System Restore and malware.

  • Thread starter Thread starter Dan
  • Start date Start date
D

Dan

An acquaintance let it drop, in passing, that all she does if she
thinks she has malware is to do a System Restore. I did not comment at
the time. I myself can only describe my set-up as belt and braces as
well as a spare belt. I keep up to date with definitions, do a
thorough clean every week etc.
Anyone any opinion/ideas on her approach?
Just how safe is her approach?
I ask because we work from time to time on each others PC and exchange
work on CDs and DVDs.

This is not a disinterested enquiry for the askings sake.

Dan.
 
From: "Dan" <[email protected]>

| An acquaintance let it drop, in passing, that all she does if she
| thinks she has malware is to do a System Restore. I did not comment at
| the time. I myself can only describe my set-up as belt and braces as
| well as a spare belt. I keep up to date with definitions, do a
| thorough clean every week etc.
| Anyone any opinion/ideas on her approach?
| Just how safe is her approach?
| I ask because we work from time to time on each others PC and exchange
| work on CDs and DVDs.
|
| This is not a disinterested enquiry for the askings sake.
|
| Dan.


It may or may not work. Yes it will delte EXE files and revert back yto an olde Registry
but some malware may be using other file taype that is not saved in the system restore cache
and will still be present.
 
David H. Lipman said:
From: "Dan" <[email protected]>

| An acquaintance let it drop, in passing, that all she does if she
| thinks she has malware is to do a System Restore. I did not comment at
| the time. I myself can only describe my set-up as belt and braces as
| well as a spare belt. I keep up to date with definitions, do a
| thorough clean every week etc.
| Anyone any opinion/ideas on her approach?
| Just how safe is her approach?
| I ask because we work from time to time on each others PC and exchange
| work on CDs and DVDs.
|
| This is not a disinterested enquiry for the askings sake.
|
| Dan.


It may or may not work. Yes it will delte EXE files and revert back yto
an olde Registry
but some malware may be using other file taype that is not saved in the
system restore cache
and will still be present.
Click to expand...
By far the safest scheme is to partition the drive and keep the os and
program files in the main (c) partition and use one or more (usually
extended) partitions for data and everything else.
I use bootitng to manage this, and backup the c partition to one of the
volumes as well as to dvd but not necessarily as frequently. I recently got
image for windows which permits making the image without shutting down the
system.
Taking all the other normal precautions should still be done, but the
ultimate protection against any mishap is a good backup scheme.
Dave Cohen
 
Per Dan:
Anyone any opinion/ideas on her approach?
Just how safe is her approach?
I ask because we work from time to time on each others PC and exchange
work on CDs and DVDs.
Click to expand...

I may be in the same boat as she is.

My approach:
----------------------------------------------------------
1) Partition the drive so there's about 40 gigs for C:\System

2) Install only the OS and applications on C:\

3) Dedicate an external USB2 drive as D:\Data

4) Take some time to make sure that all data (including "Favorites") winds up on
D:. This takes a few registry changes.

5) Dedicate another external USB2 drive to system images.

6) I take a system image (in 640k chunks) as soon as I have a working system
installed.

7) Then, as I install/change things I keep longhand notes on paper of exactly
what I did over the days/weeks.

8) Once I've got a "Final" system, I restore that first system - remaining
offline - and re-apply those changes, still offline.

9) Now I burn another system image in 640k chunks.

10) Generally, I'll burn that image to DVDs or CDs.

11) From then on, I do the longhand notes thing for successive changes. These
changes are generally minimal, but every so often, I'll restore the last good
image and update it with the changes as in #8.
------------------------------------------------------------


I've got a 13-year-old on this PC several hours a day, so I've had *plenty* of
opportunities to test out my scheme (as in a couple per month...) and it's been
working a-ok for me over the last 3 years or so.

In addition, I do regular incremental backups of D: to three separate USB2
drives. I keep one online for convenience, and shuttle the other two between
home and work for offsite backup.



As I read back over this, it sounds complicated and time-consuming.

In fact, it is minimally so.

The main investments are:
------------------------------------------------------
1) Buying and learning how to use an image backup utility

2) Buying and learning how to use the data backup utility

3) Buying the external USB2 drives

4) Keeping the longhand log of system changes

5) Making the occasional updated version of my "good" image
 
From: "Dave Cohen" <[email protected]>


| By far the safest scheme is to partition the drive and keep the os and
| program files in the main (c) partition and use one or more (usually
| extended) partitions for data and everything else.
| I use bootitng to manage this, and backup the c partition to one of the
| volumes as well as to dvd but not necessarily as frequently. I recently got
| image for windows which permits making the image without shutting down the
| system.
| Taking all the other normal precautions should still be done, but the
| ultimate protection against any mishap is a good backup scheme.
| Dave Cohen
|

When it comes to the System Restore cache that is a moot point. The System estore cache
caches data on all hard disks.

To take your idea a step futher, use a sepate physical hard diak for OS and Data. If they
are IDE, each drive should be on its own IDE channel.
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
An acquaintance let it drop, in passing, that all she does if she
thinks she has malware is to do a System Restore. I did not comment at
the time. I myself can only describe my set-up as belt and braces as
well as a spare belt. I keep up to date with definitions, do a
thorough clean every week etc.
Anyone any opinion/ideas on her approach?
Just how safe is her approach?
I ask because we work from time to time on each others PC and exchange
work on CDs and DVDs.

This is not a disinterested enquiry for the askings sake.
Click to expand...

When spyware steals her web site logins, bank details, work-related
information and credit card numbers I'm sure she'll realise her methods are
insufficient.

If I were you I would be *very* careful about working on other people's
computers, especially if they have such a lax method of securing
themselves. When you go to type that letter or copy that work-related file
think to yourself "Do I want these to be compromised?"

It's a bit like saying you drive a car without brakes and every time the
car and driver is damaged by a crash you just let the insurance and
hospital fix them. It's when you have a passenger (you) that it starts
harming others!

Cheers

Adam Piggott,
Proprietor,
Proactive Services (Computing)
http://www.proactiveservices.co.uk/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDvAqz7uRVdtPsXDkRAlkYAJ0fjNfyWT4Zlp2KR4XEIscNkegB3wCfUElc
DYfaqWAsHZp8Tz2lnsDhsBU=
=z2B/
-----END PGP SIGNATURE-----
 
Per (PeteCresswell):
I may be in the same boat as she is.
Click to expand...

Except that I have an AV program (PC-Cillin), a software firewall, and a
NAV-enabled router...

However, since I have not been able to figure out how to use Windows XP on a
day-to-day basis without having an ID with Admin authority logged on (Acrobat
PdfWriter is one problem among several...) I find that the system is still
exposed to various malware - partially by virtue of having a 13-year-old
pounding on it day-after-day - and partially because I could also inadvertently
install some sort of Trojan/worm while doing something I thought was harmless.

So maybe I'm more with the belt-and-suspenders crowd...
 
Back
Top