Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is this overkill? And a bunch of other security questions.


  • Please log in to reply
5 replies to this topic

#1 Ragnar Devonin

Ragnar Devonin

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 23 January 2013 - 08:26 PM

Hello everyone. :D

Fair warning: Idiot alert here.

Alright, so, long story short - I'm looking into getting a new laptop. The problem is my last one was taken down due to a combination of my paranoia, and an infection that messed up the system when I tried to clean it. Oh, and then the HDD failed and I lost quite a bit of stuff. :/

Therefore, I'm wanting to do it right this time so I'm trying to do my homework. Problem is, doing ones' homework entirely on a feature phone is a good way to learn just how many websites don't work on your phone. Not much else! This has left me with a bunch of questions which I'm hoping some of the kind people here can answer for me. Seems like this part of the forum was the best place since they all boil down to computer security questions.

I'm, I guess, somewhat tech-savvy, since I do a lot of reading but I haven't done much practical application. So I'd say I know some things but don't necessarily understand them. Any light you can shed here would be wonderful.

Thanks in advance, and uh... sorry for the crapton of questions/text.

Dual-Booting Linux
1) I've seen some tutorials on how to set this up, but my main question is: is setting this up as easy as it appears, or is there more to it? Pop in disc, partition HDD, install, reboot, done?
2) If my Windows partition gets an infection, is cleaning it relatively simple with a dual-boot? (Go into linx, scan, clean, done?) Or would that just not be enough?
3) After I set up the dual-boot, if I were to copy say... all of Windows' important system files over to the linux side, would these generally remain "clean" in the event Windows gets an infection? Thus if I need to replace any files, I don't need to do a total system restore. (Would also copy these to an external drive.) On that topic...

Total System Restore vs. Infection
1) The last laptop I got didn't come with a Windows disc, so I'm wondering: will doing a reset to factory defaults from the hidden partion for it clear out any infection, or is this just an unsafe bandaid and the infection would likely return?
2) Is the only way to be sure of completely cleaning the system in the event of an infection to HAVE a windows CD and do a complete format, wipe, and re-install? Which means should I buy one along with my new laptop?

Sandboxes
1) For someone who isn't terribly tech-savvy, is setting one of these up probably too complex? I tried reading into it but there are some things I'm just not sure I understand.
2) Will this generally be enough to catch anything that gets through Firefox+No Script on a Limited User Account coupled with safe browsing? Or is it just sort of a placebo thing?

Disc Imaging
1) Alright, I've seen this around as one way to back up, and I'm considering it. Question 1 is: If I make an image of my system, then it gets infected, will restoring the clean image effectively completely clean that computer?
2) Does a disc image take up a lot of space? For example, could one store an image on an external HDD or even a DVD/USB stick?
3) And finally, on a scale of 1-10, how complicated is doing a disc image vs just doing the good ol' drag and drop onto an external HDD? Is it that much more involved?

Infection vs. External Drives
1) If I plug an external drive into an infected computer (say, to save important files before a wipe), will that external drive (usb, hdd) become infected too?
2) I understand I could pull over an infected file and save that on the drive, but as long as I don't run it, should everything be fine? Even if I plug that drive into a clean computer? (Coupled with autorun being completely wiped off of newer versions of windows if one site I read is to be believed.)
3) How easy would it be to clean an 'infected' external drive if the answer to one is yes? Is it as simple as just plugging it in to a system with autorun off/a linux partition and running a few scans with AV/AM programs?

Ultimately, this is the plan... (If I can figure out how to do any/all of it):
1) Set up new Laptop (likely Windows-based, since most Macs are out of my price range) with a Linux dual-boot.
2) Run a limited user account on windows, using Firefox w/No Script behind a Sandbox while practicing safe browsing. With both a hardware (router) and software firewall. And, of course, AV/AM software (but only 1 AV otherwise there will be conflicts.) (While slowly learning how to use Linux to maybe switch over there entirely; keeping windows for games.)
3) Make regular backups to an external HDD (both disc images, and drag-and-dropped stuff in case I only need a specific file due to an accidental deletion or w/e.)
4) Set up a recovery usb/disc in the event I can't boot into either partition due to a virus/some other failure.
5) Hope this is enough/Pray.

So the big question - Is this overkill?
Are there any major flaws in my plan that I'm just not seeing because there's just something I'm missing entirely due to my lack of knowledge?

BC AdBot (Login to Remove)

 


#2 midou1994

midou1994

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 PM

Posted 27 January 2013 - 12:22 AM

Hi

A few cents

"If my Windows partition gets an infection, is cleaning it relatively simple with a dual-boot? (Go into linx, scan, clean, done?) Or would that just not be enough?"


Hi I don`t think its possible to run a virus scan from Linux then scan and repair infected Windows Files..

Windows Viruses Don`t affect any Linux version.

If you want to install Linux the easy way then You can Install using Wubi

Using this you can install ubuntu as an application that can be uninstalled from program & features
No need to worry about any boot menu issues.

Disc Imaging is good way to back up things but you may need to buy a Disc Imaging utility like Norton ghost or Acronis True Image.
Its takes an entire image of the HDD so Yes it takes up a lot of space.

As for Antivirus goes you can go for paid or Free the choice is upto you.Malware Bytes Antimalware is free and has no real time component so you don`t have to worry about any conflicts.Using Limited Account is a Good Idea cause I guess even viruses need Administrator rights to work well. :P
Don`t Change the User Account Control Setttings.Avoid Pirated Software/torrents many free alternatives out there that do a decent Job.


