Page 1 of 16 12311 ... LastLast
Results 1 to 10 of 157

Thread: ZeroFill, a good idea?

  1. #1
    Join Date
    Jan 2013
    Location
    Brazil
    Posts
    327

    Default ZeroFill, a good idea?

    Hello everyone.

    On Windows I used to do a ZeroFill in order to make sure no virus would get re-activated once I "formated" with Windows.

    I'm interested to know if I download a virus with openSUSE (specially via WIne) and somehow it deletes my home folder, it would be a good idea to do a ZeroFill, because some viruses can re-activate themselves after a normal fomatting since normal formatting doesn't really erase any data.

    The scenario would be:

    Wine installed
    Downloaded a Steam game (I don't play nor run pirated software)
    Joins a server
    A server file is infected (happened on Windows, since the server admins have full folder-access depending on the game)
    The virus gets access to my home folder

    Then, after "formatting" with suse DVD and re-installing Wine (thinking I'm safe now that my system is "formated") the virus get back on.


    Any thoughts?

    Thanks in advance.

  2. #2
    Join Date
    Jun 2008
    Location
    The English Lake District. UK - GMT/BST
    Posts
    36,729
    Blog Entries
    20

    Default Re: ZeroFill, a good idea?

    A windows virus running in Linux?
    Or you mean with the assistance of wine?

    If you are really that concerned. I'd make a test install. And try to get it to happen as you describe.
    Wine is contained within .wine (mostly) (I have seen wine apps store data outside there)

    If the virus is/was in /home
    Formatting would delete it
    Leap 15.1_KDE
    My Articles Was I any help? If yes: Click the star below

  3. #3
    Join Date
    Jan 2013
    Location
    Brazil
    Posts
    327

    Default Re: ZeroFill, a good idea?

    According to wineFAQ a virus could do anything it would do on Windows, including accessing and deleting everything in your home folder. BTW I can't see how normal formatting would delete anything apart from what is overwritten on the drive.

  4. #4
    Join Date
    Jun 2008
    Location
    The English Lake District. UK - GMT/BST
    Posts
    36,729
    Blog Entries
    20

    Default Re: ZeroFill, a good idea?

    write zeros if you wish, it's very time consuming
    or perhaps
    Code:
    dd if=/dev/urandom of=/dev/sd*
    I never had a virus yet so I'm al'right Jack.
    Leap 15.1_KDE
    My Articles Was I any help? If yes: Click the star below

  5. #5
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,195
    Blog Entries
    1

    Default Re: ZeroFill, a good idea?

    Quote Originally Posted by amarildojr View Post
    BTW I can't see how normal formatting would delete anything apart from what is overwritten on the drive.
    A deleted file isn't visible to the system as such, and isn't going to get the opportunity to execute either is it?

  6. #6
    Join Date
    Jan 2013
    Location
    Brazil
    Posts
    327

    Default Re: ZeroFill, a good idea?

    Quote Originally Posted by deano_ferrari View Post
    A deleted file isn't visible to the system as such, and isn't going to get the opportunity to execute either is it?
    Some virues can get themselves running again even after system re-installation

  7. #7
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,195
    Blog Entries
    1

    Default Re: ZeroFill, a good idea?

    Quote Originally Posted by amarildojr View Post
    Some virues can get themselves running again even after system re-installation
    No, once a file is deleted, it is essentially dormant. Only the conscious effort of a user is able to undelete it and make it visible to the system again. How do you suppose anti-virus software works?

  8. #8
    Join Date
    Jun 2008
    Location
    The English Lake District. UK - GMT/BST
    Posts
    36,729
    Blog Entries
    20

    Default Re: ZeroFill, a good idea?

    Quote Originally Posted by deano_ferrari View Post
    How do you suppose anti-virus software works?
    I don't have AV... should I be worried
    Leap 15.1_KDE
    My Articles Was I any help? If yes: Click the star below

  9. #9
    Join Date
    Jan 2013
    Location
    Brazil
    Posts
    327

    Default Re: ZeroFill, a good idea?

    Quote Originally Posted by deano_ferrari View Post
    No, once a file is deleted, it is essentially dormant. Only the conscious effort of a user is able to undelete it and make it visible to the system again. How do you suppose anti-virus software works?
    From what I understad, once you delete a file you don't actually delete it and that's what those Recovery companies love about = deleting a file is simply making it avaliable to overwrite, but the data is still there. The same applies to OS re-install.

    For any security issue, you need to figure out what the risk is.
    Renaming the file and moving it to an inappropriate directory will stop casual examination by somebody who isn't computer-savvy.
    Deleting the file will stop anybody from looking at it without easily available special tools, and will make it time-consuming for them to find it.
    Overwriting the file will probably leave nothing findable through the operating system, but that won't guarantee it. If you've processed the file, there might be a partial or complete copy in swap space or equivalent on the drive, and I'm not quite sure what to do about that. Still, failing that, it's probably secure against a reasonable forensic search.
    Disk drives no longer present a raw view to the computer using them, though, and it's always possible that the disk wrote part or all of the file on a chunk that it later decided was bad. In that case, removing the disk controller and substituting something more primitive might find a piece of the file. This is getting into very pricey data recovery.
    Finally, it's always possible that somebody will be able to read overwritten disk sectors, with some amount of reliability, at some point in the future.
    If you're just protecting the mainstream porn from the occasional visiting girlfriend, hiding it in the file system will probably work just fine. If you're terrified that the NSA might possibly be able to read it within the next twenty years, destroy the disk (some of the more paranoid types on Slashdot report fun results with thermite). For most purposes, overwriting the file a couple of times (including at least one 0 and one 1) will do very nicely.

    My concearn is if I re-install the system, re-install Wine and the same process access the same file on the folder I'll be infected again.

  10. #10
    Join Date
    Jan 2013
    Location
    Brazil
    Posts
    327

    Default Re: ZeroFill, a good idea?

    Sorry for being too paranoid, on Windows I used Kaspersky Internet Security along with MalwarebytesPRO and Thor, also on the most "insecure" cases I'd run 4 VM's (one inside another) to make sure nothing would scape (Windows > Linux > Windows > Linux). And now with this "not needing AV" + the risks of Wine is really making me go insane.

Page 1 of 16 12311 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •