Results 1 to 6 of 6
  1. #1
    iNET Interactive
    Join Date
    Jan 2010
    Location
    Seattle, WA, USA
    Posts
    376
    Thanks
    1
    Thanked 29 Times in 24 Posts

    Facebook's 'Malware Checkpoint' prevents sign in


    LangaList Plus

    Facebook's 'Malware Checkpoint' prevents sign in


    By Fred Langa

    A poorly implemented Facebook feature might decide that your PC is infected with malware even if it's not and prevent you from signing in to the social-networking site. Here's what to do.

    Plus: Is an unmounted drive safe from malware? And how to keep File History reliably connected to a USB drive.

    The full text of this column is posted at windowssecrets.com/langalist-plus/facebooks-malware-checkpoint-prevents-sign-in/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    May 2016
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Security: Is an unmounted drive safe from malware?

    Of course, the article is correct as far as it goes; however, an external disk connected by a USB3 cable involves - or is subject to - not just a driver for the disk but for the USB support as well. As less than an expert, I would think that it should be possible to perform the equivalent of physically disconnecting the disk by some program/command-script/modification to support software disconnection, and password-controlled reconnection. This would allow the easier use of external disks for secure backup, connecting them only occasionally when the disk or data actually had to be accessed. Of course, plugging in and unplugging a USB cable would work as well (and positively!), but there are situations in which that would be quite awkward. I have not found any such, however. There are plenty of disk encryption programs, but I am doubtful that they would serve this purpose of protection (from malware, and specifically ransomware, rather than restricting user access to content). I would like substantial protection against cleverly-written malware, but not proof against any theoretical exploits. Two programs which have been suggested to me for examination are https://diskcryptor.net/wiki/Downloads and http://www.rohos.com/products/rohos-mini-drive/, but I have not had time to thoroughly examine them, and doubt that they will do what I want.
    \\
    If it is actually necessary to physically break the connection, I'd be interested in a USB3 switch which breaks both power (common) and data (uncommon) lines. The only such switch with which I am familiar is the HmbG 1401 or 1402, sold by Amazon (for about $12) but currently unavailable. Also, it is a cable switch; I would prefer a small desktop unit.
    \\
    Thank you.

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I think the disconnected drive can be safe, if it is one that requires separate credentials and you do not save them. This way the software cannot re-mount it unless it grabs your credentials, which is easy after you've been infected I know, but timing is everything.

  4. #4
    New Lounger
    Join Date
    Feb 2003
    Location
    Auckland, New Zealand
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    external hard drives keep disconnecting — preventing File History from doing its job
    My laptop File History is directed to a NAS. File History seems unable to reestablish the connection when I reconnect the laptop to the network after an absence. Such a common scenario as laptop travel suggests that it should be able to automatically reconnect and continue making history. Is this inability a 'feature' of the software or do I have a fault?

  5. #5
    Star Lounger
    Join Date
    Oct 2002
    Posts
    64
    Thanks
    5
    Thanked 0 Times in 0 Posts
    I agree with Mr. Lagna that a software dismount (whether or not the files are encrypted) can not prevent malware from mounting the disk, and if individual files are encrypted, they can be re-encrypted.

    Whole disk encryption also can not, in principle, prevent malware from mounting the drive. However the malware would not be able to locate individual files.

    Malware could still re-encrypt the entire disk. However, if the disk in question were reasonabley large (multiterabyte), the time needed to do so would probably discourage the attempt. It might take days.

    The process would probably be interrupted in such a manner that the user would lose his data, but the attacker would not be able to provide a functional decryption key. If this were to happen often, no one would pay the ransom.

    Of course, it might be that only a portion of the disk would need be re-encrypted to render the entire disk unreadable. One might speculate, for example, that the victim's encryption software computes a cyclic redundancy check (or some such) that would detect the corruption and refuse to function.

    If the malware can read specific physical locations on the disk using low level disk drivers, it might be able to encrypt a portion of the disk and restore the plaintext to those same locations later. But this would be difficult for the attacker to program in advance since it will be make and model specific. Such a drive would at least not be low hanging fruit.

  6. #6
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,168
    Thanks
    47
    Thanked 978 Times in 908 Posts
    Quote Originally Posted by David S View Post
    My laptop File History is directed to a NAS. File History seems unable to reestablish the connection when I reconnect the laptop to the network after an absence. Such a common scenario as laptop travel suggests that it should be able to automatically reconnect and continue making history. Is this inability a 'feature' of the software or do I have a fault?
    Please open a new thread under "Networking" for this.

    cheers, Paul

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •