• acetanilide@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    7 months ago

    This is fascinating to me because I was taught not to restart your computer if you suspected malware because restarting it would basically activate it

    • RGB3x3@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      2
      ·
      7 months ago

      You can’t activate malware by restarting your system. There’s no reason why an attacker would wait for a restart to do what they want to do.

      What can happen is that restarting doesn’t help fix anything related to malware if the malware has been written to gain persistence. It’ll edit the registry so that it can run on startup, so restarting your system makes no difference.

      • yildolw@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        7 months ago

        They might be thinking of malware spread on floppy disk or a usb stick. A restarting computer with sus media inserted might have treated them as a boot device back in the day and run the executable code with higher privileges

      • CameronDev@programming.dev
        link
        fedilink
        English
        arrow-up
        4
        ·
        7 months ago

        It would entirely depend on the design of the malware. If a malware author wanted to chronologically separate infection from detection, doing persistance and then not activating until next reboot wouldnt be unreasonable.

        For example, if a user visits a site, and 10 seconds later their PC gets cryptolockered, they can report the site. If they visit a site, and then a hundred others, and then 10 days later their PC reboots and gets cryptolockered, they will have no idea which site did it.