Freezing Snapshots

I know these alternatives already. I did sooo many tests with FDISR, including yours and I'm still fooling around with all these functions.
Nothing but experiments, ideas and crazy combinations. That doesn't mean I will use it in the future.

 

stevetwc,
I just wanted to mention that your method accomplishes the same thing that freezing does. The main difference is that you are making manual a process that freezing achieves automatically.

 

I am afraid that I do not know what you mean. I have not visited any security scan sites and I'm not sure that I even know what exactly you mean by this. Please elaborate.

 

I need an explanation on that one too and it better be good. LOL.

 

I don't want to hijack this thread, but I have a question related to frozen snapshot.

Where should I store my frozen snapshot, on my C:/ drive or on my secundary (backup) drive?

 

You can store it on a secondary drive if you want.
You change the location in tools/options/freeze/use alternate freeze archive name

 

The FD manual recommends a second hard drive for the Frozen backup because it makes all the processes involved with Freezing faster.

Acadia

 

Thanks Acadia and sukarof for your help.

 

Another reason to store the "freeze storage" on a second harddisk/partition is to save space on your system partition [C:], because the "freeze storage" has about the same size of a normal snapshot.
I also stored my freeze storage on my data partition [D:] although I had space enough on my system partition.

 

I store my frozen snapshot on a secondary internal HD and it works very well.

Interesting side note, my friend arrived from Korea and wanted to use my system. I allowed him to use the frozen snapshot and was thankful because he needed to install Korean fonts in order to read some of his emails.

I was able to get rid of all the stuff he installed with a simple reboot.

 

Do I read this well ?
While your FDISR is installed on [C:], you were able to store a frozen snapshot on another harddisk/partition with another drive letter than [C:].
How did you do that ?

 

Yes. It is actually recommended in the FDISR user manual that this be done. Erik, please see the screenshot below and let me know if you still have questions.
http://dustinallen.com/Wilders/Frozen.JPG

 

I know that the "freeze storage" can be stored on another harddisk/partition, but that the "frozen snapshot" itself can be stored on another harddisk/partition that is new to me.

EDIT:
Now I understand, you were talking about the "freeze storage", not the "frozen snapshot".
OK. I did that too, long time ago.

 

@dallen and Erik-Albert

sorry for tardy response re security scanners
You are probably both aware of most of these already ...
To start, for checking from within your "locked down" frozen snapshot:

http://www.pcflank.com/about.htm

http://www.firewallleaktester.com/reward.htm

http://security.symantec.com/sscv6/default.asp?langid=ie

http://www.jasons-toolbox.com/BrowserSecurity/

http://scan.sygate.com/
(not sure how this might go since Symantec got involved)
http://www.grc.com/default.http
(you should pass these !!, some useful tools)

Basic Port Scan - http://www.dslreports.com/scan

Online port Scanners - http://www.computercops.biz/article808.html
...need to register...

Privacy and Security - http://www.auditmypc.com

Basic Scanner - http://www.preventon.com/scanner/en/

Good online port scanner - http://www.hackerwhacker.com/

Browser Security Check - http://bcheck.scanit.be/bcheck/ ***** This can be fun!!

PC-Pitstop http://www.pcpitstop.com/store/erase.asp

cant recall any others at the moment, most of these will be safe with patched OS and locked down browser, and effective security apps, some will prompt warnings, some will be denied by Anti-ex, PG etc

Some of these are older tests but still interesting

Just FYI
Regards

EDIT: obviously there are other testing apps to stress the integrity of the snapshot and integrated security, this list is just see if the special snapshots "leak" any private info while surfing

 

Longboard,
Thanks for all these links, I copied the links in my do-list.
Maybe they are usefull to test Prevx1, but I've doubts they can be used to test a frozen snapshot.

A frozen snapshot is identical to a copy/update (refresh) from a rollback archived snapshot (= Freeze Storage.arx) to a frozen snapshot, which occurs automatically during the reboot, where objects are added, removed and replaced in order to UNDO ANY CHANGE in the frozen snapshot.
The only difference is that it happens automatically and that you don't see anything.
The only visual effect is that the "Windows Welcome Screen" during the reboot will display longer, than normal.
The reboot time = normal reboot time + refresh time of the frozen snapshot, which is variable depending on what you did in the frozen snapshot before reboot.
The programmer of FDISR made only one mistake, he limited the freezing to only ONE snapshot and that's why he uses always the same name "Freeze Storage.arx" instead of "Snapshot Name.arx", where "Shapshot Name" can be any snapshot name. The FDISR-settings allow you indeed to change the name "Freeze Storage" in something else, but that doesn't make any difference.
The bottom line is that you can have only ONE frozen snapshot in FDISR instead of more than one.
This is mentioned in our wish-list, but nobody seems to read it, except users.

For instance, one of your links allow users to test how good their internet browser is to protect them against malwares. This is very good if browsers are used in a normal environment and they usually are.
I would recommend this test to anyone, because it allows them to improve their browser settings.

My experience with security settings in Firefox is that most websites are not displayed in a normal way anymore and that certain graphics aren't visible anymore and some websites don't even work properly anymore.
I don't really care about that, but it's nevertheless very unpleasant for all of us, because we all like to see our websites completely and working properly.

The crucial question is : "Do I still need these high security settings in my browser(s), if I put my browser(s) in a frozen snapshot together with Prevx1 ?"

1. A frozen snapshot doesn't allow any change in your current snapshot. If you don't believe that, you don't believe in FDISR either and I need some PROOF first to confirm this and not some scaring words of anyone without proof. If I would believe every word, I wouldn't do anything anymore, because everything would be useless.

2. Prevx1 is a Community Intrusion Prevention System, which means that it collects good, bad and caution objects in a Community Databases. Personally I consider caution = bad, so I have only good and bad objects.
The big difference between Prevx1 and classic HIPS is that Prevx1 decides for you what is good or bad, while the classic HIPS allow users to decide what is good or bad.
I can understand that a knowledgeable user likes to make his own decisions, but classic HIPS in the hands of a less-knowledgeable user is a nightmare, because he can't make these decisions and this will result in too many wrong yesses and no's. So these users need CIPS and not HIPS.

The very best protection against malware is to prevent the installation of malwares and that's what Prevx1 does.
The Community Database collects not only the white objects, but also the black objects.
Any black object that is known in the Community Database will stop the installation of the black object.
If it is unknown in the Community Database or the Community Database isn't available temporarily, the object will be considered as "unknown" and Prevx1 has a setting to block or query or allow any unknown object.
Of course I block all unknown objects and I also block all caution objects, because blocking means "NO INSTALLATION".

So if my browser with poor security settings allows a black object to install, Prevx1 is there to stop it.
In other words I can use my browser in a way that all websites are displayed completely and working properly and that would be very nice of course.

This is all theory of course and it's up to the user, including me to proof that Prevx1 doesn't stop all black objects.
That's the challenge and I still have my frozen snapshot to kill any threat that Prevx1 didn't stop, because any installed malware is a change in my snapshot and my frozen snapshot is supposed to undo changes.
So I will try all your links, when I have the time.

 

@E-A

Yes
I appreciate your POV and experience with your "locked" frozen snapshot.
I think it is a great idea and your execution of the concept seems very thorough and well thought out.

I use FF (with NoScript etc) and Prevx and BOClean and AV and Firewall with Hosts etc.
I think I am relatively safe despite some concerns about recent FF Java exploits which IMHO pose a real threat. (going to check Opera soon)
We could discuss this at length.

My post was in response to dallen

Any visit to a malicious website allows some of your computer info to be read.

Remember the frozen snapshot is still functionally your OS, that you have booted into for that session it is your "primary",with whatever that might contain and some info is passed to websites that you visit.

AS noted previously you could still catch a rootkit that might drop something in that snapshot till next reboot. Even in Dallen's "stripped down" snapshots there may be info that could be harvested during that session and out going connections could be made through a firewall if any thing gets past the security in the snapshot.

I fully appreciate that the next reboot will almost certainly "unload/wipe off" any installations.

I e-mailed Raxco and have permission to quote reply here.

My question

Reply:

Ok so far so good, we all appreciate that.
Followup question:

Reply:

So: My interpretation:
Raxco is being both realistic and humble.
There is no guarantee.
There are other options which may provide some extra cover.
FDISR frozen snapshots do add an extra layer and are probably as safe an option or safer than any other when appropriate extra precautions are in place.

