System Restore Keeping Only One Restore Point

[Danno]

I opened those enormous SR restore point files and in one of them I found
190 .RDB files, each being 2.84Mb (all the same size).

And in the other huge SR file, I found 212 .RDB files and they were all the
same size, also at 2.84 Mb each.

I've been searching on the net to find out what .RDB files are and to be
quite honest, I'm none the wiser.

Anyway, I assume this wasn't supposed to happen? I wonder if it will happen
again, next time the system automatically creates a restore point. By that
I mean, next time the system creates a restore point automatically and not
as a result of my causing it by downloading something... for example.

Can anybody tell me what an .RDB file is and why System Restore included
them in those two huge restore point files... both on the same day? Just as
an added point of interest, any defrag analysis I do always shows SR as the
most fragmented files on my computer. Is this normal?

In all fairness to ZoneAlarm, I now doubt ZoneAlarm has anything to do with
this.

Dan

Hi Bill in Co.,

Yeah, those two huge SR files are ginormous. I'm really interested in
two
things here:

First, what in hell would cause SR to store files that big?

Either something bad happened during the creation of those restore points
(like some other task was running, that screwed it up, in process), OR
(and this I think is a long shot - it was that large because of some HUGE
amount of registry and file changes that were made since the previous
restore point, and it needed that amount of disk space (but I really doubt
this possibility). Well, those are the two possible explanations that
come to mind for me, anyways.

Secondly, since I've found those files, would I be asking for trouble to
delete them manually? My guess is yes, so obviously I wouldn't do that
(even if I got the green light from experts. I'd just get rid of them
using
SR itself).

Do it that way (not manually). Your hunch is right - let System Restore
remove them properly (like by the way I mentioned previously), and it will
do the necessary housekeeping for System Restore and its bookmarking.
Don't do it manually.

It's more a case of just wanting to know if that would be OK,
or would that completely screw up the registry. I wouldn't be tempted to
do
it... it's just that I'm on a learning curve here. Those files are
hidden
for a reason, and I'm guessing it's to keep monkeys like me from playing
with them.

As I said, I would NOT do it manually. Yes, there is a chance it could
work, but I sure wound NOT bank on it! (I think that could and probably
would present problems for using the existing restore points that are
left)

But ultimately, I'd like to know what's in those files to make them so
big.

Outside of what I mentioned, I don't know. I suppose you could check
the date-time stamps of those two bogus system restore points, and then
search around on your hard drive for any suspicious file or folder
activity around those dates (like the date stamps on files or folders that
had changed somewhere around those dates), to see if something suspicious
shows up. Kind of a long shot, however.

Dan

Those two *extremely large* (600+MB) system restore points sound
suspicious, just as you said. Why not clear them all out (by
temporarily turning off System Restore), and then turn System Resore
back
on again (and create a good one) to start afresh?

And 3% should be adequate space, and would be, with good restore points
(which are normally like 60 MB each - NOT 600+ MB).

Danno wrote:
Hi Gerry,

It's not really a matter of "how many restore points I'm keeping".
It's
more a case of my trying to keep more than just ONE restore point. At
this
moment, there are 4 restore points from yesterday, and that's it. None
of
those were created automatically by the system. As I mentioned, the
event
viewer is not actually cataloging any " errors" about system restore,
but
here are two examples of reports (not tagged as an "error") that are
addressing what I'm experiencing:

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not
enough
disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will
automatically resume service once at least 200 MB of free disk space is
available on the system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 108
Date: 5/22/2008
Time: 4:41:13 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has resumed monitoring due to space freed on
the
system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

For now, I've disabled ZoneAlarm and have increased the allocated disc
space
for SR to the maximum. As I mentioned before, I would have hoped that
3%
or
1075 MB would have been plenty of space, but apparently not. Anyway,
if
the
problem is corrected, I'd think I've probably narrowed it down to those
two
suspects. I'll consider the problem corrected if, two weeks from now,
I
can
still see an available restore point that was recorded yesterday.

At your suggestion, I found the folders that hold the 4 volumes of SR
points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb
and
567Mb. My lord, two of those are way too big. What could be the
reason
for
that? That would explain why 1075Mb isn't enough space to store very
many
SR points... if they're going to be that huge.

Thanks again for your interest.

Dan

Danno

How many restore points are you keeping? How large are individual
restore
points? You should not need an allocation so large!

Can you please post a copy of the Event Viewer Information Report you
refer to.

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~


Danno wrote:
Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was
helpful, but a surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management,
double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate
the event description for any indication of the cause of the problem.


I followed the advice and lo and behold, there were descriptions of
events that happened with SR. None of the events actually showed up
as "errors", but none-the-less they described that SR was
"suspending" and then "resuming" due to lack of space allocated and
then more space being re-allocated. I was convinced that 3% or
1076MB would be plenty of space, but apparently not. If I'm not
mistaken though, even when I accidentally had 12% allocated, SR was
still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what
happens. That is an outrageously huge amount of space to allow, but
I have to do it for now.

I'll let you know. Thanks again!

Danno

On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

<snip for brevity>

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and
use the built in Windows firewall... just to test if ZA is involved
in any way with
my dilemma.


Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work
satisfactory then go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a
fantastic job at its core mission and is really all you need if you
have an 'real-time' anti-virus program, [another firewall on your
router or] other edge protection like SeconfigXP and practise
safe-hex. The windows firewall deals with inbound protection and
therefore
does not give you a false sense of security. Best of all, it doesn't
implement lots of nonsense like pretending that outbound traffic
needs to be monitored. Activate and utilize the Win XP built-in
Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater-it's a gimmick that only
gives the
impression of improving your security without doing anything that
actually does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownload/Seconfig-XP-Download-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
137-139 and 445 (the most exploited Windows networking weak point)
closed.) Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning
engine! Disable the e-mail scanning function during installation
(Custom Installation on some AV apps.) as it provides no additional
protection. Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast
Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in
class GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av
scanner). David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging
and oftentimes a collection of scanners is best. There isn't one
software that cleans and immunizes you against everything. That's
why you need multiple products to do the job i.e. overlap their
coverage - one may catch what another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/security/spyware/software/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which
detects changes to key areas of the system without having to know
anything about the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

 

[Kayman]

Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was helpful, but a
surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management, double-click Event
Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate the
event description for any indication of the cause of the problem.


I followed the advice and lo and behold, there were descriptions of events
that happened with SR. None of the events actually showed up as "errors",
but none-the-less they described that SR was "suspending" and then
"resuming" due to lack of space allocated and then more space being
re-allocated. I was convinced that 3% or 1076MB would be plenty of space,
but apparently not. If I'm not mistaken though, even when I accidentally
had 12% allocated, SR was still only allowing one restore point.

So I've now allocated 10% of disc space or 3700MB to see what happens. That
is an outrageously huge amount of space to allow, but I have to do it for
now.

I'll let you know. Thanks again!

Danno

On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and use the
built in Windows firewall... just to test if ZA is involved in any way
with
my dilemma.

Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work satisfactory then
go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a fantastic job
at its core mission and is really all you need if you have an 'real-time'
anti-virus program, [another firewall on your router or] other edge
protection like SeconfigXP and practise safe-hex.
The windows firewall deals with inbound protection and therefore does not
give you a false sense of security. Best of all, it doesn't implement lots
of nonsense like pretending that outbound traffic needs to be monitored.

Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs
and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater-it's a gimmick that only gives
the
impression of improving your security without doing anything that actually
does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownload/Seconfig-XP-Download-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139
and 445 (the most exploited Windows networking weak point) closed.)

Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection.

Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class
GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av scanner).
David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging and
oftentimes a collection of scanners is best. There isn't one software that
cleans and immunizes you against everything. That's why you need multiple
products to do the job i.e. overlap their coverage - one may catch what
another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/security/spyware/software/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which detects
changes to key areas of the system without having to know anything about
the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

Danno,
Prior flushing the System Restore cache download and execute David Lipman's
Multi-AV as suggested in my previous post.
After you completed the av scans with all 4 scanning tools in safe mode,
reboot, in normal mode flush System Restore cache and reboot again.
Good luck.

 

[Kayman]

Go to...
http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/

....and follow all the hype created by Sunbelt's *Marketing Department*.

Still use the free Windows XP firewall?
Unfortunately, this gives you a false sense of security. It only protects
incoming traffic. But outgoing traffic, with your credit card info, social
security number, bank accounts, passwords and other confidential
information is not protected. The WinXP firewall will let it all go out.
But... SPF will block that data if you buy the FULL version! You absolutely
need a better, commercial-grade firewall.

Then read in...
Windows Personal Firewall Analysis
http://www.matousec.com/projects/wi...ysis/leak-tests-results.php#firewalls-ratings

....a more realistic view which obviously was drafted by the head of
Sunbelt's *Operations Department*.

Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall

2007-08-07: Here is the response we have received from this vendor:

Sunbelt Software is committed to providing the strongest possible security
products to its customers, and we will be working to correct demonstrable
issues in the Sunbelt Personal Firewall. Users can expect these and other
continuing enhancements for the Sunbelt Personal Firewall in the near
future.

However, we have some reservations about personal firewall "leak testing"
in general. While we appreciate and support the unique value of independent
security testing, we are admittedly skeptical as to just how meaningful
these leak tests really are, especially as they reflect real-world
environments.

The key assumption of "leak testing" -- namely, that it is somehow useful
to measure the outbound protection provided by personal firewalls in cases
where malware has already executed on the test box -- strikes us as a
questionable basis on which to build a security assessment. Today's malware
is so malicious and cleverly designed that it is often safest to regard PCs
as so thoroughly compromised that nothing on the box can be trusted once
the malware executes. In short, "leak testing" starts after the game is
already lost, as the malware has already gotten past the inbound firewall
protection.

Moreover, "leak testing" is predicated on the further assumption that
personal firewalls should warn users about outbound connections even when
the involved code components are not demonstrably malicious or suspicious
(as is the case with the simulator programs used for "leak testing"). In
fact, this kind of program design risks pop-up fatigue in users,
effectively lowering the overall security of the system -- the reason
developers are increasingly shunning this design for security applications.

Finally, leak testing typically relies on simulator programs, the use of
which is widely discredited among respected anti-malware researchers -- and
for good reason. Simulators simply cannot approximate the actual behavior
of real malware in real world conditions. Furthermore, when simulators are
used for anti-malware testing, the testing process is almost unavoidably
tailored to fit the limitations of simulator instead of the complexity of
real world conditions. What gets lost is a sense for how the tested
products actually perform against live, kicking malware that exhibits
behavior too complex to be captured in narrowly designed simulators.

