What's with these regular "I was hacked"? threads?
 

We get new accounts posting strange "I was hacked" threads fairly regularly, and I'm honestly starting to wonder if it's just a coincidence. I mean (hint, hint) I can't look at the post IPs.

They're all characterized by a) wild implausibility, b) refusal to seek help from anywhere other than this forum (even when people treat them seriously and advise them to take their computers in to be professionally serviced), and c) posting only about their hacking problem and then disappearing

The ones I know about are:

Sept 11, from "RPC" Vírus that slows down the copying of files to USB

April 14, from "Cookiemon": Hacker is configuring Chrome OS on my iPhone

Credit to TB0ne for compiling the links below:

November 17, 2019, from "LongDuckDong_69": My LG Stylo 4 Has Been Hijacked by Remote Administrator and OS as Well as Kernel Have Been Modified

August 26, 2019, from "lynxlyon2": System changes

June 26, 2018, from "Lynxlyon": How do you counter a death attack

June 22, 2019, from "Supermarketjedi": Can't update, upgrade or install packages on any Linux OS

March 20, 2018 from "Danwilliams1989": Mounting my phone. How do I stop them.

This list almost certainly isn't comprehensive, but you can already see how regular it's been since 2018.

Here's another one from today from RPC. Looks like a sequel to the one you found.
Being attacked by a virus that does the same thing but drivers are different

Yep...glad someone else noticed. What gets me is the times/dates...typically from England (based ONLY on speculation given time differences/language). And typically one will drop off after posting for a bit, followed by a NEW poster, with an almost identical issue. User-creation times are always overlapping by a little bit, or consecutive.

Personally, I'd love to see the moderator close such threads, and post a 'form letter' stating that if the poster can provide actual, hard PROOF (beyond speculation), that the thread will be re-opened, or a new one could get created. But it probably won't happen, given the number of times first-few-post moderation has been brought up and shut down. And the fact that some moderators don't seem to care what's reported. I reported a spammer the other day, and the spam-link got removed, but the moderator of that forum left the spammer active...hardly worth the effort to report things when such moderators pick and choose.

Is this an issue?

personally what I do not understand: why do you (or anyone else) post answer[s] if you think it is spam? Do not feed the troll. Put him onto your ignore list.
There are a lot of threads started by a single-post user and containing several (>10) responses. Why?

In my opinion, they are either from a single person who is trolling, or the poster(s) are either mentally ill (some sort of affliction that causes paranoid delusions) or the poster(s) are crack cocaine or methamphetamine users, both of which cause extreme paranoid delusions.

All of the threads have the same exact symptoms: a mysterious "hacker" is causing odd behavior on a bunch of the OP's computers, some of which are not even connected to the Internet or a network. Of course the "evidence" is a series of rambling, nonsensical statements by the OP that are not at all evidence but opinion. The last one even said a commercial antivirus couldn't find the virus, which of course normally means it doesn't exist, but that wasn't enough for the OP who still insisted a virus existed.

Yes, these threads drive me crazy as well, but for the fact of morbid fascination, I weigh in and answer them. Sigh.

I think Pan64's idea of blocking them is good. Thanks to the list from Dugan, I'll start there. "jazzy_mood" is another poster to add to Dugan's list. Multiple. threads about viruses that get on the PCs without a network connection.

Added all of the user's in Dugan's list to my "ignored members" list. More will surface I am sure :rolleyes:

I'll take a stab at this. The reason, is because folks typically ask a reasonable question (at first), and that person could actually have a problem. But it quickly devolves in 99.x% of the cases to a mysterious 'them', and the proof is never available. But we don't know unless we ask and try to help.

I feel like the moderators should step in quickly with such threads, as soon as the nonsensical ramblings start, and close it. The posters mentioned in this thread are great examples...I think they just want attention, and it makes them feel 'important' that they are important enough to be hacked.

I can only partially agree with it. [These] people want to be important, yes, and also they have a problem. But the real problem is not a virus or any technical issue, but the lack of their importance. So they start a dummy conversation about something which has no any real goal, no meaning, but as you wrote will take [y]our attention. And OP will be important, because nobody else knows the details, purpose and outcome.
And you can decide if you want to play this game or not.

Agreed totally; but we only know if it's genuine or not after we ask for details. But it becomes pretty clear pretty quick that they are (at best) 'misinformed'. Which is why a moderator should step in and close the thread quickly.

I report these things, but it rarely gets attention (to my knowledge), and when it does it's typically a 'keep on the subject' post.

