|
There are very few situations where registry "clutter" causes any kind of issue and you're more likely than not deleting some program's config by running it. The registry is effectively a database and deleting things from it doesn't do much because poke it full of holes and fragment it. I've seen exactly one instance in my life where the registry ballooned due to software misbehaving and hit some size limit XP imposed so I had to mount it offline with a defrag/compactor tool. Similar deal with the filesystem.
|
# ? Sep 19, 2017 15:58 |
|
|
# ? May 12, 2024 16:50 |
|
I know I might be laughed at as a big idiot, but Malwarebytes found the Trojan in the setup file for 5.33 which I hadn't deleted, but is now deleted. It had already been updated to 5.34 before this information came to light, and I use the 64 bit version. I'm considering uninstalling it after this, but is there anything else I have to do? I'm not very good with computers, so I thought maybe you all could give me advice.
|
# ? Sep 19, 2017 16:10 |
|
Potato Salad posted:ClamAV; I am not familiar with it I haven't heard that name in forever. I used to use it to scan my email back in 1999 or so.
|
# ? Sep 19, 2017 20:26 |
|
Yeah really CCleaner was good only to delete files securely (it would do N rounds of writing random bytes to the drive) in my case. Good to know the C&C servers have been cut off early. Also there's no indication of some advanced/persistent rootkit right? Nothing like hiding in the firmware of my motherboard or something, I should just reinstall Windows after a low-level format as a precaution?
|
# ? Sep 19, 2017 23:12 |
|
CCleaner is typically used by people as a "second chance" to fix things mucked up by malware. I usually groan when I see it show up on the corporate network and during one of our sweeps, we only found older copies--and had them removed and the machines remediated.
|
# ? Sep 19, 2017 23:37 |
|
Furism posted:Yeah really CCleaner was good only to delete files securely (it would do N rounds of writing random bytes to the drive) in my case. Haha, oh my.
|
# ? Sep 20, 2017 03:45 |
|
duz posted:Haha, oh my. Educate.
|
# ? Sep 20, 2017 09:03 |
|
Furism posted:Educate. https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete
|
# ? Sep 20, 2017 09:05 |
|
Furism posted:Educate. On mechanical spinny platters a single pass of randomized data is enough (or two, knock yourself out). Even Peter Gutman said as much after every one misinterpreted his first paper on the topic quote:“In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques… In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don’t understand that statement, re-read the paper). If you’re using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, “A good scrubbing with random data will do about as well as can be expected“. This was true in 1996, and is still true now. “ For SSDs it's more complicated. You can tell the SSD to write random data over a file, but it's almost never going to pick the same locations in the flash memory since every write on modern drives randomizes (more or less) data locations. So when it goes to write the "random info" in the place of the file you want deleted, that junk data will most likely not take out the data you're looking to scrub. Of course, the real answer is to use drive or file-system encryption. Proteus Jones fucked around with this message at 09:21 on Sep 20, 2017 |
# ? Sep 20, 2017 09:17 |
|
That's what I thought. I understand data sanitization and how it works for magnetic drives, and that a low-level format is probably good enough nowadays given the density of the drives. I wanted to check whether or not CCleaner was known to be bad at that to the point it's useless and where the "ah ah oh my" comment was coming from. NIST says to sanitize with 3 passes (strike that, now it's just one?). That's what I do, even if it's overkill, because you can't go wrong with NIST recommendations. EC, AES256 and SHA-3 are also overkill, arguably. I thought we always go for overkill when it comes to IT security. So I don't understand the jest. Thanks for the link to sdelete, seems like a much smaller footprint than CCleaner so I'll use that from now on.
|
# ? Sep 20, 2017 09:38 |
The sysinternals suite needs to be known by more people.
|
|
# ? Sep 20, 2017 11:20 |
|
*busts door open, panting* ms tools..... minimum feature set..... *collapses to the floor*
|
# ? Sep 20, 2017 11:33 |
|
For SSDs, just delete the file normally, then do defrag C: /O, assuming it's the C drive. It's not perfect, but the alternative is secure erasing the entire drive. Or just encrypt the drive and don't worry about it.
|
# ? Sep 20, 2017 16:12 |
|
Double Punctuation posted:For SSDs, just delete the file normally, then do defrag C: /O, assuming it's the C drive. It's not perfect, but the alternative is secure erasing the entire drive.
|
# ? Sep 20, 2017 16:55 |
|
Just run fstrim or whatever the windows equivalent is IMO.
|
# ? Sep 20, 2017 16:56 |
|
I thought the point of TRIM was that it didn't touch the data on the blocks, and just marked them as free, which is why it was good for wear and performance. I'm a little out of it today, though.
|
# ? Sep 20, 2017 16:57 |
|
Subjunctive posted:I thought the point of TRIM was that it didn't touch the data on the blocks, and just marked them as free, which is why it was good for wear and performance. I'm a little out of it today, though. That happens when you delete the file. Running fstrim or defrag /O tells the drive's firmware that the system isn't expecting much disk activity, so it should erase the sectors soon. It is a performance thing, but there's no other generic way to do it other than erasing the entire drive. In other news, it's the gift that keeps on giving: ultrabindu posted:https://twitter.com/thesquashSH/status/910512164938665984 Here's the fake site making fun of them, with a screencap of that tweet.
