is it worth upgrading to V7 to get MIG if using an AV which claims to protect against this problem?


is it worth upgrading to V7 to get MIG if using an AV which claims to...
Author
Message
JoeZ
JoeZ
Junior Member
Junior Member (54 reputation)Junior Member (54 reputation)Junior Member (54 reputation)Junior Member (54 reputation)Junior Member (54 reputation)Junior Member (54 reputation)Junior Member (54 reputation)Junior Member (54 reputation)Junior Member (54 reputation)
Group: Forum Members
Posts: 26, Visits: 58
Is it worth upgrading to V7 to get MIG if using an AV which claims to protect against this problem?

I use McAfee- which claims that it can protect users from ransomware. The McAfee support forum seems to believe ransomeware isn't a likely problem for a home user.

I really like Reflect- so I probably will upgrade but maybe it's not urgent?

But, I have 3 PCs on a home network. If one did get infected, could it infect the other PCs on the network, or damage the network?

Joe
jphughan
jphughan
Most Valuable Professional
Most Valuable Professional (3.9K reputation)Most Valuable Professional (3.9K reputation)Most Valuable Professional (3.9K reputation)Most Valuable Professional (3.9K reputation)Most Valuable Professional (3.9K reputation)Most Valuable Professional (3.9K reputation)Most Valuable Professional (3.9K reputation)Most Valuable Professional (3.9K reputation)Most Valuable Professional (3.9K reputation)
Group: Forum Members
Posts: 2.8K, Visits: 19K
It's true that businesses are often targeted for ransomware campaigns because they generally have more valuable data and a greater ability to pay the ransom.  The precursor to a ransomware infection in those cases would be something like a "spear phishing" campaign, i.e. a fraudulent email that seems more credible because it mimics an email that the employees of that specific company would expect -- hence "spear phishing" rather than the more generic phishing emails.  However, there are plenty of ways that regular home users can get infected.  Major ad networks that fill ad space on websites all over the Internet for example have found themselves unwitting distributors of malware/ransomware, causing people to get infected simply by visiting perfectly legitimate and trusted sites.  And yes, once a particular PC gets infected, it is very possible for it to infect other PCs on the same network.  There are countless cases of a single employee clicking a bad link in an email while at work and causing dozens of other PCs to get infected because the malware package actively sought out other targets and knew how to exploit some Windows vulnerability that hadn't yet been patched on those systems.

As for McAfee vs. MIG [Macrium Image Guardian], I haven't looked into McAfee's ransomware protection/claims in particular, partly because I personally believe that running third-party AV in 2017 is a mistake for a variety of reasons, including interference with legitimate activity and the fact that there have been occasions where poorly written AV code has created a vulnerability on the system that wouldn't have existed otherwise.  However, since a similar question was asked in another thread recently, I'll post here what I wrote there:

One of the benefits of MIG's anti-ransomware design compared to other technologies like Malwarebytes [or McAfee] or the new Controlled Folder Access feature in Win10 1709 is that the latter options employ a "black list" approach. Basically, they use definition files to identify and block known malicious applications and heuristics to attempt to identify and block unknown applications that seem malicious -- but they otherwise default to allowing activity. That design keeps them from being so obtrusive that users are driven to disable them, but it also means they can fail to block certain malware (and also interfere with legitimate applications such as Reflect!). MIG takes the opposite and much more hard-line approach, called a "white list". It operates on the premise that Macrium's applications are trusted, and everything else is categorically not trusted. That obviously makes it less flexible (for example, even users can't just delete backup files the "normal" way in Windows Explorer while it's enabled), which is why the white list design is typically considered impractical for solutions that are designed to protect multiple file types that might need to be edited by multiple applications -- but MIG is only focused on Reflect's backup files, and those are typically only modified by Macrium applications, so it can "afford" to use this design, and as a result it is both simpler and more secure than the other solutions' black list-based designs can ever be.

Edited 4 December 2017 3:10 PM by jphughan
JoeZ
JoeZ
Junior Member
Junior Member (54 reputation)Junior Member (54 reputation)Junior Member (54 reputation)Junior Member (54 reputation)Junior Member (54 reputation)Junior Member (54 reputation)Junior Member (54 reputation)Junior Member (54 reputation)Junior Member (54 reputation)
Group: Forum Members
Posts: 26, Visits: 58
jphughan

Thanks for the very, very fast reply and a very good one too. I'll upgrade soon.
thanks,
Joe
Drac144
Drac144
Expert
Expert (609 reputation)Expert (609 reputation)Expert (609 reputation)Expert (609 reputation)Expert (609 reputation)Expert (609 reputation)Expert (609 reputation)Expert (609 reputation)Expert (609 reputation)
Group: Forum Members
Posts: 382, Visits: 1.3K
Joe,

If you want to be sure your backups are safe, store them offline.  Create your backup to a removable drive (or copy your backup to that drive immediately after backing up) then remove the drive from your system.  Ransomware cannot encrypt files it cannot access.  Of course that process requires that you be present during a backup and some manual intervention on your part (to connect and disconnect the removable drive). Of course there are ways to automate parts of that process. 

But, as you said, IF you are careful and do not click on links or open questionable emails, etc. you are probably unlikely to get infected. MIG is a way to make it easier to protect your backup files, it is not the only way.  It all depends on how much effort you are willing to expend to avoid paying for V7.

GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Similar Topics

Reading This Topic

Login

Explore
Messages
Mentions
Search