|
| |||||||
| Hardware Computers, displays, tablets, scanners, cameras, printers, etc. |
 |
| | Thread Tools |
|
#31
11-17-2005, 10:26 AM
| |||
| |||
| End of discussion? Some people can get rid of anti-virus protection. Some people would like to ride bareback through the Valley of evil. I've been running partitions for more than 5 years without a problem... It's the use of restore points that is relatively new to me. There is more to it than first appearance. I don't think I was alone when I was using the old formatting C: (only) technique.. even among those running protection, and I think I was a late comer on the system restoration scene. Even after I started using the restore point there were always many forgotten utilities... for instance FTP .. I seldom used it, so it was seldom in place when I needed it. Making a simple transfer a bit more difficult. From these minor annoyances grew the idea of a restore point with everything in place. I'm sure the idea has crossed many minds... my notice here is for those whose hasn't.... and to confirm to that it works for those considering it.  |
|
#32
11-17-2005, 11:54 AM
| ||||
| ||||
| These links may help some members. http://support.microsoft.com/Default.aspx?kbid=831829 http://www.microsoft.com/technet/pro.../faqsrwxp.mspx http://www.microsoft.com/uk/business...ist/step1.mspx http://www.microsoft.com/uk/business.../article2.mspx And for those running Windows XP SP2 only, check your full system on the link below http://safety.live.com/site/en-US/default.htm Also see this item on system restore. http://www.computing.net/windowsme/w...rum/45340.html Last edited by chrishoggy; 11-17-2005 at 12:15 PM. |
|
#33
11-17-2005, 01:40 PM
| |||
| |||
| Ain't you Slick! Your link on restoration is for win/ME only.. misleading to anyone trying to figure out what we are talking about... RestoreIt simply copy's everything on the Hard drive ... then when needed formats the hard drive and re-installs the system exactly as it was when the restore point was created.. This is a viable alternative to security.. or for that matter could be used with security.. although that might be more difficult given the numerous updates needed bvirus protection. Running around the Web Exposed as I am my computer has been HiJacked.. more so recently but usually after I have downloaded something large. I"ll notice that my modem is sending when it shouldn't be.. If the download was something I want to keep I move it to the other partition (no problem so far) and then use the restore point. Occasion virus scans at Trend Micro show all partitions clear. |
|
#34
11-17-2005, 01:41 PM
| ||||
| ||||
| In the case of an infection with a kernel mode rootkit, doing a system restore will not remove the Malware. System Restore only applies to User Mode, and does not affect your kernel structure, which has been modified by the infection to make detection or removal of the infection very difficult (and often impossible). So Rondon, your method may work well generally, but does not provide protection against some of the more recent infections which are currently doing the rounds, and which are becoming more and more common. (At least 3 worms currently active carry a rootkit). |
|
#35
11-17-2005, 01:55 PM
| |||
| |||
| willing to listen Well Garyl .. maybe!.. I'm not enough of a techie to understand where the kernel structure dwells.. below is from the RestoreIt Page ------------------------------- RestoreIT resides between the system BIOS of a PC and its operating system. During installation, the software creates a hidden partition where it saves complete (static) and partial (incremental) restore points. Unlike other data backup utilities, RestoreIT enables both file-level recovery, allowing you to undo changes to a personal file by returning it to an incremental backup point, and system recovery, which restores every file on a hard drive to a chosen static backup point. ----------------------------------------- Is the Kernal structure part of the BIOS ? |
|
#36
11-17-2005, 02:02 PM
| ||||
| ||||
| System restore in any windows OS (ME, 2000 Pro or XP etc) only restores the files it monitors. If you have a virus located in My documents folder for example, system restore will NOT touch it as it is user data. The same goes for any other folders or data files classed by system restore as user data (created by the user). This can be downloads or any file type for that matter. Viruses worked round the system restore program within days of Microsoft introducing it years ago when ME was released. RestoreIT works the same way as the Packard Bell recovery system, by using a hidden partition on the drive. Both are still open to virus attack/corruption, and by saving files to another partition you are wiping out any work done by RestoreIT. Last edited by chrishoggy; 11-17-2005 at 02:19 PM. |
|
#37
11-17-2005, 03:00 PM
| |||
| |||
| you said: System restore in any windows OS (ME, 2000 Pro or XP etc) only restores the files it monitors. well this brings us to where our thoughts differ... With Windows XP I thought I had made restore points as deep into the system as RestoreIt goes.. The computer isn't here or anything with windowsXP on it so I can't go take a look. but I do know this. I used the factory restore point on that computer... installed all the software wanted, set the preferences then made a new restore point... It was my nieces computer which was riddled with viruses,worms , etc. She took it home and got it setup for her cable connection and then made another restore point... as yet un-needed.. What you are saying is that chances are if the computer gets bogged down again that restore point may not save her? That wasn't the feeling I had. After thinking about it I had checked out the system restore in WIN2000 and also in win/Me as I had ran that for a few years. Actually I remember learning how to shut it off as it grew into a large chunk of my HDD. BUT ..the recovery disks that came with it never failed to format the hard drive and reinstall WIN/ME ... I was never trying to recover the added software then. I can see where a partial restoration would be prone to all sort of problems... but that is pretty obvious. hence the Format. But what I am into now does that very same format... but instead of installing just factory windows it installs all my software and preferences. none of it corrupted because of my faithful return each time to the restore point before performing whatever upgrades I had on my list.. then immediately creating another restore point.. This is the essence of my message here.. How to keep the restore point pristine.. This new restore point is not made permanent for a few days... not until I feel comfortable with it. Then I must return to it again before saving it as a static (permanent) point. Also I'm learning that when making that temporary point (incremental) it is better to do it twice.. the newest file grows so I return to the 1st of the pair when ready to make it permanent. |
|
#38
11-17-2005, 03:20 PM
| ||||
| ||||
| Have a look at the answers to questions 1, 8, 9 and 12 on the link below http://www.microsoft.com/technet/pro.../faqsrwxp.mspx I don't think it doesn't monitor user files, I know it doesn't, as it's there in black and white. System restore only acts on the system files and program files within the system. It makes no changes to any user data files at all, thus rendering any attempt at virus removal useless. It may remove the changed windows/program files created by the virus, and give better performance to begin with. But it will not remove a virus from your system, unless it is contained within a monitored file type and NOT within a user data folder. |
|
#39
11-17-2005, 04:24 PM
| |||
| |||
| I've always made a weak case for built in system restore I'm having trouble deciding if you are saying none of it works or just Microsofts built in restore.. ? It's Farstone's RestoreIt that I defend... and thought worth mentioning here. On Windows I might have been overly optimistic.. a shame if so. I did wonder about Win/Xp's ability to retreat to an earlier restoration point without deleting later ones.. with RestoreIt any newer restore points dissolve.. and set furthest back is the one Static (permanent) restore point. That is misleading though as you can delete it and make a new permanent restore point.. as often as you wish... This is the Restore point I talk about.. The one safe guarded thru it's development until it offers every preference and tweak I desire. When I use this restore point all others disappear.. software all in place with preferences set but never used... none of the debris I've came to believe is inherent with use. all files and folders of mine are kept on a different partition .... the only thing I need to consider is whether I have any new favorites, emails or address book files to move.. This isn't for those who operate and keep all files on one partition.. At least my method isn't. |
|
#40
11-17-2005, 05:11 PM
| ||||
| ||||
| Using the restoreIt would work, but by having/moving files to another partition or drive, you would be allowing the virus in to that partition/drive just by having it their in the first place. Virus would then re-infect the restored windows from the second partition/drive, although a scan would show your restored windows as clean to begin with. The windows system restore version doesn't work at all, it just restores clean versions of the corrupted files created by some viruses. To do it with RestoreIt would still require some anti-virus cover. Not just to cover your system but to cover your hidden restore files. A virus can still corrupt you hidden restoreIt files, rendering them totally useless and wiping out all you have backed up. You will need only 1 partition that you back up once a day or what ever, and back up your other files created after the backup to CD or removable drive. Then when you restore to your good restoreIt point, you can scan the CD/drive for viruses before putting them back on the main drive. It needs to be done this way, as if they are on another fixed drive/partition, they can activate the virus before the restored anti-virus fires up. What ever way you look at it, Anti-virus is needed in one form or another. Just try AVG and see how it runs on your system. I'm willing to bet you will see little, if any difference in your net speed. Free AVG anti-virus |
|
#41
11-17-2005, 05:42 PM
| |||
| |||
| I said I heard me? Still don't get it? I've mentioned an ocassional visit to Trend Micro for their free online virus scan... It may be possible for a virus to find my hidden restoration files but I think you are still talking of a lesser restore point.. this is a closed partition when you start talking about "You will need only 1 partition that you back up once a day or what ever" you are not on the same page.. A restore point like that is just a run of the mill one.. it will include all the unwanted glitches and debris my idea does away with... Just take a moment and rethink just what I've written without assumming it has faults.. It works.. it's not for everybody. |
|
#42
11-17-2005, 05:58 PM
| ||||
| ||||
| I can't make it any clearer. No restore point systems/methods work safely without the backing of antivirus. Using an online virus scan of any kind doesn't fully scan the system, neither does it scan for malware, adware spyware, keyloggers etc. In fact some viruses have ways of running undetected by any scan (online or installed) unless it is run in safe mode. I'm not going to keep on about it, as the choice is yours to make. |
|
#43
11-17-2005, 06:27 PM
| |||
| |||
| Is that your last word then? what you hit me with earlier in the day was ]" That is a very poor method, and in reality gives no protection at all " where do we stand now? I say it offers lots of protection ... probably not perfect but I use it very often and when I do my system stays clean until I get reckless... and often that happens when my system speed could use the boost gained by by returning to my restore point... I say this is some protection in reality also a delight... so was that your last word for real?... I know it's getting late across the pond but what I really was looking for was more along the lines of "Yes I see what you mean now .. I misunderstood.. that is a very good plan for those who do understand it... I regret having portrayed it as irrevelant.. again it was because I didn't/couldn't understand... 1,000 pardons ole RonDon" .. |
|
#44
11-18-2005, 02:15 AM
| ||||
| ||||
| Hi Rondon, OK, first let me say that no system can offer complete protection, and the system you are suggesting certainly has merits. RestoreIt, and the other "Sandbox" applications do not work in the same way as Windows inbuilt Restore function, (which as Chris says, do not restore User created files and folders, or many of the kernel functions), and are a viable method to secure your computer. They create a partition with a "virtual" system, which is ring fenced with encrypted security protocols to prevent cross partition infection. (Another such type with a good reputation is Deep Freeze), and as such are not prone to the possible "holes" that may be exploited by using Windows native Restore option. However, it would still be useful to have an anti-virus scanner, if only to make it easier to know if you have been infected, and have to make a restore. It's not necessary to have the resident scanner switched on, as this is the part of the programme that uses up resources. But if you use the On-Demand scanner whenever you wish to check your system, there should be no deterioration of performance. As with all such programmes, it is necessary to update regularly. I don't think that either Chris or I are saying that your strategy of restore has no merit, just that it may not be as secure as you may wish. I of course wish you every success with your method, and hope it continues to protect you. Gary |
|
#45
11-18-2005, 03:57 AM
| ||||
| ||||
| I agree with Gary  . I can confirm that although a virus will have great problems infecting the hidden (sandboxed) sector on the drive, it can be corrupted/damaged by it. Also installing some programs can damage the hidden partition, as found out by 100's of Packard Bell hidden recovery users (same system as RestoreIt). The main problem I have with your method is not the fact that you are open to infection, but that you are open to infect others. Being unprotected means that once you are infected, you can be spreading the infection to 1000's of others. This is how these things spread all over, an example being the Linux.Plupii worm. Every one system infected with it will infect 100's of others, and they in turn will infect 100's more. So the virus (or what ever) goes on and on and on.I can tell you with a 100% guarantee that an XP SP1 system with no anti-virus/firewall, will be infected with a virus within 5-10 seconds of being put on the net. I've seen it 1000's of times when people have reinstalled windows, and gone on the net for updates. They then phone up saying my computer keeps shutting itself down, every time I try to go on the internet. Quote:
Last edited by chrishoggy; 11-18-2005 at 04:29 AM. |
|
#46
11-18-2005, 08:21 AM
| |||
| |||
| I do give others protection by following advice I read some time ago to change some options in outlook express . And and occasional visit to "housecall" keeps my other partition as clean as most virus protection and as I wrote of before I do that just before using the restore point (not everytime). In this fashion even the visit to housecall isn't recorded on my FAST restore point. Thank you Gary for this: RestoreIt, and the other "Sandbox" applications do not work in the same way as Windows inbuilt Restore function, and are a viable method to secure your computer. They create a partition with a "virtual" system, which is a ring fenced with encrypted security protocols to prevent cross partition infection. That sounds very much the way it feels... I do now understand windows/XP restore points better now and agree it does not offer the same protection... without having it around long enough to understand I assumed too much. One thing that may have thrown me off was they have the restore points and system restore all thrown together.... are you saying that windows XP instead of using recovery disks (like win/me) just stores that data on the HDD? That still is a factory restore point right?.. but can't be updated? It didn't help that RestoreIt by default names the static(permanent) restore point Factory settings you are allowed to change the name to anything you like though.. I usually use the date. so My question to Chris is do you still stand by your original classification of my method That is a very poor method, and in reality gives no protection at all .. I've been perfecting my restore point and thought I was sharing something wonderful... and I still do... but he shot it right out of the water without really understanding it.. some folks will have read no more about and thats really too bad... it really is a delight to use it... even just to know it's there. using Restore it normally does give folks some protection but using it with my method gives them much more. If I've done it correctly all the changes and updates I've made over time appear on the hard drive as if I sat down and formatted the HDD and installed and tweaked it all at once. No debris. All defragged and very quick. The most important thing for anyone interested is:
then feel free to try programs make changes and all sorts of things that normally leave clutter and debris even after removal.
This is where the greatest worth is in the method. Virus protection is nice too... |
|
#47
11-18-2005, 09:10 AM
| ||||
| ||||
| rondon, I do stand by what I said. The reasons for this are that by having a clean restore point, you are not protecting yourself from virus attack. You are doing nothing other than creating a file that can be used to put a clean disc image back on to the system. To prove this point I will now give you a hypothetical situation. You have just restored your system using your method and the system is as clean as a whistle. It's been scanned and double scanned, and there is nothing at all wrong. You connect to the net to do a bit of searching and find a nice little free trial program you want to try. You download this file, and feel safe doing so with your restore point safe and hidden away. You run the program and try it out. Unknown to you (because you have no anti-virus) this trial program has a Bios virus contained within the file system. By running the program you have also run the virus. This virus sends new data into the BIOS chip, overwriting BIOS EEROM. You get up the next morning to use your computer, and it makes a single beep noise and does nothing when powered up. You then think I know I've got my hidden file I can restore. So you fire the system up again, but nothing is working. You can't enter bios setup, get restoreIt to work or do anything other than make it beep once when powered up. So you call an IT person out or friend in the know, and ask them what is wrong. Your friend then tells you that because you didn't have anti-virus, you have just wiped the Bios chip on the motherboard. Your system is now totally dead, and because this virus has also overwritten the first few MB of data from your each HDD/partition, you have lost your restore point and all your files on any fixed drive in your system. He now tells you that the only way fix this is to replace the Bios chip or motherboard. Then reformat the drives and install everything from scratch. He could try to get the windows data back with recovery software, but thats gunna cost you even more. Now what do you say when asked why you didn't have any FREE anti-virus protection? How do you justify spending all that money on repairs, when a free program would have stopped it! Seen it happen many times, and read many sorry story's about this exact same situation. I really am not having a go at what you are doing, but pointing out that it is NOT doing what you think it is. It doesn't give you any protection at all. An old phrase comes to mind "prevention is better than the cure" You are running the risk of loosing everything on your system, and damaging the hardware in the process. Remember this was your statement Quote:
Last edited by chrishoggy; 11-18-2005 at 09:29 AM. |
|
#48
11-18-2005, 10:38 AM
| ||||
| ||||
| The scenario that Chris gives you is valid, however, bios viruses are not very common, as they are difficult to write. It is still possible to get infected with such a virus even if you have an up to date anti-virus on your m/c, provided the virus that hits you is a zero day infection (ie unknown new variant). This does not mean that the advice he is giving is not sound, its all a matter of reducing risk. A workable system could surely be put together using the "plusses" of both systems. A well firewalled and anti-virus protected shell to make primary penetration difficult, with a ring fenced "Sandbox" to enable recovery in case of infection. Provided your firewall monitors both incoming and outgoing connections, the chances of passing on an infection are reduced. Of course if you are connected in a Network, different considerations have to be taken, as internal network infection can happen once your outer defences are breached. The "sandboxed" system is there for you to recover to, should your m/c be compromised. One last thing to consider. Intruders are a sneaky and devious lot, they have many different reasons for wanting to infect your box. Just a couple of possible scenarios. Not all intrusions are obvious, they do not all carry a payload that alerts you to their presence. Sometimes an intruder may just wish to use you as a springboard for attacks on others, hiding his trail from the m/c he really wants to attack. As long as their traffic use on your computer is small, you might have them on board for a long time without knowing it. However, your m/c is the one that will show up on the attacked m/c, and you are the one who will get woken up by the police at 3.00 am. Similarly, they may have just installed a backdoor on your system, and can monitor your internet activity, noting down bank details, credit card numbers, passwords and private details etc. etc. With the added advantage that with a backdoor installed they can completely take over your m/c whenever they want. Without the programmes needed to keep them out, and to monitor your system, you cannot know that this is not the case. Gary |
|
#49
11-18-2005, 11:29 AM
| ||||
| ||||
| What I am about to show you is 100% safe and all files are 100% virus free Like Gary said "bios viruses are not very common" , but this was a worst case scenario to show what I mean. The net is full of illegal activity and nasty people willing to blame you for what they have done. Using your computer as a middle man is a way of making it look as though you are the one doing illegal things. They can hide files to do this in many different forms. An example of a file you would never suspect of having a virus is bitmap. Now I will show you what I mean by this. Below is a link to a picture file (bitmap) that I used on another forum to show how a security program works. http://www.chrishoggy.pwp.blueyonder.co.uk/test.bmp This file could be a picture of anything that you like/want to download. Now the program I used was created to secure data, but it can also be used to hide any type of file within a bitmap image. It can be used to run a program when you open the image or run a virus. In the case of the link above, it has a text file in it asking how someone opened the file. It is totally safe to view as a normal bmp image and the file contains nothing nasty. Save the image to your Hard drive Now if you download this free 10 day trial program Here and open that bmp file in it. You can unlock the text file hidden within it. Open the program and highlight the test.bmp file and click on the unlock tab. Now enter canyoucrackthis (no spaces) as the password and the program will now extract the text file that was hidden within the image, so you can read it. This system can be used to hide anything in an image, and just shows how it can be done. Systems like this can do lots more, but I would be foolish to post the details on a forum  . Last edited by chrishoggy; 11-18-2005 at 11:40 AM. |
|
#50
11-18-2005, 12:10 PM
| |||
| |||