|
# ? Sep 20, 2017 17:07 |
|
Subjunctive posted:I thought the point of TRIM was that it didn't touch the data on the blocks, and just marked them as free, which is why it was good for wear and performance. I'm a little out of it today, though. You're right. A TRIM call just schedules cells for wiping. Also, apparently wiping isn't the same as zeroing, which is why zeroing a SSD will do nothing to fix performance. So uhh. Write zeroes to disk until full, then delete? That said, as Double Punctuation said, fstrim or similar commands will start wiping your empty space immediately, as far as I know.
|
# ? Sep 20, 2017 17:09 |
|
holy poo poo equifax needs to be destroyed
|
# ? Sep 20, 2017 17:15 |
|
Double Punctuation posted:That happens when you delete the file. Running fstrim or defrag /O tells the drive's firmware that the system isn't expecting much disk activity, so it should erase the sectors soon. It is a performance thing, but there's no other generic way to do it other than erasing the entire drive. Is everyone at Equifax drunk or high nowadays? I mean, I understand , I feel for them, but holy poo poo.
|
# ? Sep 20, 2017 17:16 |
|
Volguus posted:I understand , I feel for them Don't.
|
# ? Sep 20, 2017 17:19 |
|
He means the entry-level guys that had nothing to do with the hack and are looking for another job before they're inevitably laid off. And yes, they are all drunk or high. Nobody's going to give a poo poo what Equifax says about them when they're applying for another job.
|
# ? Sep 20, 2017 17:25 |
|
Equifax laying off anyone related to security would be a really bad look.
|
# ? Sep 20, 2017 17:34 |
|
Subjunctive posted:Equifax laying off anyone related to security would be a really bad look. A bunch of Equifax execs who should have known about a breach selling off a bunch of Equifax stock immediately after the breach was discovered internally would be a really bad look too, and yet here we are
|
# ? Sep 20, 2017 17:39 |
|
Yeah, but they didn't think people would find out about that. They know people will report the layoffs.
|
# ? Sep 20, 2017 17:43 |
Subjunctive posted:Equifax laying off anyone related to security would be a really bad look. Methinks we are well past the "really bad look" stage.
|
|
# ? Sep 20, 2017 17:43 |
|
Max Peck posted:A bunch of Equifax execs who should have known about a breach selling off a bunch of Equifax stock immediately after the breach was discovered internally would be a really bad look too, and yet here we are But it was a total coincidence!!!!!!!!!!! They had no idea!!!!!!!!!!!!!!
|
# ? Sep 20, 2017 17:51 |
|
Until bankruptcy or fire sale to a competitor, we'll be in that stage. The actual risk is irrelevant to their stock price and business. They didn't really lose customer data, after all. The perception of their future commitment to security is what drives those things. Of course, those markets aren't rational. I used to work for a high-profile consumer software company, 20 years ago, and when security bugs in our product made the news it would inevitably drive the stock up a bit.
|
# ? Sep 20, 2017 17:53 |
|
But, what could bankrupt them (other than the US government going medieval on their asses, which I don't think it will)? Is not like the millions of creditors around the world will stop sending them money and data and paying them and whatnot.
|
# ? Sep 20, 2017 19:28 |
|
Subjunctive posted:Equifax laying off anyone related to security would be a really bad look. I mean firing your CISO and poo poo is the standard course of action. That's pretty much their role from what I understand -- to be hired in order to be fired.
|
# ? Sep 20, 2017 19:40 |
|
Volguus posted:But, what could bankrupt them (other than the US government going medieval on their asses, which I don't think it will)? Is not like the millions of creditors around the world will stop sending them money and data and paying them and whatnot. There are three other companies that do the exact same thing, except they didn't just reveal they are completely incompetent.
|
# ? Sep 20, 2017 19:50 |
|
dougdrums posted:I mean firing your CISO and poo poo is the standard course of action. That's pretty much their role from what I understand -- to be hired in order to be fired. Sure, but that's different from laying off security line staff, which is what I was responding to.
|
# ? Sep 20, 2017 19:54 |
|
Double Punctuation posted:There are three other companies that do the exact same thing, except they didn't just reveal they are completely incompetent. There are 3 more (which are probably just as incompetent) that's true, but will the creditors really care? Is not like I chose Equifax and Transunion and whoever else to hold my data in the first place. Unless I'll hear big banks yelling form the top of their lungs that Equifax is cancer and they won't do business with them anymore, it's safe to assume they'll be fine money-wise and can continue doing drugs and drinking on the job.
|
# ? Sep 20, 2017 21:50 |
|
Volguus posted:There are 3 more (which are probably just as incompetent) that's true, but will the creditors really care? Is not like I chose Equifax and Transunion and whoever else to hold my data in the first place. Unless I'll hear big banks yelling form the top of their lungs that Equifax is cancer and they won't do business with them anymore, it's safe to assume they'll be fine money-wise and can continue doing drugs and drinking on the job. i need to apply with Equifax.
|
# ? Sep 20, 2017 22:35 |
|
If you're really worried about securely deleting data on an SSD then you should forget about filesystem-level writes and invest in a self-encrypting disk instead.
|
# ? Sep 21, 2017 02:42 |
|
Absurd Alhazred posted:WASHINGTON (Reuters) - The U.S. Securities and Exchange Commission (SEC), the country’s top markets regulator, said on Wednesday hackers may have illegally profited by trading using insider information stolen from its corporate disclosure database.
|
# ? Sep 21, 2017 05:04 |
|
|
# ? May 12, 2024 16:50 |
|
anthonypants posted:Hacked by their own executives????? If the SEC had stocks, I bet people higher up would have sold theirs before this disclosure. Who's gonna go at them? The SEC?
|
# ? Sep 21, 2017 05:22 |