those companies when you need to. It isn't just malware destroying computers - they break when some internal component gets too old.

One of the upsides of open source - not only is it free in the first place, but no 'activation nonsense', no 'licence management', no 'paying again' when you couldn't prove ownership after the disk broke . . .

Re: Nuke & Pave

because you move some user data and its good to have them cleaned before you reinstall so there is smaller chance of spreading the virus/malware to new install.

Re: Nuke & Pave

[pnutjam]

This Winlink? It looks like there are plenty of options. Even so, slapping it in a vm that you can snapshot and maintain would be way less work then maintaining your behemoth pc.

Re: Nuke & Pave

[pnutjam]

True, cleaning up is usually at least 3 to 4 times more expensive in time and the end product is always suspect.

Re:Nuke & Pave

[pnutjam]

If you ensure you completely wipe the drive, by "nuking" it or formatting with different filesystems, for example xfs before reinstalling windows, it's pretty safe.

Re: Nuke & Pave

[Killall+-9+Bash]

So, that guy seems like a douche, but I did basically the same when working at a repair shop. Run scan to find proof of virus infection. Format & reinstall for 100% reliable malware removal. Anything less than format was about a 50/50 as to whether you really removed ALL of the malware. Nuke it from orbit. It's the only way to be sure.

Re:Nuke & Pave

As long as the firmware of the hdd hasn't been subtly altered to hide things on the drive.

Re: Nuke & Pave

[muirhead]

Have you looked into https://www.winlink.org/conten...

Re: Nuke & Pave

[Kiaser+Zohsay]

Even virus scanners must at some level rely on the system to not lie to them.

Kaspersky provides a Live CD rescue disk. I have had luck with it in the past. But even with a live CD, you have to know a good deal about both the target system and the malware.

Re:Nuke & Pave

[pnutjam]

I think this is 99% FUD. Drive firmware alteration would crash stuff and it's outside the norm for malware of the current generation.

Re: Nuke & Pave

he just flat out told you how he would intentionally screw customers and get paid

It's ok when they're Microsoft customers. I have zero sympathy for anyone who supports that horrible company and will gladly separate them from their money. At least with me, it will be better used.

Re: Nuke & Pave

[rally2xs]

No, not that one, that's gateway software. I need client software. These are the available clients:

https://www.winlink.org/Client...

The client software absolutely has to do Winmore and Ardop, and you can see that the only one that does is the Windows software.

Then of course there is the other Windows-only stuff like my Nikon camera utilities, Photoshop Elements, Office 365 (did they make it Linux yet? Maybe... don't want to lose VBA), and so forth.

Since I have a mortally wounded computer from the last Windows update, it's tempting to build a new one an make Linux the base OS and attempt to make everything work through VMs for Windows, (see if I can get Call of Duty and Quake III (yeah, its ancient, but have been playing it about 20 years and have over 200,000 dead bots behind me), and so forth. I just really don't want to end up scripting a shell and wondering why the m-fing regular expression isn't doing what I want it to. Damn, I hated that when I had to do it for work, and it made me appreciate Windows so much more...

Re: Nuke & Pave

[imidan]

When you decide to throw away your $4,000 computer to solve your Windows glitch, can I have it? I'll actually come to your house and pick it up, if you live in North America.

Re: Nuke & Pave

[rally2xs]

I'll have both the crippled computer & the new linux computer simultaneously. If I can get the new linux computer to do what I want, I'll likely convert the old one to linux too, except it'd likely be several years of learning and experimentation to get the windows software to cooperate so the old computer might really be obsolete by then anyway. Anyway, I'd find a way to sell it as parts... 850 watt PS, 32Gb ram, core i7, blue ray burner, etc.

One-on-one-help

Only $99.99 for the next 48 hours!

Re: One-on-one-help

Hello, my name is Vikash and I am from Microsoft. I am calling because you are the infected PC. I can do the needful but you must revert with all CC number and bank detail. I am also to be posting on the Slashdot with relevant detail. Please to revert immediately.

Re: One-on-one-help

Greetings! Kindly install the attached program so as to remote into your Windows and remove bug. But first visit link below and provide credit card information so as to I can verify your computer fingerprint identity. Seeing many scams, rest assured I want to remove virus and send you on happy day. Salutations, Chris from Salina, Kansas

Re: One-on-one-help

Plz to show bobs and vagine

Re: One-on-one-help

[DontBeAMoran]

Yes sir immediately, I will call Bob and Mova for help, please hold.

Dammit!

[Ol+Olsoc]

Windows users get all the cool stuff.

Re:Dammit!

I wouldn't call "re-install" a fix, no matter for how many years now it *has* been the only reliable fix. But I am happy for your enthusiasm, and I will try not to be so smug. Really.

Re:Dammit!

[Ol+Olsoc]

So you are saying tht the exact same numbers of malware and virus exist for Linux and PC, and that Windows is just as secure?

Consider that at least you were smart enough to post AC.

Silly AC - this is not a tit for tat, where you point out a Linux problem as if it were teh equal of a Windows problem. Sorry, but we are talking about a body of work, and Windows is lapping the field several timas regarding it's abysmal security.

But hey - IIRC Windows ten is the most Secure Windows ever! Like W8, like W7, like Vista,

Re:Dammit!

[Ol+Olsoc]

I wouldn't call "re-install" a fix, no matter for how many years now it *has* been the only reliable fix.

Not a fix at all, especially if you have a highly configured computer and many programs.

Amazing how Windows users can thump their Chests like a silverback Gorilla, about an OS so terrible that starting over again is even considered good advice.

Although I know a few who bought a whole new computer because of a virus. I wonder if they replace the engine every time they need to change oil?

Re:Dammit!

He was only responding with a smart assed remark since you posted your own smart assed remark.

You're way too serious, old man.

PS, fuck your lawn.

Re: Dammit!

Why don't you just restore your system from a clean backup, the type you take in case of drive failure, theft or fires.

Anytime I make a major set of changes i take a clean backup of the system. Data is obviously already backed up in snapshots elsewhere.

Also, fuck systemd and that shit. BSD did in twenty minutes what systemD took 13 hours to figure out last night. Not directly related but worth repeating.

Re:Dammit!

Not true. I am porting it to Linux. You can get it from the Gentoo Github (while stocks last).

Re:Dammit!

[moronoxyd]

So you are saying tht the exact same numbers of malware and virus exist for Linux and PC, and that Windows is just as secure?

I don't see that statement in QPs comment.
So... you like putting words in other peoples mouths to make a point?

Silly AC - this is not a tit for tat, where you point out a Linux problem as if it were teh equal of a Windows problem. Sorry, but we are talking about a body of work, and Windows is lapping the field several timas regarding it's abysmal security.

Is it not true that Linux is used on many millions of IoT and network devices? Is it not true that oftentimes the makers of these devices do not provide any meaningful support after the release of the devices? Is it not true that over and over again such devices are found to have fixed passwords, gaping security holes ore are using libraries with known security problems?

That doesn't make the problems with Windows any better, but it shows that the Linux world has it's own set of problems. Neither party has any right to look down upon the other one.

Re:Dammit!

"I wonder if they replace the engine every time they need to change oil?"

Now you're just being silly. We replace the car since you never know if any of the oil managed to get out and stuck to something else.

Gotta think ahead. That's why linux users will never see their year on the desktop.

Re: Dammit!

[butzwonker]

I don't know about Olsoc's installation but maybe because it's not possible. For example, I have 100+ VST instruments and effects installed on my Windows machine, each of them with a complicated DRM scheme that requires sending emails, logging into websites, etc. It takes about one week of full work or 4-6 weeks of spare-time work to restore the system into a workable state. I know that because I recently changed my system.

Sure you can blame the software companies for their crappy DRM schemes, but for some of us that's the reality and reinstalling Windows from scratch is basically out of question. But hey, at least I'm not working at a recoding studio that could lose many thousands of dollar when there is a problem with their Windows installation...

Re: Dammit!

If you know that a restore from scratch is onerous, then take a golden image of your machine from a usable state with all your apps installed. Problem solved. Clonezilla.
Invoice is in the mail.

Re:Dammit!

[Ol+Olsoc]

So you are saying taht the exact same numbers of malware and virus exist for Linux and PC, and that Windows is just as secure?

I don't see that statement in QPs comment.

So... you like putting words in other peoples mouths to make a point?

I like cutting to the chase. Trying to parse his comment wasn't easy, bit in the end, I just decided that since he was expounding something superior abut Windows over Linux with the cryptic at least they can be fixed comment - I just took a stab at what he was trying to say. Don't like it? sue me.

Silly AC - this is not a tit for tat, where you point out a Linux problem as if it were teh equal of a Windows problem. Sorry, but we are talking about a body of work, and Windows is lapping the field several timas regarding it's abysmal security.

Is it not true that Linux is used on many millions of IoT and network devices? Is it not true that oftentimes the makers of these devices do not provide any meaningful support after the release of the devices? Is it not true that over and over again such devices are found to have fixed passwords, gaping security holes ore are using libraries with known security problems?

And trying to conflate the issues of IOT with a Linux install on a PC is disingenuous. Having a fixed password and lack of support or updates is a manufacturer's issue, not a problem with Linux My Linux installs get more updates than My MacOS machines, which in turn get a few more than my Windows machines. My Samsung Android tablet has maybe 1 per year, though it's tapering off. And finally anyone purchasing and using an IOT device is purchasing their own problems willingly.

That doesn't make the problems with Windows any better, but it shows that the Linux world has it's own set of problems. Neither party has any right to look down upon the other one.

All operating systems have issues. I use Windows, MacOS and various flavors of Linux. Linux requires more and different knowledge (though I use that knowledge on Mac as well) MacOS has nuc'ed perfectly good working software, but really, the champ is Windows, especially Windows 10, with it's horrid update process. Hates some drivers, decides it knows better, then uninstalls it, and installs a driver that Microsoft thinks is better. Breaks software installs. Brings back the BSOD. Every update is an adventure, will the computer and software work when it reboots? If it reboots. What settings did it change? I even tried going Wi-Fi and don't download updates on a metered connection to try to stop Microsoft sexually assaulting a laptop. A couple weeks later, it downloaded an update anyhow. Plus, if you click on that metered connection, it will shut off functions that shouldn't have anything to do with metered connections, like Bluetooth connectivity..I tried to install a Bluetooth speaker to that machine, and it wouldn't unless I turned the metered connection update back on.

In ascending order of support needed:

MacOS - maybe 2 percent Linux - 10 percent and dropping after people get the learning curve and used to terminal.

Windows - everything else.

Re:Dammit!

[Ol+Olsoc]

He was only responding with a smart assed remark since you posted your own smart assed remark.

You're way too serious, old man.

PS, fuck your lawn.

ps.. Not exactly serious - more like enjoying trolling some folks. Jes sayin'

Re: Dammit!

This. Seriously, if you have that much time and effort spent in getting a Windows box where you need it to be usable for you, and you didn't make a backup image and/or you aren't making periodic backups, you are a complete moron and deserve to get screwed when shit goes awry.

Re: Dammit!

[pnutjam]

If that's the case you should have a spare HD with a cloned image, or take regular images with an appropriate tool. I used to use a pxe boot server and image systems to samba share. A real easy way is to use this guyWhen you boot back to windows, that space is invisible and unaccessible to malware. You can always boot back to linux and restore your system.

Re: Dammit!

[pnutjam]

lost some comment there with a open tag.
use the system rescue cd to resize your disk (gparted), and leave empty space at the end. Format that end space with a linux filesystem (xfs). Windows can't see it, but you can store a compressed image of your system using dd, partimage, or fsarchiver.

Re:Dammit!

[Ol+Olsoc]

Not true. I am porting it to Linux. You can get it from the Gentoo Github (while stocks last).

Thank you, you are doing a good thing. This will be the year of Linux getting the malware they need.

Re:Dammit!

[Ol+Olsoc]

"I wonder if they replace the engine every time they need to change oil?"

Now you're just being silly. We replace the car since you never know if any of the oil managed to get out and stuck to something else.

Gotta think ahead. That's why linux users will never see their year on the desktop.

ahhh, my bad!

Re: Dammit!

[Ol+Olsoc]

If that's the case you should have a spare HD with a cloned image, or take regular images with an appropriate tool. I used to use a pxe boot server and image systems to samba share. A real easy way is to use this guyWhen you boot back to windows, that space is invisible and unaccessible to malware. You can always boot back to linux and restore your system.

And you hope that there isn't malware on that clone. the concept of re-cloning every time you get an update - which for the number of programs I have would mean every day - is not a solution, it's masochism.

I suppose for people that only have the basics of Microsoft office, a peripheral or two and it wouldn't matter.

On my Mac, Time Machine can reinstall everything, but even that takes a good while. On my PC's, I just plan on nucing it from orbit in the unulikely event it gets pwned.

Re:Dammit!

You just don't want people to criticize Windows.

Re: Dammit!

[pnutjam]

You could use veam's free windows client to backup to a usb, NAS, or separate internal drive. It will create bootable media for you to restore from. You can even include distinct credentials for the NAS, so malware won't cross over to it.

Re:Dammit!

more like enjoying trolling some folks

Please go back to reddit and leave us alone...

Re: Dammit!

[Ol+Olsoc]

You could use veam's free windows client to backup to a usb, NAS, or separate internal drive. It will create bootable media for you to restore from. You can even include distinct credentials for the NAS, so malware won't cross over to it.

Just like Grandma does.

Oh cool

A slashvertisement

Which malware?

" then your computer is infected with malware that installs rootkits, miners, information-stealing Trojans, and"

So, it has Windows 10?

Re:Which malware?

[e432776]

Though I like Win10, I have noticed it installing things I never asked it to. Bubble crush saga or some such thing. I guess (another) bad thing about this bad behavior is that the appearance of random new "apps" is may not be a surprise to anyone, thus inuring them to their potential infection!

BTW, this does seem like an ad more than a legit story.

Re:Which malware?

Remove windows 10 and leave the rest sounds like the best solution.

Microsoft Windows only

[smoothnorman]

Would it be so difficult to place somewhere in an "Operating System" tagged posting which operating system was affected? Slashdot folks really might have more than one OS in their areas and it would be nice to know which is at risk right at the top.

Re:Microsoft Windows only

[Black+Diamond]

If you don't see an operating system listed, you can rest assured that it's windows.

Re:Microsoft Windows only

Yeah or maybe just read the article.

Meanwhile, Linux users rest easy assuming no harm can penetrate Fortress Europe.

Re: Microsoft Windows only

If malware does attack your linux computer, rest assured that only all of your personal content in your home directory will be wiped. The actual OS and software that you can download and install again for free is protected.

Re: Microsoft Windows only

Best comment. Yeah, it's always funny how Linux users will brag about how the OS will be fine but couldn't care less that your home folder can still be compromised or wiped. You, know, the only stuff that's actually important and many cases potentially irreplacable.

Re: Microsoft Windows only

[Xenx]

Well, the severity of the two problems likely comes down to whether it's for personal use or not. Servers or multi-user workstations probably care a lot more about the system still being usable, vs a user losing their stuff.

Re:Microsoft Windows only

[Trax3001BBS]

Yeah or maybe just read the article.

Meanwhile, Linux users rest easy assuming no harm can penetrate Fortress Europe.

I dual boot; going to https://haveibeenpwned.com/ says my Email address is public domain because of Linux Mint, I thought damn...
How this happened: https://www.zdnet.com/article/...

Re:Microsoft Windows only

Meanwhile, Linux users rest easy assuming no harm can penetrate Fortress Europe.

Well, I'm running MaginotLinux so fuck you smart ass.

Re:Microsoft Windows only

[Ol+Olsoc]

Would it be so difficult to place somewhere in an "Operating System" tagged posting which operating system was affected?

Oh, its Windows alright.

What I am interested in is the delivery system. The program is a crack of a popular and legit Russian program. But following the links, adware is mentioned once, and an admonition to avoid cracked programs.

So it's a Windows issue, and probably served up in ads and delivered when people click on them.

Which everyone should think about the next time they go to a website that won't let them in unless they turn off their ad blocker. Hopefully people her are smart enough to not clicky clicky on the ads modern websites serve up, because many do give you a dousing of malware, (I'm looking at you Forbes) but just install the Adblocker, and say bite me to the sites that won't let you in for it.

Re: Microsoft Windows only

Yeah, it's always funny how Linux users will brag about how the OS will be fine but couldn't care less that your home folder can still be compromised or wiped.

You should always regularly backup your system. So, if you are compromised and it only wipes your home folder, then it's a lot easier to recover your personal information.

You, know, the only stuff that's actually important and many cases potentially irreplacable.

If you care enough about irreplacable stuff, back it up. Hardware fails. Virtually anyone using a computer today has experienced it. If you still fail to back stuff up entirely, then the fault is yours. If you fail to backup regularly, the fault is yours. This isn't smugness. It's a self-created nightmare.

Re: Microsoft Windows only

Learn how to read a fricken article. It clearly states that it is installed by adware bundles pretending to be cracks.

Nothing to do with ads on sites and pop up blockers would not have helped it seems.

Re: Microsoft Windows only

[Gavagai80]

In reality though, my PCs have never been compromised in 18 years running desktop Linux... and never needed an antivirus. It's true that running as a limited user isn't a huge advantage in itself, just a small one. The main thing that makes Linux safer, I think, is that nearly everything I install is from a trusted repository -- not random websites that may have been compromised themselves. Microsoft tried to copy that with Windows Store, but they allow adware and don't review the source code to prevent outright malware either so it doesn't really help.

Re: Microsoft Windows only

[Hallux-F-Sinister]

That should be true, but sadly, it is not. Every once in a great while, it is something else. They really should have specified.

Re: Microsoft Windows only

Beware of the blitzkrieg virus where the process starts in user space and then goes through Belgium space

Re: Microsoft Windows only

[f3rret]

In 30 years of using Windows, my Windows machine has never been compromised.
Thus I can conclude that Windows is completely 100% secure.

Re:Microsoft Windows only

[TeknoHog]

It does say "PC" which I believe stands for "personal computer", as in "My Computer", as in Bill Gates's personal computer.

Re: Microsoft Windows only

In reality though, my PCs have never been compromised in 18 years running desktop Linux...

That you know of.

Re: Microsoft Windows only

[AmiMoJo]

Actually Linux is more vulnerable than Windows to this kind of attack because most Linux systems do not implement any kind of secure boot procedure.

These rootkits work by replacing some parts of the OS that are loaded very early in the boot process, things like core SATA drivers needed to read in the rest of the OS or parts of the kernel. That makes them very hard to detect and remove, because any software running on the OS that tries to read those files can be supplied with a clean copy by the rootkit. Even the kernel can't easily figure out if the SATA driver or the filesystem handler is really giving it the true data or a fake copy.

