Backups [was Re: Is tape dead?]

[Chuck Guzis]

On 09/18/2015 09:49 AM, Fred Cisin wrote:
> On Fri, 18 Sep 2015, Liam Proven wrote:
>> However, Cryptolocker et al spread by fooling users into running
>> something they shouldn't run. I'm sorry, but you got suckered.
>
> Absolutely. I now think that it was a "We're Adobe, click here to
> update Flash Player" or maybe "Java update" But, I never got my
> winnings from the Elbonian Lottery.

I think it's more complicated than that.  Here's a sample of what 
happened to me in the last few days.

I received an email for a lost password reset in Twitter.  This was odd, 
as I've never ever been tempted to sign up for that pile of steaming 
gossip and sociopathy called Twitter.  But there it was, my email and a 
link coming (verified by headers) from twitter.com.  Internally, it used 
a name, but it wasn't mine.

I sent a complaint to Twitter along with the complete forwarded message 
demanding to know what was going on.  I got the automated response, but 
then utter silence.  I'd be surprised if I got much more than that.

I've often stated that the problem with the malware protection business 
is that it's reactive, not pro-active.  So there's got to be hours or 
days for the nastyware to propagate before someone writes a detector for it.

There's been apparently a virus active for months that spies on online 
poker players:

http://www.bbc.com/news/technology-34289003

Where were Norton, AVG, etc. for those months?  I don't blame them; 
they're trying to make up for the fact that most operating systems are 
failing at their basic task of protecting the user.  FWIW, the small 
server I use here runs OpenBSD.  The level of paranoia of the code base 
maintainers impresses me--but I don't trust it entirely.

One can but wonder how many backups are infected with the same virus.

--Chuck