I started thinking today about a couple of things said to me in the past that for some reason hit home. The first I remembered was back when we were testing the original Avira Suite and we talked about how well it went with other applications. I think it was smustaca who said," Why dont you just use the suite."
Nah, that was unthinkable.

The other day, my good friend Jerry M was telling me that he is still using the Kaspersky suite with the good old Systweak key. He said he would not trade version .125 for the world. I then starting thinking of all the software I have either bought, trialed, beta-tested over the last 2 years. I could not even think of every application that was added to protect, what another application might let through, that another piece of software might not handle.

I realized this is crazy, actually borderline obsessive. I have been trying to find 100 percent protection by adding and changing applications and two things struck me like lightning. One, I come here to find products to accomplish this, but yet I know from all here it cant be done. And two, when was the last time I turned my computer on to find a man with a gun, pointed at my face from the screen.

Yes, disasters can happen, like what happened to Larry, but, I really think with just a good suite, the chances equate out to about what having lightning strike you are. It doesnt matter if it is Panda, Kaspersky, Norton, Avira, Eset or the rest, but at some point you just have to trust in what you have and not drown in what you continue to add.

So True, I browse the forums and see the latest and greatest
must have innovations in software discussed at length, you
know the kind designed to fill that "gap" in your protection,
and I find myself trialing it for a few days, a week, some a
month and than asking myself do I really need this and so
far the answer has been no although I am downloading
SafeSpace as I am typing this....

Wake

That is so true trjam. I have come to the same conclusion.

-{ Quote: "I really think with just a good suite, the chances equate out to about what having lightning strike you are." }-
I partially agree. A suite (or just the AV component), a reasonably up-to-date software base and a bit of brain.exe will keep you malware-free most of time. It's incredible that, despite having all odds against them, AVs manage to give "decent" protection to most people. However, there are people who are magnets to malware, no matter the security software used.
-{ Quote: "I could not even think of every application that was added to protect, what another application might let through, that another piece of software might not handle." }-
That's the problem of people who try to apply the "layered approach". They think that the layered approach means piling up software to close the holes which might even not exist. I will put an example of how a "rational" layered security setup works with minimal resource consumption, zero conflicts/issues and with few (if any) security software:
- Backups (system images and data backup safely stored)
- LUA + SRP + SuRun (for convenience purposes)
- Hardware-DEP for all applications.
- Up-to-date Windows installation.
- Up-to-date third-party apps (Adobe, Quick Time, Java, Office suite, media players, archive utility, etc)
- Firefox + Adblock Plus + NoScript (all up-to-date) and Thunderbird + Allow HTML Temp (up-to-date) + server-side checking of mails (MailWasher, POP Peeper, etc) + good mail provider (removing of spam, executables and viruses)
- Prevx CSI + good AV + ISR solution (Returnil, Deep Freeze, etc)
- Common sense/brain.exe/safe computing (which things you should/shouldn't click, which sites you should/shouldn't visit, which things you should/shouldn't download/run/execute).

Questions:
- How many layers of security are there in my example? There are EIGHT layers of security :o
- How many security software did I use in my example? There are THREE (Prevx CSI + good AV + ISR solution) security apps and they're all disposables :o
Do you see what I mean?

Now, I'll put this security setup to work.
Browse mostly trusted sites. Trusted sites are hacked on a daily basis, but the chance of getting an infection on a trusted site is far far lower than if you visit crack and porn sites (disclaimer: I do visit porn sites). Don't be fooled by ads telling that you're infected or prompts to install "missing codecs" or "software updates". Also, only download trustworthy software from trustworthy sites and do all the checks you deem necessary (scanning with AV/Virustotal/online sandbox, checking hashes/digital signatures, reading EULAs, etc). Handle mail attachments with care (specially those from trusted sources, because it's common to lower the guard when you receive something from trusted peers) and don't follow links in mails. Only pay attention to mails you requested and delete the rest.
The above measures (safe computing/brain.exe) will keep you far away from even encountering malware.
Now, what would happen if I visit a hacked trusted site?
First, it will need MY permission to run scripts. Suspicious IFRAMES and abnormally-long/nonsense scripts will surely raise my doubts.
Second, most exploits attempt to use a vulnerability in browser plug-ins, so if a site wants me to run Quick Time and it never did this before that's another suspicious thing.
Now, suppose that I give that hacked site permission to execute scripts and call QT.
Third, it needs to exploit an unpatched vulnerability. That's highly unlikely because I keep all my software up-to-date.
Fourth, if it manages to exploit an unpatched vulnerability because I forgot to patch or the vulnerability is exploited before a patch is released, there's a high chance that DEP will kill the exploit attempt if it's a bufer overflow.
Fifth, if DEP doesn't kill the exploit (because it's not a buffer overflow or something else) it will need to bypass LUA + SRP, which is very very very unlikely (excepting privilege scalation vulnerabilities) because the writable folder in LUA (%USER%) doesn't have execution permissions (SRP).
Sixth, if it manages to bypass LUA + SRP (and the AV), then I'm infected. Not a big deal, a reboot with my ISR and I'm clean again.
Seventh, if it's a Robodog-type malware (bypasses ISRs), it will survive the reboot. Not big deal, I have backups of my data and system images. A system restore can de done in under 15 minutes and I'm back in business.

Conclusion: I have LOTS of security layers but I use few (if any) security software.
I know that this approach is not for everyone, but you can take a bit from here and there and build a setup which will deal with almost all malware and facilitate an easy/fast/pain-free/fear-free recovery.

-{ Quote: "I find myself trialing it for a few days, a week, some a
month and than asking myself do I really need this and so
far the answer has been no although I am downloading
SafeSpace as I am typing this....
Wake" }-

Hi Wake2, this is what I would call "Security Testing Software addiction" I understand what you mean I suffer from the same disease.;D :)

Right using only EQSequre, DefenseWall and Avira free

Yep I've come to the same conclusion by going through the same process. Now it is just NoScript, Sandboxie, Antivir Premium and some commonsense. (Though I'm trialing Mamutu from the GOTD promotion).

After several decades of over useing security apps last year I decided to quit being the paranoid computer use I was acting like. Slimmed down the security and amazing as it sounds I still have not become infected. All of those years and dollars wasted on software. I like the way my comp. runs now, it really flies without the best part of a dozen security apps running;D It took a while but finally learned:thumb:

bigc

-{ Quote: "All of those years and dollars wasted on software." }-

Luckily for me, I got either free software or free after rebate and I still haven't been infected in a major fashion. :D :thumb:

bigc, what did you settle on. Seems you have bounced a little in the last few months on the AV.;) :)

It is an addiction though. Hell, I have already loaded SafeSpace back on since posting this thread. Is there a pill for this.

-{ Quote: "...(Though I'm trialing Mamutu from the GOTD promotion)." }-

I can identify with this (I'm also trialing Mautut from GOTD offer). This is part of the problem, there's always something new, free, interesting, etc. to try. It never seems to end (even when I say I'm done and sticking with what I have, I end up trying more software).

I understand Lucas,your approach is not for everyone,at least not for me.

I keep it simple software wise and let reign brain.exe as a major component to my setup,its basically transparant,behind a natrouter config. to my wishes,then Sandboxie and Returnil as a virt. protection,Boclean for the RAM and that's it.

Will never forget that i owe respect to the guys at Leappfrog and Storagecraft for their very usefull stuff,using it daily.

Ditched all the resident stuff and once in a while scan my system with SAS and CureIt. For downloaded files Virus Total is my next station.

My system and internet are flying and also equally surprised that all that resident stuff bogged my system so heavily in the past.