Windows mitigates this by implementing Secure Boot. This is something that is part of the UEFI spec and which Linux users got upset about when it looks like some devices might not let you load your own keys. Modern Windows systems supplied by PC/laptop manufacturers have a Microsoft key in the UEFI that is used to verify the OS boot files have not been altered by a rootkit before loading them. Microsoft requires OEMs to implement it for Windows 10.

Other Windows installs, particularly older ones people do themselves, might not have Secure Boot enabled and so are vulnerable to this kind of attack. Linux systems very very rarely use Secure Boot so are almost always vulnerable to.

In both cases (Linux and Windows) some kind of root exploit is needed to alter those files in the first place. The difference is that a Windows system with Secure Boot can detect it and recover those files from a hopefully clean backup copy that normally no level of privilege allows to be corrupted. On Linux you would have to somehow notice yourself what has happened and fix it manually with a boot disk.

Re: Microsoft Windows only

[pauljlucas]

Yes, and the point was in those rare events, they typically do mention the OS. Hence when they don't, again, you can rest assured it's Windows.

Re:Microsoft Windows only

[SigmundFloyd]

If you don't see an operating system listed, you can rest assured that it's windows.

It shouldn't be that way on Slashdot. And, yes, it should have been mentioned in the summary, but doing so would require real editors.

Re: Microsoft Windows only

These rootkits work by replacing some parts of the OS that are loaded very early in the boot process, things like core SATA drivers needed to read in the rest of the OS or parts of the kernel. That makes them very hard to detect and remove, because any software running on the OS that tries to read those files can be supplied with a clean copy by the rootkit. Even the kernel can't easily figure out if the SATA driver or the filesystem handler is really giving it the true data or a fake copy.

And isn't that the point of Linux? You don't touch the OS at all from Linux's user stand point. If you install any program, it should come from a (trusted) repository, not simply download from a site. When install, you will need to enter root password if the installation requires changes in critical system. If you are a user, you shouldn't be able to do that but rather install under your own privilege; thus, no OS. If you are the admin, then you deserve it because you should know better to be an admin. That's why most people who use Linux know what they are doing.

Re: Microsoft Windows only

[ls671]

In reality though, my PCs have never been compromised in 18 years running desktop Linux...

It is impossible to be 100% sure that you are not compromised. The best you can do is keeping your eyes open.

Re: Microsoft Windows only

this is not crack OS, this is stupid ad-ware software , not install - no problem

Re: Microsoft Windows only

[ebvwfbw]

You just didn't know it was hacked. That much is clear.
Besides, they didn't even have windows 30 years ago, as such. It was an add on to dos. To get a real widows OS you would need something like a Unix box running X11 or MacOS. Windows was just a toy really back then. It wasn't until 95 that windows really was onto its own.

Don't think you're safe today. It's easy to hack a windows box if you know what you're doing.

Lie down with dogs, you're bound to get fleas

[EvilSS]

From the article

When malware removal expert, Aura, started helping these victims he noticed a common theme. Most of the users reported being infected after they downloaded and installed game cracks and Windows activation tools such as KMSpico.

So don't do that.

Re:Lie down with dogs, you're bound to get fleas

Fucking Peruvians.

Re:Lie down with dogs, you're bound to get fleas

So, downloading dodgy software from dodgy sites gets you infected with viruses and malware? Who would have thought.

Re:Lie down with dogs, you're bound to get fleas

lol bullshit.
i've pirated pretty much every game EVER.
Never been infected that way.

However i've been infected twice from acutal physical media i bought...

Now windows activation tools... yeah a bunch of those ARE malware.

Re:Lie down with dogs, you're bound to get fleas

[DigiShaman]

Oh Gawd! LOL, too funny.

There's no honor among thieves.

Re:Lie down with dogs, you're bound to get fleas

Most of the users reported being infected after they downloaded and installed game cracks and Windows activation tools such as KMSpico.

Shady software from shady places has viruses and malware? That unpossible.

I've gone 20+ years and never gotten a computer virus, because I don't download shady software, and because I've been blocking ads as long as it was possible, and because I have disabled Flash for as long as it has existed.

And remember kiddies, if you're going to surf porn, do it inside a VM, in a browser which doesn't accept cookies or run scripts. Preferably an old Linux VM.

Just sayin'.

Re: Lie down with dogs, you're bound to get fleas

True if you download the original cracks almost 100% of the time. But people reupload those things with malware added everywhere.

Windows cracks? Yeah you want a forum with very active moderation to get one of those.

Re:Lie down with dogs, you're bound to get fleas

[DontBeAMoran]

What's wrong with the neat "Please active Windows" watermark anyway? It's like a friend, always there for you!

Re:Lie down with dogs, you're bound to get fleas

[DontBeAMoran]

When I'm surfing for porn, I do it inside a browser in incognito mode and I've never had aBUY VIAGRA TODAY!ny problem.

Re:Lie down with dogs, you're bound to get fleas

[Ol+Olsoc]

lol bullshit. i've pirated pretty much every game EVER.

Many people who buy legit copies have to use a pirated copy because it's the only one that works.

Re:Lie down with dogs, you're bound to get fleas

I use an old, "outdated" version of KMSPico from 2015 that I keep handy on my personal server in case I need to wipe my computer.
No malware problems here.

Yes, I'm a cheapass.
No, I don't live in some 3rd world country. I live in the US.
No, you're not going to convince me to pay for Windows.

Re:Lie down with dogs, you're bound to get fleas

There's no honour amongst unauthorized copiers. FTFY.

Re:Lie down with dogs, you're bound to get fleas

no, I expect integrity from the people who promise to give me what I want for no cost to me. Scammers should just not be allowed to promise unrealistic things. That solves all these problems.

Re:Lie down with dogs, you're bound to get fleas

I bought a legit copy of Windows 7 and it always complains about not being legit. It is sad that MS cannot even white list their own software properly.

Re:Lie down with dogs, you're bound to get fleas

[phantomfive]

Last time I installed Windows, I was too lazy to type in the code. I had it right there on my desk, but laziness knows no bounds. The watermark stayed there for years until Win 7 ended.

Re: Lie down with dogs, you're bound to get fleas

So use Daz.

Re:Lie down with dogs, you're bound to get fleas

And remember kiddies, if you're going to surf porn, do it inside a VM, in a browser which doesn't accept cookies or run scripts. Preferably an old Linux VM.

Your computer savviness seems a bit outdated.
Back in the 90's and early 00's that was probably a good idea.
These days porn sites are pretty legit. The port sites doesn't want to scare away customers with malware, and interestingly enough their twitter and facebook accounts tend to be extra wholesome as opposed to for example those from certain restaurants. (Yep, I'm looking at you Wendy's.)

The malware is usually targeted at people that are easy to infect and won't think too much about the computer behaving odd.
You'd be more at risk surfing around at sketchy recipe collection sites than you are when you look for porn or the larger pirate sites.

There are still plenty of torrent collection sites that just snoops up the links from the other pages and shows them together with fake download buttons, but those pages are pretty much just there to lure in people who aren't used to pirate stuff since they never contain anything but outdated links.

Re:Lie down with dogs, you're bound to get fleas

[thegarbz]

Oh Gawd! LOL, too funny.

There's no honor among thieves.

There's plenty of honour among thieves unless you're thieving for dishonourable reasons.

KMSPico's creators have never shipped malware. Neither have crackers working for reputable groups. There are however hundreds of KMSPico versions out there absolutely infested with shit.

When someone pirates the pirate things start getting nasty.

Re:Lie down with dogs, you're bound to get fleas

Here is an idea... if the legit copy doesn't work, then don't support them with money until they can produce something that does work? Crazy, I know.

Re:Lie down with dogs, you're bound to get fleas

Lie down with dogs, you're bound to get fleas

And an entry on the sex-offenders registry

Re:Lie down with dogs, you're bound to get fleas

This is one of the main reasons I stopped doing that years and years ago(2008?).
I'm amazed people still do...

Plus c'est change, plus c'est la meme chose.

Re:Lie down with dogs, you're bound to get fleas

[Ol+Olsoc]

Here is an idea... if the legit copy doesn't work, then don't support them with money until they can produce something that does work? Crazy, I know.

The problem of course, is that you don't know until you try it after you buy it.

Re:Lie down with dogs, you're bound to get fleas

Hey now, its a little harsh to compare activating Windows to lying with dogs. I know 10 is pretty invasive but have some sensitivity!

What radio stations does it give me?

Let's talk about the pros of this,

Re: What radio stations does it give me?

All

Re: What radio stations does it give me?

And I get free Windows and game cracks?

SCORE!

Re:What radio stations does it give me?

If you try and remove it she shows up and kills you. two shots to the back of the head with a barbell and stuffed into a duffel bag.
Happens all the time.

Re:What radio stations does it give me?

If you try and remove it she shows up and kills you. two shots to the back of the head with a barbell and stuffed into a duffel bag.
Happens all the time.

It's good to know that Alex Jones still has fans.

Poor Microsoft

Microsoft must be so poor that they can't afford to hire security experts to fix Windows. How many years have they been trying to secure their OS? Too many, that's how many. Are they even trying anymore?

Re:Poor Microsoft

All major operating systems are continually being patched, all of them, macOS, Linux, Windows, iOS, UNIX ...

Re:Poor Microsoft

[l0ungeb0y]

You clearly have no clue as to how expensive writing a new Operating System would be. Hell, just look back at when Apple needed to replace Mac OS and had to endure bringing back that smug turtle neck wearing megalomaniac bastard as CEO just to get an OS that wasn't some Open Source cheeseball

Re:Poor Microsoft

OS X is built on FreeBSD. Just sayin'.

Re:Poor Microsoft

[DontBeAMoran]

Which one is a better alternative to macOS? OpenBSD or FreeBSD?

Re:Poor Microsoft

Sweet Jesus, no, it wasn't.

Re:Poor Microsoft

Assuming that you really want to know, since I use Linux, Mac, Open and Free BSD I think I can answer objectively:
Both OpenBSD and FreeBSD are reasonably easy to download and install and run on pretty much anything. At least, I have not found a server/desktop/laptop computer that it would not run on.

Theo De Raadt has a 'cut the crap' mentality so OpenBSD is simpler, with a smaller repository of programs. However, you can install FreeBSD software on OpenBSD. After a few days of use, you will know how.

In general, OpenBSD feels a lot like Slackware Linux: Simple and very fast.

By comparison, other distros look fancy and are very slow - there are many reasons why. MacOS obviously falls into the fancy and slow category. So if you want a Mac replacement then you first need to decide whether you want a fancy or a fast system.

Re: Poor Microsoft

Sorry to have to tell you this, but when Apple needed a new operating system, they DID use cheeseball, open source software as itâ(TM)s base. See, macOS, as it is now called, (previously OS X,) is based on, and built atop one of the descendants of BSD-UNIX, itself a descendant of the original Bell Labs, AT&T UNIX, (NetBSD, I think, or maybe Open-,) and that is definitely open source. All the code underpinning macOS is UNIX, is open source, and that is the source of its power, stability, and security. Cheeseball indeed. Or... were you joking, and I missed it?

Re:Poor Microsoft

[thePsychologist]

Sorry to say but Microsoft doesn't care about this level of security. Their experts have already determined that the effect of current malware is already an acceptable tradeoff, and they continue to put just enough emphasis on security research and prevention to maintain this level.

Re:Poor Microsoft

OS X is built on Darwin, which has FreeBSD userland, which was forked from 386BSD, which more or less is BSD. If it is so important that we call Linux "Linux," then userland does not matter, and OS X is only xnu, or Mach. Now get off my lawn.

Re:Poor Microsoft

Most users only see Quartz, and confuse the interface with the OS.

Re:Poor Microsoft

[DontBeAMoran]

Thank you for the comparison.

Comment removed

[account_deleted]

Comment removed based on user account deletion

This is why we can't have nice things

Someone tries to post a helpful PSA type message and predictably the comments section is immediately flooded with people who have nothing of any value to say, but can't help but be assholes and make some kind of stupid "Windoze $ux!" type comment. We're all happy that Linux, macOS, or whatever the fuck else you might be using works for you, now kindly take your insecurities back to Linux or Mac forums where you can blissfully live out the rest of your days in a happy echo chamber where no one will ever challenge your views. We don't need the same 50 people making the same 50 useless comments every time there's a post about Windows. We all heard you the last 50 times and didn't care, so the odds of us suddenly caring now are zero.

Re:This is why we can't have nice things

[Narcocide]

For every five hundred thousand or so obstinate windows users who think they are punishing us, there is one that it might sink through to. We'll continue to try to save the ones that deserve it, thank you. You can strive to become worthy or you can continue to get bent.

Re:This is why we can't have nice things

A little full of themselves aren't we?

Re: This is why we can't have nice things

No PC user thinks they are punishing you.

Quite the opposite: they do not know you exist and would not care about you if they did.

Get over your big bad PC hating self.

Re:This is why we can't have nice things

[LostMyBeaver]

Here's the problem.

"Unfortunately, while some security programs are able to remove parts of the infection, the rootkit component needs manual removal help."

I have never in my life ever heard of any type of malware or code that can be written that can :
    "Be removed with human assistance" that cannot be removed by a program.

If someone were even a mildly competent "security researcher", they would write a script or a program that would do the removal that is needed as well as provide detailed instructions of how to use it if necessary.

Under no circumstance should you ever trust anyone who claims to be competent in security who is not able to do this. And as such, you should never let them connect to your computer.

I mean seriously, CVEs are how we report vulnerabilities of this sort. Once the CVE is reported and someone shares the virus with programmers (which are like security researchers but tend to fix problems instead of updating the LinkedIn everytime they learn a new buzz word), the virus/malware is disassembled/decompiled as well as run in sandboxes with all system calls hooked and the attack vectors are identified. Once this is known, it is possible to undo pretty much anything that has been done.

So... if you don't know enough about security to do those things and you make comments about how something can't be done without human intervention, then you're more or less useless when it comes to security.

If you happen to have a computer infected with this virus, contact any of the many antivirus companies out there and pass it along to them. They'll properly document it and make a removal tool for it. It's not particularly difficult.

Re:This is why we can't have nice things

[LostMyBeaver]

Dude, I'm a Microsoft fanboi... also a Linux fanboi... WSL is like Christmas every day for me.

I have Macs also... I don't really know why... but they are pretty. I buy them and swear I'll use them someday. I am an iPhone user though. I have and love my iPhone 6S Plus and can't wait to get a new battery for it in Paris in a few weeks.

People like debating about which OS is best. The answer is pretty simple... they're all pretty great these days... though if I ever see Gnome again, I'll vomit on whoever's keyboard it is in front of me. Move on... if it bothers you...maybe Slashdot is not the right place for you.

Re:This is why we can't have nice things

[Ol+Olsoc]

Someone tries to post a helpful PSA type message and predictably the comments section is immediately flooded with people who have nothing of any value to say, but can't help but be assholes and make some kind of stupid "Windoze $ux!" type comment. We're all happy that Linux, macOS, or whatever the fuck else you might be using works for you, now kindly take your insecurities back to Linux or Mac forums where you can blissfully live out the rest of your days in a happy echo chamber where no one will ever challenge your views. We don't need the same 50 people making the same 50 useless comments every time there's a post about Windows. We all heard you the last 50 times and didn't care, so the odds of us suddenly caring now are zero.

U mad bro?

Re:This is why we can't have nice things

I don't think the posts have been entirely unfair. If removal of the malware can be done manually, I don't see why it couldn't also be automated. That's a bit confusing to me. I think it's fair to criticize Windows because for far too long, security on that OS was a joke. Admittedly, Microsoft has improved things, but there are also a lot of users who are far too gullible.

With respect to this specific story, the summary is very light on technical details. It reads like something that's written for the general public rather than for nerds who generally have a technical background. The announcement may well be useful, but it could be written in a way that's much more in line with what we generally expect on Slashdot. If this requires manual removal, I'd like to see what it is about this particular threat that prevents it from being handled automatically. It is also useful to specify the OS because there are plenty of rootkits for *nix systems. A remote hole in a daemon providing network services and a privilege escalation vulnerability could allow rootkits to be installed through remote holes. Compromised software packages installed through otherwise legitimate sources is probably a simpler way to deliver a rootkit. Specifying the OS matters, especially on a site where a large percentage of people don't run Windows. That's not an excuse to bash Microsoft, but about providing helpful information to the readers of this site.

Re: This is why we can't have nice things

Look at IOCs. Random file names, random services, and rootkits. Makes it hard to create an automated script that anyone can download and use.

Look at smart service for example. Malware devs changed that constantly to the point that antivirus just gave up on it. Malwarebytes used to do a good job and no longer have too to automate its removal.

Some of this stuff is not as easy as you think.

Of course ultimately anything could be automated with enough man power to keep up, but I donâ(TM)t think that was the scope of article.

Re:This is why we can't have nice things

[AmiMoJo]

I have never in my life ever heard of any type of malware or code that can be written that can :
        "Be removed with human assistance" that cannot be removed by a program.

Those have been around for over a decade.

They work by replacing some core part of the OS, like the SATA driver or the filesystem driver. That makes it impossible for anti-virus software to clean the infected files, because the rootkit can block writes to those files and hand the AV software clean copies when it scans them. They operate at such a deep level, running inside the kernel, that the best AV software can do is detect their secondary effects and try to suppress them.

The only way around this is to manually boot from a recovery CD and replace the infected files. Some AV companies provide bootable CDs that can run their software. The best ones use Linux because the Linux NTFS driver just ignores permissions and lets them access those system files and delete them. Then you can use a Windows install disk or the Windows 10 recovery system to replace them and get the system running.

It's a manual process, the rebooting from CD/USB drive and then running the Windows recovery can't be automated.

Re:This is why we can't have nice things

[f00zbll]

I guess you've never heard of bios or boot sector virus/trojan. This is well documented over the last 3 decades. There are trojans that can infect drivers or system services, which in many cases can't be automatically removed. In those cases, the best bet is to wipe the system and do a fresh install. Back in the 90's there was a particularly bad boot sector virus that bricked thousands of systems. That was before bios had any virus protection. These days most MB have bios virus protection, so bricking a MB rarely happens. On linux, attackers used to break in, upload a root kit and recompile the kernel. In that case, your only choice was to wipe the HD.

Re: This is why we can't have nice things

[LostMyBeaver]

Push a patch as a UEFI module and reboot? SecureBoot will validate itâ€(TM)s signature and it can be staged to run before the drive firmware.

I suppose there are still machines running BIOS, but I donâ€(TM)t think I have owned any in several years.

I certainly would hope that the â€oesecurity companies†have the ability to do this.

Re: This is why we can't have nice things

[AmiMoJo]

Does AV software having the ability to push UEFI modules sound like a good idea?

Re:This is why we can't have nice things

the odds of us suddenly caring now are zero

Windows users say they don't care, but every week when they get new malware, they start complaining about it Yet Again.

Sure you don't care. You don't care so you cry about your malware all the time. Those are fake tears, suuure.

Re:Nuke from orbit; restore from backups.

I have some oceanfront property in Arizona.

Cool - how far forward do you have to set your time machine to visit it?

Virus Protection is So Good

[phantomfive]

Yet another reason to not waste your money on "virus protection." Use the free Windows Defender if you must, and make sure you have good backups.

Re:Virus Protection is So Good

just applying common sense to your browsing/downloading habits renders you 99.9999% safe from any of this bullshit

Re:Virus Protection is So Good

just applying common sense to your browsing/downloading habits renders you 99.9999% safe from any of this bullshit

I do find it rather strange that humans expect humans to behave in ways that they don't. Do you also tell water that it would be much better if it ran uphill instead?

Re:Virus Protection is So Good

[HiThere]

I think you overestimate the degree to which "sensible" browsing will protect you. I might go a high as 90%, which is no small advantage. Of course if by sensible browsing you mean avoiding browsers that allow javascript and never downloading anything executable, then I'd go as high as 99.9%.

Re:Virus Protection is So Good

[Peter+P+Peters]

Yet another reason to not waste your money on "virus protection." Use the free Windows Defender if you must, and make sure you have good backups.

I stopped using AV about 10 years ago after numerous performance issues with flaky AV products. 10 years on and no issues! Sensible browsing/downloading/email behaviour is 99% of the battle

Re: Virus Protection is So Good

And also disable plugins of course. I think the vulnerability rate of Flash or Java is higher than most JavaScript engines at the moment

Re:Virus Protection is So Good

Meaning yes, it's probably quite sufficient for most people except those into warez and those who don't use something like noscript to block scripts by default, and avoid websites that try to force the issue unless you absolutely need them for a particular purpose (that 0.1%)

Of course, I wouldn't recommend doing banking online either. May be a convenience, but even with an antivirus there's a good chance you'll get hit by the Brand New Stuff like everyone else until they can retro-actively make their program aware of it.

Re:Virus Protection is So Good

[Thor+Ablestar]

Once upon a time I worked in some institution that had access to the corporate network only. We bought a new notebook, attached it to the network and did nothing more. It became infected in 15 minutes. Were we the other 0.0001%?

Re:Virus Protection is So Good

[ebvwfbw]

Do you backup your stuff? I do, two different external drives and they are switched into the safe. So does my wife and it has saved our butt.
I have to admit, the Mac backup really is great. We blew a disk drive. They replaced it, loaded the OS and I think about 3 hours or so later it was all back exactly as it was. She had an up to date backup, no loss at all. We were even on vacation.

I can get my Linux desktop back, no where near as easy though.

Data yes, OS and programs, no

[raymorris]

Absolutely you're right the best way to handle a rootkit is restore from a known-good backup. Just like you practiced, last month when you tested it when found and fixed the problem with backup system.

Unfortunately, 90% of people don't have a proper backup system. Probably over half of systems that are being "backed up" can't actually be restored because the backup media went bad a year ago or whatever.

For the people who don't have a solid backup:

> some IT professional who sells himself to a client by claiming he can remove this and leave the user's precious data intact?

What you definitely don't do is try to salvage the operating system and programs. Just re-install those. It was time to upgrade anyway. DATA *can* be painstakingly recovered. It's a heck of a lot easier if your data isn't mixed with code - no MS Office macros, etc. If you keep your data separate from executable code, it absolutely can be recovered, though it's very easy to slip up and let a potentially infected file through.

Re:Data yes, OS and programs, no

[HiThere]

Sorry, but Perl and Python code is programs. You don't trust them from an infected system. Text files you can usually trust, and html that doesn't use javascript or some such. (Not just javascript. You've also got to be careful about allowing CSS, with simple formatting being safe, but anything else needing to be carefully hand checked.) For spreadsheets you should recover from CSV files, but the CSV files can be stored on the disk that got infected. Etc.

But just running code in a virtual machine doesn't make it safe.

Re:Data yes, OS and programs, no

[LostMyBeaver]

Huh? What operating system are you using?

Out of the box, Windows sets you up with OneDrive and points all of your storage stuff to OneDrive. The result is that all your files are backed up.

Out of the box, Apple sets up iCloud and points all your file storage to iCloud. The result is that all your files are backed up.

You can use DropBox or a thousand alternatives if you want.

If you want a better solution, you can use either Windows Backup and Restore or Apple Time Machine which does pretty much the same thing.

If you're a developer, then all your stuff is on Github or similar.

As for applications, Windows Store and App Store makes that pretty quick and simple. Of course, there are some other programs you would install otherwise, but it's not like you can't download them.

Also, if you have a Mac or a Microsoft Surface, you can simply reinstall the OS no matter how bungled it may by simply connecting to the Internet from the UEFI system and recovering from the cloud for example.

You have to be an absolute moron in 2018 to no have access to all your stuff.

That said, to be honest, I have absolutely no idea how to maintain good backups of my Linux systems. I keep most of my stuff on Github. Other than VS Code and .NET Core, I don't really use much more than a simple Linux install anyway. I don't use anything but Raspberry, Orange and Banana Pis for servers anymore. I have 25,000 of them now. When they die, I just throw them away and get more.

Re: Data yes, OS and programs, no

Linux backups are easy. Rsync for data, clonezilla for systems. And clonezilla is basically just rsync, ssh, gz and some pipe symbols.

Re:Data yes, OS and programs, no

[Lord_Jeremy]

Amen.

Nearly 10 years ago, I suffered from a hard drive crash and I lost a ton of data. Ever since that issue, I’ve been religious about backups. I used Mac OS’s built-in backup software and I copied all my documents and work files to a flash drive daily. I instructed my family to grab the NAS drive on the way out of the house in the event of fire.

I subscribed to Crashplan cloud backup at some point. They went belly-up but I had already switched to Backlaze. It sounded like it would be a hassle to restore, my laptop had 250GB of files backed up and they would have to mail me a HDD to restore from it I ever needed to rebuild my system.

A couple weeks ago, I upgraded my laptop OS to a beta version. I needed to test some software for work and the beta seemed fairly stable. Big mistake, my machine became practically unusable. In a fit of frustration, I blew the OS away. I knew my backups were solid so I was confident in erasing the entire drive. After I reinstalled the OS, I signed into my iCloud and Dropbox accounts. Then I went into Backblaze to retrieve my backup. It was at this point I realized, I wasn’t missing anything that I needed my backups for.

All of my work files and personal documents were either in my iCloud synced Documents and Desktop folders, or they were in my Dropbox folder. My Photos were stored in iCloud. My music was stored in iTunes Match. The only “files” I found to be missing were ephemeral things that had been in my Downloads folder. It was a nutty experience, realizing that I had all the data I cared about after a disk wipe, without touching my backups.

I’m still happy to pay for Backblaze cloud backups. Maybe I’ll accidentally delete something that I need to get back. It’s happened before. Or maybe my cloud account will get trashed. One of my close friends suffered a destructive hack of her iCloud account by an ex-boyfriend and lost all of her personal data. Nonetheless, it’s been a shock to realize that my personal data has been robustly (and theoretically safely) stored in such a way that I don’t need to care about backing up anymore. That’s the sales pitch, anyway. I feel pretty good about it, the sync process is extremely convenient. But I still maintain my backups :)

Re:Data yes, OS and programs, no

[AmiMoJo]

SpiderOak is good for Linux. It can only cover your data, apps will need to be reinstalled but at least on Linux that's fairly easy.

On Windows there is Chocolately for installing and updating apps, but I haven't tried it.

Re:Data yes, OS and programs, no

[GuB-42]

Absolutely you're right the best way to handle a rootkit is restore from a known-good backup.

What is a "known-good" backup? A rootkit is here to conceal its existence. You don't really know when the infection started, and which backups are good.

Re:Data yes, OS and programs, no

[Wolfrider]

>to be honest, I have absolutely no idea how to maintain good backups of my Linux systems

--Tar and fsarchiver. Send me a private email and I can send you my root admin scripts, complete with bare-metal restore ability.

Re:Data yes, OS and programs, no

[Wolfrider]

> We dragged all his files to an external USB. I determined that there were thousands fewer files on the backup, but we pressed on nevertheless. It turned out that I had not backed up any of his Thunderbird POP3 mailboxes, where all his business-critical data was stored

--If you don't know what you did wrong, you shouldn't be trying to help friends with upgrades. Next time go to Folder Options and Show Hidden Files. And either use Xcopy from CMD window or a modern file copier like Teracopy.

--Also, grab a free copy of both AOMEI Backupper and Veeam Agent for Windows and put them on a thumbdrive -- both of these will do full bare-metal backup and restores to different hardware / virtual machines.

Re:Data yes, OS and programs, no

[Thor+Ablestar]

Some 15 years ago I worked in some institution. My policy is:

1) Install the new system on new HDD.
2) Copy all work files to the new HDD.
3) Hide the old HDD.
4) When it's known that everything works then save some critical work files somewhere, test and reuse the HDD.

I asked the management that I need a new HDD. The institution head told my boss to supply me with HDD. My boss left the resolution "You don't need a new HDD". I copied the work files, erased the HDD and reinstalled the system. Then it appeared that some program saves it's work files in c:\Program Files which was not expected. My boss had lots of unpleasant talks both with institution head and operator of this PC.

Re:Data yes, OS and programs, no

[strikethree]

That said, to be honest, I have absolutely no idea how to maintain good backups of my Linux systems.

