by Anonymous Coward writes:
on Thursday June 28, 2018 @08:51PM (#56862814)
Someone tries to post a helpful PSA type message and predictably the comments section is immediately flooded with people who have nothing of any value to say, but can't help but be assholes and make some kind of stupid "Windoze $ux!" type comment. We're all happy that Linux, macOS, or whatever the fuck else you might be using works for you, now kindly take your insecurities back to Linux or Mac forums where you can blissfully live out the rest of your days in a happy echo chamber where no one will ever challenge your views. We don't need the same 50 people making the same 50 useless comments every time there's a post about Windows. We all heard you the last 50 times and didn't care, so the odds of us suddenly caring now are zero.
For every five hundred thousand or so obstinate windows users who think they are punishing us, there is one that it might sink through to. We'll continue to try to save the ones that deserve it, thank you. You can strive to become worthy or you can continue to get bent.
How many years did it take to realize we don't like each other? Anyway you want helpful? Access the internet through an OS running on a VM. Blow away after through surfing. Remember the internet is NOT your friend, it's hostile and will eat you alive if it could.
Here's the problem. "Unfortunately, while some security programs are able to remove parts of the infection, the rootkit component needs manual removal help."
I have never in my life ever heard of any type of malware or code that can be written that can:
"Be removed with human assistance" that cannot be removed by a program.
If someone were even a mildly competent "security researcher", they would write a script or a program that would do the removal that is needed as well as provide detailed ins
I have never in my life ever heard of any type of malware or code that can be written that can :
"Be removed with human assistance" that cannot be removed by a program.
Those have been around for over a decade.
They work by replacing some core part of the OS, like the SATA driver or the filesystem driver. That makes it impossible for anti-virus software to clean the infected files, because the rootkit can block writes to those files and hand the AV software clean copies when it scans them. They operate at such a deep level, running inside the kernel, that the best AV software can do is detect their secondary effects and try to suppress them.
The only way around this is to manually boot from a recovery CD and replace the infected files. Some AV companies provide bootable CDs that can run their software. The best ones use Linux because the Linux NTFS driver just ignores permissions and lets them access those system files and delete them. Then you can use a Windows install disk or the Windows 10 recovery system to replace them and get the system running.
It's a manual process, the rebooting from CD/USB drive and then running the Windows recovery can't be automated.
Push a patch as a UEFI module and reboot? SecureBoot will validate itâ€(TM)s signature and it can be staged to run before the drive firmware.
I suppose there are still machines running BIOS, but I donâ€(TM)t think I have owned any in several years.
I certainly would hope that the â€oesecurity companies†have the ability to do this.
I ran across a particularly devious malware tactic recently. The malware was purposely setting the NTFS "dirty" flag repeatedly, so the filesystem was flagged as needing repair. That, in turn, prevented most of the bootable virus cleanup/recovery discs from cleaning the system. They'd boot up but report they could only mount the target filesystem as "read only" because it was damaged and needed to be repaired first!
I guess you've never heard of bios or boot sector virus/trojan. This is well documented over the last 3 decades. There are trojans that can infect drivers or system services, which in many cases can't be automatically removed. In those cases, the best bet is to wipe the system and do a fresh install. Back in the 90's there was a particularly bad boot sector virus that bricked thousands of systems. That was before bios had any virus protection. These days most MB have bios virus protection, so bricking a MB
Dude, I'm a Microsoft fanboi... also a Linux fanboi... WSL is like Christmas every day for me. I have Macs also... I don't really know why... but they are pretty. I buy them and swear I'll use them someday. I am an iPhone user though. I have and love my iPhone 6S Plus and can't wait to get a new battery for it in Paris in a few weeks.
People like debating about which OS is best. The answer is pretty simple... they're all pretty great these days... though if I ever see Gnome again, I'll vomit on whoever's keyb
Someone tries to post a helpful PSA type message and predictably the comments section is immediately flooded with people who have nothing of any value to say, but can't help but be assholes and make some kind of stupid "Windoze $ux!" type comment. We're all happy that Linux, macOS, or whatever the fuck else you might be using works for you, now kindly take your insecurities back to Linux or Mac forums where you can blissfully live out the rest of your days in a happy echo chamber where no one will ever challenge your views. We don't need the same 50 people making the same 50 useless comments every time there's a post about Windows. We all heard you the last 50 times and didn't care, so the odds of us suddenly caring now are zero.
I don't think the posts have been entirely unfair. If removal of the malware can be done manually, I don't see why it couldn't also be automated. That's a bit confusing to me. I think it's fair to criticize Windows because for far too long, security on that OS was a joke. Admittedly, Microsoft has improved things, but there are also a lot of users who are far too gullible.
With respect to this specific story, the summary is very light on technical details. It reads like something that's written for the
Look at IOCs. Random file names, random services, and rootkits. Makes it hard to create an automated script that anyone can download and use.
Look at smart service for example. Malware devs changed that constantly to the point that antivirus just gave up on it. Malwarebytes used to do a good job and no longer have too to automate its removal.
Some of this stuff is not as easy as you think.
