From my own experience, DRWEB is the best on access AV out there. Not only is it very light on resources (even lighter than Nod32), it is extremely sensitive and found many viruses and trojans that other AV's have missed. KAV is also very good, but when it come to an on access scanner, DRWEB is the best. Does anybody else out there have any feedback to this thread. Please give a reply, I am interrested in what you think.

Barney

A part of my experience re Dr. Web is documented here ( http://boardadmin.funpic.de/viewtopic.php?t=17 ).

Can you tell us a little bit more about your experience?

I have used Dr Web as a primary AV scanner on one of my computers here and obviously I think it is very good as both an on-demand and an on-access scanner. It is has a very small footprint, updates quickly and has not let through,over several years, any malware on this box so far.

However, I practise safe-hex and my surfing practices are fairly conservative and therefore my chances of coming into contact with malware are obviously a lot less than my teenage offspring.

In addition, the effectiveness of Dr Web running SpiderGuard may be better under Win98/Me systems rather than Win 2000/XP and the default setting of smart scan may not be the most effective.

http://www.wilderssecurity.com/showthread.php?t=35141


I am very happy in using Dr Web but as with most software programs, the 'best' one is difficult to judge. The best one overall is the one that seems to offer you good protection AND runs well on your particular system.

Since you seem happy with the program, it has stopped various malware getting in, and it seems to suit your system, Dr Web has the best on-access system for YOUR computer.

There are NO BEST AV. The best defense against PC gremlins is to keep only the operating system in the primary C partition and image that partition on a regular basis. My WXP Pro C partition is only 709MB. You can configure a good imaging software to automatically image any partition at set interval.

I have a software firewall and an e-mail AV scanner. I do not run the main AV program in the background. Never had a bug in my PC. Use common sense when browsing and avoid porn sites.

F

I completely agree with BlackCat that the SpIDer Guard works better under Win9x
than WinNT/2K/XP. Also, the Smart Scan setting is not good for everyone, and system
begins to crawl when the files are set to be scanned when created, opened and
accessed.

Unfortunately, SpIDer Guard under the Smart Scan setting does NOT scan files when
they're executed. You can test this inability yourself. Create EICAR.COM file some-
where on your disk while the SpIDer Guard is disabled. Then enable it back and apply
the Smart Scan setting. Open a command prompt window and change the working
directory to the folder containing the EICAR.COM file. Type EICAR and press enter,
you'll notice that SpIDer Guard fails to detect this dummy virus and lets it execute
freely.

Another problem with SpIDer Guard is that it can't be paused or stopped temporarily,
correct me if I'm wrong. DrWeb scanner is not without its own problems, either.
It has the tendency to inflate the processes while scanning the memory. While this
may not be a real problem, it does make the system look cramped and lacking free
memory for a few minutes. To the best of my knowledge, no other AV scanner does
what DrWeb does to the free memory. ;)

Regards,
AgentX

{QUOTE-> A part of my experience re Dr. Web is documented here ( http://boardadmin.funpic.de/viewtopic.php?t=17 ). <-QUOTE}

Oh gee... that link uses microscopically small gray print against a jet black background. Much too hard to read.
~~~~~~~~~~~~~~
Concerning DrWeb, it's my main AV & a real rottweiler.

DrWeb makes it difficult to test any other AV. Even if I kill DrWeb from the start-up list {so that it does NOT show in Process Explorer when I reboot} DrWeb still pounces on my malware specimens before the AV I am testing even gets a chance.

Thus, to test another AV I have to uninstall DrWeb. Of course, this could be a peculiarity of my particular computer set-up. Has anyone else had similar experience?

grace & peace to all... bellgamin

Bill,

can't you simply right-click on the SpiderGuard icon in the system tray> Control, then select REMOVE from the Load Mode option. You can then choose Load/Install to get SpiderGuard back again after your testing.

@bellgamin

Help me if you can. I am not an artist. Provide me with a better style, tell me how to increase the font size etc. ... and I will consider you suggestions.

Nautilus, why not just log in using your account over here?

regards,

paul

Paul:

We have discussed this before. Previously, I had problems with this forum. I could not log in because I was deemed logged in (although I was not).

I will try to log in as "Nautilus" in order to confirm that it's actually me. But I was never impersonated before. Therefore, I do not really need a registered name.

O.k.: I confirm that I am what I am.

Damn. I have a PM dated 19 June 2004 ... :-)

Nautilus,

Give it a try (cleaning browser cache, existing wilderssecurity.com cookies, the common stuff). It's up to you in the end.

regards.

paul

{QUOTE-> Oh gee... that link uses microscopically small gray print against a jet black background. Much too hard to read.
~~~~~~~~~~~~~~
grace & peace to all... bellgamin <-QUOTE}

I see that site on a medium dark blue background with white text and it is not difficult to read. I have trouble reading a lot of sites but that one seems fine to me. This is on XP using nVidia GeForce 5200 on a flat panel digital monitor. On my W98SE box I see a jet black background with white text. I have the original ATI video card on that box and a Trinitron CRT monitor.

So, how you see it is combination of your video card and your monitor. Are you using Firefox or Mozilla or Opera? I use Firefox and Mozilla almost exclusively and I started using them a couple of years ago because they had text zoom and it is very easy to increase text size for everything on the web page..unlike IE. So, you might consider one of those browsers as the default text size on that site is very small. I just enlarged it with text zoom.

In IE hold control and use mouse wheel.

Belgamin, you don't have to uninstall DRWEB at all when you test out another antivirus. All you have to do is go into "Control Panel" and open up the DRWEB icon. From there, just click on the remove button. This will turn off the drweb spiderguard. When you are ready to turn it back on all you have to do is reboot and start it back up through "Control panel" again.

Barney

dear f123, what makes you think keeping only the Windows files in C drive will protect you from viruses?

dear AgentX, i don't blame the Smart Scan technology. it just assumes that the files created before activating the Spider Guard are clean. this is why it has so small impact on the resources. its really smart if you keep it enabled all the time and regularly do full system scan.

Keeping ONLY the OS in the C primary partition DOES NOT decrease the chance of contracting a bug. However, it greatly facilitates the time it take to create/restore the image file. A modern PC can process the image file at 800MB/min....

Those with a big HD can set up a large extended logical partition to house the image files. One can pack about 40 image files in a 40GB partition. Most imaging software can create the image file via TASK SCHEDULER...while you're sleeping.

If you have a "clean" image file of the OS, then you should be able to restore the PC to the time prior to the virus infection. I test hardware, software, and PC gremlins. I install everything in the C partition when testing. Upon completion, I simply restore the good image file. And reboot back to windows. The entire restoration process takes less than 2 minutes. No AV or FW can claim this success rate.

F

Today's bugs are more interested in hijacking the PC...for self-propagation. Unfortunately, a few bugs will destroy data. Therefore, if you have important data, then put them in the C partition so they will be included during the imaging process.

To me, running a full-time AV scanner wastes precious CPU clock cycles. Most AV proggies will allow the user the option to manually scan a suspicious item for infection.

F.

{QUOTE-> Bill, can't you simply right-click on the SpiderGuard icon in the system tray> Control, then select REMOVE from the Load Mode option. You can then choose Load/Install to get SpiderGuard back again after your testing. <-QUOTE}

Oh yes, it works! Thanks for the suggestion. Also thanks to Barney -- same suggestion as BC, but in different words. Thanks.

It's interesting that DrWeb will remove itself from startup, but neither StartUp Cop nor Mike Lin's Startup Control Panel can truly remove DrWeb from startup. They *seemingly* remove DrWeb, but then DrWeb still loads.

I wonder -- is that a bug or a feature? ???

dear f123, thats a good suggestion but sadly holds true for a poor soul without a CD burner. the image is useless if you lose your HDD. as the current threats are worms an image won't help you if your OS or some software is vulnerable.

The chance of a sudden HD death is rather slim because today's HD employs the SMART monitoring protocol. The user would loose the data anyway if the HD crashes...so what's the difference? The best in firewall and AV protections will not save a dead HD!

Writing to an extended logical partition on the primary HD is MUCH faster than an optical media. Use Bootitng (30 day trial) to repartition the primary HD. Paranoid souls could add a $50 slave HD for backup purpose. We've been using this method of data recovery for years without any problem.

If one has a good image file of the OS, then one can use it to over write the damaged OS! An imaging software does not rely on a functional OS or software in the HD to restore the image file. That's why it is important to create the boot discs/CD when installing the imaging software. Visit the Acronis forum to learn more about drive imaging and its limitations.

F

http://www.virusbtn.com/vb100/archives/products.xml?drweb.xml

It doesn't seem to be a very good antivirus to me.

{QUOTE-> http://www.virusbtn.com/vb100/archives/products.xml?drweb.xml

It doesn't seem to be a very good antivirus to me. <-QUOTE}

As with other AntiVirus programs e.g. Kaspersky, the results from any ONE site do not tell the full picture.

In addition, the very strong heuristics of Dr Web means it can give more false positives compared to most other AV programs. And unfortunately false positives mean you 'fail' that particularly test over at Virus Bulletin.

Most people who are (have) used the program would say that it is much better AV than the results over at VB suggest.

I'd rather have my AV err on the side of caution.

I use Dr.Web and I like it.
With strong heuristics you have to be willing to sort out the occasional false positive.
That doesn't bother me.I've only had a few so far.
What AV is the best?
That's something an individual user has to decide.

{QUOTE-> In addition, the very strong heuristics of Dr Web means it can give more false positives compared to most other AV programs. And unfortunately false positives mean you 'fail' that particularly test over at Virus Bulletin. <-QUOTE}

DRW is an ill-tempered rottweiler. VB prefers poodles. ;D

{QUOTE->
Most people who are (have) used the program would say that it is much better AV than the results over at VB suggest. <-QUOTE}

I have exactly this feeling ;)

DrWeb is a good antivirus almost at par with KAV. BTW f123 when i meant HDD disaster i meant virus attack.

Name one bug that's designed to attack image files? Some programs will allow the user the ability to encrypt the image file.

dear f123, you still don't get my point. there are such things that can seriously damage your HDD data by corrupting the MBR or writing random data in random sectors. thats why professionals backup their data in CD-ROMs.

The image file will overwrite ALL data in the restored partition, including the Master Boot Record. Ever heard about disc cloning? Basically the same principle. I would advise that you beef up on drive imaging before spreading false information. Putting the image file on removeable media allows the user to restore the data on ANY PC. That's the safest way to backup data. Pros prefer tape drive over optical media.

Again, please name one bug that specifically attacks image files. With a good image file, I can restore the non-corrupted data to ANY infected hard drive. Some imaging software will also reset the cluster size to the "default" configurartion. That's the power of drive imaging. Note that the imaging software may not function properly if there is physical damage to the hard drive.

Chaps, can we keep on topic which was your thoughts on Dr Web as an AV program!

I use DrWeb myself. And while I agree to a lot of what is said about its detection rates and heuristics, i cant help but wonder... where is the proof? In the test at http://www.av-comparatives.org/ ... DrWeb did well, but did not exactly blow everyone else away either. I hope we are all not relying on the number of false positives in determining how good/agressive an AV's heuristics is.

Rerun2

Since you are a little wary of Dr Web's detection rate and heuristics why did you choose to use this AV? Is it because of its small footprint?

I know that KAV and its clones give better detection rates than Dr Web but I use it as a primary scanner on one of my computers here because of its lower resource/memory usage. Detection rates are not the main criteria when choosing 'the best' AV for an older computer.

{QUOTE-> Rerun2

Since you are a little wary of Dr Web's detection rate and heuristics why did you choose to use this AV? Is it because of its small footprint?

I know that KAV and its clones give better detection rates than Dr Web but I use it as a primary scanner on one of my computers here because of its lower resource/memory usage. Detection rates are not the main criteria when choosing 'the best' AV for an older computer. <-QUOTE}

I have tried a few AVs before I finally settled on DrWeb. DrWeb did not cause any conflicts with my system (and other apps), uses low resources, small updates, clear interface, and includes nice set of features. Detection rates were also very much considered as well as the praise of certain members at this forum (DrWeb was doing quite a bit better in VB at this time heh). Another part of my decision was that... it wasnt so much what DrWeb had to offer, but what others didnt offer in their products. Or in some cases the direction some AVs were heading. DrWeb has been a great fit for me personally, and i am very happy with my decision of having DrWeb protecting my computers. However, what I would like to see are some tests or backup to understand why DrWeb's heuristics is so well "respected". Like i mentioned before it did not exactly blow away the competition in the test where heuristic components of each AV were detected (granted none of them really did). So what is it all about? Can we say with any certainty its heuristics are more powerful than say Norton's bloodhound heuristics? And if so how can we prove this? Hopefully not by false positives. That is the question I meant to pose.

