Freezing Snapshots

@E-A and dallen
I went bck and read the thread here: Frozen snapshots v scanners
https://www.wilderssecurity.com/showthread.php?t=148413

interesting discussion.
I felt that several of the responders were mixing up the "RollbackRx" type snapshot with the FDISR "snapshots which got a bit confusing Heh.

Your comments on AE and FDISR snapshot restores was very interesting because I was heading down that path as well: thanks, saved me some effort and no doubt bafflement.

After reading this thread and that one I have a couple of questions which arose from Aigle's Eric! What about windows updates of frozen snapshot?

Q: If you have a special surfing snapshot and you hit some sites you want to add to favs or dl some interesting documents or such, wont all those be lost with the freeze? I mean I know they will, but how to get around this ?
heh: pen and paper?

QGaming snapshots: (i dont do any online gaming and it does seem to be associated with some exploits) ? how to keep your position/score set if you freeze.

Q; anitexploit tools: prevx: prevx updates itself if you let it; but again updates lost ? (and if you really want to test prevx in a freeze scenario, now might be the time: go to the Gromozon sites if you dare: now ~36 variants of that little f@#cker.)

It is late here and I am tired I cant even type straight any more.
I'll wrestle with this again.
Regards.

 

All personal files, including the ones I download, are stored on my data partition [D:] and this works in practice. It doesn't matter if the snapshot is frozen or not. As you probably know, you can have settings in most browsers, where you can tell the browser what to do with downloadings : in a default folder or ask where to store it.

I don't do any gaming, so I can't tell you anything about this and I'm not going to test them either, because I hate games.
So for me, it's not a problem.

That is indeed a problem, because all updatings of softwares in a frozen snapshots are UNDONE during the next reboot.
All security softwares need to be updated and Prevx1 is no exception.
So I had to anchor (= exclude) Prevx1 in my frozen snapshot in order to KEEP the updatings. Anchoring is a one time operation.
I don't like anchoring in principle, because the more you anchor, the more vulnerable your frozen snapshot becomes. If I knew which OBJECTS of Prevx1 are changed during the updating, I could do the anchoring more cunning.
For now I anchored the folder of Prevx1, but you can also anchor files.

Keep in mind, that almost nobody in Wilders, is doing what I'm doing, except Dallen maybe. That means I'm almost alone and have to do it all by myself without any experiences and information from other members. So it will take alot longer, before I can share any results or experiences.

Don't think, I believe unconditionally in my own security setup and I will do anything to break it. That's my kind of game.
R.I.P. means "Rollback Intrusion Prevention", but it also means "Rest In Peace"

 

If you use firefox, do Start > Run > firefox.exe -profilemanager
Create a new profile and tell it to store the profile on another partition.

That's what I've done, and it allows me to have access to my bookmarks and such in any snapshot I boot to.

 

Thanks for confirming. One more reason for Longboard to believe us.

 

Yes I would like to buy a bridge

The FF work around is cool.
Manual updates for all tools while not connected would be cool.
For surfing snapshot when not in testing modemaybe:
Avira as scanner and AV
PG as blocker.

Wont anchoring provide a pathway for malicious exploits?
To have any security in the surf snapshot it really needs to be completely isolated.
If you want to test the current set-up with prevx and find malware sites
http://forum.sysinternals.com/forum_posts.asp?TID=3446&PN=1

 

Trust me, I will try anything to break my own security setup in the future, but I have to re-install my computer first from scratch, because I need more special clean backup files and clean archived snapshots to cover my experiments and get back in business after disasters. After that I don't have to re-install my computer from scratch anymore, at least not manually.
Especially the TIMING of taking these special backup files and archived snapshots is important, not too soon and not too late either.
I prepare it on paper this time, because I lost my concentration during the previous installation.

 

Oh, and just to be clear, I use a frozen snapshot at all times as well. I moved My Documents and my Desktop folders to a second hard drive. I also have firefox and thunderbird using the second drive for their profiles. I don't really engage in dangerous surfing habits, but I do like to try out new software on a regular basis. With the frozen snapshot, I can just reboot to get rid of all traces of any programs. When I try something and find that I like it, I move the installation files from D:\Downloads to D:\Install. That way, when I do finally get around to rebooting, I just unfreeze and install the programs (as well as any and all updates for my programs), then refreeze. If I find that I've gone a week without rebooting, I'll go ahead and do it just to clean the system, unfreeze and install updates permanently, and then refreeze.

C

 

Finally somebody at Wilders, who thinks and acts like me.
A few minutes ago, I tried Registry Mechanic, did a reboot and it was gone.
No un-installing, no leftovers, no registry cleaning, whatsoever.
Well done cthorpe !!!

P.S. : I became an expert in reboot. It wasn't easy in the beginning but I finally got it