RetouchPRO

Go Back   RetouchPRO > Tools > Hardware
Register Blogs FAQ Site Nav Search Today's Posts Mark Forums Read


Hardware Computers, displays, tablets, scanners, cameras, printers, etc.

Virus , Posting for Help and Direction

Reply
 
Thread Tools
  #41  
Old 11-17-2005, 05:42 PM
rondon rondon is offline
Senior Member
 
Join Date: Mar 2002
Location: north central florida
Posts: 470
I said I heard me?

Still don't get it?

I've mentioned an ocassional visit to Trend Micro for their free online virus scan...
It may be possible for a virus to find my hidden restoration files but I think you are still talking of a lesser restore point.. this is a closed partition


when you start talking about "You will need only 1 partition that you back up once a day or what ever"
you are not on the same page.. A restore point like that is just a run of the mill one.. it will include all the unwanted glitches and debris my idea does away with...
Just take a moment and rethink just what I've written without assumming it has faults.. It works.. it's not for everybody.
Reply With Quote top
  #42  
Old 11-17-2005, 05:58 PM
chrishoggy's Avatar
chrishoggy chrishoggy is offline
Senior Member
 
Join Date: Dec 2004
Location: Yorkshire
Posts: 578
Blog Entries: 1
I can't make it any clearer. No restore point systems/methods work safely without the backing of antivirus. Using an online virus scan of any kind doesn't fully scan the system, neither does it scan for malware, adware spyware, keyloggers etc. In fact some viruses have ways of running undetected by any scan (online or installed) unless it is run in safe mode. I'm not going to keep on about it, as the choice is yours to make.
Reply With Quote top
  #43  
Old 11-17-2005, 06:27 PM
rondon rondon is offline
Senior Member
 
Join Date: Mar 2002
Location: north central florida
Posts: 470
Is that your last word then?

what you hit me with earlier in the day was ]" That is a very poor method, and in reality gives no protection at all " where do we stand now?
I say it offers lots of protection ... probably not perfect but I use it very often and when I do my system stays clean until I get reckless... and often that happens when my system speed could use the boost gained by by returning to my restore point...

I say this is some protection in reality

also a delight...

so was that your last word for real?... I know it's getting late across the pond but what I really was looking for was more along the lines of "Yes I see what you mean now .. I misunderstood.. that is a very good plan for those who do understand it... I regret having portrayed it as irrevelant.. again it was because I didn't/couldn't understand... 1,000 pardons ole RonDon" ..
Reply With Quote top
  #44  
Old 11-18-2005, 02:15 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Hi Rondon,

OK, first let me say that no system can offer complete protection, and the system you are suggesting certainly has merits.

RestoreIt, and the other "Sandbox" applications do not work in the same way as Windows inbuilt Restore function, (which as Chris says, do not restore User created files and folders, or many of the kernel functions), and are a viable method to secure your computer. They create a partition with a "virtual" system, which is ring fenced with encrypted security protocols to prevent cross partition infection. (Another such type with a good reputation is Deep Freeze), and as such are not prone to the possible "holes" that may be exploited by using Windows native Restore option.

However, it would still be useful to have an anti-virus scanner, if only to make it easier to know if you have been infected, and have to make a restore.

It's not necessary to have the resident scanner switched on, as this is the part of the programme that uses up resources. But if you use the On-Demand scanner whenever you wish to check your system, there should be no deterioration of performance. As with all such programmes, it is necessary to update regularly.

I don't think that either Chris or I are saying that your strategy of restore has no merit, just that it may not be as secure as you may wish.

I of course wish you every success with your method, and hope it continues to protect you.

Gary
Reply With Quote top
  #45  
Old 11-18-2005, 03:57 AM
chrishoggy's Avatar
chrishoggy chrishoggy is offline
Senior Member
 
Join Date: Dec 2004
Location: Yorkshire
Posts: 578
Blog Entries: 1
I agree with Gary . I can confirm that although a virus will have great problems infecting the hidden (sandboxed) sector on the drive, it can be corrupted/damaged by it. Also installing some programs can damage the hidden partition, as found out by 100's of Packard Bell hidden recovery users (same system as RestoreIt). The main problem I have with your method is not the fact that you are open to infection, but that you are open to infect others. Being unprotected means that once you are infected, you can be spreading the infection to 1000's of others. This is how these things spread all over, an example being the Linux.Plupii worm. Every one system infected with it will infect 100's of others, and they in turn will infect 100's more. So the virus (or what ever) goes on and on and on.
I can tell you with a 100% guarantee that an XP SP1 system with no anti-virus/firewall, will be infected with a virus within 5-10 seconds of being put on the net. I've seen it 1000's of times when people have reinstalled windows, and gone on the net for updates. They then phone up saying my computer keeps shutting itself down, every time I try to go on the internet.

Quote:

so was that your last word for real?... I know it's getting late across the pond but what I really was looking for was more along the lines of "Yes I see what you mean now .. I misunderstood.. that is a very good plan for those who do understand it... I regret having portrayed it as irrevelant.. again it was because I didn't/couldn't understand... 1,000 pardons ole RonDon" ..
I fully understand what you are doing.

Last edited by chrishoggy; 11-18-2005 at 04:29 AM.
Reply With Quote top
  #46  
Old 11-18-2005, 08:21 AM
rondon rondon is offline
Senior Member
 
Join Date: Mar 2002
Location: north central florida
Posts: 470
I do give others protection by following advice I read some time ago to change some options in outlook express . And and occasional visit to "housecall" keeps my other partition as clean as most virus protection and as I wrote of before I do that just before using the restore point (not everytime). In this fashion even the visit to housecall isn't recorded on my FAST restore point.

Thank you Gary for this: RestoreIt, and the other "Sandbox" applications do not work in the same way as Windows inbuilt Restore function, and are a viable method to secure your computer. They create a partition with a "virtual" system, which is a ring fenced with encrypted security protocols to prevent cross partition infection. That sounds very much the way it feels...

I do now understand windows/XP restore points better now and agree it does not offer the same protection... without having it around long enough to understand I assumed too much. One thing that may have thrown me off was they have the restore points and system restore all thrown together.... are you saying that windows XP instead of using recovery disks (like win/me) just stores that data on the HDD? That still is a factory restore point right?.. but can't be updated? It didn't help that RestoreIt by default names the static(permanent) restore point Factory settings you are allowed to change the name to anything you like though.. I usually use the date.

so My question to Chris is do you still stand by your original classification of my method That is a very poor method, and in reality gives no protection at all ..

I've been perfecting my restore point and thought I was sharing something wonderful... and I still do... but he shot it right out of the water without really understanding it.. some folks will have read no more about and thats really too bad... it really is a delight to use it... even just to know it's there.

using Restore it normally does give folks some protection but using it with my method gives them much more. If I've done it correctly all the changes and updates I've made over time appear on the hard drive as if I sat down and formatted the HDD and installed and tweaked it all at once. No debris. All defragged and very quick.

The most important thing for anyone interested is:
  • return to the restore point before making permanent changes
  • make 2 new temporary (incremental) after
  • use the temp points long enough to trust them
  • then restore the computer to the 1st of the 2 temporary
  • create a new Permanent (static) restore point.

then feel free to try programs make changes and all sorts of things that normally leave clutter and debris even after removal.
  • start a list then of the new changes that you wish to make permanent the next time you update the permanent restore point..

This is where the greatest worth is in the method. Virus protection is nice too...
Reply With Quote top
  #47  
Old 11-18-2005, 09:10 AM
chrishoggy's Avatar
chrishoggy chrishoggy is offline
Senior Member
 
Join Date: Dec 2004
Location: Yorkshire
Posts: 578
Blog Entries: 1
rondon, I do stand by what I said. The reasons for this are that by having a clean restore point, you are not protecting yourself from virus attack. You are doing nothing other than creating a file that can be used to put a clean disc image back on to the system. To prove this point I will now give you a hypothetical situation.
You have just restored your system using your method and the system is as clean as a whistle. It's been scanned and double scanned, and there is nothing at all wrong. You connect to the net to do a bit of searching and find a nice little free trial program you want to try. You download this file, and feel safe doing so with your restore point safe and hidden away. You run the program and try it out. Unknown to you (because you have no anti-virus) this trial program has a Bios virus contained within the file system. By running the program you have also run the virus. This virus sends new data into the BIOS chip, overwriting BIOS EEROM. You get up the next morning to use your computer, and it makes a single beep noise and does nothing when powered up. You then think I know I've got my hidden file I can restore. So you fire the system up again, but nothing is working. You can't enter bios setup, get restoreIt to work or do anything other than make it beep once when powered up. So you call an IT person out or friend in the know, and ask them what is wrong. Your friend then tells you that because you didn't have anti-virus, you have just wiped the Bios chip on the motherboard. Your system is now totally dead, and because this virus has also overwritten the first few MB of data from your each HDD/partition, you have lost your restore point and all your files on any fixed drive in your system. He now tells you that the only way fix this is to replace the Bios chip or motherboard. Then reformat the drives and install everything from scratch. He could try to get the windows data back with recovery software, but thats gunna cost you even more.

Now what do you say when asked why you didn't have any FREE anti-virus protection? How do you justify spending all that money on repairs, when a free program would have stopped it!

Seen it happen many times, and read many sorry story's about this exact same situation.
I really am not having a go at what you are doing, but pointing out that it is NOT doing what you think it is. It doesn't give you any protection at all. An old phrase comes to mind "prevention is better than the cure" You are running the risk of loosing everything on your system, and damaging the hardware in the process.
Remember this was your statement
Quote:
Restore as virus protection?

Last edited by chrishoggy; 11-18-2005 at 09:29 AM.
Reply With Quote top
  #48  
Old 11-18-2005, 10:38 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
The scenario that Chris gives you is valid, however, bios viruses are not very common, as they are difficult to write.

It is still possible to get infected with such a virus even if you have an up to date anti-virus on your m/c, provided the virus that hits you is a zero day infection (ie unknown new variant).

This does not mean that the advice he is giving is not sound, its all a matter of reducing risk.

A workable system could surely be put together using the "plusses" of both systems. A well firewalled and anti-virus protected shell to make primary penetration difficult, with a ring fenced "Sandbox" to enable recovery in case of infection.

Provided your firewall monitors both incoming and outgoing connections, the chances of passing on an infection are reduced. Of course if you are connected in a Network, different considerations have to be taken, as internal network infection can happen once your outer defences are breached.

The "sandboxed" system is there for you to recover to, should your m/c be compromised.

One last thing to consider.

Intruders are a sneaky and devious lot, they have many different reasons for wanting to infect your box.

Just a couple of possible scenarios.

Not all intrusions are obvious, they do not all carry a payload that alerts you to their presence. Sometimes an intruder may just wish to use you as a springboard for attacks on others, hiding his trail from the m/c he really wants to attack. As long as their traffic use on your computer is small, you might have them on board for a long time without knowing it. However, your m/c is the one that will show up on the attacked m/c, and you are the one who will get woken up by the police at 3.00 am.

Similarly, they may have just installed a backdoor on your system, and can monitor your internet activity, noting down bank details, credit card numbers, passwords and private details etc. etc. With the added advantage that with a backdoor installed they can completely take over your m/c whenever they want.

Without the programmes needed to keep them out, and to monitor your system, you cannot know that this is not the case.

Gary
Reply With Quote top
  #49  
Old 11-18-2005, 11:29 AM
chrishoggy's Avatar
chrishoggy chrishoggy is offline
Senior Member
 
Join Date: Dec 2004
Location: Yorkshire
Posts: 578
Blog Entries: 1
What I am about to show you is 100% safe and all files are 100% virus free
Like Gary said "bios viruses are not very common" , but this was a worst case scenario to show what I mean. The net is full of illegal activity and nasty people willing to blame you for what they have done. Using your computer as a middle man is a way of making it look as though you are the one doing illegal things. They can hide files to do this in many different forms.
An example of a file you would never suspect of having a virus is bitmap. Now I will show you what I mean by this.
Below is a link to a picture file (bitmap) that I used on another forum to show how a security program works.
http://www.chrishoggy.pwp.blueyonder.co.uk/test.bmp

This file could be a picture of anything that you like/want to download. Now the program I used was created to secure data, but it can also be used to hide any type of file within a bitmap image. It can be used to run a program when you open the image or run a virus. In the case of the link above, it has a text file in it asking how someone opened the file. It is totally safe to view as a normal bmp image and the file contains nothing nasty.
Save the image to your Hard drive
Now if you download this free 10 day trial program Here and open that bmp file in it. You can unlock the text file hidden within it.
Open the program and highlight the test.bmp file and click on the unlock tab.
Now enter canyoucrackthis (no spaces) as the password and the program will now extract the text file that was hidden within the image, so you can read it.
This system can be used to hide anything in an image, and just shows how it can be done. Systems like this can do lots more, but I would be foolish to post the details on a forum .

Last edited by chrishoggy; 11-18-2005 at 11:40 AM.
Reply With Quote top
  #50  
Old 11-18-2005, 12:10 PM
rondon rondon is offline
Senior Member
 
Join Date: Mar 2002
Location: north central florida
Posts: 470
a new day

If we rule out the rare, difficult to develope bios virus that could cripple even a well protected system I have yet to understand why my system doesn't trump many security features.
Nothing to stop folks from using it daily or even every start up.

So what if I never saw it.... it's gone.

I don't care to have somewhat invasive security draining resources and themselves often requiring maintenance.

I'm sure virus protection could be built into the restore point but there is the issue of updates to be dealt with. No problem if the security updates can be downloaded and installed offline in the process of creating a new permanent restore point, but if those updates must be done online then it will compromise what was intended to be a restore point that has never been online. But including security would really just be one of the interesting work arounds required.

What I really feel is going on here is Chris is acting in a way that I see a lot of myself in... although I'm trying to repent. He wants to give advice and be listened to without listening. My idea appeared to him as riddled with holes and he confidently slammed it.. All too human but if his ego blinds him to the explanations I offered he is no longer conversing but defending his stance.. sort of like an corrupt restore point... pardon the pun.

This thread is getting a fair amount of views .. deflecting his criticism has allowed folks a closer look so I thank him for that... It does appear as too shallow a plan to do any good.. it's not that shallow... it takes some dedication. And it's not for everyone.
Reply With Quote top
Reply

  RetouchPRO > Tools > Hardware


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -6. The time now is 08:39 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
Copyright © 2016 Doug Nelson. All Rights Reserved