-{ Quote: "I realized this is crazy, actually borderline obsessive." }-
Isn't all of this as simple as "all things in moderation"? Some of us have managed to put down one addictive behavior or another, only to watch ourselves pick up a new one. Fortunately, security software addiction is not damaging to the spirit and the body like some of the other joneses are... but it does deserve much of the same respect as a behavior capable of spinning out of control. There is lots to be fascinated and captivated by here, so it should come as no surprise that some of us are seduced by security software. And the way I see it, there is just enough truth and validity to the dark side to keep a goodly number of us jumping around trying to protect ourselves from the perceived danger. I'm glad you started this topic. I feel like I've attended a meeting now.

@trjam so very true and good post.I came to the point I had to tell my self enough is enough and settle its all fun for a while to try this try that add this to that etc but after a while it gets old but at the same time a great experience with products and fun for a while anyways.

If you like to test software (new concepts, betas, new releases, competition offerings), do it on a VM/spare machine. If you're testing software because you want to fill a gap in your security or your unsure of your current security setup, that's bad.
Once you understand what malware can/can't do and how it lands on your PC (http://wiki.castlecops.com/Understanding_Computer_Infections), choosing a security setup should be pretty straight-forward.

I do use a test machine because I enjoy trying new
software, but sitting between me and the security
software that I do use is me, and common sense,
not to mention my wife, and a budget.

Frankly I pretty much follow the rule of keeping it
simple, but can't seem to help myself when some
new intriguing software comes out and than I just
have to try it.

Wake

I like software security in "threes", with the emphasis on "lightweight". My most recent settled on: Sandboxie for surfing in, Jetico 2 firewall (with, admittedly, a bit of a built-in HIPS) and Nod32 for on-demand only, except for real-time email scanning. The router I don't really count because it's hardware. I've never liked all-out lua/srp/limited accounts, but I do have my XP Pro hardened with some considerable restrictions placed on key system directories and other folders. Of course everything's up to date and Acronis TI used for backups. For sure, too much is too constrictive,though we all have our preferences and comfort levels.

There was mention about software testing addiction. I have that disease too.

BTW, I'd sure like to see Easter comment in this thread ;D

Agreed wholeheartily.

As both a former security forum Moderator and HijackThis Specialist, it didn't take long before afflicted users panic rubbed off on me too :o

Trouble then was there were no HIPS, sandboxie was very new, and about everything we used to help users amounted to homemade fixes with batch files, scripts, you name it. Oh yeah, we could suggest AVG or A2Squared and a few others and remind users to stay updated, but that didn't stop malware from once again penetrating thru, either deliberately targeting the security apps themselves or the user pulling a blooper by installing something malicious or even clicking on a coolwebsearch link, remember them?

When i finally got my reprieve from those duties as a malware fixer or whatever, to exercise my own surfing rights on the web, i started loading up with everything i could possibly download, trial, then purchase. The rest i left up to chance but as time went along and i found these new innovations popping up at Wilder's here, i was right back at it again, piling on the layers against potential attacks from the unknown as well as running headlong into local researching all the viruses and malware i could lay my pointer on :doubt:

It's still easy though to grow complacent just as it is to go on overkill too with way too many security apps. Striking that perfect medium can become a balancing act with so many more choices we have now, and i admit, i too suffer from the addiction of trying out everything new.

Speaking of addiction......I have my computer pretty much where I want it with Sandboxie, either DeepFreeze or FDISR (I change occasionally), and Faronics AE.

Today, not many minutes ago, I was downloading SafeSpace, and caught myself asking Why? I'd finally gotten the beast set up to where it runs good, with no slowdown, and I'm downloading something else.

I canceled the download. How about That!! I resisted temptation, all on my own.

Somebody needs to start a thing called Computer Anonymous and develop a step program to help computer addicts.

Hi

Just passed 3 years since I joined here and like trjam, I can't remember all the security software and utilities that I've tried.

In those 3 years, to my knowledge, nothing has infected my computer.

I've just reread my first ever post here and this is what I had in 2005


Spybot
Ad-aware
Ewido(on -demand free version)
Spyware Blaster and Guard
Bit Defender(on demand free version)
Zone Alarm Security Suite (full paid version)
Firefox browser

Have also trialled TDS-3 and Trojan Hunter

I somehow suspect that I had I kept that set-up all the way to today, I still would not have had any problems.

Have I wasted my time ? No, because I have learnt a lot.

Have I wasted any money ? Probably, yes.

The circle is now complete. No security whatsover on XP. It doesn't connect to the web anymore.

All browsing now will be done through Linux.

Sad times really. No more testing this that and the other.

Can I keep it up ? Probably not ;D ;D

Maybe i am different to many in such a way that in place of adding i like the whole idea to get me security setup as smal as possible without compromising it. I have a strange pleasure in trimming my setup to its bare essentials,making it as light and transparant as possible.But then you have to know your stuff very well and also something about your own inclinations and paranoia.

Oh well, better overkill than sorry right?

No, its all about finding a delicate balance.

I suppose that for many the real dangers are reside in their own minds ! ;)

I've been running without AV, with Windows Firewall and no router for 2½ years. I just checked my system for virues with ESET's online scanner... guess what? No threats detected whatsoever.

That only proves that common sense is enough for security.

The problem with a layered approach, is that like food is an incredibly good thing for you being obsessive about it is not.

Everything must be done intelligently, from exercise to eating, right down to how you setup your security...

-{ Quote: "I've been running without AV, with Windows Firewall and no router for 2½ years. I just checked my system for virues with ESET's online scanner... guess what? No threats detected whatsoever.

That only proves that common sense is enough for security." }-

So you basically running without additional protection Hmmm. ???

Sure common sense is needed most, but sometimes we make mistakes on behalf of common sense. I like a minimal setup myself but its always a comfortable thought that something is protecting my back.

-{ Quote: "I've been running without AV, with Windows Firewall and no router for 2½ years. I just checked my system for virues with ESET's online scanner... guess what? No threats detected whatsoever.

That only proves that common sense is enough for security." }-

Have you ever tried doing a thourough root kit scan? do you know how to identify a bot?
Those online scans cant do that either...

I have machines with no security software and they're clean.

-{ Quote: "I have machines with no security software and they're clean." }-

All the power to you :D

-{ Quote: "Have you ever tried doing a thourough root kit scan? do you know how to identify a bot?
Those online scans cant do that either..." }-

It amased me that some teenage boys recently busted here in Holland were in reality '' Administrators '' of a worldwide Botnet with more then 100.000 infected computers,and sure nobody of their victums were aware of they acting like a zombie.

-{ Quote: "It amased me that some teenage boys recently busted here in Holland were in reality '' Administrators '' of a worldwide Botnet with more then 100.000 infected computers,and sure nobody of their victums were aware of they acting like a zomby." }-

Mass arrogance is a reality one can not disregard with impunity!

-{ Quote: "All the power to you :D" }-
LOL ;D I'm being serious. I can run all the scanners available, rootkit scanners, LiveCD, packet sniffer and they're all say clean. The first layer of security (safe computing) is often enough to say clean.

-{ Quote: "LOL ;D I'm being serious. I can run all the scanners available, rootkit scanners, LiveCD, packet sniffer and they're all say clean. The first layer of security (safe computing) is often enough to say clean." }-

But hi Lucas, Safe computing is anybody's definition,can you explain in more detail what you mean by that ?

-{ Quote: "But hi Lucas, Safe computing is anybody's definition,can you explain in more detail what you mean by that ?" }-

For me safe computing is:
Not to open attachments in my thunderbird. Dont let javascripts to run on every page I visit (FF and noscript extension), just the few that actually needs them to show the content, and there are not many of them. If I would do cracks I would run them in sandboxie. Those simple rules had kept me from malware for, I dont remember how many years now. At least thats what all the on demand scanners have told me through the years.

Right, Safe Computing start in your head,all other things are secundary.

But its my perception that many people think different,let it be,we live in a free world,i am only responsible for my own stuff.

-{ Quote: "For me safe computing is:
Not to open attachments in my thunderbird. Dont let javascripts to run on every page I visit (FF and noscript extension), just the few that actually needs them to show the content, and there are not many of them. If I would do cracks I would run them in sandboxie. Those simple rules had kept me from malware for, I dont remember how many years now. At least thats what all the on demand scanners have told me through the years." }-

See, this is what I'm talking about intelligent layers of security... You did approach each vectors with smarts by using the appropriate counter measure... :thumb: It obviously works!

-{ Quote: "But hi Lucas, Safe computing is anybody's definition,can you explain in more detail what you mean by that ?" }-
As sukarof said, safe computing means:
- Having all your software up-to-date.
- Know which sites should/shouldn't be visited. Trusted sites are hacked on a daily basis, but the likelihood of being infected is far far higher if you visit porn/crack/warez/"free" screensavers/skins sites.
- Control the content that a site is allowed to execute (NoScript). This is maybe too much for the average user (IMO) because of a somewhat steep learning curve.
- Known which links should/shouldn't be clicked, specially links attached to mails, weird links in search results and links in social networking sites/instant messengers.
- Don't fall victim of fake scanners ("click here to clean your PC" or "attention, you're at risk") and fake codecs ("install this ActiveX plug-in to see the movie") or fake updates ("install Flash update" or "install Microsoft update")
- Install only trustworthy software from trustworthy sites.
- Don't be fooled by spam.
- Manage attachments carefully.
- Disable Autorun and handle all removable drives as untrusted.

These simple measures will eliminate 99 % of the malware risks. The remaining 1 % (getting a drive-by in a trusted/whitelisted site which got hacked with an 0-day, unknown exploit or a compromised download or a targeted, hand-crafted attack) will be handled by your security setup/software (LUA+SRP, sandbox, etc)

Hello,

I agree with shadek, lucas on this one. No magic is needed to stay clean.

trjam, welcome to the world of sanity. We've all been there, for shorter or longer durations. Partly, I think it was the curiosity to test all these new thingies that did not exist in the past. In a way, we were and are pioneers, the first generation of online security users.

Talking about layered approach, common sense - most of it has been extensively covered. lucas pretty much summed it up. Although I'm much lazier than him.

Firewall and Firefox sound obvious to me.

Imaging mainly against trusted apps - believe it or not - otherwise they don't get installed, right? But an image before WU is a must! Or any new game.

LUA, SRP etc - I like them a lot, but am too lazy to bother, since my typicla installations are very permissive - gaming, p2p, OS interoperability and sharing, setting them up from scratch and accounting for a million Windows quirks is simply a no-no.

Managing passive execution is simple if you dumb-down your use of web apps. This means plain text instread of html and such, no external images. And active execution means no clicking on stupid links or chatting with morons in IM ... The same applies to attachments - with emphasis on trusted people. This is the highest danger vector! You won't open warez.exe if you get it from viagra-d0llsdotcom, but you might open family_trip.doc from a colleague at work.

This might not be my most coherent post, but I'm hungry. Off to eat.

Cheers,
Mrk

I also agree with sukarof, lucas, and Mrkvonic I follow pretty much the same principles, this past year though we had a fire at our home and three computers had to be replaced.

That forced me to rethink my strategy in so far as software costs, and also made me realize that in 15+ years of using
computers wife only had one infection, me none, and what
was the point of all this security software.

So now we keep it pretty simple but have to admit I still
have one computer kept only for testing whatever new
software catches my eye.

Wake

For me it used to be kind of fun trying to stay a step ahead of the bad guys by trying to have the latest mostly free security programs,
but its kind of boring now...It might be interesting if the security apps were able to let me
know that such and such malware was detected on this webpage and blocked
or something like that....

Hello. My name is Threedog and I am a security program addict. It all started when I visited this little corner of the net called Wilders..... ;D

Funny - it was when I came to Wilders that I started to stop being an addict.
In the 90's I ran the usual Norton, later spybot, spywareblaster....... then avast, and antivir eventually wondering whether not being contaminated was in anyway related to having run these various programs - finally concluding that they had probably provided little if any protection - addiction lost its hold.

Pretty much all I ever used before I came here is Nod32 and Boclean and never ran into any problems. But since coming here I have learned about virtualization, LUA and lots of other goodies and have been experimenting ever since. Its more of a hobby than an obsession I guess.

It's not an obsession for most who never got hit economically...
I have seen people crying, because I couldn't recover a system who had been encrypted by a hacker called Mze years back... The prick deleted the entire content of the "Finance directory then encrypted the entire hard disk into a single volume... Made the system unstable, when it rebooted it was as an encrypted disk.

All their important stuff was gone permanently, they lost a crap load of now uncorrectable receivables + important contact information... This one was down right dirty, but hey, they didn't need security or backups... so why fork out the $$$ for protection...

There is so many ways in, applications can call home and open the gate, forget AV's, firewalls and routers, all you need is one rogue application with a poison pill and voila... You need my services, unfortunately most of you would have no idea it even happened...

You guy's blabbing, should spend more time reading up on vulnerability advisories, it would open your mind to a whole new world...
Here is a nice place to begin: http://secunia.com/historic_advisories/

I think you are underestimating a lot of the people on here Hermes. There are some very sharp cookies on this forum when it comes to malware, etc. And those here who aren't as up on stuff are learning from them. The learning part is the key to it all.

-{ Quote: "I think you are underestimating a lot of the people on here Hermes. There are some very sharp cookies on this forum when it comes to malware, etc. And those here who aren't as up on stuff are learning from them. The learning part is the key to it all." }-

I'm only trying to help a bit with the learning part! ;)
And If I may say so, I did learn a bit myself from these forums...

-{ Quote: "I'm only trying to help a bit with the learning part! ;)
And If I may say so, I did learn a bit myself from these forums..." }-

And thanks for sharing what you have learned. I've checked out your site. Loads of good, well written info there.

-{ Quote: " but hey, they didn't need security or backups...
" }-

Time out - that's cheating. Even a philosophy 101 student knows not to put a false claim in the mouth of the opposition. When did you ever read of anyone saying that BACKUPS were not needed ? If the guy in your example had used Acronis, Paragon, one of the free versions he would not have wasted time trying to fix but simply restored - end of story.


"There is so many ways in, applications can call home and open the gate, forget AV's, firewalls and routers, all you need is one rogue application with a poison pill and voila... You need my services, unfortunately most of you would have no idea it even happened..."

Ok - I'll play along. So I have no idea it even happened ( being so dumb). My programs still load in X seconds, nothing slows down. No body steals my identity, no money leaves my bank or gets spent on my credit card and when I install ANY scanner ( AV, AS, Rootkit) nothing shows up. Yep you got me - I've probably been contaminated all these years and didn't know it ?

Did you read today about the French Oscar winner who says 9/11 didn't happen and that no one landed on the Moon ?

-{ Quote: "I think you are underestimating a lot of the people on here Hermes. There are some very sharp cookies on this forum when it comes to malware, etc. " }-

You must be one of those "intellectually challenged who challenge things they themselves do no appropriately understand and as such need to be educated... Usually the louder they protest the more they need the help!" according to Hermes...

No doubt people like shadek, lucas, Mrvkonic itself are all intellectually challenged because they are not obsessed and take a cool reflected view of the threats and refused to buy into the panic...

Really, we shoud really all thank god the day, Hermes decided to come here to do "technical welfare" for us poor delued solutions who aren't panicked about getting infected...

-{ Quote: "It's not an obsession for most who never got hit economically..." }-

And you think being obsessed is a good thing? Moderation in all things my friend.

-{ Quote: "
I have seen people crying, because I couldn't recover a system who had been encrypted by a hacker called Mze years back... " }-

And have you seen people who crash their whole systems because they get obsessed with the "one more security program" idea?

-{ Quote: "
There is so many ways in, applications can call home and open the gate, forget AV's, firewalls and routers, all you need is one rogue application with a poison pill and voila... You need my services, unfortunately most of you would have no idea it even happened...
" }-

Wow, we all need your services, but we have no idea yet?

I guess spreading FUD to drum up business for yourself is your agenda...