I see one originator of a similar thread filed a few complaints, which are about some regular posters who have posted jokes, or sarcasm in reply to a thread question. The OP seems to be saying, "This seems an unreasonable reply to my thread."

I understand that people believe there may be problems with a person who has initiated poor threads and perpetuates this practice.

I also feel pan64's points are very applicable. My interpretation is, rather than add to a thread where you feel the OP is trolling, or asking questions and not providing helpful responses, then choose to not reply. Or do not reply further if they demonstrate that they can not, or will not, conduct a coherent discussion.

My simpler form is:As already noted, you sometimes see dozens of replies, and many times replies sans the OP's participation. They therefore achieved their onerous goal, if that was their intention.

I don't know what people expect here. I feel we see some amount of complaints about certain posters where people do not like their questions, maybe rightfully so. In many cases, the thread and question are not against any rules. I have, once or twice, considered a possible discussion where LQ considers revisions to the rules. Each time I inspect them, I'm rather hard pressed to offer modifications. It is an open forum and people have expressed their desire for freedom of speech, and also wish to not see over moderation of their discussions.Please review the LQ Rules. Exactly what there discusses closing threads because some see the topic as unimportant? Perhaps I can invite you to do your own review of those rules and open a S&F discussion which proposes amendments to the LQ rules. I've just said that I have no suggestions that I feel would benefit the site.

A side point is that it sometimes people who feel they have tenure on discussion forums do sometimes feel as if they have carte blanch to act in certain ways and feel that their actions, above newer members, need to be above reproach. I'm not addressing anybody specifically, just something I've noticed.

Have any of you noticed the exponential rise in Twitter posts about Q and "the deep state"? People are becoming truly paranoid, about all sorts of things, but especially about the government. That phenomenon has been exploding in the past 4 years. And those paranoid people typically support the same political party. It's no surprise that the number of paranoids is growing, since the total population is growing, but the percentage seems to be increasing. I have no idea what to do about it.

I don't disagree on principle at all, but closing a thread after it clearly derails into things like the mafia being involved in hacking Kali, and people being able to hack their systems when they're not even plugged in is different. There aren't (and can't be) any solutions to that persons problems that can be found on a technical forum. To me, that fits in with the "Question Guidelines" about not providing details when asked, specifically:

I never meant to say or imply it was against the rules, just that it serves no purpose for such threads to be open. There isn't any technical knowledge to be gained or shared. Closing it terminates any further input from anyone. And hopefully if the OP posts again, they will provide actual technical issues to solve and discuss, with actual proof. I report them mainly so moderators can keep an eye on those problematic threads. Again, not picking on anything/anyone in general, just my $0.02 worth. A mod-post in such threads telling the OP to provide real evidence would go a long way in some cases.
I think that long-term posters tend to value the forum more than 'drive by' posters, and when things (like the posters mentioned in this thread) come up, it devalues the entire site. I've had infractions (surprising no one), but I've only had one that was truly not deserved and it was reversed by Jeremy. I'm NOT above reproach, and the rules need to apply fairly and to everyone. There are some moderators (not you), who tend to apply things unevenly, if at all in some cases, and come down hard for minor infractions for others.

My :twocents: is that if a person is not going to listen to reasonable posts by any member, they're not going to listen to similar from a mod.

The subject has been discussed before, and it is one of the reasons why the Welcome to LQ page exists. It is rather impersonal, so I admit to not using it much these days.

I feel it is the responsibility of all members to work to not allow thread discussions to degrade.

Styles vary, as we all know.

It is the interwebtubez, so one must expect opinions that vary widely from one's own. It's a scary place, and there are weird people among the population. So I expect these threads, and I just ignore them. It's not worth my time to get involved, because arguing with a pig is an exercise in futility, because you just get dirty and the pig enjoys it. Do not feed the trolls! is something one always needs to keep in mind. If you just ignore the bozos, they will go elsewhere.

This one was comedy at it's best.

I start by considering each one carefully, then go from there. I admit, I lose patience if the stupid gets deep.

The problem is that about one time in a thousand (or two) if they say virus there might be some real malware involved. That needed investigation, and the OP often does not even understand the questions much less how to answer. About one time in a hundred (or two) if they say "hacked" there is an actual attacker trying to hack or disable their system. Rare, but it does happen and this needs investigation.

It is difficult to maintain focus when you have seen 52 operator errors, 46 device failures, and two known file system flaws or bugs and you see that next "it must be a virus" message come in. But in EACH of those cases there is an opportunity to teach something, and help the OP avoid being mislead in the future. And one time or another, it might even be a virus! Someday.

If you feel so sick of it you do not want to check it out, that is OK. Ignore it and some of the rest will step in. None of us is alone here. While we are not technically a team, this has many of the characteristics of team work and we can address it that way. We should!

First things first:
It would be nice if a moderator could check the IPs of the members in question, that should quickly prove or disprove the idea of a limited amount of trolls opening ever new accounts.

I think there are several factors at work:

• people really are paranoid and feel misunderstood and get extremely defensive when challenged about the subject of their fear, esp. when they lack the know-how
• these things tend to go to ever further extremes on the interwebz
• other people build on the fact that ultimately you can never know whether either the issue or the paranoia is real, and play a game of ...erm, there's an internet slang term for it, I don't remember right now...
• these games are then in turn taken for reality by yet again other people and voilá: escalation!

I believe that in large parts of the internet this sort of stuff is incredibly common (to the point that people would dismiss it as fake right away and might laugh at our naiveté for even considering it an honest request) and what we see here is just minor spill-over...
LQ is one of the more tranquil corners of the WWW!

I was just thinking about this and some of my comments made me feel bad but I tend to get frustrated at posts like the ones we discuss here. Sometimes I don't check myself when I say something. I am guilty of hiding behind the anonymity the board provides and sometimes losing my normal communication filter I would have in person.

If we encountered a person such as the posters' in question in real life, as in person, and they started talking about the things they experience, we would probably find a way to politely walk away. I would anyway. The Internet, in all its glory, allows anyone to express their views, no matter how insane, absurd, rational, etc. The biggest melting pot in the world. We are going to get posts like the ones in question so I guess the best thing to do is try to figure out whether there is some substance to it and if not, politely walk away...

Maybe I'm naive, but, unless such a post is trying to shill for something or point to some nefarious link, I'm inclined to put most of these posts down to simple ignorance. Also, given the size of the LQ community--ove half a million registered users as I type this--the percentage of such posts, in that context, is really quite small.

Many persons who use computers may understand the applications they use, but don't understand how computers themselves work (granted, this is a immensely smaller percentage of the Linux community than it is of those who use the dominant commercial operating systems). Add to that persons who have made little or no study of malware and the various ways in which it can manifest itself.

I find easy to imagine that a relatively inexperienced Linux user, groomed by years of warnings against viruses on other operating systems, could see some unexpected thing happen on the screen and leap to the conclusion that it must be ipso facto nefarious.

Ignorance is a powerful force.

Just a few thoughts.

People often have a fixed, preconcieved idea of what a problem is and want to see that affirmed in any advice offered. They will want 'solution' based on their flawed ideas and diagnosis. Any suggestions which don't fit are dismissed. " i know it's hackers i just need someone with the right skills to assist and provide solutions". Any suggestion that they are completely wrong to start with is dismissed. This is often simply human nature - they have their own mental picture of how something works and fits together and challenging that means challenging them and their understanding. They demand assistance on their own terms, within their own set parameters.

I have worked in tech support for 15 years and have found that confrontation doesn't resolve any of this. Instead you have to manipulate someone to see their own error for themselves - even then you will find many who will prefer to blame imaginary gremlins in the machine than their own lack of ability - even when presented with all the evidence. There is usually always a "back story" to these kind of queries, which they will definitely see as relevant but which anyone attempting to answer will find unhelpful and distracting. I like to refer to this as the "well it was working yesterday" factor.

The "hollywood hacker" and the "virus industry" with its bioligical aspect dont help matters. To average joe, a virus is a "disease" computers can catch (i have spoken to countless people who dont know the difference between a virus and a bug) and they certainly believe that themselves are definitely valid targets for "hackers", so how could you suggest otherwise?

^ well spoken, #18 and #19!
I too believe that there's a lot of psychology at work here, mingled with ignorance (and who could blame anyone for being ignorant about how any computer works), jumping to conclusions etc.

But I also believe there's a sort of "culture" on the WWW - and has been for some time - that makes people invent such stories, or copy-paste them from elsewhere, for effect, and I also think that a percentage of the posts/posters mentioned here belong to this category.

Again: if LQ and its software works anything like the forum I moderate, it should be easy for a moderator to to look at the IPs of the posters in question? Not asking to publicize those of course, but it would give some insight and lend either more or less weight to the theories postulated in post #1.

Many of those who help out here are skilled, reasonable and logical in their approach to any diagnostics - most people in general are not however.

For example you often see someone with a particular problem, they leave out details they may find insignificant, but include how much they spent on the laptop, etc and that 3 of the 4 OS they installed worked - then despite advice, will reinstall and claim thst finally fixed it.

This is where the huge difference in perceptions comes in. For them, the first install went wrong (all of its own accord) and reinstalling was the right solution - as they will often subscribe readily to the idea that random thing can happen, where those attemlting to assist will not. For those trying to fix the problem - they may have known precisely what the problem was but simply couldn't progress it that far due to lack of will/ability from the OP.

Actually I consider that a very useful bit of information. It means that their machine definitely will run Linux.
Anyone who comes over from the Windows world will have been taught that the answer to all problems is to "just reinstall". It's not surprising that they adopt this as the solution to their current problem. And if that problem is indeed that they did something wrong during the installation, then there's an even chance that they'll get it right second time around.

Also not everyone wants to solve problems in the sense of finding out what causes them and fixing that. That you can do that in Linux is one of the things I love about it, but many more pragmatic people don't want to waste time on that; they just want a system that works. And if they are led instead to study the source of a problem, they may simply conclude that Linux is a geeks' system and too difficult for them.

As for random misbehaviour, that really does occur with hardware. I remember being told in my early days in computing, "If a problem is reproducible, it's software. If it isn't, it's hardware."

Well, I said "OS" rather than "Linux", but also due to the different kernel versions, used by different Linux distributions, that's not quite correct in that regard either - in that it may definitely run Linux, but may not run the Linux they want to run on it.

I came "from Windows" and i still have to run it and that's certainly not my philosophy at least. When it comes to "Joe Public", the solution for them is usually not to reinstall, but something like "buy a new laptop".

I personally haven't found "reinstall" to be a good solution for Windows since the bad old days of Windows 95/98/98SE/ME. So I do think a lot of the statements you see on sites like this about windows and Windows users are based either on myths or on anecdotes from people who haven't used Windows in twenty or so years.
That's precisely it, except they reinstall mostly due to being unfamiliar with the new OS. When I first started messing the Linux, probably around 18 years ago, I also reinstalled in the early days, not because I did that in Windows as a solution to a problem - but because I was neither skilled nor experienced in enough in the new OS to fix the problem any other way.

I think there are some great points here.

I feel that most people will try an install.

There are two tendencies I've seen, and also experienced myself. (1) tentativeness, due to non-familiarity, (2) confidence, due to past successes with non-familiar topics.

While people may be tentative, they're generally smart enough to search the topic and pick up enough for their own comfort. This gives them the confidence. Also if they've followed this practice in the past, they have a basis for that confidence. And this is regardless if the former experiences were computer related, versus following a cooking video, or car repair video. It's just how some people think.

Regarding the part of Hazel's quote which I've highlighted, and my edit, I agree that people do not want to wait and they want a working system. Style-wise I'm modifying that with my thought that they may not care or decide anything negative about Linux or the people who use it, but instead reach the opinion that they wish to use it, and studying it, in depth is not what they wish to do. Finally, if they were successful with their install, either try #1 or a retry, or a different distribution, they may conclude "problem solved", and then just move ahead and use it.

Same for maybe a lot of these threads. They call it hacked, it may be malware, it may be just another problem. Some users don't care, if they can get it to work, then they're done at that point.

"The skills you need to produce a right answer are exactly the skills you need to recognize what a right answer is."

Very true.

I vaguely remember a thread, here or perhaps elsewhere some years back, where the OP explained how a Linux system was put together, but only in terms of how they imagined it, with no basis in fact, even coming up with their own nomenclature for the imagined components. It seemed impossible to them that this interpretation, which they treated as good as fact, could be fundamentally wrong.

They refused to be corrected - as they seemed to assume that all other posters, were on the same level or lower and were also posting their own "hypotheses" on Linux system architecture. As I recall this particular poster was posting a "tell me how to fix my [self imposed] problem, according to my exacting requirements" type thread.

For some, I believe, there is a "black box" and some are comfortable with that and if others attempt to cross that line - at that point they shut down all attempts to delve deeper.

My account was hacked! Somebody else logged in and posted something in Spanish!

the right way is to contact moderators instead of spamming....

I assume you've changed your password since then?

These threads are all the result of the same thing. Ignorance and FUD. Plus the belief that they are always right, even if they have no clue about the subject. This will only increase with time.