IMO a weekly backup of Your HDD using Acronis or any Backup Utility + safe browsing is enough.
As for the Virus Being copies to external device goes one of my friends got hit by ramnit and when I plugged my pendrive to his lappy all files/folder in my pendrive changed to shortcuts and scan of My Pendrive with Microsoft Security Essentials Detected Ramnit,Sality and one more starting with 'Y'
so,better not to plug your pen drive/HDD that has some important data in it to an infected Computer.

Disc Imaging +Internet Browsing on limited Account, a good Antivirus and Malware Bytes(Second Opinion) is fine to keep viruses at Bay

Your Safe as for Linux Nothing wrong in having it around.
'wubi' Is easy to install and easy to remove its just like any other program you don`t have to worry about the boot menu.

Edited by midou1994, 27 January 2013 - 12:24 AM.

Midou

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 27 January 2013 - 08:08 AM

Total System Restore vs. Infection
1) The last laptop I got didn't come with a Windows disc, so I'm wondering: will doing a reset to factory defaults from the hidden partion for it clear out any infection, or is this just an unsafe bandaid and the infection would likely return?
2) Is the only way to be sure of completely cleaning the system in the event of an infection to HAVE a windows CD and do a complete format, wipe, and re-install? Which means should I buy one along with my new laptop?


No, you can also do full disks backup (like imaging you mention later), and restore such a backup in case of an infection (or other problems).
That is what I do. I make full disk backups once a month, and then weekly backups of my data en daily backups of important data.
Last month my laptop's harddisk died. I bought a new HD and restored my backups. I just lost programming work, that I had to do again, because the harddisk failed just at the end of my weekly and monthly cycle.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 27 January 2013 - 08:15 AM

Disc Imaging
1) Alright, I've seen this around as one way to back up, and I'm considering it. Question 1 is: If I make an image of my system, then it gets infected, will restoring the clean image effectively completely clean that computer?
2) Does a disc image take up a lot of space? For example, could one store an image on an external HDD or even a DVD/USB stick?
3) And finally, on a scale of 1-10, how complicated is doing a disc image vs just doing the good ol' drag and drop onto an external HDD? Is it that much more involved?


1) Yes, but for good measure, wipe the infected disk first. Because there is disk imaging software that only makes a backup of used sectors.
2) If your disk imaging program takes the free sectors too in the backup, then the image is as large as the harddisk. Otherwise it is as large as the used space on the HD.
Most imaging software will also allow you to compress the backup, so that can safe space if your data is compressible. But if your disk is mostly filled with media files that are already compressed like MP3, AVI, JPEG, the compression factor of the backup will be small.
3) That depends on the software. But it can be easy. And drag and drop is not as easy as you think. If a file can not be read, then your drag and drop file copy will just stop.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 Ragnar Devonin

Ragnar Devonin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 23 February 2013 - 09:15 PM

Thanks for the answers! I didn't mean to take so long to reply... my phone broke not long after posting this (just got it back.) Between that and a few other things, it looks like I won't be getting a new laptop anytime soon now. I guess that gives me more time to research at least. :/


From the sounds of things though... Yep, I was way overthinking it and making it super complicated when it doesn't sound like it needs to be. Heck, re-reading my post now I realize it was way too much. I should have asked less... So, safe browsing, under a limited user account, with a good AV and something for backup (like MBAM), plus disc imaging and I'm good?


Oh, and wipe the disc first if I get infected before restoring the images (which I should do full disc images of in the event this happens, otherwise it won't be as useful... )


I read about something called a Boot'N'Nuke: would this be what I would use to wipe it prior to reloading the image? I had some people tell me if I'm ever going to sell a HDD to use that first to make absolutely sure there's nothing salvagable, so I assume it would work just as well for making sure an infection is dead and gone.


If you're still around, Didier Stevens, two things you mentioned did raise extra questions.


You said you restored your images to a new HDD... I'm wondering how is this accomplished? Would I like boot the system using the imaging program's disc or something from a usb/other disc, and do it from there, or would I need to install something like Linux or Windows first, then install the imaging software, then do the recovery? I'm just a bit iffy on the steps in the event this ever is necessary (and I'm sure it will be one day.)

Also, you said drag and drop has problems too... I read on one site that it's a good idea to do it along with images, so you don't have to restore a whole image if you only want to recover one or two files. Any truth to this, or does it depend on the imaging software you use?

(Ew, this looks like a pure wall of text on my phone... I'm not sure I am able to fix it, so if that is how it looks to you too sorry!)

Edited by Ragnar Devonin, 23 February 2013 - 09:17 PM.


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 24 February 2013 - 05:46 AM

You said you restored your images to a new HDD... I'm wondering how is this accomplished? Would I like boot the system using the imaging program's disc or something from a usb/other disc, and do it from there, or would I need to install something like Linux or Windows first, then install the imaging software, then do the recovery? I'm just a bit iffy on the steps in the event this ever is necessary (and I'm sure it will be one day.)

Also, you said drag and drop has problems too... I read on one site that it's a good idea to do it along with images, so you don't have to restore a whole image if you only want to recover one or two files. Any truth to this, or does it depend on the imaging software you use?
 

 

Yes, you boot your system from a restore CD or USB stick that the imaging software allows you to create.

 

My imaging software allows me to restore individual files.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users