Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

New R2D2 Technique Protects Files Against Wiper Malware, Secure Delete Apps (bleepingcomputer.com) 47

An anonymous reader writes: Purdue University scientists have developed a data protection technique called Reactive Redundancy for Data Destruction (R2D2) that can safeguard data sitting inside a virtual machine from modern data-wiping malware and even some secure file deletion methods. The technique was developed to protect enterprise systems, which are often running inside VMs.

Researchers say the new technique was successful in preventing wiper malware such as Shamoon (v1 and v2), StoneDrill, and Destover from deleting data during their experiments, but it was able to prevent data deletion attempted with legitimate "secure delete" applications. When such operations are detected, R2D2 runs each one through a series of policies that evaluate the operation for known destructive patterns. If the scan triggers a warning, the VM creates a temporary checkpoint that a human operator can use as a system restore point.

This discussion has been archived. No new comments can be posted.

New R2D2 Technique Protects Files Against Wiper Malware, Secure Delete Apps

Comments Filter:
  • by K. S. Kyosuke ( 729550 ) on Thursday March 22, 2018 @05:27PM (#56308821)
    You need three CPUs to run it properly!
  • This sounds like virus scanning, but for file operations. Terrible idea.
    • by AHuxley ( 892839 )
      Its the AV like software deep in the OS that can detect all unexpected file operations deep in the OS that find new malware.
      Spin up the CPU for total encryption malware? An app can detect that change while not having to know anything about the malware.
      Trying to copy any file deep into the OS so malware can stay active all the time. An app can detect that change.
      Try installing totally new malware all over the OS and an app can detect that change without having to know about the new malware.
  • by Anonymous Coward

    I have an even better method for protecting files against deletion. One that is proven and robust. It's called a "backup".

  • by Rick Schumann ( 4662797 ) on Thursday March 22, 2018 @05:41PM (#56308979) Journal
    Or at least issued a DMCA Takedown Notice, for daring to use 'R2D2' without paying royalties, or at least they express written permission.
  • by Gravis Zero ( 934156 ) on Thursday March 22, 2018 @05:51PM (#56309075)

    If this is widely deployed the malware writers will just change tactics. Instead of destroying data completely, they will simply begin alter files to the point where they are no longer useful. The more intelligent and insidious malware writers will gradually introduce more and more errors into databases that make it into backups. Eventually it will be discovered but if an unknown percentage of your database and it's backups contain incorrect information then you are going to have a bad time.

  • by Daetrin ( 576516 ) on Thursday March 22, 2018 @06:11PM (#56309255)
    They should have called it OB1.

    These are not the files you're looking for. *waves hand*

    (I leave it up to someone else to come up with a good backronym.)
  • ... can safeguard data sitting inside a virtual machine

    You know what else can safeguard data sitting inside a virtual machine?

    Backups. Snapshots. Checkpoints.

    • by Anonymous Coward

      ... snapshots ...

      They built a component to automatically take a snapshot when it detects I/O patterns that resemble a wipe, to try to reduce the window of time between last snapshot and wrecked data. That's it. It's a supplement to scheduled snapshots, backups and so forth.

  • by DontBeAMoran ( 4843879 ) on Thursday March 22, 2018 @06:16PM (#56309297)

    Unfortunately, this new technique is still vulnerable to Cryptographic Core Computing Processing Overload.

  • by jamesjw ( 213986 ) on Thursday March 22, 2018 @10:00PM (#56310403) Homepage

    Is it called R2D2 because the normal case of secure delete the system admins say "What the bleep-bloop have you bleepy-blarp done? You stupid bloopy-blip!!" ?

  • >R2D2 supports 13 known "secure delete" methods that apps and malware are known to use

    thank god I only use programs.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...