Freezing!!

Discussion in 'FirstDefense-ISR Forum' started by marse.robert, Nov 24, 2007.

Thread Status:
Not open for further replies.
  1. marse.robert

    marse.robert Registered Member

    Joined:
    Nov 3, 2004
    Posts:
    255
    Location:
    Langar: Nottinghamshire: UK
    Hi all.
    Having finally arrived at a system arrangement I like,I am now in the process of freezing this setup. My question is, if I required to add/remove from this setup do I "unfreeze" to "refreeze" after the alteration?

    Regards

    Marserobert
     
  2. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Yes you have to unfreeze the snapshot, make your changes then refreeze.
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    While i'm not all together yet sold on the unique usefullness of this FREEZE snapshot method just yet, i do applaud the concept and am cautiously optimistic in part over Erik's continued eagerness in this Boot-To-Restore method as opposed to using, in my case Power Shadow or for others, Returnil to return again to a clean slate after an active session whether on or offline.

    I mean for those of us who been fortunate to have gotten in when we did on the Genuine Full-Featured version of FD-ISR, there are as Eric puts it, a matter of luxury to this unique ISR, and i take that as a reference to the Multi-Snapshot + Archive feature for one common example perhaps? Because isn't immediate rollback recovery more a necessity and the general purpose of it to begin with, which i might add caused quite a rave this past year. :D

    My question then is this.

    When using an FD-ISR "FROZEN" snapshot upon reboot the snapshot is refreshed to return to it's former state, so while in this FROZEN snapshot it's still necessary to shore it up with your usual security apps against the potential for some malware which could say penetrate then disrupt one or several of $ISR's files of importance which could then render it disabled in some fashion. So where exactly does the advantage lie in practicing this form of Boot-To-Restore in comparison to those mentioned earlier, Returnil etc.?

    I'm just trying to get a clearer picture on the benefits gained in this FREEZE snapshot idea compared to the others.
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I will ask you another question : "Why do I need Returnil, PowerShadow, DeepFreeze, when I have already a frozen snapshot, which gives me exactly the same result : an unchanged system partition (= my online snapshot) ?"

    I don't need an extra ISR-software, because :

    1. I have already an ISR-software that has such a function and even a better one :
    FDISR has Freeze/Unfreeze/Freeze Previous. The bold one doesn't even exist in Returnil, ... and that's why Returnil, ... can't handle softwares that require a reboot. In order to solve this problem, some Returnil users use a second extra software to handle these softwares. The only way to solve this in FDISR is creating an extra snapshot, which I don't need.
    So why would I use another ISR-software that gives me less or causes more work ?

    2. I'm not impressed by the speed difference, because my computer is fast enough. I'm not going to use an extra software to spare 20 seconds.
    If I reboot 10 times a day I spare 200 seconds, that is 3m20s a day, big deal.
    Speed might be a problem for other users with an older computer, well let them use an extra ISR-software.

    3. These extra ISR-softwares are not fully compatible with FDISR. The function "Boot to Snapshot" of FDISR doesn't work properly anymore and that irritates me. I have two choices to avoid that problem :
    a. I disable the frozen mode of Returnil, ... and then the function "Boot to Snapshot" will work properly.
    I don't like to do this, because I never turn OFF my frozen snapshot.

    b. I keep the frozen mode of Returnil, ... enabled and then I have to wait for the "F1"-key during reboot.
    I don't like to do this either, because that is not convenient and I usually get a drink or something else, when I reboot my computer and now I'm forced to wait for the F1-key.

    All this would irritate me DAILY and more than once a day.
    And of course other users, who combine FDISR with Returnil, ... don't see this as a problem, they have no other choice or they have to accept a slower reboot.

    4. Any ISR-software can be corrupted by malware and it didn't happen yet, because ISR-software aren't popular yet, so it's not an interesting target for the bad guys. FDISR is even terminated and that makes it even a less interesting target, than any other ISR-software.

    FDISR has indeed be corrupted by the Killdisk Trojan, but this malware doesn't target FDISR. If FDISR's development wasn't frozen since I bought it, I'm sure that Leapfrog would have fixed this. Leapfrog never improved FDISR and the only 3 improvements were just added to increase the sale of FDISR.

    FDISR is not a security software, it's a recovery software and needs to be protected like any other software. That's why I use a Firewall, Anti-Executable and now Sandboxie to protect mainly my data partition [D:].

    That is also the main reason, why I have Image Backup, to fix a corrupted FDISR. FDISR can be corrupted by a legit software also, that happened 2 or 3 times, since March 2006. Until now FDISR was never corrupted by a malware and if it happens, it's not a problem.

