FDISR users-- few Qs

Discussion in 'FirstDefense-ISR Forum' started by aigle, Sep 23, 2006.

Thread Status:
Not open for further replies.
  1. Reve_Etrange

    Reve_Etrange Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    108
    You're probably right. It's so close to fulfill each use, it's frustrating when it doesn't completely get there ;)

    RE
     
  2. Reve_Etrange

    Reve_Etrange Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    108
    Peter, it depends on what you mean by "software disaster", and what it covers. To me, the MS equivalent of "rm -rf" is a software disaster, and it is not covered by FDISR.

    Having said that, I don't want to get one ppl's nerves :)

    RE
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Frankly, I'm waiting for such a malware. It would give me a valid reason to test the restoration with ATI again.
    (Don't tell it to the other FDISR-users.)
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Reve

    Not sure what "rm -rf" is. Be specific. I'd be interested in knowing what software disaster you are talking about.

    You aren't getting on anyone's nerves.

    Erik

    Doubt if you will see it. Malware is now almost a commercial business. Why would you target a small sector that might use something like FDISR.

    Pete
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Nerves? Not after six months using ATI and FDISR successfully. It makes you feel invincible. I don't care anymore what happens to my system partition. If the reboot doesn't help, I restore my backup file.
    I don't even enjoy the excitement of restore anymore, it's all routine now.
    But FDISR is keeping me busy, even after 6 months.
     
  6. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    It's possible to do a 'rmdir /s /q c:\' and reboot in a backup snapshot without problems.
     
  7. Reve_Etrange

    Reve_Etrange Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    108
    Ok, maybe I underestimated the protection of the snapshot folder, and maybe there *is* something special about XYplorer after all. I would be curious what other file managers can access it.

    Anyway, if the developers went out of their way to protect it, there is a reason, and to me this is what I've been fussing over - namely, accessing a snapshot from another one is definitely *wrong*.
    Even if, yes, maybe, we could live with it.

    RE

    ['rm -rf' is, in a nutshell, the *NIX command to delete everything in your filesystem]
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's peanuts for ATI. I did several tests with completely zero-ed harddisks. Both were restored properly. So a deleted filesystem won't be a problem either.
    That's why an image backup software is much more important than immediate system recovery, but FDISR is more fun. ATI is sooo boring.
     
  9. Reve_Etrange

    Reve_Etrange Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    108
    I know, I back up my partitions every week, for years (I now use IFD/IFW).
    Got two internal HDs and two USB ones, making for a comfortable 1TB :)

    RE
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Not familiar with *nix command, but yeah you are right, FDISR couldn't save you if you reformated the drive either. However if you accidently deleted c:\windows\*.* that would be no problem.

    Something that would be interesting is to see if xplorer being able to see the files can delete them. I had to manually remove a snapshot once, and it was a painful process that took several hours.

    Cheers, Pete
     
  11. Reve_Etrange

    Reve_Etrange Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    108
    If you mean with XYplorer, yes, I can delete any file - that's the second thing I tried, after accessing the subfolder :)

    I just tried accessing $ISR/1 from NTEmacs, no success. I wonder what's different about XY.

    RE
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,159
    Location:
    UK / Pakistan
    I agree here but many users try to use such software as the last or near last( imging may be the last) line of defence against malware. Even Eric himself is using frozen snapshot. We all know these facts. As a RollBackRx user I have found EAZ-FIX/ RollBackRx pretty good in this regard so I will like to explore the same issues about FDISR before I switch over and many other users might be interested as well.
    So far I was disappointed in this reagrd. FDISR failed in my recent testing here.

    https://www.wilderssecurity.com/showthread.php?t=148280

    Again that is just a side issue I know but I am sure many will be interested in this issue.
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Frankly Aigle, I am encouraged by your test, and now more then ever am convinced by your test FDISR is the better way to go, especially considering you shouldn't be totally counting on either program totally. You still need backup. The imaging situation with Rollback is still at best mighty marginal

    Okay with Rollback you had your current system trashed and you booted into another snapshot. So your other snapshot was out of date, now what.

