• Create Account

## Prevent Losing Entire Project To Malware

Old topic!

Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

20 replies to this topic

### #1RalemProductions  Members

224
Like
0Likes
Like

Posted 17 May 2014 - 09:12 PM

So I was working on a game for several months and it got encrypted by some ransomware named Cryptoware. I have a separate computer I use for my game programming, so I thought my computer was safe, but that turned out to not be the case. Any advice on what I should do in the future to prevent such catastrophes? I am a solo game developer so I don't have much of a budget, but would like to know what the options are.

### #2Shane C  Members

1368
Like
0Likes
Like

Posted 17 May 2014 - 09:14 PM

Do you have a good, name brand antivirus program?

Getting the subscription to this is worth the money. My Norton has alerted me to viruses before.

### #3RalemProductions  Members

224
Like
0Likes
Like

Posted 17 May 2014 - 09:20 PM

I was using Ad-Aware, but due to it not catching the malware I have stopped using it.

### #4phil_t  Members

7651
Like
19Likes
Like

Posted 17 May 2014 - 09:31 PM

POPULAR

You should be using a version control system on a remote server (e.g. github). If your computer dies or your files are held for ransom by a virus, you can just go back to the latest version that you checked in.

### #5Crypter  Members

748
Like
4Likes
Like

Posted 17 May 2014 - 09:47 PM

Sorry for the loss.

It is strongly encouraged to always make backups; version control software is also worth checking into (we use BitBucket with Mercurial) and is the recommended suggestion for software projects.

This is a good reminder to everyone - if you have not made any backups yet, do it now.

I suggest MalwareBytes AntiMaware; its free (although there is a paid pro version) and can both remove it and can potentially aid in preventing it. Please reference this post regarding Crypto Locker and how to remove it if not already done so (note however that your documents cannot be uncovered unfortunately.) Alternatively the Norton anti-malware suite is also really good although a bit expensive.

This one might also be useful to try. Particularly the section about recovering files from shadow copies if system restore is enabled. However I cannot guarantee it will work.

Edited by Crypter, 17 May 2014 - 09:58 PM.

### #6TheChubu  Members

8954
Like
4Likes
Like

Posted 17 May 2014 - 10:01 PM

You should be using a version control system on a remote server (e.g. github)
This.

I use Bitbucket with Mercurial. But there are plenty options (Github, SourceForge, Bitbucket, etc). Find one that works nicely integrated into your IDE of choice and off you go.

"I AM ZE EMPRAH OPENGL 3.3 THE CORE, I DEMAND FROM THEE ZE SHADERZ AND MATRIXEZ"

My journals: dustArtemis ECS framework and Making a Terrain Generator

### #7ikarth  Members

969
Like
2Likes
Like

Posted 17 May 2014 - 10:05 PM

For the future, as several people have stated, source code control is a must. And it'll help prevent all kinds of other issues, like accidentally breaking your game and forgetting which change introduced the bug.

The easiest way to get started, if you are on Windows, is to download SourceTree and set up a remote repository on GitHub or BitBucket. All of which are free.

### #8SerialKicked  Members

583
Like
0Likes
Like

Posted 17 May 2014 - 11:47 PM

sad. If it's a recent Cryptoware version, your resources are indeed forfeit.

Take a good firewall and learn how to use it  (comodo is free and has no glaring flaws I could bypass with 10 lines of code, contrary to Norton and too many)

Keep your OS up to date

Remove JAVA from your browser (and ideally flash)

Anti virus are mostly useless against new / recent threats, even old ones when they went through some kind of encryption i wont bother to explain in details, let's just say it gets encrypted using genetic methods until it can't be detected by AV anymore (all of that perfectly automated in the delivery server).

Also, backups and remote repository as said by the others.

### #9Aardvajk  Members

12284
Like
0Likes
Like

Posted 18 May 2014 - 08:00 AM

Any advice on what I should do in the future to prevent such catastrophes?

