The Best Anti-Malware Protection There Is--Image Backup

Paragon Backup and Recovery Free

 

Using backup images of any sort as a malware defense has 2 potential problems.

1, Knowing when your system is compromised and needs to be restored. It's entirely possible to become infected with a new piece of malware that an AV or anti-spyware doesn't yet recognize. By the time you realize that you're infected, the damage may already be done.

2, Being sure that the image or backup is clean and malware free. AVs, anti-spyware apps, rootkit scanners, etc all miss things. The only way to be reasonably certain a system is clean is to build it offline from known clean files and updates stored locally, and make that backup image before the system ever sees the internet.

 

What he said.

 

lol, I guess so on the 3rd group.

Let me ask a question. Do you have a NAS box or similar device which has a mirrored raid array? I do (actually 2) and that is where I house most things I wish to backup. I trust two new drives will not both die at the same time. Really important stuff I put on optical drives and sometimes even move off-site. Have you given any thought to using raid so that you don't have to backup to more than one physical location?

Sul.

 

No, I don't use that or similar setup, but my 4 yr old rig has RAID functionality, I just haven't ventured into it yet, and then I don't know if it does mirrored RAID, either. For some reason I haven't the urge to check it out, though maybe whenever I upgrade my hardware in the probably distant future Something else to learn one of these days. I use my other spare drive in different ways, too, such as dual-boot with linux, sometimes. I have an external drive hooked up with eSata as my second backup location, running only when i need it. Anyway, it's 3 am, I'm trying to shake the cobwebs with coffee having been called in to work (ugghh, on-call for the long weekend )..later.

 

I would encourage you to examine some NAS boxes that hold 2 drives for RAID. I personally chose Synology units, and am very impressed thus far.

One does not "need" such things. I can only say that once you make the investment, it can lead to less time backing up and also more comfort in the "safety" of the data.

I enjoy how I have all my data on mirrored raid, and that I only need to map a drive for it to be transparent to my use. Yet, when I save something, it is always saved but one time to the NAS box and I don't have to remember to back it up. That is was my primary reason to purchase a NAS, so that I could find no interuption in my work flow yet not have to fret over whether I remembered to save it or not.

As a side benefit, I have my NAS box strategically located so that in the event of a fire etc, it is readily available to "grab and go".

As always, just one who is sharing with another

Sul.

 

No doubt it's a more efficient, faster method than the one I'm employing, only I'm not so sure that what I do to one drive I want the same done to the other, because I, similar to you, do things to the system such as modifying system settings in a rather experimental fashion, although not nearly to the extent technically you probably go to I create images of the system when I have it as close to perfect, for my needs, as I can determine, and then create another when I've maybe added some program(s) and/or updated some others, or maybe for something as simple as installing MS updates. Essentially, I want images created off a very recent install of Windows, fully updated, all my favorite programs installed, Win fw and AppLocker setup to perfection, Task Manager setup with my customized tasks, and anything else I haven't thought of but use on a regular basis. This way I can do things in an experimantal fashion on the real system (often I'll use the vm if so desired) knowing I can quite literally blow it away due to being overly cavalier or careless, because that recent verified image will get me back to where I was or close to it before I started my adventure. As for maintaining my data backups, I'm usually dealing with no more than a one or two, new or updated files at a time a few times a week, so this is not very time consuming for me anyway.

 

CTM runs very well in conjunction with CIS,giving you the option via pop-ups to create a snapshot before installing unknown software for example.

 

It's similar to Windows System Restore,backing up browser settings and other stuff that can be maliciously modified by Spyware (registry & task manager settings,etc.).

 

I've not used SpywareBlaster from much time, since my browser is OPERA, but I believe that SpywareBlaster System Snapshot is only a Registry backup.

 

A STRONG anti-keylogger is also essential. Whether virtual or imaged or whatever, if a keylogger somehow manages to get in & transmits your sensitive data, you are in deep kim chee.

You also need a sentry that does NOT depend on blacklists or clouds or behaviors or heuristics (heur today, gone tomorrow). It is the sentry's job to tell you when you MUST restore a clean image.

My terrifying triumverate = SafeOnline (the anti-keylogger) + TinyWatcher (the sentry) + Imager (the fail-safe)

 

bellgamin

 

Better than an anti-keylogger, I use Win7 built-in fw with default block all outbound for connections not specified in the rules. This way a key logger can't tx to the outside world. My goal is to minimize 3rd party help without sacrificing security

 

Do you have a theme song or mantra yet? Maybe a catchy phrase? Let me know when you do, I'll join your sect.

Sul.

 

During boot-up, when exactly does your FW come online to prevent ANY other sw from acting before Windows is even loaded? E.g., OSSS will come online sooner than Windows or your FW, I betcha. If OSSS can precede the FW, so can a trojan.

How much latitude do you give your browsers when surfing the net? Or have you set rules for each & every outbound connection by your browser, email clients, FTP, all other net-facing threatgates, etc? If you have, more power to you.

My IT said that he would NOT want to base his job security on Win7's built-in ANYthing. Or haven't you had any security patches whatsoever since Win7 was issued?

 

As for the keyloggers, I found outbound control to be a pain and unnecessary. I prefer LUA+SRP/AppLocker.

 

Heh, heh I knew I'd ruffle a few feathers. To clarify, this is assuming a keylogger can get itself onto my setup in the first place, but even if it somehow can (a longshot I'd wager on), how's it going to broadcast to the outside world?

Browsers get outbound tcp to ports: 80, 443, 554, 1755 & 1935. Nothing else. email gets IMAP 143, 25 & 80, 443.

If it's a serious business environment then typically enterprise level hardware such as Cisco is needed anyway, but that should not be stopping him from utilizing policy controls built in to the O/S.

LOL...no, only that my trolling efforts are not quite yet having the effect I was hoping for

 

wat0114
that is correct no outbound connection allowed the keylogger can not comunicate good to see some one has some brains

 

absolutely right. What you think about keyscrambler premium vs keyloggers? lol

 

that is a diferent story as keyscrambler scramble the keyboard as mama makes scramble eggs for sunday morning

 

either way is correct keyscrambler and a firewall bye bye keyloggers

 

scrambled eggs yumm made me hungry

 

Certainly I'm not trying to insult anyone's intelligence here. Lots of members here have plenty of brains to be sure, and I consider myself average at best, except that I spend tons of time on this stuff so I figure I might have some knowledge to offer rather than outright smarts My security approach is simply what I prefer and what works well for me.

 

absolutely agree. to rephrase if you dont mind...keyscrambler + firewall bye bye keyloggers buy only keyscrambler = only namesake keylogger

 

Comodo Time Machine. Disadvantages: You cannot defragment in the traditional way. You must use their defragmenting tool. CTM is a separate product & is not the same as RollBack & its clones. I suspect Rollback is much more reliable than CTM at this point. CTM also makes it more difficult to Image. You must use an Image tool which offers Sector by Sector backup. Much slower. If you do not then all the Snapshots go away. CTM has had a problem in the past when uninstalling , apparently it took the MBR with it. Also there was some corruption sometimes resulting in formats. I used it in some VMS & did not like it much.
FDISR was great but it is no longer offered as a commercial product. There is apparently a way to install it on Windows 7 but it involves a complicated procedure & you need to rewrite the MBR into a Vista version.