Some of the threads are pure disillusionment. Some posters firmly believe they can be hacked in esoteric ways without a network connection. My personal belief is those are not due to ignorance of how things work of even lack of knowledge or experience, mainly because the posters argue and refuse to acknowledge how ludicrous the posts seem. The hacks from some posters are simply "magic" and they refuse to believe anything to the contrary. I lump those into mental illness, as un-politically correct as that may be. I have experience with someone who suffered from drug induced mental illness and they were exactly the same way: expressed extreme delusions about technical "hacks" that were literally impossible.

Not saying all are lumped into this category but it is a possibility that at least some could be.

I can't say if the people are nuts but I can say that people who have no/little technical ability tend to think that way. They see some web page suggest they are hacked and maybe somebody they know suggested it but in all cases I think it is the limited technical skills of these folks. They are usually just regular people who have no desire to become a genius on computers. They are just trying to get along in life.

The news and sales pitches offer help for being hacked. It is real as we all should know that crooks out there are stealing information by the truckload. I have worked with users of computers for 35 years. They almost all have one thing in common. They know a little bit about computers. They read some article. They have some friend they seem to trust. They watch tv and radio for news and begin to worry.

For the typical linux power user the unexplained issues are testable and definable. Even modest linux users tend to search out solutions to issues.

I don't like to insult them since I assume they are not trying being kooks. If they did have a mental illness then what good is it to be mean to them?

Agreed and I am not trying to be mean. I just get frustrated with impossible situations ( kobiashi maru!?) that are unanswerable.

Not all of them. Perhaps a majority, but some are examples of an actual hack/break-in attempt (often by a script or malware engine). Some users who complain of such things are open minded and willing to learn. Do not let the few unwilling to listen make you jaded and cynical.

True!
The "fakes" (for wont of a better word) are drowning the real topics, endangering those that really need help with an infected machine.

It usually doesn't take long to tell the few genuine examples from the tinfoil hat types. I haven't seen a genuine malware instance on Linux thread in a very long time. Not that they don't exist, but they don't happen often.

True, but we did see a creditable "my neighbor hacked me" kind of thread only about two years ago. We could neither conform or disprove, but it MAY have been real. All we could do was advise on recovery and prevention IN CASE it was real. I felt good about that, because the advice we gave was correct and useful no matter WHAT caused the symptoms.

YES.
the strange text disappeared also. Is this a good sign or a bad sign?

Bumping this because we have an "I've been hacked" thread going on right now...

There was a famous discussion on Reddit where someone was finding weird post-it notes and wondering how to catch the intruder who left them. It turned out that the OP was leaving the notes himself, and was being confused by a carbon monoxide leak.

When Reddit gets nonsensical "I've been hacked" posts now, "check for carbon monoxide" is usually one of the first suggestions.

The discussion in question:

• [MA] Post-it notes left in apartment.
• [UPDATE!] [MA] Post-it notes left in apartment.

Note that carbon monoxide is an established explanation of haunted houses (as noted in the Wikipedia article on "Haunted house").

For the record, this is what it looks like if a hacker is actually harassing you:

Meet the men who spy on women through their webcams

I nearly was laughing myself silly at a possible discovery. I'm not a big TV person at all, in fact I don't believe I've turned on a TV in months, plus we don't have cable, just streaming or whatever air channels we can receive, albeit with no antenna so it has to be pretty strong signal.

Anyways, spent a few days with a relative because they're old and they need a companion and the regular companion needed to be away. This relative also was watching endlessly, streaming shows and series on Netflix mainly, but other ones.

TO A TEE! About 150% of these shows had conspiracy, hack suspicions, and etc. A lot of them were mysteries, thrillers, or investigative cop/fed/whatever types of shows. And they were filled with plot twists. I just kept hearing things in the other room while I was working and I hear stuff like a plot twist where they catch up with the strongest suspect, corner them for a discussion and that person admits that very likely their users and usernames were exactly the focus of the suspicious activity, usually involving sex crimes or murder, but the plot twist was that someone had hacked their life etc, etc, etc.

Honestly it was amazing, nearly every show I heard enough to pay attention to, had something like this in it.

All I could think of was this discussion and variety of "I've been hacked" claims we see. Brought a tear to my eye.