I was not trying to pull apart your strategy which I admire (and am testing similar ), rather give dallen a chance to see what, if any, info could be pulled from his stripped down "Surf" snapshot.

I would remind any users, as has been pointed out very succintly by Acadia that any malware that installs will be in the OS of that snapshot.

Sorry about the lengthy ramble
Hope somebody gets some info.
Regards.

 

Hi,folks: Longboard, thank you for the very informative input. I do learn a lot from it. I just bought a brand new notebook(sort of fire sale) and have been thinking doing this: Utilizing virtualization app(such as deepfreeze) plus top notched firewall(such as outpost pro or ZA pro) and first class AV(such as KAV6 or Bitdenfender 10) and Prevx1, nothing else. Just to see how solid does this defense lineup live up to. What you think. My concept is primarily focused on the containment; if I can keep anything (good or bad) occurred on this pc within that frozen drive, not touching real system drive, I can eliminate all adversed effects upon reboot. Hope my logic is sensible.

 

Don't you worry about me, regarding pulling apart my strategy. I like it.
Once I'm interested in a software, I try to break it in any possible way, including my own ideas.
I put my personal feelings aside, when I work with softwares, those are just things for me.
So you don't need to apologize for any negative remarks. We talk about softwares, not about ourselves.

Regarding Raxco, I'm glad they are honest and admit that FDISR isn't foolproof and I had the same thoughts.
FDISR is an immediate system recovery software, NOT a security software in any way.

Because FDISR is NOT a security software, it needs help and that's why I have a router, Look'n'Stop and Prevx1.
I trust neither my router, nor Look'n'Stop, nor Prevx1, nor FDISR to secure my computer. That's not because I'm paranoid, but because programmers are people and people make mistakes and when programmers make mistakes in security softwares, we have security holes until the programmers fixed their mistakes.
I recently read something funny at Wilders : "All softwares suck, but some softwares suck more than others."
That is another, more crude way to say it, but it's nevertheless true.

In spite of my poor knowledge regarding malwares and internet, I'm going to try to break Prevx1 in every possible way, because that's the software that is supposed to prevent the installation of any malware.
I did the same thing with FDISR and Acronis, but I couldn't break it and that's why I kept both.
Look at the "RollbackRx/EazFix and Image Backup"-threads, they are still discussing what does work and what doesn't work, while my combination works properly and has been tested thoroughly. It's routine now and routine bores me to death.
So I need something else to put my teeth in and that is Prevx1.

I don't care if my system partition [C:] will get into trouble, because Acronis will save me each time.
If a malware wipes out my entire partition, like the KillDisk Virus, Acronis will be there to save me.
I've done these tests already with Acronis on a completely zero-ed harddisk, probably worse than a KillDisk Virus situation.
That's the main reason why I did all these numerous tests with Acronis, FDISR and "FDISR + Acronis".
I'm only afraid of HARDWARE VIRUSES, but those are very rare and they target only specific hardware components.

If I find holes in Prevx1, I will report them and hopefully they will improve Prevx1. I'm quite sure that the support of Prevx1 will be interested in the security holes of Prevx1.
If they don't improve Prevx1, I switch to "Online Armor" or another combination of softwares.

So any malware, that could be a threat for FDISR itself, is supposed to be blocked by Prevx1 and if that doesn't happen, I will send a red email to the support of Prevx1.
At work, I do the same thing, but there is a difference : at work, I know the subject and at Wilders, I don't know the subject very well, but that doesn't bother me.

 

I agree with you, but I'm already armed.
My goal is Prevx1, not FDISR and Acronis, because they work fine.
If Prevx1 works like they pretend, I don't need my frozen snapshot anymore.

I'm planning to install my computer from scratch anyway, because I lost my concentration due to an unexpected event with Look'n'Stop.
I need more special image backups and special archived snapshots, but I forgot to take them due to this event.
This won't happen anymore, because I'm writing each installation step down on paper this time.
If Look'n'Stop troubles me again, I switch to another firewall.