    I don't even understand why everybody is fascinated by this Killdisk Trojan.
    Recently I have read a post at Wilders of a virus that destroyed 3 non-system partitions, D, E and F. That is alot worse than the KillDisk Trojan, which only destroys partition "C".

    Conclusion :
    If any user likes to use a normal snapshot + another ISR-software, it won't bother me at all.
    I keep on using a frozen snapshot and I have reasons enough to do so.
    Let us discuss other more important issues, than this subject, like :
    - how to protect non-system partitions, which contain our precious data.
    - which security softwares we need to use in a boot-to-restore solution.
    - how to download files carefully.
     
    Last edited: Dec 2, 2007
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    Not sure fascinated is the right word. Just a good test. BTW, it does wipe out the whole disk, not just the c: partition, as it destroys the partition table itself.

    Pete
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    My c: partition is the whole harddisk. :)
     
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    In the case of Power Shadow or others similar yes there is some truth to that redundancy or wasted space + effort but i'm like you and trying to cover every conceivable possibility and according to Peter2150 this is of some real concern although as you say FD-ISR is not specifically targeted, in fact most Wilder's users need not concern themselves with ever meeting up with such a fierce virus as KillDisk, "BUT", the fact remains that "IF" not just KillDisk but several variants of it were to become numerous by some stretch, and not only that, but a file infector virus which can disable and take down not only your ISR snapshots but also render FD-ISR grossly afflicted, then what? The FROZEN snapshot wouldn't do you much good and leave you to resort to a "clean" image or "clean" archives saved off machine.

    That's all i'm trying to get a handle on here. BTW, i'm now actively using FREEZE snapshot and although comes thru as expected, i do find Power Shadow/Returnil can do the same task of Boot-To-Restore even quicker FWIW and without the boot screen delay while Freeze snapshot refreshes from it's archive.
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I have Anti-Executable and now Sandboxie on board. If both are really that good the KillDisk Trojan has no chance and Sandboxie protects my data partition as well. So why do I need PowerShadow, Returnil, ... EXTRA to protect me ?
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    No endorsement intended to persuade you Erik because that set up covers a good deal of territory, but what about SCRIPTS? Remember that scripts can prove just as lethal as an .exe, that's why i use EQSecure (HIPS) because it stops/alerts "ALL" file associations including those script files such as .vbs,.reg,.hiv,.pif and whatever, even if some off-the-wall new file association. This HIPS is ROCK SOLID and it's vast coverage protects FD-ISR full circle between SandboxIE till PS/Returnil's Boot-T-Restore, or even FREEZE snapshot, because it's what goes on in-between while online or launching some unknown that's the greatest threat to overall system security.
    I found this out the hard way by deliberately dropping my defenses while launching a file infector virus which rendered FD-ISR and anything in $ISR contaminated enough it required a full wipe, reinstall then restore.
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    If the script comes from something downloaded from the web, and self launches, it will be sandboxed. SO it shouldn't be able to hurt the system.
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Reading that line just ramped up my confidence another several notches again Pete ;)

    I'm just working some remote conjecture here because i'm of the belief that any program, including SandboxIE if by some stretch became mischiefly compromised at least there is another emergency support system to fall to.

    We really have to hand it to these security HIPS/VIRTUAL/SANDBOX people, they seem to taken a huge lead in the field of protection services with products like SandboxIE etc. and have greatly strengthened shielding in Windows against nearly every single conceivable threat one might ever imagine.
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Easter or any other member,
    I'm willing to install any other security software, after all I have only 3 security softwares : Windows Firewall (+ router) + Anti-Executable + Sandboxie and this might not be enough.
    My boot-to-restore is not security, that is immediate recovery and is the perfect removal tool of any malware, because it doesn't accept any change, but it doesn't stop the execution of malware.

    If you have any reasonable suggestion, where my 3 security software could fail, I don't see any problem to install a 4th security software, except security software, that require signature updates of any kind.
     
  13. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    A well designed sandbox should stop the execution of local scripts (WSH) coming from isolated/sandboxed applications.
    Mine (GW) does this
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    I think Sandboxie pretty much fills the same bill.

    Pete
     
  15. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I think so :)
    A script created by a sandboxed instance of your browser will be trapped inside the virtual container.
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Great! If thats the case then in keeping with my dual-layer approach SandboxIE + EQSecure, BOTH! trap scripts and any other even new file extensions, so thats a solid enough coverage for that.

    Thanks
     
Thread Status:
Not open for further replies.