Preparing for the worst with Windows 11...how do I use sysprep and restore client data?

[nlinecomputers]

And they still are "everywhere." It's just that detection and blocking mechanisms have become so very much more efficient and sophisticated.

I need to remember when doing client visits to take occasional looks at the various security suite logs just to get a sense of how much is actually being blocked these days. It does no good to look at my own, because even if you count all of the "Wild West" days, I can count on less than one hand the number of times that I, personally, had any sort of infection.

And that's the killer, for me, is that it is just so darned simple to avoid infection by following just a few, very simple, rules. Most attacks, then and now, succeed only because the end user does something that, quite literally, opens the door and invites them in. And these days they often have warnings before doing so that they might want to think twice, but don't. You really can't cure stupid.

Which goes back to my point about how it was really stupid of me to download that tool.

 

[britechguy]

Which goes back to my point about how it was really stupid of me to download that tool.

Which I contest is wrong. When you downloaded that tool, if you're using any modern security suite, it was scanned immediately upon download and before you, as an end user, ever had the ability to touch it. If any of the "commonly circulating" infectious vectors were identified, it would have been quarantined before you ever even had the chance to run it.

The way modern security suites work make the probability of infection, period, very, very small except for the very newest of vectors. And by newest I mean less than hours old. The speed with with definitions update, and the use of heuristic and behavioral analyses, makes it way harder to infect someone these days, period.

That doesn't mean you should be cavalier, by any means, but downloading an unsigned tool already in wide circulation without any reports of issues, from its initial source, can hardly be called cavalier.

 

[nlinecomputers]

Which is highly popular, is not even a week old, and has no less then 18 revisions in his code. It is exactly the kind of software that IT departments would look at in order to gauge future needs. A ripe target for a nation state to use as an attack vector.

 

[Kitten Kong]

Guys, I've had many multiple reports over this thread.

Im going to lock it, until I get chance to edit posts.

It won't be until after the weekend, before I can do anything.

Final notice about personal insults.

Personal insults are against the forum rules. And I have had enough now. Members have been warned many times before. Im going to enforce this rule more thoroughly.

Infractions may be given depending on the severity of comments seen.

Admin note:
Thread has been read through, and any and all comments which break forum rules have been edited, and or removed.
Play nice now.

Thread re-opened.

 

[GTP]

and it passes muster with my security suite (and this does with Windows Security/Defender)

Pretty much anything "passes muster" with Defender...
I was able to download and run this software on a test PC without the slightest concern from Defender.

 

[britechguy]

Pretty much anything "passes muster" with Defender...

Well, we're going to have to disagree vehemently on this. Windows Defender/Security as implemented under Windows 8 and 10 absolutely does not, "let everything pass muster." Just this afternoon I had it flag an ancient Speccy installer that I'd never deleted. I see more complaints about false positives, which I don't have many of myself, than anything else.

Also, the big testing labs disagree with you, too.

Look at the most recent testing results from the following antivirus/security testing labs, along with the historical results from the past several years if you want to see how Windows Security/Defender has been performing. Windows Security has been solidly in the top 10, often top 5, and frequently beats out several well-known competitors that one must pay for.

AV Test

AV Comparatives

SE Labs (Reports Page)

MRG Effitas (360 Protection Testing Category)

 

[GTP]

We've had similar discussions on these forums before.
A large percentage of my business came from scanning and removing malware that Defender never even knew about.
I still scan for and remove remnants of software like Slimware Utilities (albeit on a much smaller scale now as 99% of my clients use Emsisoft) that most "fair dinkum" AV's detect as a matter of course. .
The ones that use Defender are the ones I remove rubbish from. Defender doesn't even blink at Slimware Utilities or hundreds of other regeditors, cleaners etc.

I dont and will never trust "the big testing labs" rather I trust me and what comes over my workbench.

And "the big testing labs" get paid a lot of money to produce these results.
The more money they get the higher up the scale.
Convince me otherwise..

 

[britechguy]

Convince me otherwise..

When anyone says this, you know that the task is, for all practical intents and purposes, impossible.

We'll just have to agree to disagree, both in our personal experiences, and in whether we trust the big testing labs or not.

 

[nlinecomputers]

A PUP is not a virus and many AV programs do not remove them.

 

[britechguy]

We've had similar discussions on these forums before.

A P.U.P. is not a virus or malware and many AV programs do not remove them.

Nor should they (on which I believe we agree). PUP = Potentially Unwanted Program. That doesn't mean malicious. It doesn't even mean that it's not useful. What it does mean is that it can often get on a machine through the loathsome practice of bundling. But even if it did, it's the user/owner of the machine who should be determine whether "potentially" means "actually" or not.