Rerun2

Thanks for clarification on your post. I agree with your thoughts on heuristic analysis as there seems to be either a lack of data or conflicting results on heuristic capabilities. Recent tests to try and look at heuristics ( directly/indirectly) have included;

1. http://www.av-comparatives.org/seiten/ergebnisse_2004_05xx.php

2. http://www.pcworld.com/reviews/article/0,aid,115939,pg,4,00.asp

3.http://boardadmin.funpic.de/viewforum.php?f=4&sid=8afa7e7d145efbcdbc2b1075de78446a


(Indirectly, this last site, if you analyse the results in detail, can tell you something about heuristics against trojans; Nautilus for example told me that Command AV has 'very sharp' heuristics, which seems to tally with its Holocheck technology).

The so called big hitters in heuristics are thought to be Dr Web, NOD, Command and F-Prot for Windows ( and the relatively unknown MKS_Vir - any more?). It would be nice to see some definite data on this statement to confirm this.

dear f123, i like your enthusiasm on this topic. yes we are straying from the topic. i'd like to post some points to remove your confusion and retire.

1. i never said image files are infectable....lol. i said image files can be corrupted by virus attack which is totally different.

2. i said image files stored in HDD doesn't make sense due to data corruption. storing in removable media requires burners which not all of us has.

3. all these i'm saying doesn't mean i'm against imaging, i use it myself. but its like being a ghost jumping from a sick body to a clean body. recovery is the last options but ask the security enthusiasts who wants to FIX the problem rather than to flee the ground.

no hard feeling towards you. sorry if i was hurting you.

now going back to the main topic DrWeb. if you're using 9x/ME then with the Code Analyzer and Heuristics you're quite safe. just look at the database you'll notice it has around 50k samples. still it competes well with others which has nearly the double number of samples. modify a known malware and chances are well that it'll still get caught. the small memory footprint is an added advantage with the level of security it provides.

1.It is possible to encrypt image files. Anything can happen in the future. But as of now, can you name one bug that can damage an encrypted image file?

2.If there is data corruption in the HD, then an AV program like Dr. WEB isn't going to fix the malady. Bug infection...maybe, data corruption...no. By storing the good image file in a separate partition, or better yet, another slave HD, one can restore the OS to that good working state. Remember that the "data corruption" must affect the image file to render the data irrecoverable.

The odds of data corruption that would require the reload of Windows is MUCH higher than corruption of an encrypted image file stored in the HD.

3.Why would anyone want to try to fix the OS when there exist a perfectly good image file from yesterday to restore from? There are no perfect defense against bugs and hackers. Restoring corrupted data from a good image file is a very fast and efficient method of undoing the infection. Most PC users are not interested in spending hours to track down bugs and dowload software to repair the infection(s).

dear f123, you can try AdInf from DIALS. BTW random data write operation can corrupt any files including encrypted data. you read my above post carefully as it contains answers to your questions. i won't answer your questions anymore. its useless and probably will attract scissor-hands.

I work with facts...not theoretical image file infection. To make the PC virtually "bullet proof", one can add a quick release internal hard drive slave bracket and switch out the back-up hard drive every other day. Can't destroy/corrupt data that is not physically connected to the PC. Some companies use tape drive to achieve similar result.

Over the last two years, how many bugs were created with random write capability? Bug writers want self-propagation...spread the bug as quickly as possible before the release of a viable AV definition file. That's why Internet Explorer, Windows Explorer, and Outlook Express are the favorite targets of these individuals.

Install a good firewall and use good PC judgement when receiving data from the internet. Always scan downloaded file for infection. With good image files, one can elevate the security level beyond 98%. Life is not perfect. Never sweat the small stuff.

i knew a cyber cafe owner who knew nothing but to create images and complain that viruses are coming again and again. ok fine don't apply any patches and AVs. just image your drive. i won't reply to your posts now. register and we can continue this argument through PM. right now keep in mind this thread is for DrWeb.

No image file can prevent future infection. BUT it can "recover" the PC to the time that the image file was made. If the image file is clean, then the PC will also be clean. This is a perfect application for a cyber cafe. You cannot control what people click/download, but you can always restore the PC to "factory" configuration in less than two minutes. There is no need to create more than one image file because the cyber cafe PC isn't responsible for storing the user's personal data!

