It is currently Fri Sep 21, 2018 5:45 am

All times are UTC




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Physical Removal Necessary?
PostPosted: Mon Feb 26, 2018 6:36 pm 
Offline

Joined: Sat Feb 24, 2018 6:02 pm
Posts: 2
Last year I learned a hard lesson: I was hit by ransomware. I thought I was safe because I faithfully backed my data every day to a USB external hard drive. I was devastated to learn that the USB drive data was also clobbered!

I'd like to know that when I receive the message from your software that the device is safe to remove, is my data on that drive still at risk even if I do NOT physically disconnect it? Can malicious software still get to it?

Thanks.

PS- I love your software! Great job!


Top
 Profile  
 
 Post subject: Re: Physical Removal Necessary?
PostPosted: Fri Mar 02, 2018 4:19 pm 
Offline
Developer
User avatar

Joined: Thu Nov 01, 2007 12:44 pm
Posts: 561
Location: Saint Petersburg
Hi JohnC998,
In theory a malicious software can access your drive's content even when it's safely removed or disabled. First it can return it back the same way as our software does (by restarting the USB hub). But it's not easy since when the device is safely removed there's no way to know it was a disk device. The malware must remember the device unique ID (PnpName) when it was active and then reactivate it by restarting the whole USB hub where the device was connected to.

The other way malware can write data to a "stopped" device it can install an intermediate driver that will make device pretending being stopped (the OS is sending disconnect signal to a device driver, it is intercepted by an intermediate malware driver, the driver reports to the OS the device is stopped but actually it's not and the malware can write data to the drive. However it's even more difficult for malware to implement this way because it must write directly to the drive without using standard filesystem API.

In short it's possible that ransomware write to "stopped" device but I doubt there are or will be such malware. Because it's hard to implement and malware discloses its presence with this activity (reactivation of the drive or blinking drive's led when it must be off).


Top
 Profile  
 
 Post subject: Re: Physical Removal Necessary?
PostPosted: Mon Mar 05, 2018 6:35 pm 
Offline

Joined: Sat Feb 24, 2018 6:02 pm
Posts: 2
Thank you, Igor.

A most informative response!

My main reason for asking is that I'm trying to reduce HDD power cycles. I believe I will get longer device life by leaving it on all the time. With my backup scheme, I believe that I can leave the device powered up.

Thanks, again.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Crystal Rich Ltd © 2018 Powered by phpBB ©