Of course ultimately anything could be automated with enough man power to keep up, but I donâ(TM)t think that was th
This is why we can't have nice things (Score:1)
Someone tries to post a helpful PSA type message and predictably the comments section is immediately flooded with people who have nothing of any value to say, but can't help but be assholes and make some kind of stupid "Windoze $ux!" type comment. We're all happy that Linux, macOS, or whatever the fuck else you might be using works for you, now kindly take your insecurities back to Linux or Mac forums where you can blissfully live out the rest of your days in a happy echo chamber where no one will ever challenge your views. We don't need the same 50 people making the same 50 useless comments every time there's a post about Windows. We all heard you the last 50 times and didn't care, so the odds of us suddenly caring now are zero.
Re: (Score:2)
For every five hundred thousand or so obstinate windows users who think they are punishing us, there is one that it might sink through to. We'll continue to try to save the ones that deserve it, thank you. You can strive to become worthy or you can continue to get bent.
Re: This is why we can't have nice things (Score:0)
No PC user thinks they are punishing you.
Quite the opposite: they do not know you exist and would not care about you if they did.
Get over your big bad PC hating self.
Re: (Score:0)
This is why we can't have nice browsing. (Score:0)
How many years did it take to realize we don't like each other? Anyway you want helpful? Access the internet through an OS running on a VM. Blow away after through surfing. Remember the internet is NOT your friend, it's hostile and will eat you alive if it could.
Re: (Score:3)
"Unfortunately, while some security programs are able to remove parts of the infection, the rootkit component needs manual removal help."
I have never in my life ever heard of any type of malware or code that can be written that can
"Be removed with human assistance" that cannot be removed by a program.
If someone were even a mildly competent "security researcher", they would write a script or a program that would do the removal that is needed as well as provide detailed ins
Re:This is why we can't have nice things (Score:5, Informative)
I have never in my life ever heard of any type of malware or code that can be written that can :
"Be removed with human assistance" that cannot be removed by a program.
Those have been around for over a decade.
They work by replacing some core part of the OS, like the SATA driver or the filesystem driver. That makes it impossible for anti-virus software to clean the infected files, because the rootkit can block writes to those files and hand the AV software clean copies when it scans them. They operate at such a deep level, running inside the kernel, that the best AV software can do is detect their secondary effects and try to suppress them.
The only way around this is to manually boot from a recovery CD and replace the infected files. Some AV companies provide bootable CDs that can run their software. The best ones use Linux because the Linux NTFS driver just ignores permissions and lets them access those system files and delete them. Then you can use a Windows install disk or the Windows 10 recovery system to replace them and get the system running.
It's a manual process, the rebooting from CD/USB drive and then running the Windows recovery can't be automated.
Re: This is why we can't have nice things (Score:2)
I suppose there are still machines running BIOS, but I donâ€(TM)t think I have owned any in several years.
I certainly would hope that the â€oesecurity companies†have the ability to do this.
Re: (Score:2)
Does AV software having the ability to push UEFI modules sound like a good idea?
re: Another devious malware trick (Score:3)
I ran across a particularly devious malware tactic recently. The malware was purposely setting the NTFS "dirty" flag repeatedly, so the filesystem was flagged as needing repair. That, in turn, prevented most of the bootable virus cleanup/recovery discs from cleaning the system. They'd boot up but report they could only mount the target filesystem as "read only" because it was damaged and needed to be repaired first!
Re: (Score:2)
Thanks, I hadn't seen that one but will look out for it.
Re: (Score:1)
Re: (Score:2)
I have Macs also... I don't really know why... but they are pretty. I buy them and swear I'll use them someday. I am an iPhone user though. I have and love my iPhone 6S Plus and can't wait to get a new battery for it in Paris in a few weeks.
People like debating about which OS is best. The answer is pretty simple... they're all pretty great these days... though if I ever see Gnome again, I'll vomit on whoever's keyb
Re: (Score:1)
Someone tries to post a helpful PSA type message and predictably the comments section is immediately flooded with people who have nothing of any value to say, but can't help but be assholes and make some kind of stupid "Windoze $ux!" type comment. We're all happy that Linux, macOS, or whatever the fuck else you might be using works for you, now kindly take your insecurities back to Linux or Mac forums where you can blissfully live out the rest of your days in a happy echo chamber where no one will ever challenge your views. We don't need the same 50 people making the same 50 useless comments every time there's a post about Windows. We all heard you the last 50 times and didn't care, so the odds of us suddenly caring now are zero.
U mad bro?
Re: (Score:0)
I don't think the posts have been entirely unfair. If removal of the malware can be done manually, I don't see why it couldn't also be automated. That's a bit confusing to me. I think it's fair to criticize Windows because for far too long, security on that OS was a joke. Admittedly, Microsoft has improved things, but there are also a lot of users who are far too gullible.
With respect to this specific story, the summary is very light on technical details. It reads like something that's written for the
Re: This is why we can't have nice things (Score:0)
Look at IOCs. Random file names, random services, and rootkits. Makes it hard to create an automated script that anyone can download and use.
Look at smart service for example. Malware devs changed that constantly to the point that antivirus just gave up on it. Malwarebytes used to do a good job and no longer have too to automate its removal.
Some of this stuff is not as easy as you think.
Of course ultimately anything could be automated with enough man power to keep up, but I donâ(TM)t think that was th
Re: (Score:0)
Windows users say they don't care, but every week when they get new malware, they start complaining about it Yet Again.
Sure you don't care. You don't care so you cry about your malware all the time. Those are fake tears, suuure.