Anti-Ransomware SSDs?

[Senzelian]

The more interesting part is the following sentence from the article:

Quote

Furthermore, SSD-Insider++ can also reportedly reverse any damage to data in a matter of seconds, by leveraging the operational characteristics of an SSD to instantly roll back any infected files.

 

Protecting dataloss from happening is great, but being able to repair it afterwards is of much greater importance.

[Kisai]

On 9/9/2021 at 10:43 AM, NinJake said:

Summary

An idea has stemmed from a team of researchers to help minimize ransomware attacks. How so? SSD firmware.

 

Sources

https://www.techradar.com/news/your-ssd-may-soon-be-able-to-detect-ransomware-attacks

Quote

Best of all, thanks to its implementation on the firmware, the mechanism only increases latency between 12.8%-17.3% with a throughput drop that maxed out at 8%.

Honestly, that's probably a hard-pass in performance-sensitive applications.

 

The best application for this would be business laptops while they are connected to the internet (eg at home.) 

 

That said, a false positive here would destroy as much data as it would protect. For example, if you were zipping up files to back them up to another hard drive, and this activates on the SSD, it might corrupt the data in the corresponding zip file, making it impossible to ever restore the zip file except to another SSD without the feature. 

 

I'm not sure how many of you have actually tried to recover data at a sector-level from a hard drive, but suffice it to say, it is quite impossible without automated tools, and all it takes to make losslessly compressed files (eg zip files, png files, etc) completely useless is one bad byte at the beginning of the file. Even with other format's, it's often impossible to unzip files where only 99% of the file exists.

 

Now in a business situation, this might be a different case where it might keep a laptop from spreading the ransomware, however since many businesses allow too much network access to their employees, this feature wouldn't stop ransomware from compromising network shares.

[Guest willies leg]

That's what happens when marketing takes over a company and pushes engineering aside.

 

So sad.

 

Only thing sadder is being on the team writing that microcode, knowing that hackers can bypass it in a microsecond, and your updates have a zero chance of ever getting applied out in the field. But yet you still write your complex code that's mission critical, because if it fucks things up you're responsible for data loss. I guess you just do the needful.

[Mark Kaine]

Tbth i never understood why this isn't already a thing, i don't want encryption ever, should be just a toggle or something...

 

This could also be done in bios etc, i guess... like I said this should just be a toggle...there is just no reason why I ever would want to encrypt my own data. *

 

I know not exactly the same thing, but a much easier "solution" 

 

*edit: i forgot some websites only accept encrypted/ compressed data for examples, that would be an issue,  but then that's why there's a switch.

 

A general data protection/ recovery feature would be better obviously...

[Mark Kaine]

13 hours ago, willies leg said:

That's what happens when marketing takes over a company and pushes engineering aside.

 

So sad.

 

Only thing sadder is being on the team writing that microcode, knowing that hackers can bypass it in a microsecond, and your updates have a zero chance of ever getting applied out in the field. But yet you still write your complex code that's mission critical, because if it fucks things up you're responsible for data loss. I guess you just do the needful.

Wrong thread?

 

If not: I reapeat: this should be a thing for a very long time already,  even before ransomware and ssds, built-in data recovery,  its not rocket science 

 

 

[Guest willies leg]

14 hours ago, Mark Kaine said:

Wrong thread?

 

If not: I reapeat: this should be a thing for a very long time already,  even before ransomware and ssds, built-in data recovery,  its not rocket science 

 

 

 

Nope, right thread.

30+ years in the industry, seen this before. It just adds more complexity and no value.

You probably don't remember when Intel put in the NX bit, that was supposed to solve everything too. And it was a great marketing tool!

[Mark Kaine]

1 hour ago, willies leg said:

Nope, right thread.

Ah ok.

 

 

1 hour ago, willies leg said:

30+ years in the industry, seen this before. It just adds more complexity and no value.

You probably don't remember when Intel put in the NX bit, that was supposed to solve everything too. And it was a great marketing tool!

no I never heard of that.

 

But one (probably 'the') reason I've said it should be a thing is because Windows has this option already , except it apparently doesn't work, system restore has exactly worked 0 times for me and I tried often, several windows versions... and that's *without* ransomware or similar...

 

So while I really don't know how exactly it cannot be so hard to have a working shadow copy of everything that cannot be tinkered with by any means...?

Now if that's an OS feature,  a storage feature or something else i as a consumer don't really care / know, i just know there's an option to "restore" your data, which most of the time (in my case 100%) does not work,  but it should!

 

Maybe whatever you had to write just wasn't the right approach?

 

I get that it's difficult due to several factors and a programmer maybe isn't even free to make the right decisions, but in theory this really shouldn't be super hard, technically. Imo!?

[SimplyChunk]

ok here's a thought on ransom ware.  I've heard mutterings of some malware hiding itself in GPU RAM. Now am i right in this?.  So what happens, when say with direct storage, a ransomeware bug plants itself there. tells ya 20GB Geforce 5080tie to copy all ya user files in to it's VRAM and Then flashes up a message telling you that and if you turn off ya PC all ya data is gone?

[Quackers101]

direct storage? isn't that more read than anything to write for storage? (and maybe other issues to find what you speak of with 20GB for many TB of storage)

loading or streaming a lot of assets?

[tridy]

Does keeping/turning on the history of the files help in any way? These days when cloud storage is not expensive, there are several ways of saving the precious documents at several locations, or even working on them only in the cloud.

 

If an SSD could spot a suspicious activity, why for example Windows Defender would not able to do that?

 

For such a magic SSD, would it matter if an encryption like Bitlocker is already used, will it be able to detect it then?

 

A crazy idea and probably unrealistic. Do you remember when one of the applications did not close properly and was holding a handler to a file and you were not able to delete it? Would it be too resource intensive to create such an application that would be keeping the handlers to the files and make them read-only this way. Then only you could send a special command and unlock those files for write.

 

Maybe naive but I think that some ransomware is looking for certain types of files, like office files and pictures. I guess it is looking at the extensions to selectively encrypt those as fast as possible. Then why not keep the documents with .dll or .sys or whatever extensions just in case.

 

 

 

[WolframaticAlpha]

On 9/9/2021 at 11:42 PM, James Evens said:

Can't wait for the McAfee SSD.

Don't give them ideas!