Hackers giving up on crypto ransomware. Now they just lock up device, hope you pay Malware slingers have gone back to basics with the release of a new strain of ransomware malware that locks up compromised devices without encrypting files. The infection was discovered on a porn site that redirects users to an exploit kit that pushes the ransom locker malware. Researchers at Cyphort Labs who discovered the …
Because of some legacy issues with design and legacy software it is not as easy to do. Winbloat has ancestors such as DOS. DOS was designed for stand alone boxes that had very limited connections with other computers; if any. So having an admin only with no log on was quiet common in the era. Thus, some older packages were designed to run only on an admin type account.
"and meanwhile 99% of the world doesn't need Admin as the main user account...
I love it when the needs of the very few outweigh the needs of the many and non-legacy."
Unfortunately the average user is an idiot.
As someone originally pointed out, that UAC error that comes up is saying "Hey stupid, by clicking continue, do you realise you are going to make system changes, that if this crappy software from some no name site is found to be malware, is really going to ruin your day"
This, 1000 times this. The amount of software I've seen that is written so it needs admin access is truly astounding - you can't lay all the blame at MS's door.
Hell with UAC they even tried - so a lot of the software instructions I've seen are "Step 1. Check your user is a member of the administrators group. Step 2. Disable UAC".
>99% of the world doesn't need Admin as the main user account
It goes deeper than that.
What parts of the disk does Internet Explorer need to access? The OS should be able to enforce resource privileges based on application profile, not just user rights. Does EMET do this? If so, why is it not the default, or pushed out in a security patch, or auto-enabled along with, er, privacy mode?
Bypassing the Great Firewall of China and similar restrictive measures imposed by totalitarian regimes, whistleblowers, exposing human rights atrocities, corporate corruption...
Of course, many of those things are also against the law in the jurisdictions they cover. But if you believe that standing up for freedom and justice is subordinate to blind unquestioning obedience to the law then I'm afraid we're on opposite sides of a very ugly battle.
"Bypassing the Great Firewall of China and similar restrictive measures imposed by totalitarian regimes, whistleblowers, exposing human rights atrocities, corporate corruption..."
Yes, that's all fine.
But I don't do any of those things on a regular basis. Come to think of it, and call me a slack-arsed sheep if you like, but in 20 years of using the Internet I've never done any of them. Have you?
Because it seems to me that Tor is one of those things that people like to bloviate about, but not one person in a thousand actually has a plausible use-case for. It makes people feel better simply by existing, even if you've never actually been near it yourself.
A bit like the queen, really. Or the 2nd Amendment, because I'd like to be an equal-opportunity iconoclast.
I hope it is a result of perceived risk/reward amongst criminals. If you effectively destroy data you make yourself a greater target of the law's ire. If you merely force somebody to copy their data and reload their PC, you may stay at the bottom of the pile forever. Should you get caught you'll receive a lesser sentence.
If I'm wrong, it means that the effort involved in catching crypto-ware criminals and the sentences imposed when they are caught both need to be increased, several times over if necessary, until I'm right.
Sort of like the difference between burglary and shiplifting, or kidnapping and blackmail.
I did a bit of shiplifiting once. Never again. Bloody killed my back getting it home. And I had to walk funny coz I couldn't get the whole thing down my trousers. Wife wasn't too happy either - she said: Bloody hell, where are we going to put that now?
</joke officer, joke, I've never shiplifted in my life and I'm not about to start now so please don't include me in your minority report>
This post has been deleted by its author
So you are saying that my mother who is in remission from cancer who is caring after my father who is also in remission from cancer, who are both looking after my brother who is dying of cancer at a very young age, deserve that?
Some people don't know how to use a computer for whatever reason. Don't mean they are stupid. I bet each of those family members of mine have skills in areas you could only dream about. But it's good to feel superior eh, especially when you are so inadequate deep down inside and the one thing you can do well is your sole source of self-pride and dignity. Rock on!
Since when did being a nerd, geek or hacker mean you have to have a compassion or decency bypass?
No wonder you are AC.
Some people...
Not surprised ransomware is moving on to porn. Lots of malicious software coming from porn sites are targeting mobile users.
I wonder though, whether a fresh install would've done the job. That is, if you had nothing else in place to prevent you from wiping out the ransomware. “The Windows nasty prevents users from booting in safe mode.” There are, instant restore software (Comodo, Rollback Rx, etc) that can do the job.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
