FD-ISR with Virtualization app ?

Hi, folks: Up until mid of last year, I used FD-ISR ; two different sanpshots with different security setups, and it worked very well for me. And later of that year, I uninstalled FD-ISR, replaced it w/ DeepFreeze, it works very well for me too. Now, I am contemplating an idea to pair them up. I like DF-ISR being able to provide me two different setups(just like having two PCs) and DF being able to supply me a solid sense of security. Has someone had similiar experience and like share it w/ us? (any virtualization app, such power shadow or shadowuser etc?). Any downside do you know? Thanks.

 

Hi, folks: hi, peter, thanks for the valuable advice. Let me recap what you advised; I have a primary, an archive 0f primary, and a striped down secondary. Prior to any questionalbe surfing, I would update in archive snapshot, and use primary SH to surf. When it is done, instead of rebooting to primary(may be infected), I would boot into secondary, and from there refresh primary with updated archive. I think it is a smart plan. However, I do have a security concern, namely, how secure is this primary SH? (1), are all system files protected and included in those snapshots? (2)If not, suppose the PC got infected for any reason while surfing using primary SH, would these malwares somehow spread over to system files which are not included in snapshot and shared the same partition w/ all other SHs. I have had an regretable incident where an unknown trojan made its way into system files and infected all those files during rebooting. I have a doubt that $ISR file contains system files(c:/WINDOWS), because the size of $ISR is not the same as one used before creating SH, i.e the total size of used disk space is 10 GB, and the size of primary SH ($ISR) could somewhere less than that; if I remember correctly. I know for the fact that DP can secure the whole drive, and can erase anything after rebooting. Is is exactly the reason for me to come up w/ such a crazy idea to pair them up. Any advice most welcomed.

 

Perman,

I trialed Faronic's Anti-Executable in a frozen snapshot for awhile and it worked to a certain level.
I couldn't run AE on its maximum security, because I had troubles with the automatic restore of the frozen snapshot, which is in fact a copy/update.
AE on its maximum security doesn't allow copying of certain files anymore.
So I had to unmark a few settings, but not too many.

I'm not happy with my frozen snapshot, because it doesn't work like I expected. All my problems with it are caused by security softwares, but I'm not in the mood to figure it out. I have other interests at the moment.

Wilbertnl tried ShadowUser in a normal snapshot and that worked also, but I never heard anything about it after that.

I think you better do these experiments yourself, if you really want to see if it works or not and share the results with other members.

One thing is sure : FDISR is NOT a security software and any on-line snapshot is vulnerable for malware of any kind.
I don't consider restoring a snapshot to it's original state as security. FDISR detects changes, not malware.
An image backup software isn't a security software either.

 

A bit off topic but I have successfully used FD-ISR rss and ShadowSurfer together. I tried DeepFreeze once a year ago and it didn't like my Nvidia chipset. If you can be satisfied with ShadowSurfer, then I would suggest you try the pairing.

SourMilk out

 

FDISR is one of the fastest software to clean your computer and it doesn't really matter how you do it, rollback snapshot, archived snapshot or frozen snapshot, because they are all variants of COPY/UPDATE.
If it is done right we are talking about a 100% removal of malware, much better and faster than any group of scanners and without false positives.

But your computer is still vulnerable between two COPY/UPDATES and that's why you need security softwares in each online snapshot :
- to stop the installation of malware.
- to stop the execution of malware.
FDISR only takes very good care of the REMOVAL of malware, because FDISR considers them as CHANGES.
FDISR doesn't recognize BAD CHANGES (= malware), that's why FDISR also removes the GOOD CHANGES, like security updatings, ...

In order to keep the GOOD CHANGES you normally have to copy/update your rollback snapshot, archived snapshot or freeze storage and if your primary/work snapshot is infected at that moment your rollback snapshot or archived snapshot or freeze storage will also be infected. That is IMO a problem.

 

I fully agree with your post, because that's the only way to reduce the risk to an absolute minimum.
You must have alot more faith in your security softwares than me, because I consider my computer as POSSIBLE infected, once I go on-line.
That's not because I'm paranoid, but it's a fact that none of these security softwares are perfect. So the possibility of getting malware is always there.
If I ever get infected, my on-line snapshot will be the cause, not my off-line snapshot.
The only thing I really trust are my clean images/snapshots created when my computer was still off-line and I keep those apart from my daily images/snapshots.

 

Peter, if I can't solve my problems with my frozen on-line snapshot, I will use the method, you described.
The only reason why I didn't use that method are the missing on demand schedules and schedules are safer to use.
I use on demand schedules in ATI also : no mistakes in source/target and easy to start.
Frozen snapshots are even better, they work full automatic.
Unfortunately frozen snapshots and security softwares don't go together very well. The problems aren't severe, but very annoying.