As I said before, my setup consists of WXP Pro SP1 (with no additional patches), ZA Pro (high security), and an e-mail AV scanner. There is NO full time AV protection. Two years and counting without a single bug.

As for the best AV and FW...my vote is for the USER. You have control of what goes into your PC. A good FW and almost any AV program with an up-to-date virus definition database should be sufficient protection if you are a casual websurfer. X-rated customers need to elevate the security level by avoiding Windows Explorer, Internet Explorer, and Outlook Express. Spend $35 on Bootit ng if you want the ability to image restore all the data in your HD.

Tips for safe browsing....

http://www.pcworld.com/howto/article/0,aid,116586,00.asp

{QUOTE-> Rerun2

Thanks for clarification on your post. I agree with your thoughts on heuristic analysis as there seems to be either a lack of data or conflicting results on heuristic capabilities. Recent tests to try and look at heuristics ( directly/indirectly) have included;

1. http://www.av-comparatives.org/seiten/ergebnisse_2004_05xx.php

2. http://www.pcworld.com/reviews/article/0,aid,115939,pg,4,00.asp

3.http://boardadmin.funpic.de/viewforum.php?f=4&sid=8afa7e7d145efbcdbc2b1075de78446a


(Indirectly, this last site, if you analyse the results in detail, can tell you something about heuristics against trojans; Nautilus for example told me that Command AV has 'very sharp' heuristics, which seems to tally with its Holocheck technology).

The so called big hitters in heuristics are thought to be Dr Web, NOD, Command and F-Prot for Windows ( and the relatively unknown MKS_Vir - any more?). It would be nice to see some definite data on this statement to confirm this. <-QUOTE}

Thank you for the reply and the links Blackcat. Quite a lot of interesting results in Nautilus' scan logs. DrWeb seemed to do quite well against modified malware (bytes added, hex edited, header faked, repacked, and resource edited), which goes to its signature quality (I would think heh). Did not do so hot in rebased and OEP though. Unpacking ability seemed ok too, but obvious work needs to be done in some areas as well... ACProtect, Armadillo, ASProtect, etc. I hope improvement in these areas will be made soon. I mean, how great would that be? ;D

Offtopic... {QUOTE-> To make the PC virtually "bullet proof", one can add a quick release internal hard drive slave bracket and switch out the back-up hard drive every other day. <-QUOTE}

I agree imaging and creating quality backups can be a good solution in most cases. But the problem is when to create backups. If you create backups (especially automatically) in too close of a time period, you risk getting infected and backing up your infection. When you restore your image you will just be restoring the infection. If you create backups that are too large of a time period, you risk losing a lot of legitimate data that you have gained in between those time periods. Why not just do a clean install then, you know? So how can you tell when you are backing up a completely clean system that is connected to a network? Some people will argue that you can never tell if your system is truly clean. I think you still have to depend on one's security knowledge, safe computing habits, a well patched system, and good security tools to prevent infection when you do decide to create an image.

P.S. Maybe this will make for another good discussion in a separate thread :)

From my personal limited experience, most problems occur with windows. Since my WXP partition is only 710MB, I can keep about 11 partitions per 4GB. That's about 1.5 week worth of data if you allow the PC to run daily backup at night while you sleep.

Most of my customers will report a problem with their PCs within 48 hours of an infection. Spywares can go undetected for weeks. Fortunately, it's not that difficult to extract them from the computer.

{QUOTE->

Offtopic...

I agree imaging and creating quality backups can be a good solution in most cases.

P.S. Maybe this will make for another good discussion in a separate thread :) <-QUOTE}



f123, PLEASE ::)

dear rerun2, thats what i was saying about DrWeb. it picks up almost every bug you modify. i really like this thing about DrWeb but sadly it is not developed much for this NT platform. hope to see a full fledged version soon.

{QUOTE-> Keeping ONLY the OS in the C primary partition DOES NOT decrease the chance of contracting a bug. However, it greatly facilitates the time it take to create/restore the image file. A modern PC can process the image file at 800MB/min....

