Improved CryptoLocker Clone "Cryptowall" Has Locked Over Half A Million PCs, 5 Billion Files

Status
Not open for further replies.

soccerplayer88

Distinguished
Feb 1, 2010
227
0
18,680
That's really the biggest problem.

We regularly go over safe browsing habits with customers but short of us "policing" their internet these problems will never go away.

So at the very least we strongly encourage users to either purchase a backup external drive or setting them up to save files to a central server. Worse case scenario we can just roll back the backup and all is well.
 

rayden54

Honorable
May 14, 2013
184
0
10,690
If they really wanted to be paid you'd think pick an easier way--or less money. I know people who've had computers for years and every file they've ever acquired will fit on a single DVD. It might be worth $10-$15 to unlock their files, but for $500 they'll just buy a new computer.
 

Christopher1

Distinguished
Aug 29, 2006
666
3
19,015
Having an admin account really has nothing to do with these things. Even if you have a standard user account that you use daily, the problem is that these things have methods to get around UAC and other protections in Windows Vista-8.
Now, as to the "Don't download programs from iffy websites!" that I agree with.
If they really wanted to be paid you'd think pick an easier way--or less money. I know people who've had computers for years and every file they've ever acquired will fit on a single DVD. It might be worth $10-$15 to unlock their files, but for $500 they'll just buy a new computer.
Or they will just re-image their computer and have done with it. That is what I would do in this situation, re-image my computer and move the hell on.
 

mapesdhs

Distinguished
If I fitted my house with locks which failed so miserably at preventing
a break-in, beyond any insurance claim I'd certainly consider suing
the lock maker. What we need one of these days is a person/company to
sue MS (or class action) to force them to make operating systems
with far better security by default. The security mess known as Windows
has been plodding along for years & years, costing individuals & corps
enormous sums every year in wasted time, resources, etc., yet nothing
seems to change. Instead, blame & responsibility is placed upon the
user wrt to visited sites, handling emails, downloads, etc. - an approach
which means the security 'effort' is replicated billions of times over and
over again with no improvement in the base system. The focus is
entirely at the wrong end of the scale; a decently written OS shouldn't
be such a security nightmare in the first place, but because winblows
is standard, nobody seems to care, it's regarded as normal, an attitude
found nowhere else in modern consumer tech. If an ordinary consumer
tells a computer shop owner that their PC has a virus problem, they are
told that's a normal risk; same response for a bug-related BSOD or other
Windows issue. When are we going to say enough is enough and force
the responsibility back onto MS?

I quite like Win7 in general terms, but it's security aspects are absolute
junk compared to the 15-year-old UNIX box I also use.

I have no interest in Win8; I only use desktops & thus refuse to be treated
like a child by being forced to use a gesture-focused interface more suited
to a slate & chalk era.

Ian.

 

warezme

Distinguished
Dec 18, 2006
2,450
56
19,890
If I fitted my house with locks which failed so miserably at preventing
a break-in,

It doesn't matter what MS does. If you fitted your house with locks and every time ANYONE knocked on the door you opened it up for them and invited them in for cookies, your locks are still worthless.

People unfortunately when it comes to computers, are stupid. They treat them like appliances which they are not. I have been running windows for many many years and I could count on one hand (2 fingers) how many times I have had a problem with malware or viruses. Of those two times I recognized immediately what I did wrong and knew how to fix it.
 

oxxfatelostxxo

Distinguished
Aug 17, 2007
157
0
18,710
If I fitted my house with locks which failed so miserably at preventing
a break-in,

It doesn't matter what MS does. If you fitted your house with locks and every time ANYONE knocked on the door you opened it up for them and invited them in for cookies, your locks are still worthless.

Funny way of putting it, however he is correct. Not only are 95%(made up number) of the viruses and spamware on peoples computer on there because of their own doing but no matter how well designed any program is if somebody wants to break into it they will.

Seriously though when even government computers get hacked into every now and then and their security and restrictions on what a user can do are a 1000x more extreme, don't expect a home computer to ever be 100% unless you leave it powered off.
 

Achoo22

Distinguished
Aug 23, 2011
350
2
18,780
If I fitted my house with locks which failed so miserably at preventing
a break-in, beyond any insurance claim I'd certainly consider suing
the lock maker. What we need one of these days is a person/company to
sue MS (or class action) to force them to make operating systems
with far better security by default. The security mess known as Windows
has been plodding along for years & years, costing individuals & corps
enormous sums every year in wasted time, resources, etc., yet nothing
seems to change.

