Absolutely you're right the best way to handle a rootkit is restore from a known-good backup. Just like you practiced, last month when you tested it when found and fixed the problem with backup system.
Unfortunately, 90% of people don't have a proper backup system. Probably over half of systems that are being "backed up" can't actually be restored because the backup media went bad a year ago or whatever.
For the people who don't have a solid backup:
> some IT professional who sells himself to a client by cl
Huh? What operating system are you using? Out of the box, Windows sets you up with OneDrive and points all of your storage stuff to OneDrive. The result is that all your files are backed up.
Out of the box, Apple sets up iCloud and points all your file storage to iCloud. The result is that all your files are backed up.
You can use DropBox or a thousand alternatives if you want.
If you want a better solution, you can use either Windows Backup and Restore or Apple Time Machine which does pretty much the same thin
Thank you for post. You've done great job listing things that fool smart, conscientious people into thinking they have a backup. That's why I said a "proper backup", proper being an important word. Those things all LOOK a lot like proper backup, don't they? And yet people who do those things end up asking me to try forensic techniques to recover their data. You seem like you know a few things, so I don't need to tell you exactly how you should do a backup, but let me point out a few common pitfalls to avoi
Re: (Score:3)
Data yes, OS and programs, no (Score:2)
Absolutely you're right the best way to handle a rootkit is restore from a known-good backup. Just like you practiced, last month when you tested it when found and fixed the problem with backup system.
Unfortunately, 90% of people don't have a proper backup system. Probably over half of systems that are being "backed up" can't actually be restored because the backup media went bad a year ago or whatever.
For the people who don't have a solid backup:
> some IT professional who sells himself to a client by cl
Re: (Score:3, Interesting)
Out of the box, Windows sets you up with OneDrive and points all of your storage stuff to OneDrive. The result is that all your files are backed up.
Out of the box, Apple sets up iCloud and points all your file storage to iCloud. The result is that all your files are backed up.
You can use DropBox or a thousand alternatives if you want.
If you want a better solution, you can use either Windows Backup and Restore or Apple Time Machine which does pretty much the same thin
Two infected, fire-burned copies isn't backup (Score:3)
Thank you for post. You've done great job listing things that fool smart, conscientious people into thinking they have a backup. That's why I said a "proper backup", proper being an important word. Those things all LOOK a lot like proper backup, don't they? And yet people who do those things end up asking me to try forensic techniques to recover their data. You seem like you know a few things, so I don't need to tell you exactly how you should do a backup, but let me point out a few common pitfalls to avoi
Re: (Score:2)
I mentioned before backups must be tested regularly. Backups that haven't been recently tested have a failure rate of about 50%, in my experience.
What kinds of failures do you see? In the days of tape, 50% (or probably higher) was pretty common, but most people are using the 'cloud' now.
Re:Two infected, fire-burned copies isn't backup (Score:0)
I imagine 50% = either it worked or it didn't :P