If you have a "clean" image file of the OS, then you should be able to restore the PC to the time prior to the virus infection. I test hardware, software, and PC gremlins. I install everything in the C partition when testing. Upon completion, I simply restore the good image file. And reboot back to windows. The entire restoration process takes less than 2 minutes. No AV or FW can claim this success rate.

F <-QUOTE}

f123, can you give me some more information about your setup? What you said seems like the most logical way of dealing with the constant pc security issues, but as I am new to these things, I am hoping you can answer a few questions:

1) Why is your OS partition only 710mb? Is it so the image will fit on one cd?

2) Where do you install your programs? If you install them in another partition and have to restore the OS, will the programs still function?

3) I am thinking I should install the os (xp home) with all my essential apps (firewall, antivirus, spyware apps, etc.), configure xp to its safest settings (I came across blackviper.com which should help there), and then create an image file. This way I can always restore in 2 minutes should I have any stubborn gremlins. Do you have any advice regarding this possible setup?

Thanks

FG

60GB Maxtor Diamondmax Plus 9 7200 rpm drive.

Primary C partition (only one partition can be active, others hidden from view):
2GB, FAT32, 1K cluster for W98SE
2GB, FAT32, 2K cluster for W2K Pro
2GB, FAT32, 2K cluster for WXP Pro

Extended logical partition-
D partition:
2GB, FAT32, 2K cluster (for data and program)

E partition:
2.5GB, FAT32, 4K cluster (for downloaded programs and stuffs that I don't really need but not willing to delete, yet)

F partition:
47GB, FAT32, 32K cluster (for games, image files, driver cache folder, W98 and W2K/WXP swap files)

I only image the C and D partitions.

1.The goal is to keep the OS partition as small as possible for faster creation/restoration of the image file. The compressed image file (using Drive Image 5) is around 347MB (710MB used out of 2000MB). And yes, it is possible to burn this image file on CD-R/RW disc. I have a 4x burner, so I've never encountered burn-related issues like buffer over run.

2.Programs are located in the extended logical partition D. Some programs like Office will automatically put some folders in the C partition, even if you specify another location. That's okay, as long as you image the C AND D partitions at the same time...after you've loaded the program. Most issues are related to the OS. Therefore restoring the last "good" C partition should fix the problem. I rarely have to reload the D partition (data and programs). You can also image the C and D partitions prior to the installation of a software. If you encounter issues, simply restore the previous C and D partitions.

3.My base test configuration does not include AV and other proggies. However, if you are happy with certain combination of AV, FW, and other proggies, then you should create an image file of the OS AND the data partition for future restoration. This way, you will be able to preserve the custom settings of your browser, CD burner program, windows etc. Pay special attention to those items in WXP's services. This is highly recommended if you start out from scratch and have not connected to the internet. Never connect to the internet without a FW set to maximum security.

I try not to add any program to windows unless I have to...Adobe, Nero, irfanview, jv16, MS Office, Avast, Zone Alarm, WinRAR, TclockEX, Download Express, Firefox, and HD Tune. Some of these programs will function after extracting the zip file...no need to install the software in windows.

F.

Thanks for the reply F. I dont plan to create future images because of the possibility of backing up an unsecure system. I am thinking that the best thing would be to install the OS on a 2GB partition, set it up with all the programs and settings to ensure optimum security, and then create the image before ever connecting to the net. This will ensure that the image is clean.

Any important files I have in the future can be backed up separately onto cdr, but I am unsure of what happens to new programs.

I have a few more questions:

1) If I install a prog on D and then restore C, what will happen if I try to use the prog? Its registry entry wont be there anymore, so does this cause a problem or will it just not work?

2) Considering that I probably wont be creating future images, what is the benefit from installing OS on C, apps on D, and imaging both as opposed to OS & apps on C, creating a single image and leaving D empty for future files & apps (to be backed up separately on cdr instead of periodically imaging D)?

3) If I install my progs (not that many, most are small) on C with the OS and then create the image, will I still be able to restore in 2 minutes?

4) What should I be doing with Winxp's services? Is it a simple procedure or is there a site with instructions?

5) I have ZA Pro but have read on forums that it is easily buyassed by hackers. I use it because it notifies me of what files are trying to access the internet, which alerts me to catch spyware/trojans. I also get frequent red alerts that it has blocked access from another location (netbios) - are those hackers or what? Is there an optimum setup for ZA?

