1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Microsoft Says Recovery from Malware Becoming Impossible

Discussion in 'Security and Privacy' started by charlesvar, 2006/04/04.

  1. 2006/04/04
    charlesvar

    charlesvar Inactive Alumni Thread Starter

    Joined:
    2002/02/18
    Messages:
    7,024
    Likes Received:
    0
    http://www.eweek.com/article2/0,1895,1945808,00.asp

    Basically two techniqes to use for the home user in rebuilding a system:

    Divide your hard drive into two partitions, one for the OS - roughly 10/12 GB and a data partition. An introduction to this general theme and a specific guide on moving XP's default folders containing user data such as Favorites, My Documents to the data partition here: http://www.windowsbbs.com/showthread.php?t=49222

    This will allow either a repair or a re install without disturbing user data. Applications will have to be re installed, so make sure that the software setup files are saved, either from CD or in folders on the data partition, and the data partition should be backed up to either removable media and/or external hard drive.

    Another tool to use: drive imaging software. I personally have OS partition images that are no more than 10 days old.

    Regards - Charles
     
    Last edited: 2006/04/05
    charlesvar,
    #1
  2. 2006/04/04
    Christer

    Christer Geek Member Staff

    Joined:
    2002/12/17
    Messages:
    6,566
    Likes Received:
    73
    I have assembled and installed a number of systems. All of them have been fitted with two hard disks with two partitions each. On HDD1, C: for the operating system + programs and D: for user data. On HDD2, E: for backups of user data and F: for images of the system partition. I insist on that for two reasons; to "protect" my work and for easy recovery.

    Not once has any of the systems been restored after any hardware failure but on several occasions after malware or virus infection. One of the users have subscribed to his security program (FireWall and AntiVirus) via his Internet Service Provider and he has been infected on two occasions. Some of the nasties are difficult to get rid of and restoring an image is much quicker. However, keeping the most recent image current is vital to avoid reinstalling anything from updates to Windows or added programs after restoring the last one.

    About the size of the system partition, 10-15 GB is probably enough for most users but some software really deplete disk space. One user, when asked about it, said "I don't know, maybe Photoshop, Pinnacle and some other photo/video editing software ". I played it safe and partitioned his HDD1 C: - 30GB and D: - 130GB ... :eek: ... and he is almost running out of space on C:. My conclusion is that anyone who "doesn't know" and owns a digital camera and/or a digtal video camera and/or a VHS camera will get a system partition of 20-30 GB simply because they "don't know ".

    Christer
     
    Christer,
    #2


  3. to hide this advert.

  4. 2006/04/04
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,068
    Likes Received:
    396
    I couldn't agree more re partitioning schemes.
    I recently put together a new custom system for a friend w/ a 200 gb sata2 hd. I used 3 partitions, 30 gb for os & pgms, a data partition and a restore partition w/ ghost images. Less than 12 hrs later (the following morning) I received a call that went something like this: "what do you know about a program called Spy Falcon? ". I decided the easiest thing to do was to over the phone walk him through restoring using a ghost boot cd I left him. 10 minutes later he was back in business. He was lucky!

    By far, the imaging app is the most valuable and time-saving work-saving software I use.
     
    TonyT,
    #3
  5. 2006/04/05
    Christer

    Christer Geek Member Staff

    Joined:
    2002/12/17
    Messages:
    6,566
    Likes Received:
    73
    If two HDD:s isn't an option, three partitions on the single HDD, the third for images, will provide recovery for the system from software failure and malware/virus attacks but it will not provide recovery from hardware (HDD) failure.

    I have three partitions on HDD1, the additional one holds copies of the most important images. With that setup, I can rebuild HDD1 from data on HDD2 and HDD2 from data on HDD1 (I will lose a few images but ... :cool: ...).

    Christer
     
    Christer,
    #4
  6. 2006/04/05
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,068
    Likes Received:
    396
    agreed, which is why I also supply a custome command line backup script that copies data & burns to a cdrw.
     
    TonyT,
    #5
  7. 2006/04/05
    Christer

    Christer Geek Member Staff

    Joined:
    2002/12/17
    Messages:
    6,566
    Likes Received:
    73
    I knew I should attend those classes ... :( ... but didn't!

    However, in many cases, a "dead" HDD is damaged in the system area but can be connected as slave and user data can be copied over to a new HDD.

    Christer
     
    Christer,
    #6
  8. 2006/04/05
    charlesvar

    charlesvar Inactive Alumni Thread Starter

    Joined:
    2002/02/18
    Messages:
    7,024
    Likes Received:
    0
    I have two internal drives and I dual boot, so I use externals to backup and write the image files for both OS's.

