XP support terminates March 2014

[wr250]

I love Linux and would change over today if I could just be gauranteed all my software would run there.  However I've tried switching over several times and invariably I end up back in the Windows trap.  I just don't have time to mess around with Wine compatability lists or open-source app alternatives when, especially for work, I just need a particular software to run, and run right. 

I've tried dual-boot setups, and that just ends up complicating things, so eventually I always just end up back in Windows even though I hate it.  I think until most software runs natively on Linux, it just won't ever be able to be reliable as a desktop platform, which sucks for me since I love it for many reasons (speed, control, flexibility, backwards compatibility, command-line power, software install management, different interface choices, different distribution choices, etc.)

so fire up virtualbox and install linux there,then  look for replacement native programs in linux. ive been using it since 1999 as my main desktop.

[Tarbaby]

DigitalPigSnuggler: I wrote it down, going to get it tks.

I'm loving this exchange between you and MV. Humerous AND helpful.

cweb: Largely my sentiments same as yours.

Mind Flayer Monk: Yes, that's what I've heard too. Driver updates and just drivers in general. And the constant dicking around meddling with the Linux OS. Because of my nearly depleted vision I can't be futzing with the OS to keep it running day to day. I recognize that in this discussion I have my own special criteria). BTW, why is it easier to search for files on Win   8? BTW, your alias reminds me of NeverWinter Nights).

Get a good anti-virus software? Would a good one have prevented CryptoLocker from infecting peoples' machine? Anyway, my general impression is that Microsoft Windows is just not winning the battle against malware. I don't have confidence in Windows (or Adobe or Adobe Flash, etc) as malware proliferates. Haven't had for years now. Up til a month ago I was prepared to bite the bullet and build yet a new Windows ( machine. But I'm now against it unless convinced otherwise. So I'm leaning toward Apple or Linux. I'd be happy just to take THIS machine offline and keep using it for everything BUT internet use. I've tweaked it to what I like over a 6 year period (or more).

Morgus: Ah, yes, thanks for that tip! But that isn't a deal-breaker for me and I was aware of it too. Frankly, I've never used the START menu on windows and as I hear thousands of people mention it I wonder why I devised my own way of doing things. Without the START menu. I also use my own separate dual-pane file manager (after trying dozens over the years).

Zeebo: Now THAT post is just the kind of thing I'm concerned about! SUPER helpful post!

[MV/Liberace!]

Get a good anti-virus software? Would a good one have prevented CryptoLocker from infecting peoples' machine?

ahhh, yes... i have a cryptolocker machine on my bench as i type this.  it was running mcafee, for the record.

[Tarbaby]

Great to hear! I need to ask, though, was it the initial CryptoLocker that took the country by storm and was then defused by all the main AV programs? Or did Macafee handle it in its week 2 or so? There are new variants now. And, hey, Steve Gibson says he fears it's now the way of the world, clouding the future. And there willa lways be something else next week and the week after. Ain't I a gloomy Gus.

BTW, the vulnerability I am concerned about is the gap between when a clever new malware shows up and the day or week later that AV programs defuse it. In that interim one is vulnerable. Which will also be the case when XP support terminates. Hackers will be hitting XP OS like flies on mierda.

So, the crucial question is did Macafee catch it on its zero-day attack. Or after it had been out a while?

[MV/Liberace!]

Great to hear! I need to ask, though, was it the initial CryptoLocker that took the country by storm and was then defused by all the main AV programs? Or did Macafee handle it in its week 2 or so? There are new variants now. And, hey, Steve Gibson says he fears it's now the way of the world, clouding the future. And there willa lways be something else next week and the week after. Ain't I a gloomy Gus.

BTW, the vulnerability I am concerned about is the gap between when a clever new malware shows up and the day or week later that AV programs defuse it. In that interim one is vulnerable. Which will also be the case when XP support terminates. Hackers will be hitting XP OS like flies on mierda.

So, the crucial question is did Macafee catch it on its zero-day attack. Or after it had been out a while?

i don't know because i really never look into any of this crap when a machine comes through.  i just save whatever data can/needs to be saved, reinstall windows, and move on.

[Tarbaby]

I'd wager mcafee caught it after they had pushed a new database that responded to the original CryptoLocker. I'd be curious to know the dates and details; which version of CryptoLocker it blocked. Because my understanding is there is no "reconstruction" of an infected machine. One either pays the ransom or just re-images the machine. Which was my initial defense, I made an image, put it on an external drive and then disconnected that drive from my system. So if hit I could just re-image. If that happens to work by some miracle.

[Little Hater]

Looks like we all have another year to worry about it. 2015 - The Year Of The Linux Desktop!

http://thenextweb.com/microsoft/2014/01/15/microsoft-extends-updates-windows-xp-security-products-july-14-2015/

[MV/Liberace!]

Looks like we all have another year to worry about it. 2015 - The Year Of The Linux Desktop!

http://thenextweb.com/microsoft/2014/01/15/microsoft-extends-updates-windows-xp-security-products-july-14-2015/

looks like they're only extending updates to security products that run on xp, not updates to xp its self.

[Tarbaby]

Tks for the link, MV. I had no idea XP has been around 12 years. I would have guessed less. Still don't know what I'm going to do after all this info.

[Tarbaby]

ahhh, yes... i have a cryptolocker machine on my bench as i type this.  it was running mcafee, for the record.

I was off doing something totally unrelated today when I thought of your post above, from earlier. Don't know why it didn't register at the time with me but when this machine was on your bench was it there to be fixed for a crypolocker problem or something unrelated? I'm curious because if it was infected with cryptolocker it couldn't be "fixed" (except being wiped and re-installed or re-imaged) and if it whad escaped a cryptolocker attack then it wouldn't need fixing. Conclusion: it was on your bench for somet other reason?

And if this is the case then it wasn't an example of Mcafee protecting the machine, right? What am I missing?

[Little Hater]

Slight thread hijack, but who knew that 95% of the world's ATMs use XP ?

http://www.businessweek.com/articles/2014-01-16/atms-face-deadline-to-upgrade-from-windows-xp

[MV/Liberace!]

I was off doing something totally unrelated today when I thought of your post above, from earlier. Don't know why it didn't register at the time with me but when this machine was on your bench was it there to be fixed for a crypolocker problem or something unrelated? I'm curious because if it was infected with cryptolocker it couldn't be "fixed" (except being wiped and re-installed or re-imaged) and if it whad escaped a cryptolocker attack then it wouldn't need fixing. Conclusion: it was on your bench for somet other reason?

And if this is the case then it wasn't an example of Mcafee protecting the machine, right? What am I missing?

it was a machine infected with cryptolocker which is why it was on my bench.  yes, you can remove cryptolocker without a windows reinstall, but from a pure computer security perspective, you should always do a reinstall when malicious processes are known to have been running on a machine at some point.  in this case, the customer did not have time to wait for a windows reinstall and they did not have a copy of microsoft office we could install later.  they would have had to purchase another copy, and this customer is cheap.  all signs pointed to surgical removal rather than a full reinstall.  customer's perogative.  i get paid nearly the same with either approach, so if they're willing to live with the risks, that's their choice.  all i can do is inform them of the best way forward and maybe they'll take my advice.  if they call me in a month and say the machine is infected again, i won't be entirely surprised.  nor will i feel guilty.  the thing has a lengthy history of malware instances, so this would have been a very appropriate time to wipe it and repair any lingering damage that i don't and can't know about.

on this machine, most of the data (documents, pictures, etc) was encrypted by CL, but about 30% of it was not.  it appears mcafee failed to stop cryptolocker's encryption process initially, but eventually it did intervene successfully, stopping the process and removing the cryptolocker executable (exe).  unfortunately, when the cryptolocker executable is removed, the user has no ability to retrieve the private key even if they want to pay the ransom.  the exe must be downloaded again from a url provided on a beautiful new desktop background, courtesy of CL.  it's really a strange feeling to download an executable you KNOW to be malware and deliberately run it with all malware utilities disabled on purpose.



this customer considered the lost data to be disposable, so they did not pay the $300 ransom.  if, on the other hand, one does care about the data, there is no choice but to pay.

[onan]

it was a machine infected with cryptolocker which is why it was on my bench.  yes, you can remove cryptolocker without a windows reinstall, but from a pure computer security perspective, you should always do a reinstall when malicious processes are known to have been running on a machine at some point.  in this case, the customer did not have time to wait for a windows reinstall and they did not have a copy of microsoft office we could install later.  they would have had to purchase another copy, and this customer is cheap.  all signs pointed to surgical removal rather than a full reinstall.  customer's perogative.  i get paid nearly the same with either approach, so if they're willing to live with the risks, that's their choice.  all i can do is inform them of the best way forward and maybe they'll take my advice.  if they call me in a month and say the machine is infected again, i won't be entirely surprised.  nor will i feel guilty.  the thing has a lengthy history of malware instances, so this would have been a very appropriate time to wipe it and repair any lingering damage that i don't and can't know about.

on this machine, most of the data (documents, pictures, etc) was encrypted by CL, but about 30% of it was not.  it appears mcafee failed to stop cryptolocker's encryption process initially, but eventually it did intervene successfully, stopping the process and removing the cryptolocker executable (exe).  unfortunately, when the cryptolocker executable is removed, the user has no ability to retrieve the private key even if they want to pay the ransom.  the exe must be downloaded again from a url provided on a beautiful new desktop background, courtesy of CL.  it's really a strange feeling to download an executable you KNOW to be malware and deliberately run it with all malware utilities disabled on purpose.



this customer considered the lost data to be disposable, so they did not pay the $300 ransom.  if, on the other hand, one does care about the data, there is no choice but to pay.

I wish some hacker would inform me of their deeds, so I could shoot them.

[DigitalPigSnuggler]

I wish some hacker would inform me of their deeds, so I could shoot them.

I wish some hacker would text me their deeds during a movie while sitting in front of me, so I can bag a twofer.

[onan]

I wish some hacker would text me their deeds during a movie while sitting in front of me, so I can bag a twofer.

My thoughts, exactly.

[aldousburbank]

My thoughts, exactly.

Why do you hate freedom of texting?

[DigitalPigSnuggler]

Why do you hate freedom of texting?

Because I love watching the movie I paid $12 to see even more.

[wr250]

I wish some hacker would inform me of their deeds, so I could shoot them.

i wish i could find the moron that designed cryptolocker, and do the following

Code Select Expand

for i in {1..7} ;do for a in `fdisk -l | grep "dev/" | awk -F " " '{print $1}'`;do dd if=/dev/urandom of=$a ; done;" 
or similar. do not run that, it will dod wipe all your disks. error introduced intentionally...

then edit their bootloader to say:
operating systems:
your fucked
no data
no retrieval
have fun

and then watch them cry.

[onan]

Why do you hate freedom of texting?

Because texting kills.

[Tarbaby]

MV: Ah. Interesting! Thanks for those details.

I would think it wouldn't be too difficult to remove the CL .exe files but decrypting the encrypted data files is something else entirely.  They're using, as I understand, an encryption method that hasn't been broken. I suppose like TruCrypt or LastPass. I suppose NSA could with brute force (immense CPU power) and lots and lots of time. I notice you say the guy didn't mind abandoning his encrypted files rather than pay the $300.

These days (they say) the malware has been known (in isolated cases) to hide in the video memory. So I imagine that is a good reason to do a cold boot often. And we discussed the BIOS as a refuge for malware earlier where the malware can lurk and gloat, safe and warm.