Addendum: This is as funny as several years earlier, my wife would watch the show Cops and same thing I'd hear the dialog and it would be so funny. They'd find some person, guy usually who was shirtless and wearing no shoes, clearly painted to be a druggie. And the cops would question why they were hanging around some place at 3 AM or whatever, eventually they'd ask them if they were carrying any drugs or weapons and they'd frisk them, and lo and behold they'd find drugs. And then invariably the perp would say, and I quote, "These aren't my pants". That would just knock me off my chair laughing. I had a restrained same reaction to hearing all those streaming series, nefarious "I've been hacked" shows.

Maybe I didn't hit on the precise explanation, but I feel I sure found a smoking gun. ;)

Posts #40 & #41: interesting context. It sure seems like the blueprints for most of our "I was hacked" threads stem from these sources.

I notice in the ArsTechnica article a lot of Windows XP. I'm sure Windows have tightened security since then (but still keep that door open for remote maintenance).

Much less likely on Linux machines. But we do take each of these threads seriously, at least until OP refuses to provide details fro reasons that seem to come straight from daytime TV. :)

rtmistler, yes there were programnes like that when I was a kid - but the difference was that they were for kids. Implausible plot twists and serialised with cliff hanger endings to keep the viewer on the hook.

Nowadays Adults watch the same thing dressed up as mature drama. In most cases it's dross and throwaway sensationalism for the distraction of the gullible. It will be recycled over and over again - the same tired formula. Rinse and repeat.

I remember the "X Files" in the 90's, though I wasn't a fan, and trying to convince a former colleague that it wasn't based on any facts or leaked files...

I had similar conversations with regards to the Da Vinci Code. I remember someone telling me all about in detail and what it had "exposed"...

The same applies to sci fi "hacking" you see in Hollywood - it's convincing enough that the uninitiated will fall for it...

"I would've got away with it too if it weren't for those meddling kids and their dog!" -- Any criminal on Scooby Doo.

Yes, things seemed to be patently obvious even when I was a kid, also with other mystery shows like Perry Mason or ones way back. I guess they felt they need to turn it up several notches these days.

Hacker manipulation
 

So there's no need for antivirus software. I'm new to Linux. I read that no such protection was necessary, that viral attacks on Linux were rare. I haven't looked into any kind of viral shield so far, and I'd prefer not to have to do this. Is there any kind of safeguard I should be taking. I'd prefer to spend my time learning more about Linux than worrying about hackers. Thanks for the post. I suspect you're right on.

I think the consensus is that you need antivirus if you have Windows machines on your local network or if you regularly share files with Windows users. Viruses written for Windows don't directly affect Linux boxes but they can still be stored and passed on.

If you are running a server, you need a good firewall.

Regarding back doors: there used a few years ago (pre-pandemic) to be a TV ad for some kind of Windows software that allowed you to remotely get files off one machine while working on another. This was presented as a useful thing to be able to do, for example when giving a presentation away from the office. I remember thinking at the time that it sounded like a very dangerous back door.

This is the tragedy of the 21st century, it seems to be getting worse, not better.

Please don't put out simple statements & ask us to confirm them.
There's no simple answer.
What you are asking is best answered proactively, forming your own opinion with web searches instead of asking for other people's opinions.
Also, have you read ALL of this thread?

deleted.

I do not run protection on laptops. I reload laptops regularly and it would seem wasted effort.

In general: I run antivirus and rootkit detection on servers to protect the services and so that I do NOT need to reload servers! (Servers also get backed up, I only back up settings and data for critical applications on laptops.) Specific server cases may differ form those general rules, depending upon risk factors and analysis.

I have DECADES of experience in the business doing such risk analysis. When I started out there was far less threat, but we still took a more conservative approach because so much less was KNOWN about the threats! We NOW know how appropriate those precautions were!

90% of the encryption malware, no matter how it is spread, attacks storage. If remote storage is not mounted in a way that malware can use to encrypt the data, you avoid some of the likely attack vectors and limit likely damage of a successful exploit to single nodes rather than server data.

It is important to consider HOW you operate as part of your risk assessment, and make such changes as to support your operation while reducing the risk. That is AT LEAST as important as any anti-malware software.

It is also one of the most important things to teach a rookie! New users have no experience basis to decide "this means I have a hardware failure" or "that means that application is acting bad and must be replaced". They see something going wrong that did not go wrong yesterday and H"AVE to jump to a conclusion to move forward. If they are lucky they then bring the symptoms to someplace where they can get good advice, diagnostic steps, revisions of their original conclusion, and ways to get to the right answers. LQ is at its best when it is that place!

It is not at its best when the only answer they get is "you should know better". If they knew better they would not come to us.

Thanks. I have much to learn. I know enough to know that I don't know enough. Thanks again.