undefined | Better HN

story

0 pointsArcHound28d ago0 comments

AFAIK the idea is to have backups so good, that restoring them is just a minor inconvenience. Then you can just discard encrypted/infected data and move on with your business. Of course that's harder to achieve in practice.

0 comments

supertrope27d ago

If the important data is in a web app and the Windows PC is effectively a thin client, this lowers the ransom value of the local drive. Of course business disruption in the form of downtime, overtime IT labor cannot be mitigated by just putting everything online.

The next step is just to move to security by design operating systems like ChromeOS where the user is not allowed to run any non-approved executables.

If tricking a single employee can cause an entire company to stall out, it's a process issue. Just like how a single employee should not be able to wire out $100,000.

Ajedi3227d ago

Getting rid of Windows in favor of an OS with a proper application sandbox like Android would solve so, so many security issues, but that's not viable in most cases because so much software depends on the outdated user-based permissions model most desktop OSs are built around.

ArcHoundOP27d ago

Please don't. It's bad enough that companies running windows have all the data on win premises. Dumbing down what the users can do with their machines seems like the end of personal computing.

Ajedi3227d ago

I don't think Android is "dumber" or less capable than Windows. In many ways the application sandbox actually gives owners a lot more control over their devices than a less locked down OS would, allowing them to restrict what information installed applications are allowed to access.

But what I think you're concerned about (and I agree) is that the flip side of that is that giving device owners more control over their apps also gives the OS developers more control, and Google's interests are not always perfectly aligned with the device owner's. There's a much wider market for apps than there is for operating systems, so sometimes app developers' interests will actually be better aligned with the device owner's than the OS developer's interests are.

One possible saving grace here is AOSP. In theory you could have multiple competing AOSP-based desktop OSs, each catering to a slightly different set of users. This would be close to the ideal situation in my opinion. Either that or Chrome, Firefox, Edge, and Ladybird all evolve into full fledged OSs with WASM-based apps.

1 more reply

finghin28d ago

Sleeper agent malware is a thing especially in high risk situations. If somebody has a dormant RAT installed since year X-1 it’s going to be impossible to solve that in year X by using backups

BenjiWiebe27d ago

What about non executable backups? Backup data but not programs?

Not applicable everywhere, but I think it's applicable most places.

parineum27d ago

Executables read data.

mschuster9128d ago

In the end the limiting factor will be the bandwidth of your disk arrays... enough compromised machines and they will get overwhelmed.

Veserv27d ago

That does not work. They just infect you and do not demand a ransom for a few months as they encrypt all your data going to the backup. Now your backups are also encrypted going back multiple months and you have to discard months of work.

ArcHoundOP27d ago

I guess I should set up a monitor alerting me if the two backup diffs are larger than 80% of the data size.

But yes, these are the practical problems we need to address.

billypilgrim27d ago

Modern ransomware are not just encrypting data but uploading them somewhere too, the victim is then threatened with a leak of the data. A backup does not save you from that.

ArcHoundOP27d ago

Well yes, if you get breached, you have problems. At least in good backups scenario you can continue to operate, so you have money incoming to fix this.

j / k navigate · click thread line to collapse

0 comments

supertrope27d ago

The next step is just to move to security by design operating systems like ChromeOS where the user is not allowed to run any non-approved executables.

If tricking a single employee can cause an entire company to stall out, it's a process issue. Just like how a single employee should not be able to wire out $100,000.

Ajedi3227d ago

ArcHoundOP27d ago

Please don't. It's bad enough that companies running windows have all the data on win premises. Dumbing down what the users can do with their machines seems like the end of personal computing.

Ajedi3227d ago

1 more reply

finghin28d ago

Sleeper agent malware is a thing especially in high risk situations. If somebody has a dormant RAT installed since year X-1 it’s going to be impossible to solve that in year X by using backups

BenjiWiebe27d ago

What about non executable backups? Backup data but not programs?

Not applicable everywhere, but I think it's applicable most places.

parineum27d ago

Executables read data.

mschuster9128d ago

In the end the limiting factor will be the bandwidth of your disk arrays... enough compromised machines and they will get overwhelmed.

Veserv27d ago

ArcHoundOP27d ago

I guess I should set up a monitor alerting me if the two backup diffs are larger than 80% of the data size.

But yes, these are the practical problems we need to address.

billypilgrim27d ago

Modern ransomware are not just encrypting data but uploading them somewhere too, the victim is then threatened with a leak of the data. A backup does not save you from that.

ArcHoundOP27d ago

Well yes, if you get breached, you have problems. At least in good backups scenario you can continue to operate, so you have money incoming to fix this.

j / k navigate · click thread line to collapse