    Having a 2nd drive is the way to go, but for those that don't want to do that, CD/DVD backup works.

    Regards - Charles
     
    charlesvar,
    #7
  9. 2006/04/05
    James

    James Inactive

    Joined:
    2004/07/14
    Messages:
    1,004
    Likes Received:
    0
    Well... I'll be the devil's advocate on this one. The discussion puts me in mind of the survivalists back in the 70's. How well I remember them stockpiling their homemade bombshelters... waiting for the last big nuclear attack (which never came...naturally).

    My own philosophy is simply this: take "reasonable" precautions and don't visit bad places on the internet. I've been online for ten years now without experiencing any of these problems. You say you had a call within 12 hours?! That's completely ridiculous. What on earth is the man doing? I mean... it strikes me that some people may be too dumb to be online.. period. It's sort of a no-brainer that you don't open attachments... executables...visit **** sites... click on links at questionable sites. I use Spyware Blaster, Ad-aware, CounterSpy and AVG. I also use Firefox and an extension called Siteadvisor that warns me of the websites I visit. If the website has a poor rating... I don't go there.

    BUT... I recognize that a few people love to tweak and play with their computers endlessly, building all sorts of nuclear bombshelters for the attack that never comes. Hey... if it floats your boat I say, go for it. As for me... I'll just use common sense. :)
     
    James,
    #8
  10. 2006/04/05
    charlesvar

    charlesvar Inactive Alumni Thread Starter

    Joined:
    2002/02/18
    Messages:
    7,024
    Likes Received:
    0
    Hi James, a number of points here:

    On malware/spyware - you don't have to be "irresponsible" to get infected. I and others have responded to threads on infections for years now, and we know better. For instance, just to take a fairly recent example, the Sony Rootkit debacle. Anyone in all trusting innocence had the potential for an undectable infection. The apps that you mention do indeed cut down on the chances of infections, but they and anything else is not perfect, it is only fairly recently that rootkit detection has been added to security apps, and if detected, good luck in removing it. That holds true of many security apps - the detection is there, the removal is another matter, causing damage to System files.

    The other point is the adage, anything that can go wrong will, from hardware to bad program installs. So why not, with a little work set yourself up to recover far more quickly than you otherwise would?

    Regards - Charles
     
    charlesvar,
    #9
  11. 2006/04/05
    James

    James Inactive

    Joined:
    2004/07/14
    Messages:
    1,004
    Likes Received:
    0
    Good point, Charles.

    Sadly the answer is a relatively simple one: I'm too lazy. ;)
     
    James,
    #10
  12. 2006/04/05
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,068
    Likes Received:
    396
    James

    I build systems for people and do all the installs for 'em as well. I set them up with appropriate antispyware and antivirus too. But realize that at any given time, over 40% of ALL computers online are infected with some sort of spyware.

    That means that at least 40% of all Internet users are ignorant of what spyware is OR some are educated and don't care OR some consider the trade off worth it, such as p2p mp3 and movie sharing users do.

    I partition their drives because I am the one that will be called to fix things. While I am not against getting paid 4 hrs fee to manually undo the damage, I'd much rather undo the damage in 4 minutes, collect a minimum charge fee and spend the next 3 hrs fishing.

    It's not that hard to get infected today. For example, a user goes to google and searches for something like "free real time stock quotes ". The user clicks on a dozen or so search results and one or 3 of them may have a popup window streaming an ad with malicious code. And the user does not know how to kill the processes.

    I myself use partitions and drive image backups and I may very well intentionally execute a virus or spyware just to see what it does and then manually remove it if possible.

    If one is a technician and services systems other than his own then partitioning and drive imaging is essential.
     
    TonyT,
    #11
  13. 2006/04/05
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,068
    Likes Received:
    396
    I use a .cmd file that I write along withb a free commandline cdwriting app called CreateCD.
    http://isorecorder.alexfeinman.com/CreateCD.htm

    This is a sample of a cmd file I use to do the backup:
    Code:
     @echo off
rem backup.cmd
rem copies all Quickbooks files & folders in C:\QBFiles\
rem to D:\Backup\Data
rem then it
rem copies all Access database files & folders in C:\My Documents\Database\
rem to D:\Backup\Data
rem then it
rem burns all of D:\Backup\Data
rem to the DVD-CD RW drive E:
echo START BACKUP OPERATION
echo.
echo WOULD YOU LIKE TO BACKUP NOW?
echo.
pause
xcopy  "C:\QBFiles\*.*"  "D:\Backup\Data\" /s/e/h/y/q
xcopy  "C:\My Documents\Database\*.*"  "D:\Backup\Data\" /s/e/h/y/q
echo WOULD YOU LIKE TO BACKUP TO CD NOW?
pause
start CreateCD -r:F -s:4 -v C:\Backup\Data\*.*
     
    TonyT,
    #12
  14. 2006/04/05
    Christer

    Christer Geek Member Staff

    Joined:
    2002/12/17
    Messages:
    6,566
    Likes Received:
    73
    Thanks Tony, I appreciate it!