Look'n'Stop changed its code and that made my serial number useless.
No decent explanation from support either, they don't know how it happened.

 

Remarkable really.
The limitations and possibilities of FDISR are still being explored..

Peter, E-A, Lbainbridge, silver006, Acadia, dallen, wilbertnl, crofftk et al
You guys have really pushed the envelope with this utility.
Congratulations to you all.

I hope that Leapfrog and the resellers have been following some of these threads. I bet the full ramifications of a few demented and determined software wizards testing the limits were not truly appreciated when FDISR was launched. LOL

With a BIG C drive primary, 10 snapshots, freeze, archives on external discs, and strong imaging utility, once it is set up and with archive and snapshot back-ups taking so little time (imaging on a regular basis taking a little longer) there are astounding possibilities. AFAIK there are NO limits on the number of archived snapshots that can be stored externally !!

Set up 1 basic snapshot with Os and backbone apps then copy/create 9 more and away we go...

It has turned out to be far more than just recovery software.

If leapfrog can come up with a boot disc that can access external drives, it may be game over for most other back-up competitors.

Respect to you all. ..guru status officially confirmed,,,LOL

PS I have also been in touch with PrevX re "multiple installs" into different snapshots: as long as all on same machine, one license is enough.

Heh: Gotta be careful with Fanboy postings but Terabyte, Fdisr, BoClean...whoo hoo

 

Yes FDISR is more than immediate system recovery.
I don't even use FDISR in the way it is supposed to be used.
Normally you use the primary snapshot for work and secondary snapshot as a rollback snapshot. I don't have these snapshots anymore.

My first snapshot is an off-line snapshot for recovery and other things.
My second snapshot is a frozen snapshot for on-line activities.
I can't copy/update my first snapshot to my second snapshot or vice versa. They would destroy eachother, because each snapshot has different softwares and common softwares.

All the other snapshots are for testing.

If I'm in trouble, I boot to my first snapshot and fix the other snapshots from there.

 

Eric! What about windows updates of frozen snapshot?

 

There are different ways to do this, but the safest way to me is :
1. Download the patches myself as a file and store them on my data partition.
2. Reboot to clean my snapshot.
3. Turn OFF my internet connection.
4. Install each patch
5. Turn ON my internet connection
6. Re-freeze again
7. Reboot

I can turn ON/OFF internet easily via an icon on my desktop, so I don't have to go through all these screens.
Refreezing works like refreshing "freeze storage.arx" and is fast.

The advantage of collecting all these patches on my data partition is, that I can use "nLite" to create a new updated "WinXPproSP2 Installation CD" and this works because I tested this already.
My experience in the past with Win2000pro (old computer) was, that after 3-5 years my Install CD was very old.
Each time I reinstalled my computer, Windows Update took a very long time to download all these patches of 3 years back, including Service Pack 4. In those days I didn't even know, that updating of an install CD was possible.

nLite has also several other options : removal of windows components, tweaking windows, services, ...
So you can create one or more customized install CD's of windows at will and use an empty snapshot to install it, if you can't wait until the next installation from scratch.
nLite is quite simple, once you know how to do it. If I can do it, newbies can do it too.
--------------------------------------------------------
Another more simple option is :

1. Reboot to clean my snapshot
2. Update windows via the normal Microsoft website.
3. Refreeze the snapshot
4. Reboot

I always wonder myself, if your computer can be infected during Windows Update or any other non-security software, that needs to be updated via internet.
And I'm also wondering, if Prevx1 will protect me during Windows Update.
I wonder about alot of things, once my computer is connected to the internet. Don't you ?
--------------------------------------------------------
Concerning my OFF-LINE snapshot, I asked myself "Do I really need Windows Update ?"
I certainly don't need all these security patches, because there is no internet connection.
I only need to update Windows, if some of my softwares don't work properly anymore, for instance a driver update.
In that case I always can install the patch files manually OFF-LINE via my data partition.

 

Again @dallen FYI
these are two sites I forgot
This site actually has categorised scanners:
http://www.extremetech.com/article2/0,3973,651,00.asp

And this is a great site:
http://gemal.dk/browserspy/

Obviously anybody can take there "surfing snapshot" to these sites for a test or three.

Regards.