Recovery Solutions - Comparisons

For the past week I have been reading up on the various threads on this board regarding a number of programs.
I am still confused as to exactly how these programs are used in the context of security and/or recovery as many of their features seem to be overlapping.

Could I challenge the experts here to explain with a few clear statements (and cutting through all the marketing spin on the product sites) the prime usage for the following products to help me better understand.

1. Imaging Software like ATI

2. FirstDefense_ISR

3. Programs like Powershadow or ShadowUser

4. Sandboxie

From what I read these programs all have some features in common but are often used together. EricAlbert characterizes Imaging Software a must and FirstDefense_ISR a luxury (which I gather he very much likes). Seems to me that I can live without ATI using only the luxury product just purchased if I "avoid" a hardware crash.

Other programs mentioned here are Returnil and RollbackX (not sure if they belong in 2 or 3 above). I would have thought that RollbackX is similar to FirstDefense_ISR but appster corrected me by stating FDISR and RB are similar in purpose, but not in their concept.

 

It is confusing, and I think the situation is easier to deal with if you begin by thinking through what you require for your system.

Do you want just a reboot-to-restore program?

Or a Sandbox type of program?

Do you want to backup just your data?

Or do you require an imaging program? Why?

When a person characterizes this or that solution "as a must" keep in mind that the person's situation may not be related to yours at all.

Once you have decided what you want for your particular setup, that will help eliminate certain products, and you can evalulate the others to see what will best serve your needs.

At this point, people with experience in the various products will have a better idea regarding advice.


----
rich

 

Thanks guys,

I do realise that everyone has different requirements and I have a pretty good idea what I need but because the programs have overlapping functions I am getting all confused.

I do want to be "back in business" quickly (though I am happy if the disruption is less than an hour - don't care if it takes 2 minutes or 10 minutes) if my system gets hit by a virus or some installation of a "decent" application brings havoc or some MS update causes trouble. That's why I chose to purchase FirstDefense_ISR.

Based on your explanations and my still limited understanding, I may add Sandboxie to the arsenal. I guess always running the browser in the sandbox minimises the internet risk and apart from the odd bookmark nothing needs to be saved. I may also use it for testing new software. However I will rely on FirstDefense_ISR if I find out that the software does cause problems later on after the initial test in the sandbox, acceptance and installation outside the sandbox. I think protecting my second HD is another advantage of having sandboxie.

As for the two other categories 1 and 3, I am not sure that I need them. I accept the risk of hardware failure and would not play with malware intentionally. As for having continuous images for backup, seems very reassuring but not really necessary for my home computer and I would worry about the space required. Seems to me that 1 and 3 might be good additional products but not really necessary.

Just out of curiosity, Peter, if you run all 5 products mentioned, how much resources does this take? I suppose you still have an AV and various other utitlities running?

 

Hi beethoven,

I agree it is very confusing. I'm very close to creating my own first images myself. Here is my take on it from someone who is in the same position.

** Use a Sandbox for your internet facing programs. Find out how to configure them for the protection you need. I use Sandboxie and it's fairly easy and their forum has a lot help.

** If you have a static setup that doesn't change much or you want to play with new programs that don't require a reboot or your need extra protection when doing risky surfing, then grab a program like Returnil or PowerShadow. I have both and they serve me well. If I install something like a browser to try out, when I'm done I just reboot and all is gone.

** If you want to experiment with programs that require a reboot to install or you are in an environment that requires you to be up and running within minutes of a mishap, then FD-ISR and Rollback are good choices for you. They are also good for someone who beta tests or generally likes trying a lot of new applications. An image would compliment them nicely if you can find one that agrees with them. I think Rollback can be picky about being imaged.

** As far as imaging goes, it's a must for anyone who doesn't want to start from a basic Windows install in the event of a mishap or malware. Images are best stored on external drives in the event that your normal internal drive fails.

I hope this helps some. It is also important that I mention to try one and only one program at a time and get familiar with it. Start with a sandbox program. It can isolate your internet facing programs from your system. I'm running Sandboxie and I currently have it set to save my Firefox bookmarks and not allow anything sandboxed to access My Document or my D: partition.