| a new day If we rule out the rare, difficult to develope bios virus that could cripple even a well protected system I have yet to understand why my system doesn't trump many security features. Nothing to stop folks from using it daily or even every start up. So what if I never saw it.... it's gone. I don't care to have somewhat invasive security draining resources and themselves often requiring maintenance. I'm sure virus protection could be built into the restore point but there is the issue of updates to be dealt with. No problem if the security updates can be downloaded and installed offline in the process of creating a new permanent restore point, but if those updates must be done online then it will compromise what was intended to be a restore point that has never been online. But including security would really just be one of the interesting work arounds required. What I really feel is going on here is Chris is acting in a way that I see a lot of myself in... although I'm trying to repent. He wants to give advice and be listened to without listening. My idea appeared to him as riddled with holes and he confidently slammed it.. All too human but if his ego blinds him to the explanations I offered he is no longer conversing but defending his stance.. sort of like an corrupt restore point... pardon the pun. This thread is getting a fair amount of views .. deflecting his criticism has allowed folks a closer look so I thank him for that... It does appear as too shallow a plan to do any good.. it's not that shallow... it takes some dedication. And it's not for everyone. |
|
#51
11-18-2005, 12:32 PM
| ||||
| ||||
| OK, I am willing to hold my hands up and admit I was totally wrong, this will be done on one condition. Assume someone has done your restore and cleaned their system fully. They have just gone on the net after buy something with their credit card via the net, sent an Email with their name and address in, copied their driving licence with a scanner to send off to the police via snail mail or something else along those lines where they have been dealing with personal details. Now tell me what is stopping me from getting all that info and using it to buy electrical goods in their name and committing fraud. Or stopping me from selling that info on to the lo-life ID criminals, who will use it to create Passports, driving licences and credit cards etc. If you can tell me that something has stopped me from getting all their details, I apologise and your system works. |
|
#52
11-18-2005, 12:44 PM
| ||||
| ||||
| PS: I didn't dispute that your system is good for restoring to a good setup, or that it would recover a system after a minor attack. The only thing I dispute is that it offers protection against any form of virus etc. |
|
#53
11-18-2005, 12:57 PM
| ||||
| ||||
| Just remind me to never open anything that has Ron's name attached to it. I certainly know what Gary and Chris are talking about, why they are talking about it, and what they are trying to help with, having been a victim of a nasty virus/trojan only once before. I was TOTALLY BLESSED in that both my husband, who is a computer systems man and my son, who runs the IT department where he works, were home when it happened. I only lost a minimum of data because both of them knew what do do, how to do it, and caught it quickly. I'm living proof that the RESTORE POINTS do not work they way you think they do Ron. A six-eight hour rebuild while losing your data is absolutely awful. Sign me: A CAREFUL computer user Janet |
|
#54
11-18-2005, 01:21 PM
| |||
| |||
| The beat goes on I don't think what janet said is revelant but chris opened a new can of worms.. when he mentioned using a credit card. I don't do online transactions and those would require another work around The rest of this is nonsense sent an Email with their name and address in, copied their driving licence with a scanner to send off to the police via snail mail |
|
#55
11-18-2005, 01:35 PM
| ||||
| ||||
| Ron, OK, it's nonsense. I talk utter rubbish and I was wrong all along, your method works like a dream. Happy surfing  Another thing to look at, and I'm not sure if this is covered by Dougs server protection is this http://www.windowsitpro.com/Article/...039/44039.html PS: Janet, nobody can say I haven't tried  . Advise is there for members to read. I will let them decide on what is correct  Last edited by chrishoggy; 11-18-2005 at 01:42 PM. |
|
#56
11-18-2005, 02:08 PM
| ||||
| ||||
| PPS: Apologies to Nebgranny for this discussion taking over her original post |
|
#58
11-18-2005, 03:18 PM
| ||||
| ||||
| Quote:
As for your above insults, just because you were never taught proper manners doesnt mean that everyone else here has to lower themselves to your level. What you call 'sukking up' is proper forum ettiquette when 'hijacking' someone elses thread. All I can say is I hope theres someone out there listening to this thread that will make you eat your words.... I'm tempted myself tbh. |
|
#59
11-18-2005, 03:21 PM
| ||||
| ||||
| I don't think name calling exactly elevates this discussion, and I'm sure that members will make their decisions based on the arguments expressed, and not on any "sucking up", real or imagined. I hope we're here to give information and advice that will help other members, that is certainly my intent, and perhaps that might best be achieved with a little less hostility. |
|
| Thread Tools | |
| |
