Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post

    Turn off encryption ?

    With all the hazards of running an encrypted boot or data volume-- not the least of which is ransomware-- I would like to remove system encryption.

    Of course, I realize that if I simply disabled / switched off encryption, any "smart" malware could switch it back on.

    So, I want to remove encryption permanently from system options.

    What is the best and most stable way of doing so?

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    I'm afraid that if your machine is infected you are out of luck. The malware can do what it wants especially if you are running an admin level account.

    Joe

  3. #3
    3 Star Lounger
    Join Date
    Apr 2010
    Location
    Los Gatos CA
    Posts
    374
    Thanks
    52
    Thanked 12 Times in 11 Posts
    Isn't the OP asking how to remove the software that can be used to encrypt files so that it is not available to be used by anyone, especially crooks who hold users to ransom?

    David

  4. The Following User Says Thank You to Rhinoceros For This Useful Post:

    alphaa10 (2015-12-28)

  5. #4
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,727
    Thanks
    95
    Thanked 127 Times in 124 Posts
    One can disable enscription via services and/or msconfig. However, removing anything from within Windows Prime is fraught with peril! I removed WD once and received a Windows 7 7601 is nonGenuine message. Back then, I did not know of NoelDP/sevenforums.com solutions -- ended up reinstalling W7Pro. Make sure you have two external HD backups of your OS partition before venturing into removing anything from within Windows Prime.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

  6. #5
    4 Star Lounger
    Join Date
    Jan 2010
    Location
    Fort McMurray, Alberta, Canada
    Posts
    557
    Thanks
    51
    Thanked 68 Times in 66 Posts
    While you can of course do what you will, I'm not sure that ransomware is the best reason to remove encryption from a system. I'd be more concerned with issues like the accessibility of data under conditions of system failure or system transitions.

    Encryption might actually help protect your system when faced with ransomware (it all depends upon how the malware attacks your system). If the ransomware can piggyback on your system credentials then an encrypted volume doesn't help. However if the ransomware only sees your system as a discrete set of components and the ransomware itself only has physical access, then encryption could be a very effective blocking mechanism.

  7. #6
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,172
    Thanks
    47
    Thanked 981 Times in 911 Posts
    Ransomware will have its own encryption - it only needs to be simple and must work everywhere - so your proposed change won't make any difference.

    cheers, Paul

  8. The Following User Says Thank You to Paul T For This Useful Post:

    Fascist Nation (2015-12-23)

  9. #7
    5 Star Lounger
    Join Date
    Jan 2004
    Location
    Praha
    Posts
    988
    Thanks
    56
    Thanked 105 Times in 90 Posts
    Summary, then:

    1. You can turn off encryption, but not remove it altogether from the operating system
    2. If you turn off the Encryption Service, you will no longer be able to read files that were previously encrypted (until you turn it on again)
    3. It is easy enough for malware to turn the Service on again no matter what you have done, but . . .
    3. Ransomware, CryptoLocker for example, has its own encryption mechanism so your "turning off encryption" gives you no protection
    4. Ransomware can use the native encryption/decryption service to get at files which are already encrypted (even if you have turned the service off) so that is no protection either
    4. Image backups enable total recovery from a Ransomware attack - as long as you backup frequently enough
    Last edited by MartinM; 2015-12-23 at 07:20.

  10. #8
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,792
    Thanks
    117
    Thanked 798 Times in 719 Posts
    Quote Originally Posted by MartinM View Post
    Summary, then:


    4. Image backups enable total recovery from a Ransomware attack - as long as you backup frequently enough
    Only if you remove the backup media after each backup is done. Otherwise, Ransomware can encrypt your backup as well.

    Jerry

  11. The Following User Says Thank You to jwitalka For This Useful Post:

    alphaa10 (2015-12-28)

  12. #9
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    As PaulT says, ransomware uses 2048bit RSA encryption algorithm that it brings with it and joyfully notifies you of. It does not use the encryption software present on some versions of Windows (bitlocker). So removing bitlocker, assuming you actually even have it, doesn't do squat to protect your system.

    And modern ransomware will install itself onto every hard drive, SSD and any other writable drive it finds on the network...so an external backup only works as protection--as jwitalka said--if it is offline at the time during the infection.

  13. #10
    5 Star Lounger
    Join Date
    Jan 2004
    Location
    Praha
    Posts
    988
    Thanks
    56
    Thanked 105 Times in 90 Posts
    It's a very good idea to keep the backup disk(s) offline for this and other reasons.

    You might survive if you leave it connected - the Ransomware only encrypts certain file types (or it would trash your OS and there'd be no way back) and I don't believe that many image backup extensions are included.

    BUT I wouldn't rely on that, and after reading this, I suppose they will be included

  14. The Following User Says Thank You to MartinM For This Useful Post:

    alphaa10 (2015-12-28)

  15. #11
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post
    MartinM--
    Like Paul, you understood I planned to remove encryption in order to pre-empt a ransomware attack which uses system encryption against itself. As you point out in item 3, however, removal of system encryption does not deprive ransomware of the ability to encrypt files.

    So, my question is now focused on the general desirability of having a system with fewer points-of-failure. Prior experience with encryption has produced no problems, but I am aware that if the key becomes lost or corrupted, I have no recourse.

    Yes, I am another disciple of the "backup as often as possible" principle.Typically, a person never can have too many system images.
    Last edited by alphaa10; 2015-12-28 at 05:05.

  16. #12
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post
    MartinM--
    It is unlikely a malware coder would need to search for image extensions, since most people disconnect the USB external HD after imaging. That said, there is the minuscule number of users who still have not reflected on the risk of leaving the external USB drive active and connected.
    Last edited by alphaa10; 2015-12-28 at 05:03. Reason: Designation of response target

  17. #13
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post
    RolandJS--
    Thank you for that-- it is never enough to have only a single system image before undertaking a serious operation.
    And because HDs fail, keep each image set on a separate USB external HD.

  18. #14
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post
    Could not agree more. My original idea of disabling encryption was a non-starter, because smart malware simply could flip the service back on. My second idea was not merely to disable, but remove encryption so nothing could be flipped back on.

    Now, I have been informed the attacker does not use native encryption routines, anyway. So, I am confirmed in my belief multiple images, kept on separate USB external HDs, are the only answer.

    Of course, finding a system infected means never attaching the image drive until the boot volume has been nuked into oblivion, for good measure.

  19. #15
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post
    Paul--
    Your comment shows you clearly understood the question.

    Thanks.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •