Question on Rollback RX/EAZ-FIX...

May I ask the basis of that remark and how you know it's factual?

 

Hi Wendi! It's actually very easy to bypass RBRX once it's known how it works... The "Image For Windows" disk imaging product does this by accident if installed after Rollback is installed

But even without direct knowledge by the perpetrator, I found at least one version of the so-called SECURITY VIRUS that hammered Rollback's MBR without RBRX's knowledge, basically trashing it's ability to continue in its normal function. If the user doesn't have a copy of the installed RBRX MBR to restore on his disk, and instead reinstalls a standard MBR, Rollback becomes inactive and the existing protected snapshots get turned into available disk space to be written.

It was while chasing this particular virus down that I discovered the more inner workings of Rollback.

 

TRF, thanks for that illuminating (albeit discouraging) insight! I was under the impression (based on what I've read from other knowledgeable Rollback users here) that Rollback protects the MBR from malware infection.

Wendi

 

Wendi,

Fwiw, I have been using RB on my desktop and laptop since v7.1 (2006) and I'm an addicted internet surfer. In all that time I have never been infected by any malware, BUT I wouldn't just rely on RB - in addition, I use an active AV as an additional layer of protection.

Most importantly, I have always said the last means of system recovery is a backup disk-image, so I highly recommend making image backups of your system on a regular basis (when everything appears to be working reliably)!

Aaron

 

Any malware with direct disk access might trash Eaz-Fix and similar software, two well known examples are safesys.exe malware and TDL rootkits.

 

Hi aigle, while that may be true, in all fairness it should be noted that RB, EF, CTM and all other ISRs (that I'm aware of) are not anti-malware programs in the sense that they don't have provisions for detecting and removing malware. That's why I suggested to Wendi that she should be using an active AV along with RB (if she isn't already doing so)!

Aaron

 

Agreed.
That's why ISR should be Only a Layer of Protection; not the Sole Layer of Protection.

 

To clarify... if any system process tries to access the MBR/Track 0 through the "normal" disk I/O path on a Rollback RX protected system, Rollback will protect both in its own inimitable way. BUT... as Aigle says, there are "non-normal" ways to access the contents of a hard disk on a Windows system... via direct disk access. This path is where the problems may ocur. Windows tries to discourage this method of access but can easily fail in its attempt based on privileges held by the app doing the writing.

 

Aaron, that is pretty much what I'm now doing. I was thinking about allowing my annual Norton license to expire next month, but I will renew it as I now understand that Rollback Rx alone is not adequate protection against malware. Oh, I do backup my system (albeit not frequently enough!) with Acronis True Image.

Thanks,
Wendi

PS. I just got a netbook which I'll be using for email and surfing the net at hotspots. I'm thinking that Rollback Rx together with Norton might be too much of a load for it, so I'm considering just using Sandboxie - would that good enough?

 

If you don't reconfigure often - you won't have problems. But if you change drives or hardware - lord help you. Their license activation monitor will eat you alive.

 

Wendi, Rollback offers no more load on my XPsp3 netbook than any other system I use it on... and that's not much at all.

I would just replace "NORTON the Netbook Eater" with one of the decent FREE AV offerings out there (Avira?) and run it with Rollback... should be more than enough to get away from most anything. I just used that configuration on a 1mB Win7 netbook gift and all has been just fine with it as far as load is concerned (XP is much better, though )

 

Hi TRF,

I love Rollback Rx, but it does add appreciable time in booting my XP desktop so that was my concern re installing it on my Windows 7 Starter netbook. I haven't yet installed Norton Internet Security on my new netbook (Windows 7 Starter, Atom 455, 1GB mem) but it runs very well on my Windows XP desktop. I already have a 3-user license of NIS 2011 so it doesn't cost me anything to install it on the netbook (except perhaps performance?).

I just thought after reading many raves about Sandboxie (on Wilders) that it might be a better solution for a netbook?

Wendi

 

Sandboxie, Returnil... almost any decent sandbox will work just fine to protect you for any given session, although they have been "broken" in the field by agressive virii. Sandboxie should work just fine for you if you find the Rollback BOOT excessive in time.

I found on the OEM Netbooks (same with laptops) that when I cleaned off all the unused and unnecessary bloatware, the BOOT time w/Rollback was way less than the stock Netbook from the OEM ... but YMMV.

Good luck!

 

Do I take that to suggest I run an AV along with Sandboxie (as I do with Rollback Rx)?

 

I just started using ESET Internet Security on a Rx loaded laptop and it works very well. Much better than Rx with Trend Micro and even better than the Rx Norton trial that I did. ESET provides quality system protection and is very light on resources.

 

I would suggest that AV be run on every machine regardless of what else is there in the way of protection. It is essential level protection as far as I am concerned.

 

Yes, it is a good idea to run an AV along with Sandboxie. Sandboxie does not provide complete system-wide protection as it only protects applications that are running inside the sandbox.

Other methods of system-wide protection that, unlike an AV, don't depend on detection include: ISR software such as Rollback RX/EAZ-FIX, light virtualisation software such as Shadow Defender or Returnil, and policy restriction software such as DefenseWall, GeSWall, or AppGuard.

ISR, light virtualisation, and policy restriction programs can all be effectively combined with Sandboxie and an AV to add an extra layer of protection.

 

Thanks all and your admonition to use an AV with either program (Rollback Rx or Sandboxie) is duly noted.

As I'm very used to using Norton Internet Secutiry + Rollback Rx on my desktop I guess I'll try that combination on my new netbook and see how it performs.

 

It would be a good idea to make an image-backup before doing that...

Good luck,
Aaron

 

Excellent advice!