    So my disk with FDISR is wiped out, and say it also wipes out my 2nd internal drive where I generally store images. No sweat. I fire up my external USB drive, and restore the base image stored there. That puts back my basic system with FDISR installed. IF the MBR was wiped out IFD puts back an plain MBR, which is no problem for FDISR. I then use FDISR to restore the system back to current time, with the FDISR archive stored on the USB drive. My USB drive will always be safe from a kill virus as it is turned off.

    So I would submit if you are worried about this stuff, you shouldn't rely on either FDISR,ROllback or EAZfix alone, and that in the long run you have an easier total recovery solution with FDISR.

    Pete

    PS What I a suggesting as a recovery isn't theory, but tested.
     
  14. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    You come up with interesting arguments, Peter.

    When you setup eazFix to take a snapshot at every boot, your outdated restore is how old?
    Aigle's test looks like a restore into another snapshot was one click away, while your scenario with FD-ISR takes more than that.

    Assuming that eazSolution will release the major fix for corrupt snapshots this week, I think that it's reasonable to say that both snapshot solutions are excellent and that it comes down to personal preference or maybe hardware requirements (RAID?). And yes, both have advantages/disadvantages, that is the charm of differences.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,159
    Location:
    UK / Pakistan

    I can,t understand it sorry. If the last snapshot of RollBackRx is old, not the current system, I wonder how old is ur image backed up on external disk? Definitely older than RollBackRx snapshot unless u image very often.( BTW u can,t image on each reboot that can be done with RollBack).
    Also as Wilbertnl said RollBack will restore with just one click and in ur scenario it will sure take a good amount of time and effort.
    I am not denying the need of externl image backup though.
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Doesn't matter how old my image is as long as I keep my archive up to date. That is update with any changes in the system or at night before I shutdown.
    Sure it does take a while, but suppose your Rollback test had wiped out your disk, and your only image was outdated. How would Rollback have helped you. Also on a time comparison, to stay current and be able to recover from a total disk wipeout, your only option with Rollback is a disk image, if you can, which is somewhat time consuming. The FDISR archive refresh is quick by comparison.

    Hey Aigle if Rollback works for you great. But to me it when I put it into the total recovery picture, it just falls short.
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Peter,
    Is RollbackRx able to archive snapshots like FDISR ?
     
  18. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,885
    Location:
    Stockholm Sweden
    This XYplorer is truly a interresting and special file manager :eek: It can even see what is in System Volume Information.
    I can delete files in a non loaded FDISR snapshot. I can modify a text file in a snapshot and save it. I dont know how to inject code or modify other files (like .dll .sys. exe and what have you) but I guess it could be done.
    But I can not copy or move any files into or out of the snapshot.

    I dont have much knowledge on how malware really works, but isnt it essential for such that it is able to install files to do its dirty deeds?
    I did not know that any of the above could be done to a snapshot, and yes I am a bit surprised actually, but not really worried since there is hell of alot of work for a bad guy if he wants do anything otherr than delete files in a snapshot.
     
    Last edited: Sep 27, 2006
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Not currently. They are working on that now.
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    In theory the delete function could be quite damaging. It certainly could render a snapshot unbootable. Also anything that can delete a c: drive, could also delete stuff from a D: drive which is where I store most of my backup stuff. What it can't touch is an external drive that is turned off. I also keep an image and current FDISR archive there. Thats the fall back position.
     
  21. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,885
    Location:
    Stockholm Sweden
    I guess its all about personal preferences. I personally dont worry so much about deletion, got backup of that. I am more worried about things I dont know, like having a trojan sending out data.

    btw, i just noticed that I can start a program inside a non loaded snapshot, phew... well as long as no one can copy any files into a snapshot and run it from there....
     

    Attached Files:

  22. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    A new version of eazFix/Rollback RX is in the works: eazFix 8.
    That version will support backup images of individual snapshots. I haven't seen it yet, but I imagine that the scenario could look like a diskimage with the baseline and after that eazFix snapshot backups to update the system.
    Doesn't that sound exciting?
     
  23. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I guess only for RollbackRx/EazFix-users, because it was missing. :)
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    :thumb: :thumb:
     
  25. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,159
    Location:
    UK / Pakistan
    That,s a valid point indeed. I never thought on this point.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.