It's painful to see dozens of "blame the victim" posts, but that seems to be the trend on much of the Internet. It's equally troubling to see thoughtful posts like your own downvoted so hard.

MS could absolutely provide an OS with better security. Virtualization technology has been readily available for decades, so there's no reason that "unsafe" code should be allowed to takeover your system, just as there's no reason that DRM should be able to upload your financial documents or e-mail.

The idea of holding software developers accountable for their software would do much to ensure software correctness and ethics. Only licensed software architects should be able to distribute certified software, and everything else should be restricted to sandboxes (which, honestly, really shouldn't limit functionality in any way). There are a ton of other professions that require licensure, so I don't think it's really that big of a stretch to require it of software developers.

I'd also like to see some legislation that limits OEM hardware and software to functions that support their advertised use. So, no more cell phones that come prepackaged w/ spyware, no SmartTVs that record and upload your viewing habits, etc.
 

Marcel Hardy

Reputable
Aug 5, 2014
2
0
4,510
Precisely why there need be monitoring for accountability. I believe in a neutral Internet where all traffic run uninhibited like the free air we speak in. But certainly when one overhears of a crime and they should do something about it. That is mature and responcible. To whine over anonymity is paranoia, selfishness, immature and conceited. A free uninhibited net with accountability is responcible and prudent and a mature internet. Many will whine as they do best. But the whining spoiled coward is always the liability to all and themselves. To act without integrity and cowardice is what too many twenty somethings do. Like the brat wanting his way. Privacy for what. If the NSA wants to plant a camera iin my toilet I am not ashamed. Anti-social zealots whom hide behind screens too much neednt decide anyones future. They cant cope with their own.
 

mapesdhs

Distinguished


Indeed, that's why all I can do is upvote your's. :}

Those who down-voted me should explain why they are effectively supporting the opposite notion,
ie. that sw developers should be allowed to publish whatever junk they like with no liability at all.
Windows security flaws cause billions in damage every year worldwide, but nothing changes; the
down-voters are saying they think this is a good thing. Sheesh...

Ian.

 

Blazer1985

Honorable
May 21, 2012
206
0
10,690
Because:
1: you downloaded the software somewhere on the internet. On microsoft store application have a chance of being monitored, you can't analyze every .exe on the internet nor ban them in any way.
2: For your pc a malware installer has the same rights as every other installer. Besides being able to recognize a malware having Microsoft telling you what you can and what you can't install would cause them way more issues and limit your freedom to do what you want.
3: All this because you can't check what you are accepting to install? I think you deserve to be infected then since is not the tool being faulty, is how you use it. It's like trying to sue Ferrari because you had an accident driving at 320kmh :-D
 

mapesdhs

Distinguished
Sheesh, talk about someone with no clue how OSs work...

The point is, a decently written OS would never allow an executable to harm system files
in the first place! That's why UNIX has always been so much better in this regard. Windows
is so messed up that half the time one has to use an admin-rights account to do various things
whether one likes it or not. I had to deal with this daily as a sysadmin at a research dept.

Ian.

 

Blazer1985

Honorable
May 21, 2012
206
0
10,690
Anyway we are not talking about system files harmed, we are talking about user files being encrypted. As long as you have rights to access the files and you install a software giving it admin-rights what kind of locks are you putting between the (suspicious) software and your files? None. Even in UNIX, if a program asks to access files outside their sandbox and you give your approval there's no need for privilege excalation or any other exploit. YOU are giving those permissions.
Who can you blame then?
The fact that Windows is messed up is irrelevant here.
 

so lets say i get stabbed walking down the street, do i go blame the police for not doing a good enough job? or do i blame my government because their citizens are unlawful? Is it my fault for walking down the street knowing that these things happen from time to time? or do i blame the guy that stabbe me?

I would blame the guy that stabbed me, seems you would blame the police and the government.........
 

Thats a problem if you backup the malware....

A good idea to use single write media like dvd's for important stuff from time to time. Incremental backups to a hdd can/will probably get infected by something at some stage.
 


That is true. One advantage of things like DVD backups.
But for me it is not nearly enough space (I probably have 10x that much to backup)
 

mapesdhs

Distinguished


Try discussing the subject without using pointless and irrelevant analogies. All you've done is
pick something which deliberately negates the direction of blame & responsibility. My original
statement still stands on its own. An operating system isn't a person walking down a street. :D
Total mismatching of concepts, like the Suez Crisis popping out for a bun...


jameskatt write:
> Keep your critical files on a Mac. Use your PC for stuff you can easily wipe erase and start over.

Almost; I use an old SGI.

Ian.


 
Status
Not open for further replies.