Copy/Update vs. On Demand Scanners

FDISR doesn't replace all security softwares, but it can replace any on demand scanner.

On demand AV/AS/AT/AK/AR-scanners are normally used to scan your computer one time a day, because you can't run it constantly.
If this scanner detects a malware on your system, it means that this malware has been on your system for quite some time (the period between two scans) and could have done its evil job already, that's too late.
Using an on demand scanner once a week is absurd, because if it finds a malware, it means that this malware has been on your system during 1 upto 7 days, time enough to execute itself.

The copy/update function of FDISR does EXACTLY the same thing + extra advantages :
- copy/update has no missing signatures like on demand scanners, so no incomplete removal.
- copy/update has no false/positives like on demand scanners, so no possible system damage.
- copy/update replaces ALL on demand scanners, while on demand scanners have to run one by one.
- copy/update is much faster, than the total scan time of ALL on demand scanners.

The MAIN AV/AS/AT/AK/AR-scanners are only useful, if they have a real-time shield, because that real-time shield will protect you during the period between two scans or two copy/updates.
If they don't have a real-time shield, they have the same function as on demand scanners and therefore worthless as real-time protection.

Conclusion : if the source snapshot of a copy/update is clean, you don't need
- on demand AV/AS/AT/AK/AR-scanners anymore.
- main AV/AS/AT/AK/AR-scanners WITHOUT real-time shield anymore.

If you don't agree with me, challenge me.

PS: this has nothing to do with frozen snapshots, I'm talking about NORMAL snapshots and frozen snapshots are in fact the same as normal snapshots and what has been said counts for frozen snapshots also.

 

EricAlbert, you bring up some very important differences AND advantages like you say based on FACT! No one will ever get an argument from me over that about FD-ISR feature of snapshots.
The list above even takes me aback because most PC users even today have taken for granted for so long to relying on On-Demand scanners that so long as obvious forced entries are removable for them that they have escaped enough.

FD-ISR begs to differ and proves how advantageous it really is in the face of On-Demands. For me FD-ISR in this instance almost mirrors as an imaging solution even though it's in reality a formidable rollback recovery app that also can step up in so many other ways even more useful and certainly more complete than On-Demand scanners as you so vividly and rightly point out.

 

You are right Peter and I know why.
I use copy/update from archive to snapshot to keep my snapshot clean.

You use copy/update from snapshot to archive to keep your archive up-to-date and your data is also included.
In order to keep your archive clean, you have to scan your snapshot first.
So my theory doesn't work in your case.

 

Hi Erik, your arguement / point, does have a lot of merit, though I can imagine it may upset some thinking, not to worry, As Peter has pointed out however like most things it will not suit everyone, for me I am not sure, but you have definitely given me something to consider, I will have to monitor my activities over a couple of days with a view to adopting this type of regime to see if it is practical or not. I can immediately see that if practical it brings a significant difference to the way I look at security.

 

Yes, it requires ALOT OF THINKING, if you want to deviate from the standard usage of snapshots.

I have two things :
1. A freeze storage (= archive) of my on-line snapshot, that is based on an OFF-LINE installation,
which means that this archive is guaranteed clean.
2. A frozen snapshot, which I daily use, while I'm connected to the internet.

My freeze storage is a very powerful tool to keep my system partition 100% CLEAN, MALWARE-FREE and TROUBLE-FREE.
I only need to reboot, when something bad happens and I have my perfect system back in 100 seconds.
I don't want to give up my freeze storage easily.

The problem is, that I can't copy/update from frozen snapshot to freeze storage at least NOT on-line, because that would possibly infect my freeze storage and I don't want this to happen.

That's why I don't want any security software based on blacklists, because they all need DAILY updatings of signatures ON-LINE and if I want to keep these updatings, I have to copy/update from frozen snapshot to freeze storage and that's what I don't want.

 

Provided one adopts a strict routine, I think the risk of infection can be dramatically reduced. At first boot each day I boot to my secondary snapshot and copy / udate to the primary, this removes anything picked up online yesterday, then I boot to my primary and immediately update my anti-virus and copy / update my secondary. The window of opportunity for infection I believe is very small. All my surfing takes place sandboxed as sandboxie works for me.
If you have any thoughts, ideas to improve on this please feel free to comment.

 

This is a little off topic, but I'd like to share a realization I had. I'm sure most have had this occur to them already, but for my fellow newbies, I think that you should do an update/copy of your secondary snapshot immediately BEFORE you install any software or download. That way if the new app doesn't work out, you can boot to a completely updated secondary snapshot to get rid of the offending app.

 

Yes that's one of the methods, I described in this thread :
https://www.wilderssecurity.com/showthread.php?t=170989
I only used an archive instead of secondary snapshot. Archives are safer and then your secondary snapshot can be a stripped down snapshot, like Peter has.

 

Bear with me here Erik, but why would an archive be safer than the secondary snap in this situation?

...and yes I believe my practice cam more or less from what you outlined in that post, certainly I read that post and liked the idea.

 

Archives are usually stored on an off-line external harddisk or at least on another partition of an internal harddisk and that is always safer, than a secondary snapshot that is constantly exposed to internet.

 

Ok understand now, in my case I have not partition my drives, and use no external drives, maybe something I should look at going forwards. I've always stayed away from external drives as from what I have read they have a woeful failure rate/ Lack of a partition, I'd just have to put down to inexperience / ignorance

 

I used partitions on my external harddisk, not anymore but it was possible. Until now it never failed.
If you ever buy one, make sure it's big enough, which will give you enough elbowroom to manipulate your internal harddisk(s). Sometimes several images are also handy for reinstalling your system from scratch, like CLEAN images and DAILY images.

 

Restoring to known good images and or snapshots makes more sense to me than
either real time or on demand security software.

Every so often I do run an on demand just for fun. Today I tried NOD 32 - and as expected it found nothing. So I just restored to Yesterdays full image with Acronis. On another machine I would have used FD-ISR. Same basic concept.

 

Ok thanx for the views, some more food for thought Still early days for me with FD

 

can't or won't?

Or to ask another way, the program itself will not allow it (or it does not have that option), or it is just a matter of personal choice?

I am not criticizing your methods. You have very strong ideas of what you want a program to be, it makes it hard for me to determine if it is a technical reason or not.

Mike

 

I can do it, but I don't want to do it, because it will possibly infect my freeze storage and that would be the end of my clean, malware-free and trouble-free system partition. I want to solve each problem caused by myself, the bad guys or the good guys with a simple reboot, EXCEPT problems that corrupted FDISR or a harddisk crash.
These two problems will be fixed by restoring an IMAGE.

 

OK... no problem...

Mike

 

I have no problem with positive critism, on the contrary, because it can improve my methods.
So please break it down, if you can.