Reply to post:

'R2D2' stops disk-wipe malware before it executes evil commands

DropBear Silver badge

This doesn't seem to do much against encrypting malware though - ultimately there's no way to know what counts as "destructive", any write operation destroys _something_. Unless you're prepared to use an infinitely versioning file system that preserves anything and everything ever written (yeah good luck with your storage medium capacity) the only viable solution I see is lots of decoy files, monitored by a watchdog that immediately trips and alerts as soon as any of them is written. It would still be an arms race about obscuring vs. detecting which files are the "trap" ones of course...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019