On 2013-01-22 10:46, amarildojr wrote:
> deano_ferrari;2520874 Wrote:
>> No, once a file is deleted, it is essentially dormant. Only the
>> conscious effort of a user is able to undelete it and make it visible to
>> the system again. How do you suppose anti-virus software works?
> From what I understad, onde you delete a file you don’t actually delete
> it and that’s what those Recovery companies love about = deleting a file
> is simply making it avaliable to overwrite, but the data is still there.
Yes, the data can be retrieved. But for that, on any system, you need
direct access to the disk structures and be sure that nothing is
accessing the disk during the process - in Linux that would be umounting
the affected filesystem -. More, we are talking of Windows software
under Wine, which resides on an ext4 filesystem… that software will
not know how to undelete files on that system.
Then, there is another issue. A Windows virus may survive a format
provided that some other code does the resuscitation. Maybe we are
talking of viruses residing as boot code, but a deleted file can do
nothing by itself. It can not run till some other running malware
undeletes it, and then also calls it. Even on Windows.
> My concearn is if I re-install the system, re-install Wine and the same
> process access the same file on the folder I’ll be infected again.
No, the data can not be accessed by user space software.
> On 2013-01-22 10:56, amarildojr wrote:
> Sorry for being too paranoid, on Windows I used Kaspersky Internet
> Security along with MalwarebytesPRO and Thor, also on the most
> “insecure” cases I’d run 4 VM’s (one inside another) to make sure
> nothing would scape (Windows > Linux > Windows > Linux). And now with
> this “not needing AV” + the risks of Wine is really making me go insane.
You can run Wine under a different user, diferent home folder. Thus the
malware would not be able to delete your Linux home, only another home,
On 2013-01-22 11:26, amarildojr wrote:
> deano_ferrari;2520879 Wrote:
>> While deleting a file doesn’t involve anything other than flagging the
>> space as available for being overwritten, it would be drawing a long bow
>> to imagine how an infected file would be unintentionally recovered, and
> I can’t remember how exactly, I’m sorry. I read about it a long time
> ago and it was in another language, looking for it will take a long
> time. But it’s possible, I guarantee
No, it is not. Some running code has to intentionally undelete those
files, so you have first to contaminate your system with that type of
malware a second time - and it would not be able to undelete and ext4
filesystem. Even if it knows how to do it, it needs root permissions.
Cheers / Saludos,
Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))