This (realistic) admission couldn't be more refreshing!

This is pretty eye-opening as well:

Firewall LeakTesting.
Excerpts:
Leo Laporte: "So the leaktest is kind of pointless."
Steve Gibson: "Well,yes,...
Leo: "So are you saying that there's no point in doing a leaktest anymore?"
Steve: "Well, it's why I have not taken the trouble to update mine, because
you..."
Leo: "You can't test enough".
Steve: "Well, yeah.
Leo: "Right. Very interesting stuff. I guess that - my sense is, if you
can't test for leaks, a software-based firewall is kind of essentially
worthless."

Read and/or listen to the entire conversation and be "educated"
http://www.grc.com/sn/SN-105.htm

Have a wonderful day, Vincent.

 

[Bill in Co.]

I opened those enormous SR restore point files and in one of them I found
190 .RDB files, each being 2.84Mb (all the same size).

And in the other huge SR file, I found 212 .RDB files and they were all
the
same size, also at 2.84 Mb each.

I've been searching on the net to find out what .RDB files are and to be
quite honest, I'm none the wiser.

Perhaps just for registry database (RDB) (wild guess)?
What are the extensions on the other (normal) ones? Are they similar?

Anyway, I assume this wasn't supposed to happen? I wonder if it will
happen
again, next time the system automatically creates a restore point. By
that
I mean, next time the system creates a restore point automatically and not
as a result of my causing it by downloading something... for example.

System Restore will normally create a checkpoint if you don't (and don't
install anything to force one), typically in 24 hours, or so. So if you
really want to know, just use your computer as normal, turn if off at night,
turn it back on the next day, use it, off again that night, and see if one
has been created by then.

Can anybody tell me what an .RDB file is and why System Restore included
them in those two huge restore point files... both on the same day? Just
as
an added point of interest, any defrag analysis I do always shows SR as
the
most fragmented files on my computer. Is this normal?

I believe I recall seeing something similar, so I expect that is within the
norm. Keep in mind it's around 60 MB, which uses a significant amount of
clusters and sectors, so it's not all that surprising.

In all fairness to ZoneAlarm, I now doubt ZoneAlarm has anything to do
with
this.

Dan

Hi Bill in Co.,

Yeah, those two huge SR files are ginormous. I'm really interested in
two
things here:

First, what in hell would cause SR to store files that big?

Either something bad happened during the creation of those restore points
(like some other task was running, that screwed it up, in process), OR
(and this I think is a long shot - it was that large because of some HUGE
amount of registry and file changes that were made since the previous
restore point, and it needed that amount of disk space (but I really
doubt
this possibility). Well, those are the two possible explanations that
come to mind for me, anyways.

Secondly, since I've found those files, would I be asking for trouble to
delete them manually? My guess is yes, so obviously I wouldn't do that
(even if I got the green light from experts. I'd just get rid of them
using
SR itself).

Do it that way (not manually). Your hunch is right - let System
Restore
remove them properly (like by the way I mentioned previously), and it
will
do the necessary housekeeping for System Restore and its bookmarking.
Don't do it manually.

It's more a case of just wanting to know if that would be OK,
or would that completely screw up the registry. I wouldn't be tempted
to
do
it... it's just that I'm on a learning curve here. Those files are
hidden
for a reason, and I'm guessing it's to keep monkeys like me from playing
with them.

As I said, I would NOT do it manually. Yes, there is a chance it could
work, but I sure wound NOT bank on it! (I think that could and
probably
would present problems for using the existing restore points that are
left)

But ultimately, I'd like to know what's in those files to make them so
big.

Outside of what I mentioned, I don't know. I suppose you could check
the date-time stamps of those two bogus system restore points, and then
search around on your hard drive for any suspicious file or folder
activity around those dates (like the date stamps on files or folders
that
had changed somewhere around those dates), to see if something suspicious
shows up. Kind of a long shot, however.

Dan

Those two *extremely large* (600+MB) system restore points sound
suspicious, just as you said. Why not clear them all out (by
temporarily turning off System Restore), and then turn System Resore
back
on again (and create a good one) to start afresh?

And 3% should be adequate space, and would be, with good restore points
(which are normally like 60 MB each - NOT 600+ MB).

Danno wrote:
Hi Gerry,

It's not really a matter of "how many restore points I'm keeping".
It's
more a case of my trying to keep more than just ONE restore point. At
this
moment, there are 4 restore points from yesterday, and that's it.
None
of
those were created automatically by the system. As I mentioned, the
event
viewer is not actually cataloging any " errors" about system restore,
but
here are two examples of reports (not tagged as an "error") that are
addressing what I'm experiencing:

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not
enough
disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will
automatically resume service once at least 200 MB of free disk space
is
available on the system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 108
Date: 5/22/2008
Time: 4:41:13 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has resumed monitoring due to space freed
on
the
system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

For now, I've disabled ZoneAlarm and have increased the allocated disc
space
for SR to the maximum. As I mentioned before, I would have hoped that
3%
or
1075 MB would have been plenty of space, but apparently not. Anyway,
if
the
problem is corrected, I'd think I've probably narrowed it down to
those
two
suspects. I'll consider the problem corrected if, two weeks from now,
I
can
still see an available restore point that was recorded yesterday.

At your suggestion, I found the folders that hold the 4 volumes of SR
points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb
and
567Mb. My lord, two of those are way too big. What could be the
reason
for
that? That would explain why 1075Mb isn't enough space to store very
many
SR points... if they're going to be that huge.

Thanks again for your interest.

Dan

Danno

How many restore points are you keeping? How large are individual
restore
points? You should not need an allocation so large!

Can you please post a copy of the Event Viewer Information Report you
refer to.

A tip for posting copies of Error Reports! Run Event Viewer and
double
click on the error you want to copy. In the window, which appears is
a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~


Danno wrote:
Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was
helpful, but a surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR
points,
specifically this:

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management,
double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate
the event description for any indication of the cause of the
problem.


I followed the advice and lo and behold, there were descriptions of
events that happened with SR. None of the events actually showed up
as "errors", but none-the-less they described that SR was
"suspending" and then "resuming" due to lack of space allocated and
then more space being re-allocated. I was convinced that 3% or
1076MB would be plenty of space, but apparently not. If I'm not
mistaken though, even when I accidentally had 12% allocated, SR was
still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what
happens. That is an outrageously huge amount of space to allow, but
I have to do it for now.

I'll let you know. Thanks again!

Danno

On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

<snip for brevity>

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and
use the built in Windows firewall... just to test if ZA is
involved
in any way with
my dilemma.


Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work
satisfactory then go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a
fantastic job at its core mission and is really all you need if you
have an 'real-time' anti-virus program, [another firewall on your
router or] other edge protection like SeconfigXP and practise
safe-hex. The windows firewall deals with inbound protection and
therefore
does not give you a false sense of security. Best of all, it
doesn't
implement lots of nonsense like pretending that outbound traffic
needs to be monitored. Activate and utilize the Win XP built-in
Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/ 06/VistaFirewall/default.aspx
"Outbound protection is security theater-it's a gimmick that only
gives the
impression of improving your security without doing anything that
actually does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownload/Seconfig-XP-Download-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as
transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
137-139 and 445 (the most exploited Windows networking weak point)
closed.) Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning
engine! Disable the e-mail scanning function during installation
(Custom Installation on some AV apps.) as it provides no additional
protection. Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast
Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in
class GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av
scanner). David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging
and oftentimes a collection of scanners is best. There isn't one
software that cleans and immunizes you against everything. That's
why you need multiple products to do the job i.e. overlap their
coverage - one may catch what another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/security/spyware/software/default.mspx
WD monitors the start-registry and hooks registers/files to prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which
detects changes to key areas of the system without having to know
anything about the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

 

[Danno]

Good question! The other two SR points which seem to be a normal size also
contain .RDB files. One of those normal
SR points contains a single .RDB file and the other normal SR point contains
3 .RDB files. All 4 of them are the same size at 2.84Mb each.... same size
as the 400 .RDB files in the two enormous folders.

I opened those enormous SR restore point files and in one of them I found
190 .RDB files, each being 2.84Mb (all the same size).

And in the other huge SR file, I found 212 .RDB files and they were all
the
same size, also at 2.84 Mb each.

I've been searching on the net to find out what .RDB files are and to be
quite honest, I'm none the wiser.

Perhaps just for registry database (RDB) (wild guess)?
What are the extensions on the other (normal) ones? Are they similar?

Anyway, I assume this wasn't supposed to happen? I wonder if it will
happen
again, next time the system automatically creates a restore point. By
that
I mean, next time the system creates a restore point automatically and
not
as a result of my causing it by downloading something... for example.

System Restore will normally create a checkpoint if you don't (and don't
install anything to force one), typically in 24 hours, or so. So if
you really want to know, just use your computer as normal, turn if off at
night, turn it back on the next day, use it, off again that night, and see
if one has been created by then.

Can anybody tell me what an .RDB file is and why System Restore included
them in those two huge restore point files... both on the same day? Just
as
an added point of interest, any defrag analysis I do always shows SR as
the
most fragmented files on my computer. Is this normal?

I believe I recall seeing something similar, so I expect that is within
the norm. Keep in mind it's around 60 MB, which uses a significant amount
of clusters and sectors, so it's not all that surprising.

In all fairness to ZoneAlarm, I now doubt ZoneAlarm has anything to do
with
this.

Dan

Danno wrote:
Hi Bill in Co.,

Yeah, those two huge SR files are ginormous. I'm really interested in
two
things here:

First, what in hell would cause SR to store files that big?

Either something bad happened during the creation of those restore
points
(like some other task was running, that screwed it up, in process), OR
(and this I think is a long shot - it was that large because of some
HUGE
amount of registry and file changes that were made since the previous
restore point, and it needed that amount of disk space (but I really
doubt
this possibility). Well, those are the two possible explanations that
come to mind for me, anyways.

Secondly, since I've found those files, would I be asking for trouble
to
delete them manually? My guess is yes, so obviously I wouldn't do that
(even if I got the green light from experts. I'd just get rid of them
using
SR itself).

Do it that way (not manually). Your hunch is right - let System
Restore
remove them properly (like by the way I mentioned previously), and it
will
do the necessary housekeeping for System Restore and its bookmarking.
Don't do it manually.

It's more a case of just wanting to know if that would be OK,
or would that completely screw up the registry. I wouldn't be tempted
to
do
it... it's just that I'm on a learning curve here. Those files are
hidden
for a reason, and I'm guessing it's to keep monkeys like me from
playing
with them.