-{ Quote: "
You guy's blabbing, should spend more time reading up on vulnerability advisories, it would open your mind to a whole new world...
Here is a nice place to begin: http://secunia.com/historic_advisories/" }-

Wow, we don't know such a site exists... let me bow down to your awesome knowledge...

Folks,

Let's keep the discussion focused on the topic, not the participants.

Regards,

Blue

LUSHER
All I do is try and help... I provide good information and I have a proven track record of helping many people over many years... "You" on the other hand do everything you can to undermine everything I do... Get a life and get of my back!

-{ Quote: "You must be one of those "intellectually challenged who challenge things they themselves do no appropriately understand and as such need to be educated... Usually the louder they protest the more they need the help!" according to Hermes...

." }-

Intellectually challenged?....No. Informationally challenged? Yes. And thats why I come here...to learn. This is my "Brain.exe" update site on safe computing. Nuff said...back on topic.

-{ Quote: "When did you ever read of anyone saying that BACKUPS were not needed ? " }-

No actually, it's implied here as I was relating a personal story, and as I always try and set users on a back up protocol, most just wont pay to do it until after where they to loose something... In my experience most have to pay a higher price to get it...

Also a note on the almighty backup... I have more than once over the years walked into offices with rows of neatly stacked and well documented backup cartridges on high end system setup by a previous consultant where the client had religiously performed the backup and replaced the DAT's and documented the even in a log... only to find out all the tapes where blank... Hahaha.

The skills and intelligence required to setup the system are apparently greater than those required to sell it... So I'm not too impressed by that...

Backups are often faulty for multiple reasons. So backups alone are not enough...

-{ Quote: "No actually, it's implied here, as I always try and set users on a back up protocol, most just wont pay to do it until after where they to loose something... In my experience most have to pay a higher price to get it...

Also a note on the almighty backup... I have more than once over the years walked into offices with rows of neatly stacked and well documented backup cartridges on high end system setup by a previous consultant where the client had religiously performed the backup and replaced the DAT's and documented the even in a log... only to find out all the tapes where blank... Hahaha.

The skills and intelligence required to setup the system are apparently greater than those required to sell it... So I'm not too impressed by that...

Backups are often faulty for multiple reasons. So backups alone are not enough..." }-

I can't argue with your point that many people will just not back up - I have seen it many times myself. Also I never cease to be amazed that people say they have being using XYZ imaging for some time and have never performed a restore. I suspect these are the people that you will see as clients, again and again as they are incapable of being protected no matter how many programs they have.

BUT "backups alone are not enough" ? In the right hands ( most on Wilders ) when properly made and stored backups may well be enough. I have images of C: on several drives and DVD in office and out of office. I have data on several drives and copies in a fireproof safe and again off site. Perhaps I am alone in taking such precautions ? but I doubt it. I could run multiple layers of protection, HIPS etc but choose not to. If anything ever does go wrong I could use other machines and be back in business in minutes and fully restore the contaminated machine later the same day.

I ask how many will restore an image to verify its integrity,many live in false sense of security that once a backup is made and religiously updated every day so if at times that disaster strikes,they can recover without a hitch.

But the naked truth is that as examplified in Acronis as well as Storagecraft forums many failed to do so.

-{ Quote: "I ask how many will restore an image to verify its integrity,many live in false sense of security that once a backup is made and religiously updated every day so if at times that disaster strikes,they can recover without a hitch.

But the naked truth is that as examplified in Acronis as well as Storagecraft forums many failed to do so." }-

Huupi,

Point well made!
Most claim to be religious in their practice but, when it comes right down to it... it failed because they failed... The Human factor is the high risk factor.... Almost always is with computers and technology in general. :wacko:

-{ Quote: "I can't argue with your point that many people will just not back up - I have seen it many times myself." }-My personal take on this situation is that it is really reflective of how people used PC's in the past. Think back a few years. Not too long ago, you used a PC for surfing/games/working on material that would end up as hardcopy (that odd essay for school or report for work). For the most part, in this state, it's a little inconvenient to wipe a machine and start with a clean slate, but it is generally doable without major grief.

Fast forward to today. Many of us maintain fairly valuable personal (banking, tax, personal photos) and other (documents/essays/reports/etc. which will never be captured as hardcopy) records for which it's a bit of a disaster if they're lost. Add in download only music/software/video/games and it starts to become an objectively valuable asset if it is lost and needs to be replaced.

Unfortunately, the creep in this direction has gone largely unnoticed by many users and it's only when they hit the brick wall of large scale data loss (by whatever cause) that they will come to grips with it.

In my own case (multiple family desktops and laptops), the obvious answer was not the classical backups mentioned here, but an automated home LAN based solution. I opted for a Windows Home Server system with nightly backup and a somewhat extended retention policy (mainly since there is really no downside to this). A NAS unit (or Time Capsule on the Mac end) would have basically yielded the same end result. At least from my perspective, WHS/NAS/Time Capsule is the direction to migrate towards for this aspect of protection in a multiple machine environment. It can look expensive, until you start to weigh questions of scaleability, time investment, and the replacement cost of the assets being protected. At least IMHO...

Blue

-{ Quote: "Huupi,

Point well made!
Most claim to be religious in their practice but, when it comes right down to it... it failed because they failed... The Human factor is the high risk factor.... Almost always is with computers and technology in general. :wacko:" }-


Point well made indeed But what makes anyone think that a user incapable of imaging properly will be able to handle AS AV or HIPS ?

Blue,

Wow, couldn't have put it better myself! :thumb:


-{ Quote: "Point well made indeed But what makes anyone think that a user incapable of imaging properly will be able to handle AS AV or HIPS ?" }-

You can train a dog to do tricks, a monkey to dance or do dishes... Why cant we train a human to protect itself?

The consultant providing the education is the one to blame for not communicating it effectively to those in most need... Simply put we need to take the appropriate amount of time instead of rushing to our next client so we can collect more $$$...

I sure agree about the imaging. Job isn't complete without a restore. I restore absolutely every image I make.

I agree,For many people,including me to get the hang of all this stuff is a hard road and sometimes a too steep a learning curve,i have no illusions at least about myself so if due to mindless actions[and it sometimes happen]that i get stuck and mess up everything,its nice to know that i have a few sound images at hand as my last line of defence.

Imaging without a test restore is useless !! Many sad stories on the imaging forums can attest to that.

-{ Quote: "
You can train a dog to do tricks, a monkey to dance or do dishes... Why cant we train a human to protect itself?

The consultant providing the education is the one to blame for not communicating it effectively to those in most need... Simply put we need to take the appropriate amount of time instead of rushing to our next client so we can collect more $$$..." }-

Howdy Guy,

Reading your posts,I would assume most of your clients are corporate-theres your reason immediately for most of the problems.
The staff are either terrified of computers,couldnt care less, arent properly trained-or probably all three-needs more than a consultants input.

On the home front,really feel you are being too concerned,I must agree with all those who have a minimalist approach,one reason only is that its always worked for me.
Its too easy to get carried away at Wilders with all the ominous threats reported and all the security apps on offer,but there is no substitute for commonsense-you either have it or not.
The home users who arent able or too lazy to learn a bit about security are a lost cause.
Microsoft realise this and have the right idea,just build it in,its either on or off.
It may be basic but it works.

-{ Quote: "I sure agree about the imaging. Job isn't complete without a restore. I restore absolutely every image I make." }-
Doesn't Acronis True Image's validation tool perform this task, either upon image creation (if selected) or at any chosen time thereafter?

-{ Quote: "Doesn't Acronis True Image's validation tool perform this task, either upon image creation (if selected) or at any chosen time thereafter?" }-

Not in my estimation. It does the same thing ShadowProtects verify does, it confirms there are no internal errors in the file. Only surefire way to be sure you will be able to restore, when you need to is to test it when you don't need to. Every image I have has restored the machine. It's tested.

Hairy Coo,

Hola, well, yes... Many oh, so many users are 100 % clueless to the point of being afraid of pressing keys for fear of doing something wrong, and I am probably a bit more zealous as a result as I have to mop the mess much too often....

But largely my concerns with security is not because of what is said here at wilders or what I read elsewhere... It's really because of what I see via online services as well as the on site visits... I guess I might be more exposed than the average joe and it may have skewed my "Perceptions" of the world somewhat...

However I still struggle to clean up... many many infected computers perhaps not as many as in the past like in the Win98 days... but many nonetheless (I'm doing one as I write this... so far 5 different Trojans + a browser hijack.)

I cant help it, it comes to me like flies on honney... I just cant ignore it...:-\

-{ Quote: "I cant help it, it comes to me like flies on honney... I just cant ignore it...:-\" }-

That must be good for you. That way you don't have to drum up business for yourself here at Wilders ;)

-{ Quote: "That must be good for you. That way you don't have to drum up business for yourself here at Wilders ;)" }-

I don't think I ever tried to drum up business in forums... I am helping many though... perhaps not everyone but I pay my dues as best I can! :)

-{ Quote: "Blue,

Wow, couldn't have put it better myself! :thumb:




You can train a dog to do tricks, a monkey to dance or do dishes... Why cant we train a human to protect itself?

The consultant providing the education is the one to blame for not communicating it effectively to those in most need... Simply put we need to take the appropriate amount of time instead of rushing to our next client so we can collect more $$$..." }-

One difference between us and the animals is that we create. We reason.
I don't see many dogs cooking.
I also don't see many animals with big egos.
Hugger

-{ Quote: "
I don't see many dogs cooking.
Hugger" }-

Thank God, or we'd be eating an awful lot of Dog food!

-{ Quote: "Hairy Coo,


But largely my concerns with security is not because of what is said here at wilders or what I read elsewhere... It's really because of what I see via online services as well as the on site visits... I guess I might be more exposed than the average joe and it may have skewed my "Perceptions" of the world somewhat...
" }-
Bonjour Guy,

My point was that being exposed to the corporate field,possibly your perceptions of security were somewhat colored by that as compared to the lesser risk faced by the home user-I realise Wilders doesnt affect your judgement.

Anyway please keep up your timely advice, its all well worth considering.

-{ Quote: "Bonjour Guy,

My point was that being exposed to the corporate field,possibly your perceptions of security were somewhat colored by that as compared to the lesser risk faced by the home user-I realise Wilders doesnt affect your judgement.

Anyway please keep up your timely advice, its all well worth considering." }-

You are most welcome... It's nice to see some actually appreciate my feeble efforts a bit.
I usually get more flack than praises... ;)

-{ Quote: "
I don't see many dogs cooking.
I also don't see many animals with big egos.
Hugger" }-
Hope your cooking arrangements are back to normal after your altercation with the wifes computer and didnt have to call in the dog.
Everyone at Wilders have huge egos because of their superior intellect,especially moi ;D

-{ Quote: "Hope your cooking arrangements are back to normal after your altercation with the wifes computer and didnt have to call in the dog.
Everyone at Wilders have huge egos because of their superior intellect,especially moi ;D" }-

The problem with Egos is like poorly written computer programs, they tend to conflict... ;D

Worse than the dog.
She decided to bake a cake yesterday!
This getting really serious guys.
It's almost as if she doesn't want me to play anymore.
This is truly a sad state of affairs.
Regards-and watch those egos.
Hugger

-{ Quote: "Not in my estimation. It does the same thing ShadowProtects verify does, it confirms there are no internal errors in the file. Only surefire way to be sure you will be able to restore, when you need to is to test it when you don't need to. Every image I have has restored the machine. It's tested." }-
Well, thanks for that info. I proceeded to read up on the validation topic in the ATI forums, and now I see that I have been living under a false sense of security that my image safety net will be good when I need it.

It looks like the next best thing to a full restore is to boot up the rescue CD and validate the archive with it, and not Windows, since the recovery environment is Linux. Do you agree?

When using the restore-to-test-method, what percentage of restores failed due to image corruption, and does simply cancelling the restore allow your system to revert to its previous good environment?

-{ Quote: "Not in my estimation. It does the same thing ShadowProtects verify does, it confirms there are no internal errors in the file. Only surefire way to be sure you will be able to restore, when you need to is to test it when you don't need to. Every image I have has restored the machine. It's tested." }-

What would be the best way to test an image of XP operating system in a pc w/only one hard drive.
I'm still really new to this and have a lot to learn.
Thanks.
Hugger

Prior to Pete giving the definitive answer,just use the recovery CD or whatever your app calls it.-but where are you storing the image-must be on a different partition to the C partition.

I know Pete firmly believes in restoring every image as verification,which is ideal-however probably the chances are the verified image should be OK if using a reliable app like SP

edit; if you dont already have a backup app and want a lot of details-suggest you start a new thread.

-{ Quote: "Prior to Pete giving the definitive answer,just use the recovery CD or whatever your app calls it.-but where are you storing the image-must be on a different partition to the C partition.

I know Pete firmly believes in restoring every image as verification,which is ideal-however probably the chances are the verified image should be OK if using a reliable app like SP

edit; if you dont already have a backup app and want a lot of details-suggest you start a new thread." }-

Simply said anything on your disk if toasted will lost,included all your wonderfull images.If not stupid buy yourself a second or an external USB drive.

Restore is all or nothing so better safe important files before restore to another part.or better yet to a second drive. Then the worst can happen if it fails is a reinstall.

I must admit that doing it the very first time is a daunting challence at best,but sadly there's no other way to check if you are REALLY protected.

If the restore goes without a hiccup and you hear the iritating windows welcome sound again,your joy has no bounderies,i promise you !!

-{ Quote: "What would be the best way to test an image of XP operating system in a pc w/only one hard drive.
I'm still really new to this and have a lot to learn.
Thanks.
Hugger" }-
Hello Hugger,

Disk imaging is widely used in the corporate world as a rapid deployment system, but never as a backup methodology, only as a way to install pre configured systems... Primarily due to the dynamic nature of data which is ever changing rendering disk image obsolete the minute you completed it and used your system. Also it is a natural way of installing the same software configuration on a large # of identical computer at hardware level, as IT often purchases large quantities of the same machines at each new procurement run...

This being said, I have long stopped using disk imaging software... or to be frank sometimes I keep a single image of my original installed setup for rapid restore, but I will never use this method as a backup protocol for daily use. I personally favor backing up my essentials to an external hard disk by using a good backup software. If you have issues on your hard disk that is aggregating, like program file corruptions, or viruses and rootkits, you will simply image this issue and re install the problem on next restore of the image. Personally I think it better to simply focus on the latest data sets, which is usually very small for most users. This you could easily do via an online backup service or on a CDR or DVDR... And it can be automated to be done in the background, it can be encrypted (so if someone steals the thing its locked out) and it can also do the backup to a server in background...

My favorite backup software to do this is from this site; http://www.genie-soft.com/ and it is what I am using myself...

To protect the rest of your system, you would be better off using light virtualisation which requires no imaging at all thus it's easier...
Also there are many advantages to a full re install of your operating system should you have to do it, as it gives you the opportunity to download all the latest drivers, for your hardware and fix little issues that had crept up unnoticed within the internals of your operating system...

Just my two bits!

-{ Quote: "
It looks like the next best thing to a full restore is to boot up the rescue CD and validate the archive with it, and not Windows, since the recovery environment is Linux. Do you agree?
" }-

No. Still only tests the internal archive integrity, which you must have, but doesn't tell you if it will restore properly

-{ Quote: "
When using the restore-to-test-method, what percentage of restores failed due to image corruption, and does simply cancelling the restore allow your system to revert to its previous good environment?" }-

I've had none fail, using ShadowProtect. Also when I was using ATI v9 none failed. But even with ATI nine, all I did was complete disk image and restore.

IF you cancel the restore before it starts, yes. After it starts no. First thing I do is Delete the volume. This leaves the disk in the same state as a new one, although something like Acronis's Disk Director can restore it. Once you start the write operation of the restore thats it.

What I do is have an alternate means of recovery, so if a new image should fail, I can go to an earlier image and still recover. Several ways to do this.

Pete

-{ Quote: "Hello Hugger,

Disk imaging is widely used in the corporate world as a rapid deployment system, but never as a backup methodology, only as a way to install pre configured systems... Primarily due to the dynamic nature of data which is ever changing rendering disk image obsolete the minute you completed it and used your system. Also it is a natural way of installing the same software configuration on a large # of identical computer at hardware level, as IT often purchases large quantities of the same machines at each new procurement run...

This being said, I have long stopped using disk imaging software... or to be frank sometimes I keep a single image of my original installed setup for rapid restore, but I will never use this method as a backup protocol for daily use. I personally favor backing up my essentials to an external hard disk by using a good backup software. If you have issues on your hard disk that is aggregating, like program file corruptions, or viruses and rootkits, you will simply image this issue and re install the problem on next restore of the image. Personally I think it better to simply focus on the latest data sets, which is usually very small for most users. This you could easily do via an online backup service or on a CDR or DVDR... And it can be automated to be done in the background, it can be encrypted (so if someone steals the thing its locked out) and it can also do the backup to a server in background...

My favorite backup software to do this is from this site; http://www.genie-soft.com/ and it is what I am using myself...

To protect the rest of your system, you would be better off using light virtualisation which requires no imaging at all thus it's easier...
Also there are many advantages to a full re install of your operating system should you have to do it, as it gives you the opportunity to download all the latest drivers, for your hardware and fix little issues that had crept up unnoticed within the internals of your operating system...

Just my two bits!" }-

Yes just you two bits !!

-{ Quote: "

Disk imaging is widely used in the corporate world as a rapid deployment system, but never as a backup methodology, only as a way to install pre configured systems... Primarily due to the dynamic nature of data which is ever changing rendering disk image obsolete the minute you completed it and used your system. Also it is a natural way of installing the same software configuration on a large # of identical computer at hardware level, as IT often purchases large quantities of the same machines at each new procurement run...

!" }-

Sorry, but I just don't buy that. Look at StorageCrafts IT Edition and it's price. Why would corporations spend that if they weren't imaging. Shadowprotects continous increments, obsoletes your argument

Also my system is ever changing, but backing up just data(which I do) would be a half solution. I need to get the system back fast if there is a problem.

Pete

-{ Quote: "I've had none fail, using ShadowProtect. Also when I was using ATI v9 none failed. But even with ATI nine, all I did was complete disk image and restore." }-
I like those percentages.

Don't you agree, Pete, that the advertised ease of operation of ATI is in reality far more complex (for the average user) and time consuming if one wishes to fully validate each back up image? I mean, after you restore the back up to test it and find that it is fine, then you have to restore the drive image that you will be using.

It's like an eternal restore loop!

If i was in a position to advise others about security/protection,number ONE would be to buy a good imaging program. Its your backbone, and suplement it with the things you like.

-{ Quote: "Sorry, but I just don't buy that. Look at StorageCrafts IT Edition and it's price. Why would corporations spend that if they weren't imaging. Shadowprotects continous increments, obsoletes your argument

Also my system is ever changing, but backing up just data(which I do) would be a half solution. I need to get the system back fast if there is a problem.

Pete" }-

You didn't even read what I wrote... They are imaging, only not for a backup... Also typically in a corporate setting the "Data" which is what is important here, usually sits in a directory on a server not on the users hard disk. All data on a users hard disk is usually do at your own risk, and is most often done against corporate policies, as they want you to keep your important data on the server, so it can be centrally backed up, kept secure, and easily managed...

Ask any network pro, and they will explain this to you... Also do not confuse data backup, and system recovery as they are two completely separate issues, and should be handled that way...

-{ Quote: "Please do not confuse data backup, and system recovery as they are two completely separate issues, and should be handled that way..." }-
You're right, but Storagecraft is positioning Shadowprotect as a solution to both bare metal recovery and data backup.

-{ Quote: "You're right, but Storagecraft is positioning Shadowprotect as a solution to both bare metal recovery and data backup." }-

Right, try and use it on a busy server... What I mean here relates to data backup redundancy... Software backup working as imaging do not adequately address those issues in my opinion... RAID already does this to some degree but I like my backup somewhere else than on the same box for a range of reasons... Also what about generational file modifications ans so on, and I need it accessible from any point if necessary and in real time. Grandfathering works, it's cheap and it's easy to do via online automation these days...

However to comeback to those that are non corporate a software backup is still the appropriate counter measure to loosing your data to some freak computer crash as it's to be backed up to either an external disk or DVD or even somewhere on the internet, doing this it does provide superior protection.

Besides Microsoft new "Home Server" is now positioning itself as a real time fully automated backup/multimedia server that images the entire hard disk of every PC in your house via the home network in real time, as well as time lapse, together with incremental file backups, and that has the potential to kick the pant bottom to a lot of products out there... if only they can make it work properly...

-{ Quote: "Right, try and use it on a busy server..." }-
See it yourself (http://www.storagecraft.com/products/ShadowProtectServer/)
-{ Quote: "
StorageCraft ShadowProtect Server Edition 3 provides fast and reliable disaster recovery, system migration and data protection for Windows servers. ShadowProtect Server Edition 3 provides bare metal recovery of the Windows operating system, applications such as Exchange and SQL and your critical data.
" }-
-{ Quote: "
ShadowProtect Server Edition 3 provides hardware independent restore for physical to physical system (P2P) recovery. ShadowProtect Server Edition 3 also supports conversion from physical systems to virtual environments (P2V), virtual environments to physical systems (V2P) and virtual environments to virtual environments (V2V). ShadowProtect Server Edition 3 is very complimentary to VMWare™ and Microsoft™ Virtual Server for quick and reliable disaster recovery and system migration.
" }-
-{ Quote: "

Bare metal recovery of Windows servers in minutes.
Restore or migrate backup images to and from physical systems and virtual
environments (P2V, V2P and V2V).
Hardware independent restore of backup images to different systems (P2P).
Full support for online backup of applications such as Exchange and SQL.
Schedule automatic full and incremental backups.
Image management to minimize storage consumption and simplify archiving.

Bootable recovery CD provides automatic hardware detection and network support.
A simple view to quickly recover files and folders or update backup images.
Compress and encrypt backup images for efficiency and security.

ShadowProtect console to simplify backup management across your enterprise.
Recover your servers remotely.
Save backup images to USB, Firewire, NAS, SAN or any network location.

" }-

-{ Quote: "

Don't you agree, Pete, that the advertised ease of operation of ATI is in reality far more complex (for the average user) and time consuming if one wishes to fully validate each back up image? I mean, after you restore the back up to test it and find that it is fine, then you have to restore the drive image that you will be using.

" }-

Couple of different points. First ATI. I think part of the problem there is the bells and whistles. I don't need file back or email back in an imaging program. Total waste to me. I can retrieve anything from the image, even my email if I need it. If one sticks to basic image/restore ATI does fine(at least it did back on V9). Most of the threads where people have problems is one they do "complex" things.

Second when I "backup Data" what I am doing is syncing it to an external hard drive, and then to a 2nd computer. Since it is a straight copy, I don't "validate" it.

The Image I take of the complete that I am counting on if the drives should fail, those I restore each time. The time it takes is cheap compared to the time it would take if there was a problem.

Lucas1985. You took the words right out of my mouth.;D

When I was testing the continous incrementals, I had everything I could think of running on my system. Never felt the incrementals run, and they restored fine.

Imaging for data and system works fine on a busy system, if you use good imaging software.

