Give them a double washing. More great advice from Fred Langa on his website.
[See the full post at: Fred Langa: How do I safely transfer files from an old, possibly infected laptop to an external HDD?]
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Fred Langa: How do I safely transfer files from an old, possibly infected laptop to an external HDD?
- This topic has 9 replies, 8 voices, and was last updated 6 years, 4 months ago.
AuthorViewing 3 reply threadsAuthor-
-
Actually, Linux is perfectly capable of becoming infected with Windows executables. They won’t damage the Linux OS, so they don’t interfere with Linux operations. But when exposed to an infected Linux computer, a Windows PC can pick up the Windows-targeted executables very easily, and the Windows PC then becomes infected.
This is why there used to be a cottage industry in “Linux Antivirus”, which was really scanning almost exclusively for these transferable Windows-targeted malicious executables. But over time, folks didn’t take up these products in sufficient numbers, and they have fallen by the wayside.
Moral is: when transferring files or data from a Linux installation into a Windows installation, scan every incoming file with Windows antivirus scanners before allowing anything onto the Windows PC.
-- rc primak
3 users thanked author for this post.
-
I think we need to distinguish between being infected with and containing an infected file.
The idea to use a write-protected Linux to retrieve the files might protect you from some type of malware that hide below the file level when reading the NTFS drive from Linux.
Also, if Linux isn’t infected, it insn’t infected. Transferring tainted files doesn’t even mean Windows will be infected either if the file isn’t run in some cases, although yes, in specific contexts if the file was read and triggered a buffer overflow on a vulnerable app in Windows, then you could have the Windows PC infected. The vulnerable app could be an antivirus scanner, an image viewer, a pdf reader, Word, etc.
So using Linux to retrieve data, using an antivirus Linux product, then copying the data back to a clean patched Windows drive and then mounting that up as a data drive only in a clean Windows with an up to date antivirus might be a good idea since you will have more chances to only copy files and avoid rootkit type issues or other Windows antivirus vulnerabilities at the first stage.
Then, you make sure to not run those files or have them read by programs with vulnerabilities for a while. Your risk will still not be 0, but waiting a bit for antiviruses to catch up with the 0 days threats is not a bad idea and will lower your risk at well. That sounds like a lot, but being infected might not be always a minor issue that is easy to fix. And we always need to remember that antiviruses are not a panacea. They might not detect a lot of new or less common malware for a very long time.
1 user thanked author for this post.
-
-
No single antivirus software catches everything: I would run two different AV scanners from Live CD/USB media on the old laptop prior to the scan that Fred proposes after copying the files to the external HDD and plugging it into the new computer.
Some may consider this overkill, but to my mind the extra step is well worth it if I have any reason to believe the old laptop might be infected.
3 users thanked author for this post.
-
I agree. I would also suggest running a rootkit scanner and removal tool.
1 user thanked author for this post.
I would like to point out that many if not most of these stand-alone, bootable scanners have been abandoned by the major AV vendors, and are no longer supported.
Some which are still supported include the ones from BitDefender, Kaspersky and Trend Micro.
If you pretend you’re running Windows 8.1, you can follow those instructions to download and create a CD or USB Flash Drive version of Windows Defender Offline. This may be necessary if your system won’t boot fully into Windows, a common side-effect of an infection. On my Intel NUC with a dual-boot, I cannot get the built-in Windows 10 version of Windows Defender Offline to complete a scan and file its report. Whatever the cause of this abort and restart behavior, I would have to run WDO from bootable USB media. The last update of the bootable form of WDO used WinPE3, which is pretty far out of date.
I concur with Cybertooth that running more than one offline scan is good insurance. Belt and suspenders, you know!
To be honest, since I use system image backups and full data backups, as well as drivers and some configuration files, I’d rather just do a low-level disk reformat and reinstall Windows 10 from my backup image. Making sure of course that the image selected was from before the infection was suspected. That’s the only way to make sure nothing survives the cleanup, unless hardware microcode or firmware got infected, which can happen these days.
-- rc primak
2 users thanked author for this post.
According to Alex Eiffel: ” …yes, in specific contexts if the file was read and triggered a buffer overflow on a vulnerable app in Windows, then you could have the Windows PC infected. The vulnerable app could be an antivirus scanner, an image viewer, a pdf reader, Word, etc. ”
To me, as written, and correct me if I am wrong, as I might well be, this suggests that scanning the copied files for viruses and other malware can trigger an infection, which would run contrary to the advice of scanning with antivirus also offered here and, to me again, seems like a logical precaution. Perhaps someone could explain this, as this is a topic of considerable interest, so others non-experts might not be left, on reading these entries, equally puzzled as I am.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
scanning the copied files for viruses and other malware can trigger an infection
I’ve never seen that happen.
