Defensive desktop security software outside the Windows mainstream

The user can be given only a standard user account.

You're right about updates and data theft. This technique can be coupled with a cloud AV, anti-keylogging software, etc.

P.S. I used this technique for a family member's Windows XP computer in the past, using Returnil and Panda Cloud AV.

 

@Gullible Jones: you may be interested in Steadier State.

 

Hey thanks!

Hmm. Snapshot and restore could be done with GRUB and a Linux ramdisk:
- Have three partitions - Linux, Windows, and a data partition.
- Have a GRUB menu option that boots a minimal Linux system, and does a cold backup of the Windows system partition to a file on the Linux partition
- Have another menu option to boot Linux and immediately restore from the last Windows snapshot

Heck, if you wanted you could do this with Clonezilla.

The real problems are

a) making it secure. Anything that attacks the MBR will bypass it completely. I'd say just run in a limited account, but chances are any of us can recall at least three Windows kernel vulnerabilities off the top of our head. You could protect the system images by making the Linux partition a type that Windows can't read, but that's about it.

b) making it fast. ntfsclone restore is slow, even from one disk partition to another; no versioning, no copy-on-write, none of that. And because it's a cold backup, the computer would not be usable while making the backup.

c) making it small. A minimal OS for backup could be tiny (10 MB or less), but the images would be huge, especially with no versioning.

Blargh.

 

Flash the BIOS, boot to Clonezilla Live/etc, and image the entire disc with a clean MBR to an external drive.

 

Macrium will take at least 10 min to restore while rollback with snapshot can be done within a blink (bit exaggeration).

 

@Gullible Jones

I am trying to understand what you are looking for exactly here....

Why are you restricting it outside Windows mainstream if the defensive desktop security you are looking for is geared towards not inconveniencing/requiring extensive knowledge/decision from most end users? Mainstream security is designed for mainstream use. It just seems contradictory to me.

I think things like sandboxed browsers/apps and ad-blockers, etc are more suitable candidates.; they are simple/easy to use. So far, the examples you include are fine for those who are more willing to try and spend time on but I doubt they are applicable for most end users if we follow your criteria...

Despite all the bad rep they get, a real-time AV does exactly what you are looking for...
...web content blocking, heuristics for malicious web content and some now include exploit mitigation modules for common threat-gates
...all mostly automated without little to no decision to make.

 

You're welcome .

In case you missed it, one of the posts in that thread is Windows 7 SteadyState solution simplified.