Page 2 of 16 FirstFirst 123412 ... LastLast
Results 11 to 20 of 157

Thread: ZeroFill, a good idea?

  1. #11
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,014
    Blog Entries
    1

    Default Re: ZeroFill, a good idea?

    Quote Originally Posted by amarildojr View Post
    From what I understad, once you delete a file you don't actually delete it and that's what those Recovery companies love about = deleting a file is simply making it avaliable to overwrite, but the data is still there. The same applies to OS re-install.
    While deleting a file doesn't involve anything other than flagging the space as available for being overwritten, it would be drawing a long bow to imagine how an infected file would be unintentionally recovered, and executed.

  2. #12
    Join Date
    Jun 2008
    Location
    The English Lake District. UK - GMT/BST
    Posts
    36,719
    Blog Entries
    20

    Default Re: ZeroFill, a good idea?

    Quote Originally Posted by amarildojr View Post
    Sorry for being too paranoid, on Windows I used Kaspersky Internet Security along with MalwarebytesPRO and Thor, also on the most "insecure" cases I'd run 4 VM's (one inside another) to make sure nothing would scape (Windows > Linux > Windows > Linux). And now with this "not needing AV" + the risks of Wine is really making me go insane.
    OMG!
    It must be like going swimming with lead weights.
    Thank heavens I left that behind years ago.

    All I see of windows is dealing with customers machines and I usually put MSE in place for them.
    That assumes that Microsoft know how to protect their own system.... but I could be assuming too much!
    Leap 15_KDE
    My Articles Was I any help? If yes: Click the star below

  3. #13
    Join Date
    Jun 2008
    Location
    The English Lake District. UK - GMT/BST
    Posts
    36,719
    Blog Entries
    20

    Default Re: ZeroFill, a good idea?

    Quote Originally Posted by deano_ferrari View Post
    While deleting a file doesn't involve anything other than flagging the space as available for being overwritten, it would be drawing a long bow to imagine how an infected file would be unintentionally recovered, and executed.
    My system does SHIFT+Delete
    Leap 15_KDE
    My Articles Was I any help? If yes: Click the star below

  4. #14
    Join Date
    Jan 2013
    Location
    Brazil
    Posts
    327

    Default Re: ZeroFill, a good idea?

    Quote Originally Posted by deano_ferrari View Post
    While deleting a file doesn't involve anything other than flagging the space as available for being overwritten, it would be drawing a long bow to imagine how an infected file would be unintentionally recovered, and executed.
    I can't remember how exactly, I'm sorry. I read about it a long time ago and it was in another language, looking for it will take a long time. But it's possible, I guarantee

  5. #15
    Join Date
    Jan 2013
    Location
    Brazil
    Posts
    327

    Default Re: ZeroFill, a good idea?

    Quote Originally Posted by caf4926 View Post
    OMG!
    It must be like going swimming with lead weights.
    Thank heavens I left that behind years ago.

    All I see of windows is dealing with customers machines and I usually put MSE in place for them.
    That assumes that Microsoft know how to protect their own system.... but I could be assuming too much!
    Yeah, it was slow like a turtle, first VM = 3GB of RAM. 2nd = 2GB. 3rd VM = 1 GB.

    MS knows how they could protect their system. They just don't do it.
    ______________________________________________________

    Anyway, I'm too paranoid about this stuff. I guess just re-installing the system will do it.

  6. #16
    dd NNTP User

    Default Re: ZeroFill, a good idea?

    >
    > Sorry for being too paranoid, on Windows


    my opinion:

    1) it is impossible to be "too paranoid" on Windows

    2) it is EASY to be "too paranoid" on Linux, even when running windows
    code in WINE..

    i don't run any Anti Virus software which looks for and protects from
    Microsoft viruses....and i have not done so in YEARS, and do not worry
    about it, at all.

    i can't find it on the web now, but three to five years ago a guy spent
    a lot of time trying to get Windows viruses to do some damage in a linux
    machine....he never was able to mess up /home, or anything else in any
    way, and gave up...

    ymmv, but you are (imo) wasting a lot of time and worry over nothing.

    otoh: backup early and often, and learn the _real_ ways to protect your
    system (like using root as little as possible, never ever browse as
    root, run a firewall, run a correctly setup root kit detector, etc etc
    etc etc)

    all that said, i still recommend: Keep the GAME code on the GAME
    operating system, and keep the important stuff (bank and broker access
    codes, etc etc etc) on the secure, industrial strength operating system!

    --
    dd
    openSUSE®, the "German Engineered Automobile" of operating systems!
    http://tinyurl.com/DD-Caveat


  7. #17
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: ZeroFill, a good idea?

    On 2013-01-22 10:46, amarildojr wrote:
    >
    > deano_ferrari;2520874 Wrote:
    >> No, once a file is deleted, it is essentially dormant. Only the
    >> conscious effort of a user is able to undelete it and make it visible to
    >> the system again. How do you suppose anti-virus software works?

    > From what I understad, onde you delete a file you don't actually delete
    > it and that's what those Recovery companies love about = deleting a file
    > is simply making it avaliable to overwrite, but the data is still there.


    Yes, the data can be retrieved. But for that, on any system, you need
    direct access to the disk structures and be sure that nothing is
    accessing the disk during the process - in Linux that would be umounting
    the affected filesystem -. More, we are talking of Windows software
    under Wine, which resides on an ext4 filesystem... that software will
    not know how to undelete files on that system.

    Then, there is another issue. A Windows virus may survive a format
    provided that some other code does the resuscitation. Maybe we are
    talking of viruses residing as boot code, but a deleted file can do
    nothing by itself. It can not run till some other running malware
    undeletes it, and then also calls it. Even on Windows.


    > My concearn is if I re-install the system, re-install Wine and the same
    > process access the same file on the folder I'll be infected again.


    No, the data can not be accessed by user space software.

    > On 2013-01-22 10:56, amarildojr wrote:


    > Sorry for being too paranoid, on Windows I used Kaspersky Internet
    > Security along with MalwarebytesPRO and Thor, also on the most
    > "insecure" cases I'd run 4 VM's (one inside another) to make sure
    > nothing would scape (Windows > Linux > Windows > Linux). And now with
    > this "not needing AV" + the risks of Wine is really making me go insane.


    You can run Wine under a different user, diferent home folder. Thus the
    malware would not be able to delete your Linux home, only another home,
    sacrificial.

    On 2013-01-22 11:26, amarildojr wrote:
    > deano_ferrari;2520879 Wrote:
    >> While deleting a file doesn't involve anything other than flagging the
    >> space as available for being overwritten, it would be drawing a long bow
    >> to imagine how an infected file would be unintentionally recovered, and
    >> executed.

    > I can't remember how exactly, I'm sorry. I read about it a long time
    > ago and it was in another language, looking for it will take a long
    > time. But it's possible, I guarantee


    No, it is not. Some running code has to intentionally undelete those
    files, so you have first to contaminate your system with that type of
    malware a second time - and it would not be able to undelete and ext4
    filesystem. Even if it knows how to do it, it needs root permissions.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4, with Evergreen, x86_64 "Celadon" (Minas Tirith))

  8. #18
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,014
    Blog Entries
    1

    Default Re: ZeroFill, a good idea?

    Quote Originally Posted by amarildojr View Post
    I can't remember how exactly, I'm sorry. I read about it a long time ago and it was in another language, looking for it will take a long time. But it's possible, I guarantee
    Total fiction. You've been mislead somewhere.

  9. #19
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,037

    Default Re: ZeroFill, a good idea?

    On Tue, 22 Jan 2013 09:26:01 +0000, deano ferrari wrote:

    > amarildojr;2520869 Wrote:
    >> BTW I can't see how normal formatting would delete anything apart from
    >> what is overwritten on the drive.

    > A deleted file isn't visible to the system as such, and isn't going to
    > get the opportunity to execute either is it?


    Well, technically, it can - some older viruses ran from specific blocks
    on the drive rather than as files (boot sector viruses were very popular,
    for example - but I also had seen some that were stored in blocks around
    the partition table and were called even after a warm boot by virus code
    that was still in memory - that's old DOS stuff, though, and not common
    these days).

    But I would also say that not all viruses are going to work in WINE,
    either - many depend on undocumented functionality, and while WINE
    implements a fair number of undocumented APIs, those APIs are Windows APIs
    and not, say, low-level I/O functions.

    I would be inclined to use a Linux-based AV solution to scan the WINE
    directory and see if something infected is there.

    Jim
    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  10. #20
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,037

    Default Re: ZeroFill, a good idea?

    On Tue, 22 Jan 2013 09:46:01 +0000, amarildojr wrote:

    > My concearn is if I re-install the system, re-install Wine and the same
    > process access the same file on the folder I'll be infected again.


    That can not happen. If you reinstall the system, there's no pointer to
    the file data - and a virus (by its nature) is minimal code (usually with
    no error handling). Directory structures aren't consistent enough to
    access files from a previously accessed system using a newly installed
    system.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

Page 2 of 16 FirstFirst 123412 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •