Reevaluate your backup strategy in the face of current ransomware trojans like Locky

bgoodman4, you can take those paranoid feelings away. You running plenty security programs and still feel paranoid, that shouldn't be. Perhaps you ought to start running your email client or web mail sandboxed. If you do that, attachment will run in the sandbox and they cant touch your system.

Bo

 

I mustn't have paranoid bones in my body. I don't run any of those or even an anti-virus. Well, just Defender in Win10.

 

Yes, I know, thats why I have one drive that is only connected to the system once a week and then only for the time it takes to make the image. I am not sure why you say "in a risky environment". Are you are assuming I hang out in risky environments? I don't think I do,,,,at least no more risky than everyone else here,,,it is the Internet after all.

I tried Shadow Defender again and still do not like it. I am comfortable with mysetup as it is now. Mind you I was comfortable with my existing set up before this thread showed up,,,,so I have added HitMan. I guess I will continue to be comfortable until one of you guys shows up with something else to be wary of.

 

Not paranoid, just cautious,,,or rather "prudent". See the quote from Euripedes at the bottom of this post.

I have tried sandboxes (Sandboxie and Shadow Defender) and do not care for them.

 

I think Brian and I must be from the same boneyard. I run only the MalwareBytes pair (AntiMalware and AntiExploit) and Security Essentials (same as Defender), mainly 'cause they cover totally different vector areas of virii/malware system entry... and, of course, managed imaging and file replication where needed for System disaster protection

The practice of using "SafeNet" (web downloads, email attachments, etc.) probably has more to do with System safety than any of the tools listed above.

 

I do follow SafeNet protocals but the rest protects me from making mistakes. I prefer being extra safe just in case. Better to my mind than doing what may be considered the minimum (SafeNet). There are times, for example, when you may get an e-mail from a legit contact and are faced with opening what appears to be a legit attachment. If you are following SafeNet procedures you should ask if the contact did send it to you, if he answered yes, then you will open the attachment possibly to then discover that you have indeed opened yourself to malware. The SafeNet protocol will reduce the likelihood of infecting your computer but will not guarantee you are safe. Having anti-malware software adds another layer of security, having a program like Appguard adds yet another layer. Perhaps there can be too many layers of security but to my mind more is better than less.

 

I haven't seen malware for years and I use no third party malware software. If I do get infected in the future I'll restore an image.

 

Good move but in the process you could been infected with malware that steals credentials or encrypts data (personal data which is the most precious). Even though you restore a system image the worst things I mentioned already happened and you can't do anything to revert that. I assume you are talking about to restore a system image right?
Personally I don't care about system partition cause I restore an image in circa five minutes and that's it.

 

So, lemme see if I get this right. Mister X shows no less than 7 either pro-active or reactive anti everything processes being used in his signature above, and Brian K mentions the use of Windows DEFENDER earlier in the thread as his only indigenous protection method (besides imaging that is)... and neither has been affected by virii or malware in the recent past.

What can we derive from this, if anything?

 

From my own POV, he doesn't browse anywhere and he's perhaps very cautious when clicking links. And that he doesn't install too much software which increases attack surface, perhaps. And he doesn't make use risky use of any other point of entry for malware; note that I use to plug in a lot of USB drives from my customers.

 

Exactly,

what is important is that you

1: are aware of the potential of the situation (ie: that it is possible to run into problems in the first place - in this case ignorance could well lead to a non-blissful situation) and that even if you are very careful in terms of what you do when on line - or are plugging in some USB device, that there is a chance that you may encounter a problem.

2: assuming an understanding of the potential problems, that you have taken steps to protect your system and that you are comfortable with the steps you have or are taking to protect yourself. Obviously if the only thing you use your PC for is surfing the net then an off-line image is all you need to get back up and running. If you are like Peter with lots of sensitive data on your PC then it is reasonable that a more comprehensive set of protective measures will be what it takes to make you safe and to feel comfortable.

Personally I am in the financial services industry and I also help my wife in her design business. The loss of the data on my system would be catastrophic to both our businesses never mind the risk to my clients if my system were to be breached. I feel it reasonable to be extra cautious (well a bit paranoid even) in this situation.

 

From my experience, if you are careful about what you install, and keep Windows updated, it extremely hard to get infected, even when not using any security software.

At times, I've had no antivirus software installed, and visited plenty of unsafe sites, even going as far as copying and pasting the address of websites from Google search results when Google tried to prevent from visiting a link it considered unsafe, and also installed lots of random software and not got infected. I'm excluding PUPs as I regularly install them. I'm talking about actual malware.

With this in mind. If like me, you're not at all paranoid about getting infected, and are careful about what you install, a basic antivirus like Windows Defender should be more than adequate.

 

roger_m I should like to point out that just because it has not happened in the past is no guarantee it will not happen in the future. If what is on your system is important to you all it will take is one incident to lead to devastation. That being said, I would expect that you understand the possibility of a problem and its potential consequences. You are also clearly comfortable with your current approach. I hope your luck holds and that you never have cause for regret.