I don't mean to be rude, but you should turn in your geek card. Maintaining good backups is even easier in Linux than any other operating system.

Everything unique will be under /home/username. You can back this up with rsync, cp, tar, or even dd if it is a partition. There is no hand holding, but then, it really shouldn't be necessary when the design itself is so elegantly simple. What is even cooler is that this knowledge of backing up carries across to the various BSDs and other Unix-like operating systems.

I have to admit, since Windows 10 came out, I find myself using Windows a LOT less. I only ever boot into it to patch it. Every time I try to do something in it, I end up giving up after an hour and go back to Linux. Windows 10 feels like slipshod engineering along with the whole "microscope up my ass" feeling.

Re:Data yes, OS and programs, no

Copying full and/or incremental filesets to different disks (USB sticks, HDDs, student servers, Cloud, et. al.) has always worked, and always will.
For personal files, you should encrypt first, easily and portably done with openssl. Most of this can be automated too, which on Linux is very easy and transparent.

For very big/complex/incremental, it'll depend on requirements, but this is so rare, that when you need it, you'll find something that works, and you should.

Windows can be more brittle on this because of file locks and other stupidity, but mostly the same pattern applies.
Mac something in between a walled garden and Linux-ish.

Re: Data yes, OS and programs, no

Wtf? No. His first mistake was not finding out what was necessary to backup and exporting profile from Thunderbird along with contacts, address book, autocomplete, etc. Seriously, how mail, documents and browser settings aren't automatic thoughts tells us that this guy was not the "goto guy" he thought he was. "Contracted"? Wtf?

Re: Data yes, OS and programs, no

I guess you don't know about cron and rsync. Btrfs supports snapshots. Maybe it's more your fault than Linux's.

Windows in a VM

That's why windows will only live in a VM in my house. Fresh install from an image in seconds.

Re:Windows in a VM

[jfdavis668]

I run Windows in a VM on Windows. Get twice the updates!

Re:Windows in a VM

Yo dawg, I heard you like Windows etc.

Re:Windows in a VM

Doesn't just apply to windows, should be doing the same for any desktop OS nowadays, Linux included.

Re:Windows in a VM

I run Windows in a VM on Windows.

Yo dawg I heard you like blue screens of death, so I put Windows in your Windows so you crash while you crash.

Re:Windows in a VM

[thegarbz]

If you run Windows inside a VM in your house because you're constantly getting your windows corrupted by viruses, then maybe you shouldn't be let near a computer .... like ... ever.

Comment removed

[account_deleted]

Comment removed based on user account deletion

If you are infected your doing it wrong

Step 1: Throw computer in recycling (reality is most computer aren't properly supported. period.)
Step 2: Purchase a computer that doesn't such ship with malicious proprietary software and for which the source codes available so you can actually run a properly designed, maintained, and supportable operating system. And if the hardware your buying is dependent on proprietary software your still doing it wrong. Though I will forgive anyone for which actually has a mostly freedom friendly system (but only if the graphics and wifi are also free, it's not like that is an impossible task, there are a few vendors shipping with free wifi and graphics, even if all the shitty Linux vendors don't).

Re: If you are infected your doing it wrong

Properly designed? So you are a bsd user?

Oh wait no you are a Linux user who has no fucking clue what designed or engineered looks like as opposed to the mess that Linux and the various user land distributions have always been.

Re:If you are infected your doing it wrong

[LostMyBeaver]

"so you can actually run a properly designed, maintained, and supportable operating system"

So, it's designed, maintained and able to be supported but doesn't actually have support?

I'm struggling here. Which operating system are you suggesting is designed, maintained and supportable?

I've been using Linux since pretty much the first time I managed to borrow an Yggdrasil CD from a friend and eventually figured out how to make the boot floppies. I've used many operating systems before and after that.

I've only ever seen a handful of "designed" operating systems. They were interesting academic research topics which never really became more.

I've seen a few maintained operating systems, do varying scales. I think that Elementary OS seems to be slowly closing in on being maintained. I actually think they're doing a pretty good job of trying to make a Linux which seems kinda usable, but "init 3" works for me. ArchLinux and Ubuntu Core are starting to look good too. Windows and Mac are extremely well maintained.

Supportable... I think most operating systems are generally supportable. I've always had three categories of OS

Mac) Instead of making an OS and proper documentation to make fixing things possible, they made an awesome reinstall and restore system so that any user can reinstall their entire machine by holding key during boot and clicking next, next next finished.

Windows) Offers the exact same feature as the Mac, but also is well known and supported on a massive scale. Many things can be easily fixed with a Google and a few clicks and such, but people instead tend to reinstall because it's probably faster.

Linux) Absolutely everything can be fixed... and if you're a linux person, you probably are very good at fixing those things... not because it's easy. It's absolutely black magic. It's just that you spend 30% of your time working and 70% of your time fixing your Linux system. It's basically the Ford of computing. You can fix everything with little more than a screw driver, a wrench and a hammer and it's all really easy to understand. Hit here, smack there, bang there.. it's fixed. And you can anything you want with that Ford... you can easily convert it to a driving hot dog. But just like a Ford, Linux will never be pretty, it will never be the best solution for everything. It's just a damn good tool you accept can fit just about anywhere even if you'll spend 70%-90% of your time just banging on it with a hammer hoping it will work.

But WSL... oh baby... I mean... every time I start working on my PC and I start Ubuntu without having to start the Linux kernel and I get all that yummy Linux goodness ... I want to get and ASCII art image of Megan Fox, rub whip cream all over the screen and go to town. Windows + Linux all on the same box. I mean you're in the butter zone baby.

Re: If you are infected your doing it wrong

Linux is the absolute best most widely supportable and capable OS there is if you don't require MSOffice or exotic Windows only vendor specific apps. Otherwise you may as well just run Open/Free/NetBSD. Want to reconfigure your default network card's settings? Edit one, tiny textfile. Need to change dns, edit one other, distinct file. Adding a DHCP server? One other, distinct and again, logically named file.

Anytime you get tired of cursing the chain of quests that is current Linux support and HowTo's that presuppose you already have a working version of whatever you are trying to get working, a fact not revealed until step #434, give BSD a shot.

I mean I used Slackware after downloading 3.5" diskette images and figuring out what went wrong in linux has gotten consistently worse since then. Even Windows is easier to fix at this point. /vent

Re:If you are infected your doing it wrong

^this :)

The deck of a pirate ship is the safest place

i've pirated pretty much every game EVER.
Never been infected that way.

Because pirates tend to have clean systems and aren't a bunch of dodgy fucks. It's the computer illiterate who aren't pirating games on a huge scale that should worry you.

It's when people go for some free utility they found advertised in an email or by private message on Facebook from someone they don't know.

It's rare enough to find actual malware on purchased physical media that it still makes the news as an industry scandal.

Re:Nuke from orbit; restore from backups.

I have some oceanfront property in Arizona.

You too? From my front porch, I can see the C++.

So unfair, Windows gets all the cool malware!

[Stomper_Stoddard]

Does anyone have a customer service number I can call? I want to complain that this software does not run on Linux.

Re:So unfair, Windows gets all the cool malware!

I rather run this malware than GNOME or KDE.

captcha: sexual

I being harassed by captcha

Re:So unfair, Windows gets all the cool malware!

[LostMyBeaver]

You're telling me!!!

Gnome... I honestly have no idea how this thing has survived this long.

KDE... don't get me wrong... Mattias Etttrich is one of my favorite people but KDE has evolved into what looks and feels like retro computing.

The entire Linux desktop is in such utter and total disarray in 2018, these days, I just configure runlevel 3 and remote in if I need it. ElementaryOS is pretty, and I like it, but heaven forbid you actually need to do something on it.

Now.. if someone were to take Linux as a desktop seriously, they would invest i... actually I think that ship has completely sailed. I would say ChromeOS was starting to show promise, but there will be no Linux left in that soon.

Re:So unfair, Windows gets all the cool malware!

[pi_rules]

Have you tried Mint? The default Cinnamon desktop install works pretty well for me. I've been running Linux as a home desktop since 1998 or so and that's probably the best out of the box setup I've ever seen.

Format conversion for sterilization. Word - WPS

[raymorris]

One technique for data sterilization is to convert to a different format. For example, converting a Word document to WordPerfect will make sure there are no macros, I believe. Then convert back. Even better, convert to plain text if possible, and leave it as plain text. JPG to bump, etc.

Linux Kernel cometh forth!!

People have dismissed this constantly but the evidence is becoming clear, and it's this type of thing that puts the writing on the wall.

Microsoft gives Windows a version of the Linux kernel. They have nothing to lose and everything to gain.

Radio.slashdot.org?

[93+Escort+Wagon]

Donâ(TM)t look now, but this All-Radio Trojan seems to have control of your DNS server!

This is why we can't have nice browsing.

How many years did it take to realize we don't like each other? Anyway you want helpful? Access the internet through an OS running on a VM. Blow away after through surfing. Remember the internet is NOT your friend, it's hostile and will eat you alive if it could.

You suck at being pedantic

I like it when pedantic fuckers wanna be pedantic but aren't actually good at it. Your head should be exploding because this is in the RADIO section like it's a fucking boom box. radio.slashdot.org. But hey, at least they didn't put the antenna tag on it.

Re:Nuke from orbit; restore from backups.

[Ol+Olsoc]

No, no, no. If you are infected with deep malware, you do not go whining to some dude's Internet forum with a request for help. You run DBAN on your system's disks. Then you enter the combination to your fireproof safe, extract your OS and backup media, and start from scratch.

That's what my Grandma does.

There are two problems with your approach.

Most users will read what you wrote and ask "What the hell is he talking about?"

Second is that most everyone who does what you demand isn't likely to have the problem in the first place.

My backups are similar to yours, except I have multiple. I take the added measure that anything critical is not on my Windows machines. No personal information, or cards, and even the emails on it are throwaway accounts.

I check my Wireshark logs a lot too.

Probably 1 out of every 500 users will do that sort of thing.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

selloutvertisement

Well, no. Because BeauHD only knows windows, see? As does bleepingcomputer. Who they've completely sold out to.

First it was just the incessant bleepingcomputer posting. Then it became glaringly obvious these "editors" will only give you the bleepingcomputer "article", never the original research paper or blogpost or anything whatsoever. And now it's "COME SIGN UP AT THE BLEEPINGCOMPUTER FORUMS".

Right. selloutvertisement. You know what to do.

Re: selloutvertisement

Ughh. This is the original article. Canâ(TM)t find any other research on this anywhere else other than crap how to sites.

Sites arenâ(TM)t writing for slashdot. They are writing for their visitors. So it makes sense for them to say ask in the forums for help.

BackBlaze: yes, OS and programs, no

Encrypted backups take care of the "massive invasion of privacy" especially when one's paying for the service, instead of being the product themselves.

Two infected, fire-burned copies isn't backup

[raymorris]

Thank you for post. You've done great job listing things that fool smart, conscientious people into thinking they have a backup. That's why I said a "proper backup", proper being an important word. Those things all LOOK a lot like proper backup, don't they? And yet people who do those things end up asking me to try forensic techniques to recover their data. You seem like you know a few things, so I don't need to tell you exactly how you should do a backup, but let me point out a few common pitfalls to avoid:

> Windows sets you up with OneDrive and points all of your storage stuff to OneDrive. The result is that all your files are backed up.

The result of the default setup is that all of your infected files are stored on One Drive. This doesn't help. Your files are still infected. There is no backup copy, only the infected copy, so they are not backed up. It doesn't do you any good to have the infected files there rather than here.

So here's our first file of proper backup: backups must store multiple versions going back in time, with old versions immutable.

Recently, Microsoft has offered an option to store old versions if you pay a subscription to Office. If you're paying for it already, you may want to look into that option.

> Windows Backup and Restore or Apple Time Machine which does pretty much the same thing.

For those unfamiliar, Time Machine uses a USB drive connected to your computer, or a network drive to store old versions. The interface is really nice and it's awesome when you realize you screwed up and deleted or overwrote an important file. It's the ultimate undo. When you have a fire, a burglary, a flood, or a ransomware infection, that'll take both your computer itself and the USB drive. So this isn't proper backup - you're not protected a good against most types of catastrophic loss. It's a really cool extension of ctrl-z, though, to get back that file you just messed up.

This illustrates proper backups are off site. I used to do backups for web sites. I pointed out that just in Texas alone, every year for the last four years there had been major disaster at a public datacenter. Anyone who had a server at one of these data centers and had their "backup" in the same datacenter lost everything. In one instance, I had to get creative in retrieving some customers' data from a datacenter after the company operating it failed to pay their lease and took off into the night.

Backups must be in a separate physical location - a fire, flood, or burglary will take or destroy everything in your office.

I mentioned before backups must be tested regularly. Backups that haven't been recently tested have a failure rate of about 50%, in my experience.

They also need to be automated, because most people only do manual systems properly for a little while, then try start slacking off and eventually "forget" to run a backup for six months.

Ransomware reminds us of another requirement - the system being backed up (which may get ransomware) can not have the ability to delete or modify the backups. Sending backups to a network drive just means the ransomware or disgruntled employee will destroy two copies of the data.

> That said, to be honest, I have absolutely no idea how to maintain good backups of my Linux systems.

After I sold one of my companies, I spent a year and half designing and building a very good backup for Linux systems. The new company backup up the web servers for hundreds of web sites. The backups were kept off site, they kept several versions, the protected system had no way to remove the backups, they were fully automated, and you could easily restore any files at any time to test it. Add a bonus, you could click a button and BOOT the backup - they were stored as virtual machines.

It's too bad my skills at running a business aren't nearly as good as my engineering skills. I was like Wozniak without Steve Jobs - I built something really cool, something really useful, but making a successful, stable company from it wasn't my forte. If you actually have a ton of Linux systems, and if you care about any them, maybe we should talk. I still have some pretty awesome backup software for Linux.

Re:Two infected, fire-burned copies isn't backup

[phantomfive]

I mentioned before backups must be tested regularly. Backups that haven't been recently tested have a failure rate of about 50%, in my experience.

What kinds of failures do you see? In the days of tape, 50% (or probably higher) was pretty common, but most people are using the 'cloud' now.

Re:Two infected, fire-burned copies isn't backup

I imagine 50% = either it worked or it didn't :P

Re:Two infected, fire-burned copies isn't backup

[Wolfrider]

> Ransomware reminds us of another requirement - the system being backed up (which may get ransomware) can not have the ability to delete or modify the backups. Sending backups to a network drive just means the ransomware or disgruntled employee will destroy two copies of the data

--ZFS+Snapshots+Samba works pretty well for this. Keeping a ZFS snapshot every (2) hours for a month (as well as changing file permissions) is pretty easy on a Linux server.

Re:Two infected, fire-burned copies isn't backup

[Thor+Ablestar]

In the day of half inch 9-track tape the tape format was able to recover multiple single-track errors, be it NRZI or PE. But I have never seen the actual mini computer controller that could do this recovery. No wonder the success rate was near 50 per cent.

Re: Two infected, fire-burned copies isn't backup

That's good to know

In other news...

[nuckfuts]

Some viruses are hard to remove

Spending one day looking into something is now called "researching heavily".

On the serious side, I've often been annoyed by Windows 10 aggressively pushing updates, but there have been some interesting security features added to recent builds. Microsoft has a demo website with some good information, along with some tools for testing your configuration.

There is also a video online that details the new features.

Re:In other news...

[ebvwfbw]

Some viruses are hard to remove

Spending one day looking into something is now called "researching heavily".

I know, I thought that was funny too. Probably someone under 20. Then there were all of those pesky instant messages on their phone.

Truth

Computer security is in a sorry state and we aren't doing anything to improve it...

WINDOWS MALWARE (Nice going, /.)

[Hallux-F-Sinister]

Way to keep readers informed. Oh, by the way, you forgot to mention something kinda important, that this is malware impacting systems running MICROSOFT WINDOWS.

Had to waste time to go read the linked article to learn what you SHOULD have put somewhere in the title or summary. The term PC does NOT imply MS Windows; a device with the same electrical design and functionality running GNU/Linux, Apple macOS/OS X, or some other flavor or variant of UNIX is still very much, just as much, a PC. So saying malware infecting PCs and NOT specifying that itâ(TM)s MICROSOFT WINDOWS that, (if I read and understood the article,) is the targeted system, is a disservice to your readers. I didnâ(TM)t see which version or versions, etc., are impacted, but this was poor journalism from a website that styles itself as being news for nerds... I know you know that WE know that PC does not imply a system running something from Microsoft, and we know you know that. Or should.

Re:WINDOWS MALWARE (Nice going, /.)

[Anne+Thwacks]

The term PC does NOT imply MS Windows

However the term malware does imply Windows, so no harm done.

Silicon Vally only the BEST people

Wait I meant idots that get infected with virus because they are stupid.

Re:Nuke from orbit; restore from backups.

[phantomfive]

I check my Wireshark logs a lot too. Probably 1 out of every 500 users will do that sort of thing.

I would bet that's closer to one in every 500,000 users. Even security researchers don't do that (of course some do).

Sync isn't backup

[swb]

Sync to OneDrive, et al, isn't backup.

Most malware doesn't immediately destroy your computer, it cripples it over days or weeks. I can't tell you the number of people who told me "Yeah, I noticed something last week and it's been flaky since then."

Meanwhile, you've been syncing your infection up to the cloud the whole time so now your cloud storage is infected, too. You may get some of it back, but I've also seen people just re-infect themselves, too.

Some cloud storage often at higher tiers will offer some kind of versioning and let you restore pre-infected files, but for most people this isn't the default or isn't even a feature they have.

The only way cloud sync really works as a backup is if you have a spare computer you only bring online periodically that syncs itself and that you then take offline again, but now all you've done is add a complex network transaction to what amounts to a local backup.

Cleaning?

[vulcanrob]

"Cleaning your computer"? Geez, if you have this, reformat. Period.

Not a concern.

This is NOT a concern at this point for honest people. Read the article and you'll find those infected downloaded their situation by trying to steal IP, and therefore are being stolen from.

No honor amongst theives.

Re:Not a concern.

[Locke2005]

"You can't cheat on honest man."

where do you find the time?

Your reply seemed like an incredible hassle.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Computer virus can now migrate to humans

" there have been numerous reports of people being infected with something called 'All-Radio 4.27 Portable'. "

Huh

[cshark]

Phishing by means of slashdot post.
Fascinating.

Great question. I wish the answer wasn't secret

[raymorris]

That's a very good question. You can use diff to see what the differences are between different backups. That normally makes it pretty obvious. You pretty much know which files were supposed to change and which weren't. This can even give you good hints as to HOW you got infected.

There are even faster ways to tell because rootkits tend to re-send the same components. I can normally see a rootkit on a Linux system in seconds, without even actively looking for it. I'm not going to post the trick here because I don't want the rootkit authors to fix it.

- who is writing this shit ,_

'All-Radio 4.27 Portable' is showing up on my PC???? But this computer here runs Mint, oh crap, another idiot born few years ago, go back to your mom milk

Rpm -qa, cat mdstat, gdisk -l

[raymorris]

> apps will need to be reinstalled but at least on Linux that's fairly easy.

Re-installing the software is REALLY easy if your data includes the output of rpm -qa.

Also sometimes very handy when things go wrong -
cat /proc/mdstat, pvdisplay, lvmbackup, and gdisk -l

I'm recovering an old customer's data right now. He no longer has backups with me and someone built a new, wmpty raid on his drives, making it "impossible" to recover his data. However, the old copies of mdstat and the partition layout were still hanging around from when he uses to have the backup service I used to sell. That info allowed me to reconstruct his storage from a seemingly destroyed state.

Just apt-get purge it

It's hilarious that people:

1) bother to install malware in the first place (why?!)

2) forget how to apt-get purge it

3) come to Slashdot for package installation/deinstallation discussion/help/instructions.

I suppose the lesson here is that it's just a stunningly diverse world and it takes all kinds. Even the kind of people who think "oh, hey, I'll try out some new malware."

Many different problems. Keys, space, directories

[raymorris]

Several times I've seen the backup server ran out of space. The ssh key was changed. The list of directories to backup or not backup wasn't up to date. Those are a few things that have broken it after it was setup and running.

All of these can be detected by occasionally doing a test restore, perhaps to a VM, and checking that the important files are there and important functionality works.

I'm not worried

I have people that call me all the time that want to help fix my computer.

Re:I'm not worried

[Locke2005]

Why do they all have Indian accents?

The difference between Linux-vs-Win boot malware

In both cases (Linux and Windows) some kind of root exploit is needed to alter those files in the first place. The difference is...

..that while a Windows user is willing to run that root exploit, a typical Linux user is far too lazy to remount /boot as rw and then sudo apt-get install malware. Most Linux users are so lazy they never bother to try out any malware at all, going for decades at a time, never having the tenacity or curiosity to try out "what's it like to have a computer that runs software intended to serve someone not me?"

When you look at that last part, you realize it's not even just laziness, it's fucking selfishness. Linux users like to hoard their computers all to themselves or their users, and the bastards never think to be kind to strangers, letting them control the computer for a while. Sickening and pathetic.

It is available in the apt and yum repositories.

[Kludge]

No, not really. Sorry.

Re:Nuke from orbit; restore from backups.

[Ol+Olsoc]

I check my Wireshark logs a lot too. Probably 1 out of every 500 users will do that sort of thing.

I would bet that's closer to one in every 500,000 users. Even security researchers don't do that (of course some do).

I suppose some would call me paranoid, but I just kind of enjoy it. And people would be surprised at what they find.

It all started when I was having issues with brittle networking software coupled with bad documentation. Then I got hooked.

Easy to stall it via hosts files... apk

See subject & APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (pull spaces between link characters).

Yields more security/speed/reliability/anonymity vs. any SINGLE solution (99% of threats = hostnames vs. IP address that most firewalls use) more efficiently/FASTER + NATIVELY 4 less!

(Vs. "Bolt on 'MoAr' illogic-logic" competitors slowing you, hosts speed you up 2 ways (adblocks + hardcodes u spend most time @) vs. competition loaded w/ bugs (DNS/AntiVir) + their overheads (messagepass ('souled-out' to advertiser addons) + filtering drivers) & their complexity leads to exploitation).

* ONLY 1 of its kind in GUI on Linux

Better vs. Windows model in speed/efficiency/merge

0.0.0.0 iplogger.com
0.0.0.0 www.kmspico.info
0.0.0.0 kmspico.info
0.0.0.0 www.officialkmspico.com
0.0.0.0 officialkmspico.com

APK

P.S.=> Blocked URL's per malwarebytes forums... apk

Registered /.ers review of the Win64 model

Your software is just fine - well written, functional... I'm going to continue using the Host File Engine by mmell February 17, 2017

his hosts program is actually pretty good by xenotransplant August 10 2015

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg September 25 2015

I like your host file system by Karmashock September 09 2015

I do use APK's host file on all my systems at home by OrangeTide December 01 2017

I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 October 27 2017

* Best part's the Linux 64-bit model's faster/more efficient (does 2x the work in 1/2 the time)

APK

P.S.=> For a faster/safer/more reliable internet... apk

Re:Nuke from orbit; restore from backups.

[phantomfive]

Yeah, I should do that more. You aare right, every time I do, I find something I didn't expect.

What happened to bootdisks ?!

[DrYak]

But it's the bit before that which really matters:

You can’t clean a compromised system by using a virus scanner. To tell you the truth, a fully compromised system can’t be trusted. Even virus scanners must at some level rely on the system to not lie to them. If they ask whether a particular file is present, the attacker may simply have a tool in place that lies about it.

That why you don't try anything from within the compromised system.
Either you try all your effort from a known clean bootdisk (CD, USB stick, etc),
or even better, you disconnect the drive and connect it to a known clean machine.

A non compromised OS will not lie about what is on the disk of another system, even if that other (non-currently running system) happens to be compromised.

(The sole exception being malware like ransomware that encrypt your data. Then nobody except the hacker holding the decryption key can read that disk).

Reinstall from original installation media and pray to god that your system's onboard firmware is not compromised.

Well, the attack of firmware (UEFI) or "management chips" running their own firmware (Intel ME engine and co) is indeed an entirely different level of scary.

And given the almost total disappearance of socketed flashchips to hold these firmwares, any chance to recover from that becomes bleak.

Karma

[Locke2005]

Don't download and install dodgy software designed to violate copyright, and you stand less chance of winding up with root kits on your computer...

Re:Nuke from orbit; restore from backups.

[King_TJ]

This situation has only escalated to this point in recent times.

I used to have a business on the side doing PC service and upgrading work, on call. About half of my calls were from small businesses or individuals who needed malware and virus cleanups.

Back then, it was definitely possible to clean a system so it was back to normal working condition again, although sometimes it was VERY time consuming. You had to run multiple tools on the system, including ones that booted from recovery OS's you had on bootable CD, DVD or USB stick. Admittedly, you couldn't PROVE you had a system 100% clean, but when over a dozen scanning tools say it's clean and you no longer see any excessive CPU usage or disk chatter, and you can't find anything acting abnormally or showing up in the task manager? It's clean enough to make a paying customer happy.

The best answer was ALWAYS to wipe and reinstall from scratch. But sometimes that's not even viable. (EG. Customer has numerous apps installed that he or she no longer has license keys or installation media for and doesn't want to lose them.) If you really CAN'T get it clean, then you can tell them they're screwed and have to start over fresh -- but they're NOT gonna pay you for that answer.

What's crazy, now, is how these rootkits have gotten so advanced, they're really winning the battle for the first time in computing history. I fought for days to remove malware on a PC for a friend, last month, and despite throwing everything I knew of at it and manually poring over all possible registry locations that can start an app on boot or login? I never did feel confident I had it fully cleaned. It was better/usable instead of freezing up and running so slowly, it was useless. And everything reported it clean. But to me, it just didn't feel quite right. I just saw too many little pauses or hesitations that MAY have been his CPU being too old and slow. But not having used his laptop before the infection, I couldn't say for certain. I wound up advising him to wipe the machine and use it as an opportunity to upgrade to a new SSD.

re: Another devious malware trick

[King_TJ]

I ran across a particularly devious malware tactic recently. The malware was purposely setting the NTFS "dirty" flag repeatedly, so the filesystem was flagged as needing repair. That, in turn, prevented most of the bootable virus cleanup/recovery discs from cleaning the system. They'd boot up but report they could only mount the target filesystem as "read only" because it was damaged and needed to be repaired first!

Pull, not push on that Samba

[raymorris]

Ransomware typically wipes any network drives using the SMB protocol, as Samba does, if the infected machine has access to the share. That can be made secure by the backup backup pulling files that are shared by machine to be backed up. So the reverse of the typical model.

Re:Pull, not push on that Samba

[Wolfrider]

> Ransomware typically wipes any network drives using the SMB protocol, as Samba does, if the infected machine has access to the share :nods:
--Yep, but once you A) isolate the infected machines and B) ssh into the server and do a ZFS rollback (to a pre-infection snapshot time) on the ZFS-backed Samba dataset, all is back to normal again :D Rollback even "deletes" the infected files for you. ZFS snapshots are immutable unless you have basically root on the server.

https://forums.freebsd.org/thr...

https://github.com/zfsonlinux/...

Looking at Windows' market share...

... I cannot help but wonder if we found a proxy to estimate the ratio of fools to wise folks in the world.

Cool

[raymorris]

I had envisioned something a tad different when I read your earlier post.

That's fairly similar to part of what I did on the very cool backup service I used to sell. Except I used LVM snapshots rather than ZFS, which gave us the flexibility to do some other really cool stuff.

Sometimes the integration of ZFS is handy, sometimes it's a major limitation. It's a lot more flexible to use a file system as a file system, a volume manager as a volume manager, and RAID for RAID. ZFS tries to be all three, creating coupling that is entirely unnecessary (but convenient if your needs are simple).

Re: Another devious malware trick

[AmiMoJo]

Thanks, I hadn't seen that one but will look out for it.

And?

...then your computer is infected with malware that installs rootkits, miners, information-stealing Trojans...

As opposed to the standard Windows libraries that ship with Microsoft's surveillance system?