Facebook’s ‘Malware Checkpoint’ prevents sign in

Topic

New Reply

---

LangaList Plus

Facebook’s ‘Malware Checkpoint’ prevents sign in

By Fred Langa A poorly implemented Facebook feature might decide that your PC is infected with malware — even if it’s not — and prevent you from signing in to the social-networking site. Here’s what to do. Plus: Is an unmounted drive safe from malware? And how to keep File History reliably connected to a USB drive.

---

The full text of this column is posted at windowssecrets.com/langalist-plus/facebooks-malware-checkpoint-prevents-sign-in/ (opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

Reply | Quote

Replies

Of course, the article is correct as far as it goes; however, an external disk connected by a USB3 cable involves – or is subject to – not just a driver for the disk but for the USB support as well. As less than an expert, I would think that it should be possible to perform the equivalent of physically disconnecting the disk by some program/command-script/modification to support software disconnection, and password-controlled reconnection. This would allow the easier use of external disks for secure backup, connecting them only occasionally when the disk or data actually had to be accessed. Of course, plugging in and unplugging a USB cable would work as well (and positively!), but there are situations in which that would be quite awkward. I have not found any such, however. There are plenty of disk encryption programs, but I am doubtful that they would serve this purpose of protection (from malware, and specifically ransomware, rather than restricting user access to content). I would like substantial protection against cleverly-written malware, but not proof against any theoretical exploits. Two programs which have been suggested to me for examination are https://diskcryptor.net/wiki/Downloads and http://www.rohos.com/products/rohos-mini-drive/, but I have not had time to thoroughly examine them, and doubt that they will do what I want.
\
If it is actually necessary to physically break the connection, I’d be interested in a USB3 switch which breaks both power (common) and data (uncommon) lines. The only such switch with which I am familiar is the HmbG 1401 or 1402, sold by Amazon (for about $12) but currently unavailable. Also, it is a cable switch; I would prefer a small desktop unit.
\
Thank you.
[h=1][/h]

Reply | Quote

I agree with Mr. Lagna that a software dismount (whether or not the files are encrypted) can not prevent malware from mounting the disk, and if individual files are encrypted, they can be re-encrypted.

Whole disk encryption also can not, in principle, prevent malware from mounting the drive. However the malware would not be able to locate individual files.

Malware could still re-encrypt the entire disk. However, if the disk in question were reasonabley large (multiterabyte), the time needed to do so would probably discourage the attempt. It might take days.

The process would probably be interrupted in such a manner that the user would lose his data, but the attacker would not be able to provide a functional decryption key. If this were to happen often, no one would pay the ransom.

Of course, it might be that only a portion of the disk would need be re-encrypted to render the entire disk unreadable. One might speculate, for example, that the victim’s encryption software computes a cyclic redundancy check (or some such) that would detect the corruption and refuse to function.

If the malware can read specific physical locations on the disk using low level disk drivers, it might be able to encrypt a portion of the disk and restore the plaintext to those same locations later. But this would be difficult for the attacker to program in advance since it will be make and model specific. Such a drive would at least not be low hanging fruit.

Reply | Quote

Whole disk encryption also cannot, in principle, prevent malware from mounting the drive. However the malware would not be able to locate individual files.

I don’t think the second statement is true. If Windows is running then individual files must be locatable. I see many cases of malware on laptops with full disk encryption.

Reply | Quote

I think the disconnected drive can be safe, if it is one that requires separate credentials and you do not save them. This way the software cannot re-mount it unless it grabs your credentials, which is easy after you’ve been infected I know, but timing is everything.

Reply | Quote

external hard drives keep disconnecting — preventing File History from doing its job

My laptop File History is directed to a NAS. File History seems unable to reestablish the connection when I reconnect the laptop to the network after an absence. Such a common scenario as laptop travel suggests that it should be able to automatically reconnect and continue making history. Is this inability a ‘feature’ of the software or do I have a fault?

Reply | Quote

My laptop File History is directed to a NAS. File History seems unable to reestablish the connection when I reconnect the laptop to the network after an absence. Such a common scenario as laptop travel suggests that it should be able to automatically reconnect and continue making history. Is this inability a ‘feature’ of the software or do I have a fault?

Please open a new thread under “Networking” for this.

cheers, Paul

Reply | Quote