    I hope that you're still around if such a method should be requested ... :p ... well, on a more serious note, it seems easy enough to modify your sample to fit other hardware and setups.

    Christer
     
    Christer,
    #13
  15. 2006/04/06
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,068
    Likes Received:
    396
    TonyT,
    #14
  16. 2006/04/06
    RayH

    RayH Inactive

    Joined:
    2002/01/10
    Messages:
    740
    Likes Received:
    0
    In the not too distant past, disk imaging was an expensive proposition especially for someone not to handy at working on a computer. It could go north of $300. Now it can be done for about $80, the cost of an external hard drive and a copy of Drive Image XML, which is free.
     
    Last edited: 2006/04/06
    RayH,
    #15
  17. 2006/04/06
    RayH

    RayH Inactive

    Joined:
    2002/01/10
    Messages:
    740
    Likes Received:
    0
    $60? Never mind that. Microsoft is declaring that malware has advanced to the point that automated processes for wiping the drive clean and reinstall is the most effective way to fight malware. Check the posting here.

    Just use AVG free. It's good enough. Get a disk imaging program with the money you save. If you can finger a slipstreamed Windows XP, then use the free Drive Image XML. It works quite well. But you have to create a BART PE boot disk to run the restore of Drive Image XML. The BART requires files from a slipstreamed only Windows XP.
     
    RayH,
    #16
  18. 2006/04/15
    thehappyman

    thehappyman Inactive

    Joined:
    2005/03/04
    Messages:
    8
    Likes Received:
    0
    100 % System Backup

    After trials and tribulations and much wasted time I have found the solution to my backup requirements.....

    I have a 100 gigabyte laptop drive that I have to back up fairly often. In the old days I tried CD's and the DVD's - All a big waste of time.....

    Now I have two 300 gigabyte Seagate external USB (2.0) drives and I use Norton Ghost to make regular backups about every two weeks... (alternating drives)

    I have had to use the Norton Ghost utility on three occasions so far to restore a totally corrupted system on my 100 gigabyte Laptop.
    Each time the utility has worked perfectly, even updating evey icon on the desktop.... No problems, no flaws...

    I swear by this product.......

    Only thing you need to check before backing up or restoring is that your drives are all reasonably defragmented.

    DiskKeeper ver 9 does a good job of this.....

    Hope this has been of some help to you all.... :) :) :)
     
    thehappyman,
    #17
  19. 2006/04/15
    thehappyman

    thehappyman Inactive

    Joined:
    2005/03/04
    Messages:
    8
    Likes Received:
    0
    Easy to keep things stable

    As for backups, do them often.......
    Also run good spyware and malware programs as well.
    And Run a Strong Firewall and use a good real time Virus Scanner.
    I also run a good registry cleanup program and defragment my main drive quite often.......

    Clean out your cookies and temporary internet files fairly often as well.....
    Never open up any emails or attachments from people you dont know.

    On three ocassions (in the last 10 years) I have had to do a "Complete System Recovery" with my Norton Ghost because of some bad virus or disk corruption problem. Each
    time I have had to do this it has been 100% successful. This also recovers all data files and all Applications.

    That is not a bad record (for 10 years) considering I spend 12 hours a day, every day, on the computer - the majority of it "online "..... (high speed - broadband)

    But to add to that you need to have a good online security system setup (especially if you are wireless like I am) - That means WPA protection at the minimum....... WEP isnt good enough. :) :) :)

    Have Fun.:D :D :D
     
    thehappyman,
    #18
  20. 2006/04/17
    RayH

    RayH Inactive

    Joined:
    2002/01/10
    Messages:
    740
    Likes Received:
    0
    thehappyman It would be a lot easier if you take the suggestion of maintaing a permanent separation of Windows and files by saving the files directly to elsewhere, but C. Partition the internal drive or use on of the external drives; but save it directly to something else but C.

    This has two benefits, first you never lose any data. Next, what you have to ghost is quite small and the task it quicker and easier.
     
    RayH,
    #19

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...