-
https://borncity.com/win/2017/06/30/stack-buffer-overflow-vulnerability-in-avast-antivirus/
https://landave.io/2017/06/avast-antivirus-remote-stack-buffer-overflow-with-magic-numbers/
Although you might not have seen it, antivirus are a great asset to compromise due to their low level access to the OS…
So, Oscar, to respond to you and other users, yes, in theory, it would be safer although not very useful to just copy your files on Windows and let them sit there forever without ever opening them with an antivirus or anything else until you end up switching to Linux. 😉 And it would be safer to never use the Internet, or your computer.
Jokes aside, this is a good question. One maybe reasonable compromise would be to let them sit a few days if possible so if any vulnerability that is not kept very secret by some dark organization or nation got out and was patched, your antivirus would not be vulnerable anymore. But, yes, this might not be a very high risk anyway since vulnerabilities known only to secret organizations might be used mostly to do targeted attacks, it’s just for the sake of being rigorous that I mentioned antiviruses among many other apps. Those things exists. Antivirus are complex products that read files so of course they are not immune to these type of vulnerabilities.
But my suggestion to let files sit a bit was not just for antivirus vulnerabilities, but to give a bit of time for antivirus to catch up with the latest malware signatures so that a virus that had infected you on the other computer might now be recognized before you open it again with a vulnerable app, antivirus or another.
1 user thanked author for this post.
-
Viewing 3 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Have Copilot there but not taking over the screen in Word
by 5 hours, 21 minutes ago
-
Windows 11 blocks Chrome 137.0.7151.68, 137.0.7151.69
by 1 day, 9 hours ago
-
Are Macs immune?
by 5 hours, 33 minutes ago
-
HP Envy and the Function keys
by 17 hours, 34 minutes ago
-
Microsoft : Removal of unwanted drivers from Windows Update
by 1 day, 21 hours ago
-
MacOS 26 beta 1 dropped support for Firewire 400/800
by 1 day, 21 hours ago
-
Unable to update to version 22h2
by 11 hours, 55 minutes ago
-
Windows 11 Insider Preview Build 26100.4482 (24H2) released to Release Preview
by 2 days, 4 hours ago
-
Windows 11 Insider Preview build 27881 released to Canary
by 2 days, 4 hours ago
-
Very Quarrelsome Taskbar!
by 1 day, 14 hours ago
-
Move OneNote Notebook OFF OneDrive and make it local
by 2 days, 17 hours ago
-
Microsoft 365 to block file access via legacy auth protocols by default
by 2 days, 6 hours ago
-
Is your battery draining?
by 17 hours, 53 minutes ago
-
The 16-billion-record data breach that no one’s ever heard of
by 4 hours, 52 minutes ago
-
Weasel Words Rule Too Many Data Breach Notifications
by 2 days, 21 hours ago
-
Windows Command Prompt and Powershell will not open as Administrator
by 7 hours, 48 minutes ago
-
Intel Management Engine (Intel ME) Security Issue
by 2 days, 6 hours ago
-
Old Geek Forced to Update. Buy a Win 11 PC? Yikes! How do I cope?
by 1 day, 22 hours ago
-
National scam day
by 1 day, 5 hours ago
-
macOS Tahoe 26 the end of the road for Intel Macs, OCLP, Hackintosh
by 2 days, 1 hour ago
-
Cyberattack on some Washington Post journalists’ email accounts
by 3 days, 22 hours ago
-
Tools to support internet discussions
by 2 days, 11 hours ago
-
How get Group Policy to allow specific Driver to download?
by 3 days, 13 hours ago
-
AI is good sometimes
by 4 days, 5 hours ago
-
Mozilla quietly tests Perplexity AI as a New Firefox Search Option
by 3 days, 20 hours ago
-
Perplexity Pro free for 12 mos for Samsung Galaxy phones
by 5 days, 6 hours ago
-
June KB5060842 update broke DHCP server service
by 5 days, 4 hours ago
-
AMD Ryzen™ Chipset Driver Release Notes 7.06.02.123
by 5 days, 8 hours ago
-
Excessive security alerts
by 3 days, 23 hours ago
-
* CrystalDiskMark may shorten SSD/USB Memory life
by 5 days, 18 hours ago
Remembering Woody
