On Wednesday, September 5, 2018, Kevin Chadwick <m8il1i...@gmail.com> wrote: > I meant that an OpenBSD user using Windows should not get a virus or > could handle them if downloading illegal software. I am yet to see a > truly clever system entry in the press. They always rely on user > idiocy or poor setup. Whether Viri with these properties are the only > ones caught is another question. > > Additionally I don't see the "think disk". If the partition is > intact then surely it is not difficult to fix and with some boot > loaders like GAG would likely be unaffected. It used to be the case > that the windows bootloader was needed for hibernate support but I > haven't seen that for a while. It is certainly true that the > bootloader/bios itself could be targeted. If something breaks > then at least you know.
You are overlooking some important issues: One has to do with the nature of the press — it’s primary audience has little to no technical background, and reporters have little training on machine design and implementation. They are not very capable of describing truly clever system entry. Also, common events tend to not be "news". [How often do you hear about any of the suffering from the leading causes of mortality? Instead you mostly hear about the rare events.] Another has to do with counter measures—any effective malware mechanism gets attention and *eventually* gets squashed. This is a statistical issue, but there are some other implications -- hold that thought. Another issue has to do with the nature of bug reporting systems: as the user population increases, they become overwhelmed. Approaches which worked well when the user population was mostly well educated college students don't work so well when the user population is mostly not. Yet another issue has to do with the nature of malware itself: it’s a mix of taking advantage of design defects (which are never in short supply) and social structures (which, ok, do partially adapt to the pressures but also tend to be more than a little imperfect). Anyways: 1) you don’t have adequate knowledge of what other people are going through—you can’t. 2) eventually someone with adequate, relevant knowledge is going to trip over a malware deployment. Put different: disk wipes are being limited by social issues more than by technical issues. Disk wipes with broad propagation probably gets lots of people really upset. And [this year, at least] there's no effective border control on malware vectors, so state actors aren't going to be using such things unless they feel they're backed into a corner where unleashing such problems seems to offer them a way forwards. (Because their own people will get hit, also - both by the malware itself and possibly by the reactions from other state actors.) But that only holds for large scale malware deployments. There's another possibility which involves being specifically targeted. It's difficult to think what the motivations would be for this, but that's not an actual obstacle. If this sort of thing happens, it would rely on social structures for concealment (in other words, its point might be to make you look stupid - so to defend against this kind of thing you would have to be comfortable with dealing with having people think you look stupid. For example.) But, hey, there's no such thing as bullies, right? On the positive side, this sort of thing is statistically unlikely, for most people. Anyways... generalities that are usually correct can't always be correct. And, when debugging, you sort of have to consider a lot of unlikely possibilities until you have the problem isolated and solved. So you are going to see discussion here about possibilities which are mostly irrelevant to you, but which still have some use in helping people reason about the problems they encounter. So: back to the disk-wipe malware (and most other malware). Good backups limit the impact that. And, you need a diversity of backup mechanisms to defend against the backups getting hit by malware. So your computer got wiped out - if you've got several of them each running different OSes, perhaps with some other partitioning, you just switch to a different one. (And software developers - especially low-level software developers - tend to crash their own systems a lot already, so in that sense it might not seem like such a big deal. If you are a developer, malware is really just a consequence of bad design.) Anyways, that's enough words from me to last you way way too long... Sorry about that. -- Raul