Any idea how you got the virus in the first place? Would be good to know so I can avoid doing the same thing (assuming it wasn't some silly way that you should have know better of course )

Yes re backups. I would have thought HDD failure was a more likely occurrance than a serious virus assult on a modern OS and all the protection software in the world won't help you if your disk goes bye bye.

Edited by Aardvajk, 18 May 2014 - 08:01 AM.

### #10swiftcoder  Senior Moderators

17830
Like
0Likes
Like

Posted 18 May 2014 - 08:15 AM

Run an up-to-date OS (Windows XP, Vista, 7 and 8.0 do not count). Make sure Window's Defender is active and updated. Make sure your firewall is active. Use Chrome or FireFox with AdBlock installed, and make sure plugins like Java and Flash are running on a whitelist model (i.e. approve manually for each site, rather than blacklisting specific sites).

I have never, ever had a virus or malware problem on a personal computer (though to be fair, I spend more of my time on Mac or Linux than I do on Windows). It's mostly a matter of not taking silly risks, and BACKING UP *all* your data.

Tristam MacDonald - Software Engineer @ Amazon - [swiftcoding] [GitHub]

### #11the incredible smoker  Members

453
Like
0Likes
Like

Posted 19 May 2014 - 07:51 AM

I was wondering maybe next time you take a offline pc for programming ?, its not safe otherwise.

( Look i,m not so crazy after all !, saying with all the updates its save : thats crazy )

Edited by the incredible smoker, 19 May 2014 - 07:52 AM.

S T O P   C R I M E !

Visual Pro 2005 C++ DX9 Cubase VST 3.70  Working on : LevelContainer class & LevelEditor

### #12swiftcoder  Senior Moderators

17830
Like
2Likes
Like

Posted 19 May 2014 - 08:49 AM

saying with all the updates its save : thats crazy

Millions of people around the world use computers every day. If they were all that easily wiped out by malware, the whole system would have fallen apart years ago.

Tristam MacDonald - Software Engineer @ Amazon - [swiftcoding] [GitHub]

### #13dmatter  Members

4430
Like
2Likes
Like

Posted 19 May 2014 - 09:35 AM

I use several computers in a week, I do a lot of travelling too. I always have to expect that I'll drop/lose/break a laptop, or that a harddrive will fail. There's simply no way I can trust a single computer with all my stuff, it's not safe, nevermind impractical.

For code I use Github/Bitbucket, so all my computers can pull/push the latest and greatest version of the code. If I lost code on one computer it would be no big deal.

For 'active' files in recent use I use OneDrive as my main documents location which syncs with all my devices, very convenient. Dropbox and Google Drive would be just as good too.

For other less-used files I have a terabyte NAS at home which serves as a backup location and does reasonably well. Although I have recently entered a situation where there are files that exist solely on the NAS, so it is no longer a backup of those and I need to work something out. I am thinking that Amazon Glacier could be a good solution.

At the end of the day it all comes down to backups and keeping those organised (you don't want to have different versions of the same file on different devices). For code a VCS like Git makes that really easy.

Edited by dmatter, 19 May 2014 - 10:23 AM.

. David Gill :: GitHub :: twitter .

### #14Promit  Senior Moderators

12537
Like
5Likes
Like

Posted 19 May 2014 - 11:28 AM

POPULAR

Run an up-to-date OS (Windows XP, Vista, 7 and 8.0 do not count).
I'm sorry but 7 absolutely DOES count (assuming it is service packed). As long as it's not an end of life product, Microsoft is continuing to issue security patches. There's nothing about 8.1 that improves security over 7 when both systems are properly maintained.

First of all: any file you don't want to lose should be able to survive the total physical destruction of any given computer you own. Ideally all of them, and your house. Personally I like using a combination of externally hosted cloud backup services, internal backup, and good old external source control. Second: you need to figure out how and why you're getting virused, because that's a problem in itself.

SlimDX | Shark Eaters for iOS | Ventspace Blog | Twitter | Proud supporter of diversity and inclusiveness in game development

### #15lunkhound  Members

1211
Like
0Likes
Like

Posted 19 May 2014 - 02:08 PM

I keep all of my important files on a dedicated fileserver which serves them up as SMB shares to my Windows boxes.  The fileserver is running a free variant of the Solaris OS with the ZFS filesystem and I'm using the free version of Napp-it to take ZFS-snapshots daily, weekly, monthly, and annually.  This lets me go back to earlier versions of my files from my Windows machines.  From the Windows machines, the snapshots are read-only, so a virus on Windows can't alter or erase them.  I keep the fileserver behind a hardware firewall which blocks (almost) all internet access to keep it safe from malware.

The fileserver uses disk mirroring to keep redundant copies of everything, and ZFS has block-level checksumming and auto-self healing to protect against hard drive errors or failure.  The fileserver also uses ECC RAM to protect against in-memory data corruption due to cosmic rays or whatever.

In addition, the fileserver is backed up to the cloud, so even if the fileserver and all of my computers were destroyed, I could still recover my data.

I've been using a setup like this for about 4 years now and haven't lost any files in that time.  I've found the snapshots useful on occasion, and the ZFS checksumming detected when one of my enterprise-grade drives started writing tons of errors after working perfectly for years.  Fortunately the other drive in the mirror still had a perfect copy of everything, so after replacing the drive and a few hours of resilvering everything was fine.

Also, I don't recommend using Visual Studio to edit your source files directly on a network share.  It will slow down the UI thread to a crawl because of intellisense and the fact that Windows won't cache files on a network share.  It probably slows down compile times as well.  So I work on a local copy and I use a program called FreeFileSync to mirror my work to a location on the network share where it can get snapshotted and backed up remotely.

### #16VildNinja  Members

745
Like
0Likes
Like

Posted 19 May 2014 - 03:02 PM

Sorry for repeating, but this is important!

Don't trust any computer! They tend to die. I have never been subject of serious malware, though I don't take much precaution - keep windows updated and disable plugins by default in chrome. I have however had computers and external hard drives die on me, on several occasions. Even had a paid vps host provider delete my node!

If you care about a file you make sure to have a backup! and for software projects this is particularly easy! Subversion is super easy to get running, and for open source projects Google Code is perfect. Subversion is however not preferable for a team project, as it only have one branch. Git is my preferred choise. For individual projects it is as simple as subversion (tortoise both have a svn and git client). GitHub and Google Code both offers free git hosting for open source projects, and GitHub is very cheap for their low-tier private hosting.

But do keep in mind that most "backup" solutions states that they are not responsible for any loss of data. So make sure to have a local version of your data as well

Also relevant read: http://kotaku.com/5850245/burglary-delivers-huge-setback-to-indie-game-project-zomboid I love this game, but this was SO preventable!

### #17swiftcoder  Senior Moderators

17830
Like
0Likes
Like

Posted 19 May 2014 - 03:03 PM

I'm sorry but 7 absolutely DOES count (assuming it is service packed).

My point was that is a big assumption. Many of the Windows 7 boxes floating around out there seem to be in some sort of limbo with respect to patches, and if you aren't the kind of person who applies regular OS upgrades, forgive me for doubting you are the kind of person to apply regular security patches.

Tristam MacDonald - Software Engineer @ Amazon - [swiftcoding] [GitHub]

### #18Servant of the Lord  Members

33553
Like
0Likes
Like

Posted 19 May 2014 - 03:03 PM

I also have a NAS, and also back up my project via BitBucket.

Unfortunately, I think Cryptoware writes to networked drives as well, so a NAS in that circumstance wouldn't help much. The virus doesn't need to be able to infect the linux NAS machine, it just uses NFS to overwrite the files. The fact that the NAS is mirrored in RAID 1 wouldn't help - the overwritten files would also get mirrored. The fact that the backup software I use is incremental and keeps multiple versions going back for several weeks wouldn't help - the old backups are also just files that would get overwritten by the virus.

A harddrive that is unplugged from the computer, and only plugged in when making the occasional backup, or online backup services that keep previous backups, would offer protection from this type of attack. But the harddrive can fail (or you can forget to regularily backup), and the online backup service can have problems or make mistakes. A multi-pronged approach is necessary.

Completely file protection seems to be an illusion, and one I was worrying about a few months ago. The question for me was, what precautions can I take, within my budget, that provides reasonable protection, and gives me enough peace of mind.

Online backup costs $80-$120 a year. I tried [Mozy] and [CrashPlan]. While liking CrashPlan slightly better, I ended up cancelling that subscription too. Partly because I'm often in rural areas (moving back and forth between Kansas City and rural Missouri for many months out of the year) and my internet UP speed is very poor, but also because neither service really gave me peace of mind because I had no real guarantees or confirmation that my backed up files would actually be retrievable in the event of a disaster.

My NAS cost me <$300 ($150 for the box, \$120 for x2 1TB WD Red Drives)  (and will probably last me 5+ years). But it's vulnerable to other kinds of disasters, like the virus you got and house fires or direct lightning strikes overpowering the power lines despite the surge protectors (surge protectors protect from surges, not close lightning strikes).

For security, which is still susceptible to human error by clicking on the wrong link, I use SpyBot Search and Destroy (free) and Microsoft Security Essentials (free), and use Google Chrome (free) instead of the default Internet Explorer.

Edited by Servant of the Lord, 19 May 2014 - 03:38 PM.

It's perfectly fine to abbreviate my username to 'Servant' or 'SotL' rather than copy+pasting it all the time.
All glory be to the Man at the right hand... On David's throne the King will reign, and the Government will rest upon His shoulders. All the earth will see the salvation of God.
Of Stranger Flames -

### #19lunkhound  Members

1211
Like
0Likes
Like

Posted 19 May 2014 - 03:29 PM

I also have a NAS, and also back up my project via BitBucket.

Unfortunately, I think Cryptoware writes to networked drives as well, so a NAS in that circumstance wouldn't help much. The virus doesn't need to be able to infect the linux NAS machine, it just uses NFS to overwrite the files. The fact that the NAS is mirrored in RAID 1 wouldn't help - the overwritten files would also get mirrored. The fact that the backup software I use is incremental and keeps multiple versions going back for several weeks wouldn't help - the old backups are also just files that would get overwritten by the virus.

A harddrive that is unplugged from the computer, and only plugged in when making the occasional backup, or online backup services that keep previous backups, would offer protection from this type of attack.

Actually, a ZFS-based NAS *could* protect against such a virus.  ZFS snapshots are a filesystem feature, not files--you can delete every file and folder on the filesystem but the snapshots are still there.  The snapshots are basically read-only from Windows.

### #20Servant of the Lord  Members

33553
Like
0Likes
Like

Posted 19 May 2014 - 03:52 PM

Actually, a ZFS-based NAS *could* protect against such a virus.  ZFS snapshots are a filesystem feature, not files--you can delete every file and folder on the filesystem but the snapshots are still there.  The snapshots are basically read-only from Windows.

Interesting, I didn't know that was available as a feature. I'll have to check if my NAS has that currently enabled, though I don't recall seeing that as an option. Currently my incremental backups were done by software from Windows (I use Cobian Backup for that), which saves the incremental changes as files and would be affected by that type of virus. As far as those backed up files go, I definitely can write, read, and delete them from Windows as a networked drive - whether or not the NFS filesystem duplicates are being created that are inaccessible or read-only to Windows, I'm not sure.

Thanks for the heads up, I'll need to check that out!

Edited by Servant of the Lord, 19 May 2014 - 03:55 PM.

It's perfectly fine to abbreviate my username to 'Servant' or 'SotL' rather than copy+pasting it all the time.
All glory be to the Man at the right hand... On David's throne the King will reign, and the Government will rest upon His shoulders. All the earth will see the salvation of God.
Of Stranger Flames -

Old topic!

Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.