Someone tries to post a helpful PSA type message and predictably the comments section is immediately flooded with people who have nothing of any value to say, but can't help but be assholes and make some kind of stupid "Windoze $ux!" type comment. We're all happy that Linux, macOS, or whatever the fuck else you might be using works for you, now kindly take your insecurities back to Linux or Mac forums where you can blissfully live out the rest of your days in a happy echo chamber where no one will ever chal
Here's the problem. "Unfortunately, while some security programs are able to remove parts of the infection, the rootkit component needs manual removal help."
I have never in my life ever heard of any type of malware or code that can be written that can:
"Be removed with human assistance" that cannot be removed by a program.
If someone were even a mildly competent "security researcher", they would write a script or a program that would do the removal that is needed as well as provide detailed ins
I have never in my life ever heard of any type of malware or code that can be written that can:
"Be removed with human assistance" that cannot be removed by a program.
Those have been around for over a decade.
They work by replacing some core part of the OS, like the SATA driver or the filesystem driver. That makes it impossible for anti-virus software to clean the infected files, because the rootkit can block writes to those files and hand the AV software clean copies when it scans them. They operate at such a deep level, running inside the kernel, that the best AV software can do is detect their secondary effects and try to suppress them.
Push a patch as a UEFI module and reboot? SecureBoot will validate itâ€(TM)s signature and it can be staged to run before the drive firmware.
I suppose there are still machines running BIOS, but I donâ€(TM)t think I have owned any in several years.
I certainly would hope that the â€oesecurity companies†have the ability to do this.
This is why we can't have nice things (Score:1)
Someone tries to post a helpful PSA type message and predictably the comments section is immediately flooded with people who have nothing of any value to say, but can't help but be assholes and make some kind of stupid "Windoze $ux!" type comment. We're all happy that Linux, macOS, or whatever the fuck else you might be using works for you, now kindly take your insecurities back to Linux or Mac forums where you can blissfully live out the rest of your days in a happy echo chamber where no one will ever chal
Re: (Score:3)
"Unfortunately, while some security programs are able to remove parts of the infection, the rootkit component needs manual removal help."
I have never in my life ever heard of any type of malware or code that can be written that can
"Be removed with human assistance" that cannot be removed by a program.
If someone were even a mildly competent "security researcher", they would write a script or a program that would do the removal that is needed as well as provide detailed ins
Re: (Score:5, Informative)
I have never in my life ever heard of any type of malware or code that can be written that can :
"Be removed with human assistance" that cannot be removed by a program.
Those have been around for over a decade.
They work by replacing some core part of the OS, like the SATA driver or the filesystem driver. That makes it impossible for anti-virus software to clean the infected files, because the rootkit can block writes to those files and hand the AV software clean copies when it scans them. They operate at such a deep level, running inside the kernel, that the best AV software can do is detect their secondary effects and try to suppress them.
The only way around this is to ma
Re: This is why we can't have nice things (Score:2)
I suppose there are still machines running BIOS, but I donâ€(TM)t think I have owned any in several years.
I certainly would hope that the â€oesecurity companies†have the ability to do this.
Re: (Score:2)
Does AV software having the ability to push UEFI modules sound like a good idea?