As I said, I would NOT do it manually. Yes, there is a chance it could
work, but I sure wound NOT bank on it! (I think that could and
probably
would present problems for using the existing restore points that are
left)

But ultimately, I'd like to know what's in those files to make them so
big.

Outside of what I mentioned, I don't know. I suppose you could check
the date-time stamps of those two bogus system restore points, and then
search around on your hard drive for any suspicious file or folder
activity around those dates (like the date stamps on files or folders
that
had changed somewhere around those dates), to see if something
suspicious
shows up. Kind of a long shot, however.


Dan

Those two *extremely large* (600+MB) system restore points sound
suspicious, just as you said. Why not clear them all out (by
temporarily turning off System Restore), and then turn System Resore
back
on again (and create a good one) to start afresh?

And 3% should be adequate space, and would be, with good restore
points
(which are normally like 60 MB each - NOT 600+ MB).

Danno wrote:
Hi Gerry,

It's not really a matter of "how many restore points I'm keeping".
It's
more a case of my trying to keep more than just ONE restore point.
At
this
moment, there are 4 restore points from yesterday, and that's it.
None
of
those were created automatically by the system. As I mentioned, the
event
viewer is not actually cataloging any " errors" about system restore,
but
here are two examples of reports (not tagged as an "error") that are
addressing what I'm experiencing:

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not
enough
disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore
will
automatically resume service once at least 200 MB of free disk space
is
available on the system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 108
Date: 5/22/2008
Time: 4:41:13 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has resumed monitoring due to space freed
on
the
system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

For now, I've disabled ZoneAlarm and have increased the allocated
disc
space
for SR to the maximum. As I mentioned before, I would have hoped that
3%
or
1075 MB would have been plenty of space, but apparently not. Anyway,
if
the
problem is corrected, I'd think I've probably narrowed it down to
those
two
suspects. I'll consider the problem corrected if, two weeks from
now,
I
can
still see an available restore point that was recorded yesterday.

At your suggestion, I found the folders that hold the 4 volumes of SR
points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb
and
567Mb. My lord, two of those are way too big. What could be the
reason
for
that? That would explain why 1075Mb isn't enough space to store very
many
SR points... if they're going to be that huge.

Thanks again for your interest.

Dan

Danno

How many restore points are you keeping? How large are individual
restore
points? You should not need an allocation so large!

Can you please post a copy of the Event Viewer Information Report
you
refer to.

A tip for posting copies of Error Reports! Run Event Viewer and
double
click on the error you want to copy. In the window, which appears is
a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body
of
the message. Make sure this is the first paste after exiting from
Event Viewer.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~


Danno wrote:
Thanks Kayman,

Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was
helpful, but a surprise to me at the result.

On Kelly's Korner, I found the category discussing missing SR
points,
specifically this:

- Check the event logs to investigate System Restore service
errors:

1. Click Start, click Control Panel, and then click "Performance
and
Maintenance".
2. Click Administrative Tools, click Computer Management,
double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate
the event description for any indication of the cause of the
problem.


I followed the advice and lo and behold, there were descriptions of
events that happened with SR. None of the events actually showed
up
as "errors", but none-the-less they described that SR was
"suspending" and then "resuming" due to lack of space allocated and
then more space being re-allocated. I was convinced that 3% or
1076MB would be plenty of space, but apparently not. If I'm not
mistaken though, even when I accidentally had 12% allocated, SR was
still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what
happens. That is an outrageously huge amount of space to allow,
but
I have to do it for now.

I'll let you know. Thanks again!

Danno

On Sat, 24 May 2008 01:23:55 GMT, Danno wrote:

<snip for brevity>

Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and
use the built in Windows firewall... just to test if ZA is
involved
in any way with
my dilemma.


Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work
satisfactory then go to:
http://zonealarm.donhoover.net/uninstall.html

Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance

Consider the following:
For the average homeuser, the Windows Firewall in XP does a
fantastic job at its core mission and is really all you need if
you
have an 'real-time' anti-virus program, [another firewall on your
router or] other edge protection like SeconfigXP and practise
safe-hex. The windows firewall deals with inbound protection and
therefore
does not give you a false sense of security. Best of all, it
doesn't
implement lots of nonsense like pretending that outbound traffic
needs to be monitored. Activate and utilize the Win XP built-in
Firewall; Uncheck *all*
Programs and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/ 06/VistaFirewall/default.aspx
"Outbound protection is security theater-it's a gimmick that only
gives the
impression of improving your security without doing anything that
actually does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownload/Seconfig-XP-Download-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as
transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
137-139 and 445 (the most exploited Windows networking weak point)
closed.) Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning
engine! Disable the e-mail scanning function during installation
(Custom Installation on some AV apps.) as it provides no
additional
protection. Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast
Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in
class GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm

On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av
scanner). David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be
wide-ranging
and oftentimes a collection of scanners is best. There isn't one
software that cleans and immunizes you against everything. That's
why you need multiple products to do the job i.e. overlap their
coverage - one may catch what another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/security/spyware/software/default.mspx
WD monitors the start-registry and hooks registers/files to
prevent
spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which
detects changes to key areas of the system without having to know
anything about the actual threat."

This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm

And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Good luck

 

[Daave]

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not
enough disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will
automatically resume service once at least 200 MB of free disk space
is available on the system drive.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Something's not adding up!