-{ Quote: " Also typically in a corporate setting the "Data" which is what is important here, usually sits in a directory on a server not on the users hard disk. All data on a users hard disk is usually do at your own risk, and is most often done against corporate policies, as they want you to keep your important data on the server, so it can be centrally backed up, kept secure, and easily managed...
" }-

This is exactly the recommended practice where I work. We have several remote drives where all employees have access to at least one of them to store their sensitive data.

They do use imaging software to restore machines that are beyond fixing due to viruses or other types of data corruption, but I'm not really sure exactly how it works, as it's a different department off site. I believe it was used when we went from W2K to XP Pro. COE's are routinely pushed over the network to apply updates to all machines.

-{ Quote: "See it yourself (http://www.storagecraft.com/products/ShadowProtectServer/)" }-

Thank you lucas,

I am no longer managing data centers and servers in general these days, but this product looks relatively decent. However any new product such as these need to be evaluated in server farms with a sustained utilization base to demonstrate it's stability and effectiveness... I have no prior knowledge of this product other than having done a bit of browsing on their site... So I have no opinion on those products...

-{ Quote: "RAID already does this to some degree." }-
RAID (http://www.baarf.com/) is bad. RAID 1 is the only acceptable solution, because it's transparent.

-{ Quote: "I like my backup somewhere else than on the same box for a range of reasons... and I need it accessible from any point if necessary." }-
Yup, LOCKSS (Lots of Copies Keep Stuff Safe) (http://www.lockss.org/lockss/Home) is the way to go. ZFS (http://en.wikipedia.org/wiki/ZFS) is the filesystem of the future.

-{ Quote: "I am no longer managing data centers and servers in general these days, but this product looks relatively decent. However any new product such as these need to be evaluated in server farms with a sustained utilization base to demonstrate it's stability and effectiveness... I have no prior knowledge of this product other than having done a bit of browsing on their site... So I have no opinion on those products..." }-
A recent review (SOHO) (http://www.pcmag.com/article2/0,2704,2254465,00.asp)

-{ Quote: "A recent review (SOHO) (http://www.pcmag.com/article2/0,2704,2254465,00.asp)" }-

Hey thanks lucas,
nice review...

-{ Quote: "Right, try and use it [ShadowProtect] on a busy server... " }-

Yes, please do (test on busy servers)! I regularly ask people to perform such a test with our ShadowProtect product, and other similar products (Symantec BESR, Acronis True Image, etc) to see who can reliably backup their systems under heavy load. Most people don't bother to test. Those that do will be very surprised by the results.

The test I suggest is mostly intended for IT types. Home/end users please ignore this.

Perform the following test for all products under comparison (ShadowProtect, Symantec BESR, True Image, etc):

1) Start with a clean SBS 2003 with Exchange, on which NONE of the above products have EVER been installed.

2) Check the Exchange database to ensure that it's good (not corrupt) before beginning tests

3) Run chkdsk on the volume containing the exchange database to ensure that the file system is not corrupt

4) Install the disaster-recovery backup product for this particular test

5) Configure the disaster-recovery backup product to backup the volume containing the Exchange database on a frequent schedule, using incremental imaging capability, preferably every 15 minutes if possible. Do *NOT* stop any Exchange/SQL/etc services prior to the backup - let Microsoft's VSS framework quiesce the apps (that's the purpose of VSS, after all) - if a backup app isn't written correctly to work with VSS then while its maker may claim to support VSS it may give a different message in its support forums or knowledge base (such as suggesting that you actually stop your exchange/sql/etc services prior to each backup - ridiculous - businesses can't afford to regularly take these services offline).

6) Use LoadSim to place a constant heavy simulated load on the Exchange Server

7) Wait a few hours, allowing the backup product to generate a base/full and around 10 incremental images

8) Stop LoadSim

9) Stop the backup job

10) Test the Exchange database to see if the original database is now corrupt (before restoring anything)

11) Run chkdsk on the volume containing the exchange database to see if the file system is corrupt (before restoring anything)

12) Now restore each point-in-time, starting with the base, and then progressively restoring each incremental, and after each restore operation test the exchange database to see if it's corrupt and test the filesystem to see if it's corrupt.

13) Report the ghastly results

These tests will reveal if the product corrupts your original data volume (an unpardonable sin) or if its backups are actually useless for restore purposes.

A few important things to note if you do run these tests:

1) Before beginning the tests, you will need to enable the Exchange VSS writer on SBS 2003 as Microsoft does not enable this writer by default for SBS. More detail here: [url]http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q838183[/url]

2) You should apply the latest service packs and updates for Windows Server 2003 as Microsoft's VSS framework has some bugs in non-service packed versions.

3) You should never install ShadowProtect and True Image at the same time. True Image's snapman.sys driver has a bug which will cause it to blue screen (usually) your machine if ShadowProtect is installed at the same time. Worse, the True Image uninstaller often will not remove snapman.sys, which means you'll have to manually remove it if you aren't rolling back the machine to a clean state as I suggested in the first step. Manual removal of snapman.sys requires you to unregister it as a PnP filter on the disk and volume device classes. If you merely remove the snapman.sys file then your system will not boot because the PnP Manager will try to load snapman.sys as a filter on all disk and volume devices and as if it can't find snapman.sys then it will panic and BSOD the OS. Like I say, though, it's best to start all such tests from a clean baseline where none of the reviewed products have ever been installed. See this post for steps for manual uninstall of snapman.sys: [url]http://forum.storagecraft.com/Community/forums/p/358/1517.aspx#1517[/url]

4) If you perform similar stress tests backing up SQL Server, you should first update SQL Server with a hotfix or else you may receive SQL VDI errors in the event log. Unfortunately you have to phone in to MS to obtain the hotfix (KB934396). See : [url]http://support.microsoft.com/kb/934396/en-us[/url]

5) When Microsoft's VSS framework is used by a backup application, the VSS framework will "quiesce" applications which are VSS-aware (such as Exchange 2003), causing these applications to flush their data to a clean state and to pause momentarily while the volume snapshot is established. Unfortunately, VSS is a rather complex collection of components and services (VSS Writers, VSS Requestors, VSS Providers, and the VSS Service itself), and if any of these components misbehave then VSS may not work properly. Some VSS Requestors (backup applications) are notorious for leaving various VSS components in bad states (amazingly ntbackup.exe is one such application). One can view the states of the writers and providers using the commands "vssadmin list writers" and "vssadmin list providers". It's important to understand that if VSS fails to work properly, ShadowProtect will still perform the backup (just without VSS's assistance). Whether or not ShadowProtect used VSS for a given backup can be viewed in the job's detailed log. It's also important to know that some ShadowProtect jobs allow you to specify that you do NOT want to use VSS for some backups (for some incrementals, for instance). If you are backing up Exchange then it's recommended that you use VSS for *all* backups - make sure this is set in the schedule page of the ShadowProtect backup job wizard. If Exchange is backed up without assistance from Microsoft's VSS framework (which ShadowProtect will do if VSS is in a bad state) then in such cases the Exchange database may be captured in a mid-transaction (dirty) state. Don't confuse "dirty" with "corrupt," which are very different things. A dirty database is not a bad database - it's just one that needs to apply completed transactions from its logs and discard any partial transactions. Corrupt means that, well, the database's own metadata (and also possibly data) are messed up.

6) Exchange's log files and your .edb files can be in different directories, and even on different volumes. If they are on different volumes then it is critical that you configure the backup job to backup all volumes on which .edb and log files exist as part of the same single job. This will ensure that all of the backup images are based on a multi-volume snapshot which atomically captures the states of the combined volumes at one moment in time.

7) Whenever you test for integrity and checksum tests you must include the log files along with the .edb

8) Exchange's VSS Writer will issue errors, and informational entries, in the event log. Check there to see if the Exchange Writer is working or failing.

