in an accident your hand will cuts, so your hand is cuted and won't matter if you got a doctor right there or you have a doctor after 3days
right? ))
I would know because I've been in this situation, sliced my hand open and almost lost a finger on a railway station fence at my school and had to get transported to St. Georges for a plastic surgery operation; guess what, I had to wait until the following day for the operation because a child with a broken bone had to be attended first for the operation. What did they do during the 6 hours I was there (got let out at half one in the morning)? They patched up the cut enough to stop the blood from leaking out any further, enough to wait for the 15 dozen stitches the following morning... It wouldn't have made a difference if they did the operation that same night or the following morning.
first , all attacks are not Ransomwares, and you should know that speed is improtant in such these processes.
second, about that part of your sentence which a vendor like Emsisoft, Emsisoft in this term is something like BleepingComputer, just some good programmer which can make a decryptor for some Ransomwares, so Emsisoft is not only one and is not even one of their improtant one , take a look at this link:
Dr.Web — Encryption ransomware — Encoder (Cryptolocker)
You're right, not all attacks are ransomware-related... I don't recall saying this at all, which is good because I didn't (thank god my memory is still working). However, ransomware is very common in the wild these days since malware authors have a main goal of making money as opposed to just causing destruction these days.
In the case of a ransomware or any infection which affects the files themselves (e.g. virus infection), then there is nothing anyone can do to get back your files unless: the infection can be reversed (possible with some ransomware samples but very unlikely with viruses); or you have a system backup - therefore a backup image is reliable and important to have at all times, no matter how beginner or advanced of a user you are. If the infection is ransomware or virus related then by the time you notice there is a problem to gain any support, the damage is likely to have already been done; depending on the sample, the damage may be able to be reversed, however in some cases it cannot - if the damage cannot be reversed (e.g. strong ransomware sample or advanced virus PE infection) then the only option to get your files back would be through a backup, and the best option for cleaning is a format... If the damage can be reversed, then it neither matters how long you wait for support because the issue will be resolved.
When you request support, it's always best to use another system and to boot into safe mode to perform activities on the infected machine - a lot of people are already aware of this, and as a natural instinct some people will turn off the infected machine/disable the internet connection as soon as they believe there is a problem (not everyone, but a lot of people).
In most scenarios, waiting a few hours or waiting a few days will make absolutely no difference.
The point I am trying to make is that your point on the response times for malware removal support is flawed, because if the damage can be reversed then it'll be done even if you have to wait a few more days, and if the damage cannot be reversed then you've lost regardless of the support times... The only time your logic is not flawed is when it's applied to a backdoor-infection/data theft scenario, where the attacker can continue controlling your system to keep doing more and more damage; disabling the internet connection once you believe you are infected will resolve this problem, and also prevent any existing malicious software from contacting any available C&C servers for more instructions to do any more damage - in the case of a keylogger infection, it wouldn't matter if keystrokes were recorded, since if there is no internet connection then the information cannot be sent back anyway.
Whereas, with your logic, you are basically saying:
1. I have been infected with ransomware and all my files have been encrypted... It is ridiculous to wait 1-2 days for support from Emsisoft when I can get it that same day from Dr. Web... -> there won't be a difference in support since you're files are already lost. The reply time difference doesn't change anything.
2. I have been infected with a PE infector and my files are executing the virus loader code before they actually start-up to search for new files to infect. It is ridiculous to wait 1-2 days for support from Emsisoft when I can get it that same day from Dr. Web... -> once again, both of them will do the exact same thing in 99.9% scenarios; suggest you to format the system and reinstall the OS.
3. I have been infected with a keylogger -> 9/10 by the time you realize something is wrong, the keylogger will have already sent your keystrokes to the attacker and stolen whatever credentials you had been using the entire time it was active. Turn off the system/disable the internet connection and request support from another system -> same results.
Regardless of the situation, the best option is to always format the system - if you do not format the system you will never know if the system will ever be fully clean again, even if your AV scanners tell you it is... Unless you have the original sample/s to know how they worked to trace back every action it could do, you will never know if your system is back to how it really was without: using a backup; or formatting the system and re-installing the OS. A good example of this scenario would be with a rootkit, where your AV scanner may clean things (or even support may tell you it's clean after giving you some scripts -> traces are still left deep down, infection is still active somewhere but no one knows about it).
you don't have to , if your vendor have a phone support
, and as i said you will have to wait even if have access to Emsisoft forum.
Using phone support is even worse than using online support from another system, what are you going to do, read out the logs to them and manually type in the god-knows-how-long script into your system (case-by-case basis depending on how long a repair script could be, etc.). Using scanners and relying on them to clean your system as opposed to formatting it is just retarded unless you know exactly what the infection was and how it worked. The BEST option is to format, and that is not an opinion, that is a FACT.
-----------------------------------------------------------------------------
If you format your system then the only way malicious software can return is through infection of the firmware prior to the format, or hardware hacking... Firmware and hardware infection is an incredibly difficult thing, I don't think you realize how tricky it is to get started in that. Whereas, concealing evidence of an infection to trick anyone who is manually on your system, fooling AV scanners and logging tools (such as Farbar Recovery Scan Tool) is incredibly easy compared to infecting the firmware for example...
-----------------------------------------------------------------------------
Basing how good a vendor is due to it's malware removal support is stupid, for the reasons above, but also because relying on them to clean your infected system is dumb in the first place - they cannot know if the system is ever going to be 100% clean again without formatting unless they had the sample/s which infected you in the first place, and chances are they won't know which sample/s were responsible. A security product is good for preventing an infection, but you'll become infected anyway if you don't make good decisions since nothing is full-proof as you've already said countless times (I can definitely agree with you on that one).
At the end of the day, you need to make sure you have a backup regardless of what vendor you are relying on for protection - if you get infected then revert with the backup or format the system and start fresh, don't even bother with malware removal services because they are a waste of time in a lot of cases... Even if you prefer not to format, it's the most secure option - once again, that's not an opinion, it's a genuine fact and if you cannot believe that then that tells me everything I need to know, period.
-----------------------------------------------------------------------------
You might think that
@Umbra and his posts are a joke but you can learn a lot from his posts, I've learnt a lot from them in the past. What he was saying earlier about formatting for example, it's based on facts and not opinion... And he is a genuine technician so of course he would know. The other things he's mentioned, such as usage of forensic tools, it's all accurate information as well.
Now moving back to opinions and not facts, I think that as long as a vendor can provide support on fixing issues and using the product itself (generally speaking) then it's perfectly fine. But if you really want to avoid a company just because they want to help people without money as well, well that says a lot...
If everyone was treated differently because of their background and money income then this world would be even crueler than it already is.. I can't even believe we are even having a discussion about all of this, it's quite embarrassing.
But honestly do/think whatever you want. I've expressed my point of view in exchange, there is no problem here... I can't change your opinion and we're all entitled to one.
