Why not have read-only hdds?

[psychonaut]

thicksantorum:

How do people even get viruses? Are you like… actually allowing ads or something? Haven’t had a virus since win98 days, and even those were my own fault… like how virtually all (barring espionage) virus infections are the user’s fault.

These days it’s not viruses which are the big threat, but rather malware which spammers, script kiddies, and other miscreants use to hijack your machine and serve ads to you, or spam and DDOS attacks to others. Yes, a lot of people probably get infected from neglect or ignorance of very basic security precautions, but some cases I’m sure are the result of the attackers exploiting unpublished or unpatched (by the vendor) vulnerabilities in OS and application software, and which require little or no direct involvement from the victim to trigger.

[Blakeyrat]

blindboyard:

I don’t know about Windows, but in Linux you can set filesystems to mount read-only. If some things need to be written, like an internet cache, you could probably put them in a ramdisk.

Windows has permissions, so you can deny the ability to write to disk for a specific user. The advantage to this over the Linux method is that:

1. If you need certain directories writable (like browser cache), you can just turn the permissions back on
2. If you need to change the software installed (Windows Update), you can log in as Admin and install them, and still run them from your restricted user account.
3. Swap file still works without the headache of creating ram disks

[beowulff]

Blakeyrat:

Windows has permissions, so you can deny the ability to write to disk for a specific user. The advantage to this over the Linux method is that:

1. If you need certain directories writable (like browser cache), you can just turn the permissions back on
2. If you need to change the software installed (Windows Update), you can log in as Admin and install them, and still run them from your restricted user account.

All modern operating systems can do this…

[Blakeyrat]

beowulff:

All modern operating systems can do this…

Well ok but there’s 10 posts above talking about things like turning on jumpers or mounting the drive as read-only, while ignoring the extremely obvious permissions-based solution.

Since I don’t use Linux and the Linux user suggested mounting the drive as read-only instead of simply changing the permissions, I assumed you couldn’t change the permissions that way in Linux. If I’m wrong, I’m wrong.

[Mdcastle]

I’m not dumb enough to claim my free iPad, I get viruses from normal web browsing without allowing anything to run, even in one case from this board. I decided to limit java to my main computer and leave it off the new installation on my laptop since I can do without being able to program my lighting system from my laptop. (I can still operate it with a vanilla HTLM interface that it has, but not make any programming changes.).

Would a virus actually respect permissions? How would I deny permission to the MBR to keep out another rootkit.

As far as Windows Defender, yes it’s free, but questions have been raised about how effective it is compared to commercial offerings, and it’s the program the bricked my windows installation, not the virus itself.