9) eseutil /mh isn't really a very interesting test. It doesn't actually test the integrity of the database. More interesting are the eseutil /K and eseutil /G tests. In fact, if Microsoft's Exchange team's blog is to be trusted, we should note that eseutil /mh will always show the database as being dirty even if VSS is used. The solution is to mount the database and allow the logs to replay, then dismount the database and it should be clean. Then do full integrity tests with eseutil /K and eseutil /G

[B]"Whether you do the backup with generic shadow copy [VSS] capabilities or via the streaming API, the database will be "crash consistent" - meaning, it is marked as being in "Dirty Shutdown" state and must have log files replayed into it after restoration before it can be mounted. This "Dirty shutdown" state can be seen if you dump the database header using ESEUTIL /mh command. When databases do not require any logs to start, they are marked as being in "Clean shutdown" state. Please note here that if you restore a full online backup of the database and let the database go through the "recovery" (meaning the database replays the logs that were restored plus possibly some logs that were already on the disk) - the database will get into the "Clean shutdown" state without user intervention."[/B]

If you actually take the time to do your due diligence and perform these tests, you'll be truly amazed at the results. And if you actually DO care about your data, you really should run these tests if you are considering these products for enterprise class image backup.

-{ Quote: "Yes, please do (test on busy servers)! " }-

Wow, great response, and I certainly hope many with access to loaded corporate assets will take up your challenge! ;)

-{ Quote: "Hello Hugger,

Disk imaging is widely used in the corporate world as a rapid deployment system, but never as a backup methodology, only as a way to install pre configured systems... Primarily due to the dynamic nature of data

Personally I think it better to simply focus on the latest data sets, which is usually very small for most users.

My favorite backup software to do this is from this site; http://www.genie-soft.com/ and it is what I am using myself...
" }-

Howdy Guy

Dont think the home user is going to be able to get much value out of a corporate backup strategy,interesting as it is.
After all,a home user may have almost as much need to be able to quickly restore his non data system,usually the accumulation of years of searching,trial and error and optimising the set up, as his data.

A good backup app,such as SP,can backup both,on the average,just as fast as a data only backup app.and just as reliably.
"On the average" means the time averaged for the initial image ,plus the incremental images ,which take maybe 30 seconds.
This largely make separate data backups redundant,but occasionaly I use both,to take into account any change in data between images.
My favorite is Karens Replicator,simple and fast.

Of course,a must is to archive the images on a separate disk.
As Ive had a few HDD failures,I'm playing it safe and use both an internal and external for this purpose.
As the external is portable, in theory it should be taken with you when you leave the house,to guard against complete loss of all records in case of a fire or burglary,but of course this never happens ,even when on holidays!
So there you are,you are never safe from that .001% chance of disaster ;D
.

Bonjour Hairy Coo,

Having a backup strategy that comprises redundancy is the prime directive!
Also, just for a note on external HD, for added portability you can now get external USB 2.0 devices that u can use to build with the largest Laptop hard disks... Hitachi and samsung already makes Mini SATA laptop HD's in excess of 500 Gig's How's that for portable data storage... It fits in your pocket! :thumb:

That's half a therabyte of Porn, pirated software and cracked applications for the masses :D Just imagine how many viruses can fit on one of those!

Guy,

Amazing,the advancements in IT.

Thats the main thing I had against the French Revolution-the masses were involved-their taste and mine are diametrically opposed ;D

best Hairy

-{ Quote: "Guy,

Amazing,the advancements in IT.

Thats the main thing I had against the French Revolution-the masses were involved-their taste and mine are diametrically opposed ;D

best Hairy" }-

The masses deeply despised nobility.... Are you noble?
Better hold on to your head with both hands if you are... ask Marie Antoinette! :argh:
Too bad they did away with that technology... Probably the most Humane all things considered. Very effective... To my knowledge, It never failed to provide the desired result on first attempt!

Ok, so back on subject...
Since having practically nothing used as protection works.... or having more than one applications to defend oneself is overkill...

Then How does one explain that a group of 17 hackers can successfully manage to infect millions of computer for inclusions into a botnet? across the globe... They had a nice little operation going there I must say. ($17 Millions in damages... Ouch!) and it's an under estimate.

Here is one brand new group busted right here in the great white north! (Vive Le Quebec Hacked! :lurking: ).
http://www.itworldcanada.com/Pages/Docbase/ViewArticle.aspx?id=idgml-f68da310-1e34-4dc3&sub=372351

-{ Quote: "Police said 39,059 computers were infected in Poland, 28,458 computers in Brazil, 26,169 computers in Mexico, 9,431 computers in Argentina and 8,510 computers in Germany. At least 3,383 computers would have been infected in Canada. Gaudreau indicated that some countries had systems which were poorly protected and vulnerable to botnets. " }-

Given the populations of those countries, these numbers represent extremely small percentages of infected pc's.

-{ Quote: "Given the populations of those countries, these numbers represent extremely small percentages of infected pc's." }-

That is probably because the cops only have fragmented idea of the actuals...
As they say in the article they have a large stack of hard disk they must do forensics on to figure out what the heck was really going on...
Besides, this is just a tiny local group acting in tandem... Can you just imagine what's out there?

The bit I like is:

"Although the security technology is necessary, Haro acknowledged the need for processes given that endpoint security is still very much a user behavioural issue."

My spin is that the correlation between security or lack of it and infection or lack of it is nowhere near as great as many would think. My guess is that there are some who are able to get infected simply by logging on and others are able to surf without using the usual security programs and not get infected. Any theory or model which tries to explain how infection spreads will probably find that user behaviour is the key and that how many security programs a user has or doesn't have explains very little.

-{ Quote: "Right using only EQSequre, DefenseWall and Avira free" }-

And u call it only? ;D

I have come down to three security applications from five. I am trying to cut it down to two or even one.

-{ Quote: " Any theory or model which tries to explain how infection spreads will probably find that user behavior is the key and that how many security programs a user has or doesn't have explains very little." }-

Long View

You get no argument from me on this, I would say for the majority of infections However this trend seem to be changing rather dramatically as some of the most sophisticated infections are now sourced to legitimate business web sites.

This is a reality that will buck the trend further as the user population gets more savvy, you can be assured the target will be more focused...

On my web site for example we track every visitor that tries to manually scan or run an automated bot scanning for embedded script vulnerabilities in order to exploit them... They are using sophisticated web crawlers similar to search engine crawlers and they look very effective. All I can tell you is that a lot are trying daily everywhere not just my site... Unfortunately many sites are not as sophisticated using appropriate defenses, rendering them even more vulnerable. As for my site,their target in most case is almost entirely focused on script based vulnerabilities. Mostly code Injection attempts, and so far very few SQL Injections at least in my case, but they are still very focused, and I'm sure it must be working in many places as I do recognize their targets as being good targets of opportunities, and easily exploited when I look at the scripts they are trying to exploit, crack or inject... I am certain this phenomenon will continue to expand as time goes as it will probably become one of the primary attack vectors in the future if it's not already...

I would bet, mostly because many who put up websites have no idea what they are doing, thus creating many vulnerabilities as they are often using free down loadable scripts they do not really understand code wise, and making them even more available via increased SEO efforts!

Under these circumstance, as a casual browser how does one know site A is ok compared to site B?

-{ Quote: "
Under these circumstance, as a casual browser how does one know site A is ok compared to site B?" }-

You can have each user review the underlying code before allowing access to the webpage, but that means each user must be competent in understanding webpage code layout which may be asking too much (as well as slowing down the entire online experience).:gack: :ouch:

-{ Quote: "You can have each user review the underlying code before allowing access to the webpage, but that means each user must be competent in understanding webpage code layout which may be asking too much (as well as slowing down the entire online experience).:gack: :ouch:" }-

Right, This is asking too much of most anyone so this is why I make the recommendations on my web site to use firefox with noscritp... and relating more to your answer, to combine that with Linkscanner Pro and Siteadvisor...

Note: I read somewhere that less than 5 % of web sites are monitored by an anti exploit system by the developers... Think of the implications :blink: