New
#10
It is history on my machine. I never like it anyway.
This^ It's even in the source. "There isn't a simple fix," he said. Although many services now offer two-factor authentication and notifications when unauthorized access is detected -- such as from a new computer or an entirely different geography -- Schulman said many people either ignore those notifications or choose not to do anything about them." Just do something about it. Turn on two step protection.
And to further add, the attacker has to get onto your computer first. In order to get that token file. So really the sky is not falling like some want to proclaim.
I am not worried about this. The cloud has saved my butt so many times! Plus, like the couple of previous comments, there is something I would need to do first to allow this exploit.
Hi there
The expression "Cloud Cuckoo Land" was obviously created with these services in mind.
In any case I often use machines NOT 100% TETHERED to the internet. What some of these cloud services REALLY want to do is sucker you in so you rely on them and then they'll start charging you.
If you MUST use these services just hold data on it that you really don't care if others can grab it. Never keep personal data / Bank details / passwords / addresses etc etc. on them.
If you take sufficient LOCAL backups your data and system should always be safe.
Cheers
jimbo
That's right, as most have already said, this is really not a problem unless you log in and put data there, otherwise just ignore it.
However for those people who insist and still want to uninstall it (not that you need to) ...there is a way.
(note though, any OS upgrade or major update you do (I've not tested SFC yet) will just install it again, but no problem you can just simply run the uninstaller again - tested, works well, for many months now)
See Here
I'll just like to add. If an attacker can get this token file for one of your cloud storage solutions. Do you really think they will bother with that? Because you may not know this, but why would they bother getting a token file when they can just download your passwords instead? Either directly from your browser or from whatever application you are using to store your passwords.
You see the moment an attacker as system level access to your computer, it is game over. They can do anything and get anything from you that they want. Waste time downloading some token file when they can get all the keys to the kingdom? Your best option is to avoid letting an attacker on your system in the first place.
Second. Where ever you can enable two-factor authentication. It may be annoying at first but it will save your butt from someone trying to log into your account from an unknown source.
I will remove Onedrive, just use a passport 1T I think its
Onedrive should have been uninstallable. But MS didnt think. So now its a not only Malware, its a huge security risk. I bought Home for my other computer, we'll see if Onedrive is deletable again. I had to delete it in Win8.1.
What I wanna know is why 10 has to be connected to the internet to create alternate User accounts.