"Chance fights ever on the side of the prudent"

 

@bgoodman4 I know that, and as I said in my post, it makes it "extremely hard" to get infected, not impossible. In fact it has happened to me in the past on very rare occasions that I have got infected. But, that has only been when I've launched something I shouldn't have. When I've been careful about what I let run on my systems, I have never got infected. I can't recall ever getting infected on my own computers by visiting an unsafe website or by launching an installer I chose to download (I make no efforts to stick to downloading from trusted sites), and I install a lot of software. I got infected once just by browsing the web on a work computer. But, that computer was running outdated Java, Flash etc.

As I said in my post, using no antivirus software is what I have done only at times. For quite some time now I have had antivirus software installed all the time on all my computers, and I do create images of my system in case I need them. Although, I would try to clean an infection before restoring from a clean image.

 

Barry,

We are all vulnerable to catastrophic malware infection, you included. Does having malware software installed help? Probably. But it's far from 100% effective. We all need to have backups so that everything can be restored when Judgement Day arrives.

 

Look at it from this perspective:
Are you going to be infected by malware? Maybe.
Are you going to suffer data loss due to hardware failure one day? Absolutely.
Mrk

 

You will get no argument from me on this one,,,,,I have spoken about my backup procedure many times before so will spare you doing so again. To me backing up is an absolute necessity since its not only malware you are protecting against when you image, its also hardware failure and lose (ie theft , fire, etc). In fact it was this thread and the idea that images were vulnerable to ransomaware just because they were on drives connected to an attacked PC that prompted me to add HitMan Alet to my security software.

 

In reality, the chance of being owned by a malware if very slim if we all use our brain in everyday computing. I have been using Windows XP, Vista, 7, 8, 8.1, 10, Ubuntu etc over 1.5 decade, and I don't recall I was infected even a single time. And, I am a software junkie -- I have been doing software testing all over the years. My point is, the most important thing is - common sense, plus a bit of caution. I do use LUA, and use a basic single AV on Windows (Kaspersky, or Avira, or Symantec AV at some point). EMET was on my computer for a limited time but no more, since I don't find it doing anything other than occupying resources.

For most of us, the most important thing is to keep at least 3 copies of our important data. One copy on an internal HDD of our computers, two copies on 2 offline external HDDs, ideally located in different physical locations. Data on the external HDDs get updated very week or so. Very simple, that will do, for most people.

 

Agree that backup images are the ultimate defense, and your point concerned me also. Maybe also consider this, and some following posts.
I am using Pumpernickel now (previously I used Secure Folders, now abandonware) to protect my connected USB backup drives.
Takes a little research and experimentation, but worth it for the peace of mind.
And yes, also using HMP.A protection ...

 

best defense? don't click unknown files?

 

Are you saying not to install unknown files? Or are you saying you should not click unknown links? For the former see below. For the later you would pretty much never go anywhere as most links we click, say during a google search, lead to unknown sites.

I would point out that this is not always possible,,,,or rather,,,,,,its not always possible to know that a file is unknown.

Sounds like I am a raving lunatic right?

Well, here is an example or two.

There have been instances of folks being redirected to look-alike sites after clicking on what appears to be a link to a legit (popular?) site. Once on that site anything can happen since the person does not realize he is not where he thinks he is, including the downloading and installation of what is thought to be a legit app,,,,,or a legit upgrade to a legit app,,,,only in this case its not.

Or perhaps a friend sends you to a site saying that he just found a great new program,,,,and best of all its free. He has been using it without issue for some time. You got it, malware contained, grabbing all your keystrokes so someone in the Eastern Block can access your bank accounts.

Need I go on?

 

Thanks for the link, a bit beyond my comfort level though.

I will rely on HitMan to protect my PC and my connected external backup drives from ransomware. I do maintain weekly images that reside on a drive that is only connected while the PC is being imaged so its not going to be susceptible to anything other than physical loss. I am comfortable with this. Of course I would not like to lose a weeks work but manually connecting the drive daily to create an image on the off chance that HitMan might fail is more than I feel the need, or desire to do.

 

yes

you have some link checker browser's extension, that gives you a good idea of what you will tumble upon.

By unknown , i mean something you personally don't know. You never used it = unknown = potential risk = need precautions = open in Virtual machine or isolated environment.

not to me

People must think before clicking, like reading the full link; unfortunately i don't deny the fact that we often put too much trust on what is shown to us.

I trust no one, even myself, despite having some very safe habits. I rely on anti-exe and virtualization softs , in case i execute/browse something i shouldn't.

i get your point, however i will say that safe habits will greatly reduce potential risks. Problem is that Average Joe will discard all of them if he finds his game's crack or so-long-searched optimization utility that will transform his computer into automated machine. Human factor is the weakest ink of the chain.