 

[nlinecomputers]

And "the big testing labs" get paid a lot of money to produce these results.
The more money they get the higher up the scale.
Convince me otherwise..

Bull. The lab charges a flat fee for the test and each company pays the same fee. There’s no incentive for what you are implying.

 

[britechguy]

There’s no incentive for what you are implying.

Not to mention that the labs, while they track somewhat closely, as one would expect as far as a "top ten" list, where each lands on it varies quite a bit based on the testing protocols.

But these labs, and over time, are the best objective evaluators we have. Any one of our single anecdotal experiences really don't compare, including mine.

 

[GTP]

Bull. The lab charges a flat fee for the test and each company pays the same fee. There’s no incentive for what you are implying.

Show me the evidence to convince me otherwise.

 

[nlinecomputers]

Show me the evidence to convince me otherwise.

Guilty until proven innocent, eh. With respect you are the one making such a charge and it borders on slander.

 

[GTP]

Guilty until proven innocent, eh. With respect you are the one making such a charge and it borders on slander.

Just an observation and a personal opinion.

My statement was not a question to you directly but a general thought out loud.
I meant no offence to you.

 

[sapphirescales]

Really? Viruses were everywhere back in those days. Most of us techs made the bulk of our money killing viruses.

Well, I still made the majority of my money through hardware failures (mostly hard drives) back then, though virus removal was a much larger percentage of my business, yes. But it's not because of signed software that infection rates have gone down, it's because cybercriminals have changed their tactics. It no longer makes sense to custom build a malicious application in order to trick end users into calling them. Now that the web is more advanced it's easier to just make a fake website that brings up an alert to trick users into calling them. "Viruses" have always been about making money except in the early, early days when they were easy to make and nerds in basements made them for fun. Those days have long since passed.

Ransomware is relatively new to the scene and that does require downloading and executing an .exe file, but Chrome and other modern browsers do an effective job at blocking malicious .exe files. The key here isn't to just WARN a user, as computer illiterate users just hit "OK" or "Allow" or whatever when a warning comes up. The key is to give a computer illiterate user no option to run the file. Chrome does this very well by only offering the option to "Discard" the file. You can keep the file, but in order to do so you have to go up to the hamburger menu, click "Downloads" and click "Keep." 99% of computer illiterate users wouldn't know how to do that, and therefore the software never gets downloaded. Microsoft also does this well with Smart Screen because the only button presented to the computer illiterate user is the "Don't Run" button. In order to get the "Run Anyway" button you've got to click "More Info" first.

And yes, I know you must be thinking that I'm agreeing with your point about software signing being responsible for our virus removal business going out the window, but it's not. It's because of many factors, including what I said before about cybercriminals resorting to popups in browsers vs. making their own software. Also, the web is a LOT more consolidated than it was 10 years ago. I remember reading an infographic a few years back which said that like 10 websites make up the MAJORITY of internet traffic. If you spend all day playing in a sandbox, you're not going to get hit by a car.

 

[NviGate Systems]

I think I'm gonna unsubscribe to this thread, my head hurts.

We've gotten so far off topic we are in a galaxy far far away.

 

[britechguy]

We've gotten so far off topic we are in a galaxy far far away.

Thread drift after initial queries have been satisfied is endemic to the media. Has been since I arrived on the scene since the 1980s.

 

[Sky-Knight]

Which goes back to my point about how it was really stupid of me to download that tool.

I ran that tool on my primary desktop and a test machine this week. EMSISoft's Emergency kit from today identifies no faults with either system. And my Untangle is reporting no strange HTTPs requests coming from either of them.

Now it's possible I missed a session... there are A LOT of https requests to dig through after all. But it's pretty easy to see things going to other nations and usually malware bounces around a fair bit when phoning home.

So while I cannot say with absolute certainty that I'm not infected. I can say that I'm reasonably sure I'm not.

 

[brandonkick]

So Windows 11 Home requires a M$ account, and Windows 11 Pro doesn't?

Is it possible to just create a throw away account, and provide the credentials to the new users with perhaps a print out or PDF on how to change the credentials and a short write up of what the account is, why the need it and so on? Then FABS the data from the old offline account to the new "microsoft" user profile? Or will fabs not do that?

Seems sort of stupid to me. Once the account is set up, the user basically never has to use more than the password.


At any rate, my 1st Gen Ryzen 1700X isn't "supported". Seems kinda dumb. But for me personally, I was planning on building a new main workstation within the next 16 to 24 months anyways. Doesn't matter to me. I can be perfectly happy running win 10 until then.