RE: Internet Security Day

From: Loganaden Velvindron <loganaden_at_gmail.com>
Date: Sun, 14 Feb 2016 05:22:18 +0000

Ransomware is an interesting challenge from a security perspective :)

I was looking on how to mitigate the effects of ransomware that attacks
desktop machines. (I will leave the server part for another day).

I thought about designing an operating system by leveraging existing tools.
Fundamentally, it is a file system issue. How to protect the filesystem
from being encrypted inadvertently ?

My solution to this problem would be to isolate each app running on the
operating system so that it has its own filesystem which is a copy of the
host file system. In case of ransomware strike, it would encrypt that
application's filesystem space, but not the other applications running.

So thunderbird would have /Users/bob/* encrypted by ransomware, but other
apps would still be able to access /Users/bob/* as they have their own copy
of the host directory.

This design has of course its limitations: it merely contains the
ransomware via app isolation, so all of your mails would be encrypted, via
thunderbird by inadvertently clicking on an attachment. However, you can
still access your documents in Open Office because it runs in another
instance. You would still need proper back-up, to restore the thunderbird
mail. However, with this scheme, ransomware is limited to a specific app,
and its filesystem space.

There is a performance penalty to that scheme but depending on the
enterprise use case, it may be worth it if the data is very important, and
getting people running back to normal is an important issue.
Received on Sun Feb 14 2016 - 05:22:33 PST

This archive was generated by hypermail 2.3.0 : Sun Feb 14 2016 - 05:36:03 PST