What I do with my computer may be very different that what you do. My main risk is from being online and not from things like possibly infected cd/dvd's or usb devices. My sister wanted me to look at my nieces mp3 player and I said ok because I used PowerShadow to protect my whole system before the device was plugged in. Sandboxie, PowerShadow 2.8.2 and Returnil give me that warm and fuzzy feeling when I'm online or partaking in risky adventures . Once I get an image and or images, I will know I can recover from anything by reverting my system to a specific point in time. FD-ISR and Rollback can do this also a little bit quicker. They also have other advantages.

 

Hello,

This may sound kind of geeky, but I'll repeat what Rmus state: What do you need?

For example, imaging is a good thing, regardless of the OS you use. But you don't need sandboxing if you run limited account or Linux, for instance.

If you do lots of installations and testing, then you might want snapshot software, but if your setup is static - then you don't need it.

Finally, even the best imaging / restore / sandboxing software will fail if your hard disk dies, so don't forget plain ole simple cd / dvd backups and such. And then, don't forget the issue of compatibilities. Many of these softwares like to control the MBR, which could conflict if you are using a non-MS bootloader like GRUB or LILO.

Therefore, you must assess your setup and find the right solution accordingly, not vice versa.

Mrk

 

OK here's my 2cents:

Necessities are image BackUp & SnapShots either ATI or ShadowProtect Desktop & FD-ISR.

FD-ISR is "VERY FLEXIBLE" in that you can use it for testing software (just create a "Test SS") or for safety by keeping a secondary SS. just in case a Win Update goes awry. It's also great for keeping a SS of your Clean Windows Install. All this is moot if your HDD fails, That's where Imaging come into the picture. Both of these apps are greatly enhanced by keeping images & archives on an external HDD.

I for one wouldn't be w/o FD-ISR & SP (or ATI) as they alone or together can help me recover from any disaster.

I do use ShadowDefender (Category 3) on my daughters box so any changes she makes can be erased by a simple re-boot rather than having to revert to a clean FD-ISR SS. At the same time, I do have a FD-ISR Secondary SS & ATI Image on an external drive connected to her machine.

Beethoven, I hope this clears things up a little bit and doesn't add to the confusion.

...screamer

 

FDISR is indeed my first defense. LOL.
1. I use my freeze storage to restore my system partition, during each reboot.
2. I use my archives to restore both snapshots = original installation state, which also cleans my system partition completely.

ShadowProtect Desktop is my second defense, in case FDISR fails, sometimes in combination with my Zero Tool, if my Recovery CD doesn't work due to a KillDisk Trojan attack.
I hardly need SPD because FDISR does the job all the time and that means immediately, although SPD is very close to FDISR, regarding speed.
If the Recovery CD of SPD didn't have such a slow loading time, it would be perfect.

 

To get down to essentials and to keep it simple;

Firstly and absolutely essential is imaging backup-either True Image or Shadow Protect .

I use ATI with two incremental B/Us daily,fast and efficient,but I understand that Shadow Protect may be even better -being able to B/U quicker and and using less resources.

If you then schedule say hourly or less B/Us -use a data B/U occassionaly-at present,thats all you need-the rest is icing on the cake.

For example,assuming your security-Firewall,antispyware,antivirus and HIPS are OK,you dont need Returnil.

My recommendation -Use Shadow Protect for frequent backups and forget about the rest until you have the feel of it.

Then try out the others at your leisure if you still think they may offer something of value

 

I know this is a recovery thread and not a sandbox one but let me ask this...

I've been advised by a couple of people that the biggest threat from using my brand-new notebook computer at unsecured public WiFi hotspots is that some sort of malware will be placed on the system while I'm browsing. If I were to install SandboxIE on the notebook and always run Internet Explorer within it whilst using unsecured wireless, wouldn't that be a fairly robust solution to this class of threats?

If so it sounds like all I really need is SandboxIE for use in public, a program for making system images on DVD+R on a regular basis and then most any old antivirus program will suffice for routine sweeps of the computer. At home I am behind a WPA2-connected, MAC-filtered router with NAT and SPI so the 99% of my Internet usage that happens there is not a major concern.

P.S. Is this sort of thing what is meant by a "drive-by" browser attack?

 

Pete,

As you can tell, I'm brand new to the forum. What would be the most logical area for a general security question like this one? Thanks for your reply.