In another post, you said you had 25 GB of free space on your hard
drive! So why does System Restore think you have less than 1 GB?!

Also, have a look at this page:

http://bertk.mvps.org/html/drivedisable.html

How many available drives do you have? (Look in the System Restore tab
of System Properties.) Gerry asked earlier if there was another drive
you were using SR (inadvertently) on. Let's be clear on that issue!

If nothing else works, perhaps you should reinstall System Restore:

http://bertk.mvps.org/html/reinstall.html

 

[Danno]

Hey Daave.... good points.

I do indeed have a 40 gig hard drive (the internal C: drive). That main
internal hard disk has 15 gigs used up leaving 25 gigs of free space. The
only external device I'd call a "drive" is an external DVD Burner which is
recognized as the F: drive. I also have an internal D: drive, which is a
CDROM device (empty most of the time), and an internal E: drive which is a
CD burning device. The only external item is the F:drive, and it basically
does nothing until I utilize it to make a backup of something. I checked
the System Restore tab, and the only drive being monitored by SR is drive C:

When the SRService report came up, I assumed it was complaining that not
enough "allocated space" was available... space "allocated for SR storage".
I don't think it was referring to the overall available space on the hard
drive. Anyway, I'm gonna hit the ole phart sack for tonight, and over the
next few days we'll see if more restore points are created, now that I've
allocated a full 12% of the total disk space to System Restore.

The biggest mystery to me still is.... why are there so many .RDB files
appearing on those two huge SR folders, and what are .RDB files? I assume
that as the space allocated to SR gets filled to the brim, SR will
eventually start dropping off the earliest restore points... eventually
deleting these huge ones. It will be interesting to see if any more of
these gigantic SR folders get created in the next few days. I'll keep you
all informed, and I really appreciate the honest efforts of all of you in
getting to the bottom of this with me.

Have a great night!

Dan

 

[Kayman]

On Sun, 25 May 2008 06:07:38 GMT, Danno wrote:

...It will be interesting to see if any more of these gigantic
SR folders get created in the next few days.

You will Danno, you will! You really should be educating yourself about ZA
and other 3rd party (so-called) firewalll applications.

 

[Danno]

That was a wee bit too condescending for my liking.

"Educating myself" is exactly what I'm doing with this long drawn out,
patient exercise.

If I had a thousand years to live, I still wouldn't have enough time to
"educate myself" about all the things that could go wrong with a computer.
Especially problems caused by software I paid hard earned money for. I
declare my innocence, not my ignorance.

 

[Danno]

Good morning!

This morning there were no new SR points, although I shouldn't necessarily
expect one. So I've created a new SR point and have turned off SR, and
re-started it. So now there is only the one new SR point. ZoneAlarm is
still turned off and will remain turned off for at least two weeks. I have
AVG on my computer but have kept it inactive while ZoneAlarm was active. I
can't see any harm in using AVG for the next two weeks (and probably
beyond).

For you fine folks who have so kindly contributed your thoughts in this
thread, it might be several days before I have the evidence I need that
things are back to normal. Or maybe they won't be back to normal and I
might have to resort to further measures like re-installing System Restore
as detailed by Daave.

But out of respect for your help, I'll keep posting here (for those who are
still interested), as time goes by. We're still in the investigatory stage
here. If Zone Alarm is truly the culprit, I'd like to be able to provide
the evidence so others won't have to deal with this.

Thanks very much for your determination and interest. I'm very impressed
with you guys.

Dan

That was a wee bit too condescending for my liking.

"Educating myself" is exactly what I'm doing with this long drawn out,
patient exercise.

If I had a thousand years to live, I still wouldn't have enough time to
"educate myself" about all the things that could go wrong with a computer.
Especially problems caused by software I paid hard earned money for. I
declare my innocence, not my ignorance.

 

[Vincent]

<snipped childish over-emotive and misinformed rant>

<snipped make believe security expert drivel>

If you think that my post was meant as a ringing endorsement of third
party firewalls and their marketing hype you misunderstood what I said.
I think that 75% or more of the third party firewalls out there are
nothing more than junk being marketed and sold with rather dubious
claims. If you think that my post was meant to say that the Windows
firewall isn't a good firewall you also misunderstood my view of the
Windows firewall, the Windows firewall does what it was designed to do
very well. Third party software vendors who make claims that the
Windows firewall is insecure are engaging in deceptive marketing, I do
not dispute this and I agree with you that these companies are engaging
in shoddy practices.

On the other hand, would you fail and discredit all anti-virus programs
because viruses or other malware foiled them? Why not? Anti-virus
software programs are foiled and fail every day of the week, why do you
not froth at the mouth and tell users to stop using these programs?

No one ever said that firewalls cannot be foiled, that is not the point,
nothing is fail proof and that includes Microsoft products! What you
and others fail to understand is that outbound filtering can foil "some"
malware and as such it can alert users of potential problems, a firewall
that monitors outbound traffic can be another tool in the fight against
pests, get off your high horse with your claims that firewalls can be
foiled, we all know that and no one disputes this, your argument is
nothing but a red herring! Door locks don't stop all home intrusions,
yet few homeowners would do without them! If you say that firewalls are
0% effective at outbound monitoring you are wrong and you are no
security expert! If you say that egress traffic is a non issue you
truly lack in basic security concepts!

But, as I said earlier, that is not the point, the point is that
customers have asked Microsoft for a method, via the firewall or by
other means, of detecting and controlling egress traffic be it malware
related or not. Not all customers want all of their applications to be
allowed to send data outside, some customers want to control outbound
traffic, they want to know what is sending data outside and that is not
an outrageous demand! It is none of yours, or Microsoft's business to
be telling customers that they don't need to monitor or control egress
traffic, be it malware related or not! If Microsoft doesn't want to
supply such a tool that is fine, customers will look to others for
solutions, stop berating customers just because they make a simple
request for a useful tool to help them with their computing needs!

You or Microsoft and others who rant about firewall hypes have not
supplied any easy useful solutions to the egress filtering request.
Instead, anytime that a Microsoft customer has asked for a way to
control egress traffic what you and Microsoft have done is automatically
froth at the mouth and engage in a tirade about third party firewalls
and the fact that they are not 100% fail safe! No one disputes this and
no one has asked or insisted for a 100% fail proof solution, if they did
they wouldn't run any Microsoft products because not a single Microsoft
product has a 100% mark! Some customers want to control egress traffic
for reasons that are completely unrelated to malware, they have a need
for egress traffic control, what business of yours is it to tell them
that they shouldn't be concerned with egress traffic?

Customers have made a simple request, it isn't for you or Microsoft to
dictate to customers what they should or should not want to do with
their computers. If you cannot supply any useful solutions to that
simple demand STFU and stop telling customers what they should want or
not want. I repeat once again, anyone who claims that people should not
concern themselves with egress traffic and that it should be allowed to
go on unchecked is no security expert!

Vincent

 

[Kayman]

That was a wee bit too condescending for my liking.

"Educating myself" is exactly what I'm doing with this long drawn out,
patient exercise.

If I had a thousand years to live, I still wouldn't have enough time to
"educate myself" about all the things that could go wrong with a computer.
Especially problems caused by software I paid hard earned money for. I
declare my innocence, not my ignorance.

Wasn't meant to be! But since you object to 'educate' maybe 'fine-tune' or
'improve' would've been a more suitable choice of word(s); Sorry for
hurting your feelings. And I declare my inability reading (any) posters
emotional stance.

BTW,
A: Because it messes up the order in which people normally read text.
Q: Why is it such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?

 

[Daave]

Good morning!

This morning there were no new SR points, although I shouldn't
necessarily expect one. So I've created a new SR point and have
turned off SR, and re-started it. So now there is only the one new SR
point. ZoneAlarm is still turned off and will remain turned off for
at least two weeks. I have AVG on my computer but have kept it
inactive while ZoneAlarm was active. I can't see any harm in using
AVG for the next two weeks (and probably beyond).

For you fine folks who have so kindly contributed your thoughts in
this thread, it might be several days before I have the evidence I
need that things are back to normal. Or maybe they won't be back to
normal and I might have to resort to further measures like
re-installing System Restore as detailed by Daave.

But out of respect for your help, I'll keep posting here (for those
who are still interested), as time goes by. We're still in the
investigatory stage here. If Zone Alarm is truly the culprit, I'd
like to be able to provide the evidence so others won't have to deal
with this.

Thanks for your efforts, too, Danno. We look forward to a definitive
cause for future reference!

 

[Gerry]

People who forever want to debate the merits of top v bottom posting!


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[bojimbo26one]

Putting my oar in <G> - why not use the ERUNT system ; I use it all
the time and have turned SR off .

That was a wee bit too condescending for my liking.

"Educating myself" is exactly what I'm doing with this long drawn out,
patient exercise.

If I had a thousand years to live, I still wouldn't have enough time to
"educate myself" about all the things that could go wrong with a computer.
Especially problems caused by software I paid hard earned money for. I
declare my innocence, not my ignorance.

 

[Bill in Co.]

ERUNT and System Restore each (or both) have their own place. Using the
right tool for the right job is the key here.

 

[Bill in Co.]

Or OldTurkey forever saying "what does this have to do with WindowsXP? Do
you see that in the title? It doesn't belong here." LOL.

 

[Unknown]

Why use ERUNT a non Microsoft program when system restore does the job??????

Putting my oar in <G> - why not use the ERUNT system ; I use it all
the time and have turned SR off .

 

[Danno]

When I die, I want to go peacefully in my sleep like my grandfather did.
Not burning and screaming like his passengers.

 

[Kayman]

On Sun, 25 May 2008 10:52:07 -0300, Vincent wrote:

<snipped make believe security expert drivel>

I feel honored... but I am not a security expert and never claimed to be
one, though I think of myself as reasonable 'informed'.

If you think that my post was meant as a ringing endorsement of third
party firewalls and their marketing hype you misunderstood what I said.

You're quite right, I haven't read you response very thoroughly - mea
culpa. Nevertheless, I trust you enjoyed reading the quoted text.

I think that 75% or more of the third party firewalls out there are
nothing more than junk being marketed and sold with rather dubious
claims.

Given the old adage that 75% of quoted statistics are made up on the spot,
I dare to say that the 75% is a conservative estimate.

If you think that my post was meant to say that the Windows
firewall isn't a good firewall you also misunderstood my view of the
Windows firewall, the Windows firewall does what it was designed to do
very well.

It does it even better when closing a variety of ports etc.

Third party software vendors who make claims that the
Windows firewall is insecure are engaging in deceptive marketing, I do
not dispute this and I agree with you that these companies are engaging
in shoddy practices.

Yes, user don't realize that 3rd party firewalls are rendered virtually
useless after the introduction of the NT system (to the disgust of the
makers of these 'Phony-Baloney Ware' aka 'Illusion Ware'). Which btw also
applies to (so-called) Registry Cleaners (yuck).

On the other hand, would you fail and discredit all anti-virus programs
because viruses or other malware foiled them? Why not? Anti-virus
software programs are foiled and fail every day of the week,

It happens mostly when the (quality) software isn't updated to its most
current definitions/signatures.

why do you not froth at the mouth and tell users to stop using these
programs?

Hold your horses and don't jump to conclusions which appears to be your
preferred way communicating. I wouldn't discredit AV apps entirely, they
have their place and are not as deceptive as the makers of 3rd party
software fw's. But (after removing the [beer] froth from my mouth) I have
indeed communicated on numerous occasions to this and other groups that one
can safely operate without AV app (so much for your research). As usual, I
provided pertinent links (authored by *experts*) in relation to this
subject and effective alternatives; This kind of advice is expectedly not
very well received; It is perceived as too 'outlandish' by the
inexperienced user, which is quite understandable (even users much more
experienced than I am have their reservations to do without AV app). Heck,
you just have to look at responses when suggesting that 3rd party fw apps
are of no beneficial use and are incapable of functioning usefully.... It
boils down that *Marketing* does a great job and is very effective! The
user gets blinded by all the hype! Unfortunately, not many are interested
reading publications/websites opposing what marketers instill to the
public.

No one ever said that firewalls cannot be foiled, that is not the point,
nothing is fail proof and that includes Microsoft products!

We're living in an imperfect world...say no more.

What you
and others fail to understand is that outbound filtering can foil "some"
malware and as such it can alert users of potential problems, a firewall
that monitors outbound traffic can be another tool in the fight against
pests, get off your high horse with your claims that firewalls can be
foiled, we all know that and no one disputes this,...

Who is *we*? And which company product/company you are representing?

...your argument is nothing but a red herring!

What is that supposed to mean?
(Stepping down from my high horse). I understand pretty well how things
work without claiming to be an expert knowing the innards of an OS. (Common
sense plays a significant part which unfortunately is not so common
anymore, so it seems,) oh well.

Door locks don't stop all home intrusions,yet few homeowners would do
without them!

Closing ports is *impressively* more effective than you think.

If you say that firewalls are 0% effective at outbound monitoring you are
wrong...

Don't put *your* words in my mouth, I've never claimed this, re-read my
post, carefully! But be that as it may, who cares, the game is lost anyway
[PERIOD]

...and you are no security expert!

Never claimed to be one, never stated such! (You repeated baseless
assertions are boring!)

If you say that egress traffic is a non issue you truly lack in basic
security concepts!

Now, getting back on my high horse; My security concept *is* working, I
know so because I do as I say! And how would you know what security concept
I have in place anyway?

But, as I said earlier, that is not the point, the point is that
customers have asked Microsoft for a method, via the firewall or by
other means, of detecting and controlling egress traffic be it malware
related or not. Not all customers want all of their applications to be
allowed to send data outside,...

There is nothing wrong for *trusted* applications sending data outside. Why
would anybody in his right mind download/install a 'chancy' application?
How would the user know if the apps is risky? Education! But suggesting
this raises resentment (you don't have to look far in this thread).

some customers want to control outbound traffic, they want to know what
is sending data outside and that is not an outrageous demand!

I don't speak for MSFT. You and other readers have the choice to ignore my
suggestions. Some will others won't, c'est la vie. So save your energy
Vincent...'nuff said.

It is none of yours, or Microsoft's business to
be telling customers that they don't need to monitor or control egress
traffic, be it malware related or not!

See above comment. Nobody is telling anything to anybody. You appear to
have a challenging comprehension issue on your hands coupled with
disturbing opinionated tendencies.

If Microsoft doesn't want to supply such a tool that is fine, customers
will look to others for solutions,

Wouldn't expect anything different in a free and open society!

stop berating customers just because they make a simple
request for a useful tool to help them with their computing needs!

I couldn't give a flying fart how *you* or anybody else for that matter
perceive my posts. This is usenet, get it?

You or Microsoft and others who rant about firewall hypes have not
supplied any easy useful solutions to the egress filtering request.
Instead, anytime that a Microsoft customer has asked for a way to
control egress traffic what you and Microsoft have done is automatically
froth at the mouth and engage in a tirade about third party firewalls
and the fact that they are not 100% fail safe! No one disputes this and
no one has asked or insisted for a 100% fail proof solution, if they did
they wouldn't run any Microsoft products because not a single Microsoft
product has a 100% mark! Some customers want to control egress traffic
for reasons that are completely unrelated to malware, they have a need
for egress traffic control, what business of yours is it to tell them
that they shouldn't be concerned with egress traffic?

Customers have made a simple request, it isn't for you or Microsoft to
dictate to customers what they should or should not want to do with
their computers. If you cannot supply any useful solutions to that
simple demand STFU and stop telling customers what they should want or
not want. I repeat once again, anyone who claims that people should not
concern themselves with egress traffic and that it should be allowed to
go on unchecked is no security expert!

You're repeating yourself... you're not ranting, are you?

Have a great day