Thanks

FG

1.It's a good idea to image C and D at the same time if you've added new software to the system. If you've installed a program that puts data in the C partition, and you didn't capture the data via an image file, then the program may not function. Software vendors do this for registration purpose. The easy way out is to reload the software to the D partition. I a have a multi-boot system. Installed Offfice 2000 three times to the D partition from W98SE, W2K Pro, and WXP Pro. No problemo.

2.If your OS never changes with time (won't happen cause of Service pack, security updates, e-mails, and new programs), then you can put everything in one partition. Note that some programs like games can take a huge chunk of the HD. Programs rarely go bad, and if they do, then you can simply remove/reload. Reloading the OS and customizing it can be a pain. That's why I like to keep the OS separate from the data partition.

If you just want to test a program, then put it in the C partition. At the end of the test session, reload the old image file. It's much quicker to restore a 710MB partition with only the OS. There is no need to image the D partition unless you've added a new software that you want to keep to the system.

3.It depends on the speed of your system. A modern system can RESTORE 700MB of data in one minute. The write speed is about 1/2 of this. Note that we are writing from one partition to another partition (same HD).

4.It can vary, depending on set-up. I normally put everything in manual (M) except for the followings:

automatic updates...D (disable)
Background intelligent transfer service...D
COM+ event system...A (auto)
Error reporting...D
Event log...A
HID input service...A
IMAPI CD burning...D
Indexing service...D
Logical disk Manager...A
Messenger...D
Network Connections...A
Network location awareness...D
Plug and Play...A
Print spooler...A
Protected storage...A
Remote access auto connection manager...D
Remote access connection manager...A
Remote procedure call...A
Remote registry...D
Security accounts manager...A
Shell hardware...A
SSDP discovery service...D
System event notification...A
Task scheduler...A
Telephony...A
Terminal services...D
Universal plug and play device host...D
Windows audio...A
Windows management instrumentation...A
Windows time...D
Workstation...A

5.Also have ZA Pro 4.5.594. Firewall Internet zone and trusted zone set to HIGH. Program Control\Main set to HIGH. Disable Windows Explorer and Internet Explorer (four red Xs) in Program Control\Programs. The only program with server right is Firefox. All others are blocked (two red Xs under server column). Nothing is hack-proof. I believe my system is 95% secure. If something goes wrong, then I simply restore the data from the image file.

Hackers are more interested in unprotected PCs. You are running in steath mode. Much more difficult to hack a PC that is not visible.

F.

Yeah I guess youre right. With the service pack and security updates + new apps , I will eventually need to create a new backup. I am just worried that something bad will sneak in undetected and will be saved in the backup. Separating the OS from everything else also seems logical, so I think I'll do that too.

some more questions:

1) Should I contract a bug (spyware or virus), is it likely to effect any of my files/apps on D, or is it just a simple case of restoring only C?

2) If I were to restore only C, will all of my apps on D remain with their current customisation?

3) Roughly how long would an image of the OS take to restore from a cdr (40x cdrom)?

4) Have now configured ZA as you have instructed. Why disable Windows Explorer and IE? Are they security risks?

About the services, I am going to have a read through Black Vipers guide ( http://www.blackviper.com/WinXP/service411.htm ) just to familiarise myself with it so that a) I understand what the hell I am doing, and b) In case I find I might need/not need certain services. I may come back to you with a few questions about this if thats cool with you.

Thanks

FG

Can you post a new thread if you want to carry on with this theme of partitioning and disc-imaging. The original post was on the benefits of using Dr Web!

New people looking at the thread title are not going to see what they thought/hoped they would as a number of posts now are completely off topic!!! ( there are now 26 OT posts in this thread !!! >:( ).

I know that most threads wander off topic but this one seems much worst than most!

{QUOTE-> Can you post a new thread if you want to carry on with this theme of partitioning and disc-imaging. The original post was on the benefits of using Dr Web!

New people looking at the thread title are not going to see what they thought/hoped they would as a number of posts now are completely off topic!!! ( there are now 26 OT posts in this threads i!!! >:( ). <-QUOTE}

Agreed, f123 your post would be a good thread to start on its own ;D

Cheers ;D

28 now, Blackspear ;D

Sorry about that guys - I have now opened a new thread over at General Software & Services: http://www.wilderssecurity.com/showthread.php?p=223477&posted=1#post223477