HoizonData Rollback Rx

Discussion in 'backup, imaging & disk mgmt' started by Rico, Dec 29, 2014.

  1. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,690
    Location:
    Texas
    Love the concept & idea behind this software, however a chink in it's armor is; you must defeat/disable, 'rootkit scanning', in your security protection software. The install of Rollback Rx should advise and or disable Rootkit scanning, in security apps, thus allowing an informed decision upon install. Hopefully a new version will, allow all defenses to be used.
     
  2. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,130
    That is not the only chink in its armor, search this forum for the horror stories AND STAY AWAY from RollBack Rx. You have been warned.
     
  3. manolito

    manolito Registered Member

    Joined:
    Apr 23, 2013
    Posts:
    341
    Do you really have to be this negative? I respect your experiences with Rollback RX and with HorizonDataSys, but this is from the time when a lot of technical transitions took place (Win7 / Win8, UEFI, Secure Boot, GPT hard drives, large HDDs > 2 TB).

    In the meantime Rollback has improved considerably, the last few builds have been very stable. You do have to understand how the software works, if you don't care you will get bitten sooner or later.

    But your advice to just stay away from Rollback is not justified at all these days. I think you are a little biased. And comparing the current version of Rollback RX with the current incarnations of AX64 I have to say that I would rather recommend to stay away from AX64 at the moment...


    Cheers
    manolito
     
  4. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,130
    Well, maybe you are correct but once bitten twice shy, and this recent thread has not done anything to deminish my concerns https://www.wilderssecurity.com/threads/ax64-rollback-rx-help-questions.371396/ Mind you the advent of the new Drive Cloner is a good thing (after how many years of missed release dates) so maybe recovery from Rx disasters is now possible. You would need to remember to use it very regularly to have reasonably up to date protection of your data though. Hourly would make its protection comparable to AXTM but that hardly is practical.

    As for directly comparing Rx to official AXTM releases (and even to betas),,,,,,when TM fails its not a big deal, all you have to do is do a cold restore,,,,,,when Rx fails your system is pretty much toast and from the sound of it (again indicated in the link above) HDS support is still poor.
     
    Last edited: Dec 30, 2014
  5. TheRollbackFrog

    TheRollbackFrog Registered Member

    Joined:
    Mar 1, 2011
    Posts:
    3,041
    Location:
    The Pond - USA
    Rico, in the world of RootKit scanning, Rollback's IS a RootKit... albeit a benign (friendly) one (sometimes known as a BootKit). It's BOOTing structure looks exactly like the way a RootKit would invade a system, which Rollback actually does... it invades your system in a major way. I'm not sure they can redesign this structure easily without limiting its current capability.

    ...and there are many of us here in the Wilder's Imaging arena primarily due to Rollback destruction of our system along the way. Not just hiccups but major destruction and loss of data. Many users have great success with Rollback, but many others have horrible experiences... my guess to the reason why, unusual system configurations. This appears to be the same situation with the AX64 Time Machine as far as configurations go... although when AX64 fails it usually doesn't destroy your data, it is an imaging engine after all.

    Careful evaluation of a snapshot product along with reliable system imaging (most likely two different applications) is the only way to approach this problem until someone in the market puts forth the reliable consistent hybrid we're all looking for... and that hasn't happened yet. AX64 Time Machine has an interesting approach to this problem, although there are many kinks to be worked out as of yet... it will take some time to work these issues.
     
    Last edited: Dec 30, 2014
  6. taotoo

    taotoo Registered Member

    Joined:
    Mar 13, 2013
    Posts:
    415
    I read a post a few months or more ago, which stated that RX had changed to copy on write, rather than redirect. I can't find any other mention of this, so not sure if it's accurate or not (suspect not). Anyway that might seem to be a 'safer' way of doing things, albeit presumably with a performance hit (maybe not much of an issue with SSDs).
     
  7. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,690
    Location:
    Texas
    Okay, I guess the only harm is a "rootkit" scan would ID Rollback Rx, as an invader, and want to remove it, thus damaging Rx. So if we knew what the scanner identified, why not exclude in the AV or other scanners? I would rather them tell us what not be allowed for removal, than hobble, all sorts of security software.

    Note my first introduction to this form of software was "Comodo Time Machine", I have not known anyone who experienced troubles with this one.
     
  8. TheRollbackFrog

    TheRollbackFrog Registered Member

    Joined:
    Mar 1, 2011
    Posts:
    3,041
    Location:
    The Pond - USA
    It remains a REDIRECT ON WRITE technology to date.
     
  9. TheRollbackFrog

    TheRollbackFrog Registered Member

    Joined:
    Mar 1, 2011
    Posts:
    3,041
    Location:
    The Pond - USA
    1st item - RootKit exclusions are difficult. There's really no easy way to signature a RootKit for library reference (wide ranging sizes and approaches to RootKitting), only heuristically identify it and warn.

    2nd item - if you're saying you've never heard of anyone having trouble with Comodo Time Machine, I'd say you've been visiting another planet for an extended period of time :blink: Not to be flippant here, but CTM over the years (and it's no longer available for good reasons) has had more incidents of system destruction (documented within the available forums) than any other REDIRECT ON WRITE snapshot solution ever created. The only time I ever tried to use it, it destroyed my system (yes, I had an imaged backup). I then went to lookup various experiences with the product and ran into a tsunami of bad press (along with some good experiences). I gave up very quickly at that point.
     
  10. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,024
    Location:
    USA
    Unfortunately, CTM still is available from various download sites including MajorGeeks and Softpedia, but I echo your experience with it. I also had my system trashed by Rx to where it was unrecoverable (via all Windows recovery methods). I finally resorted to restoring my week-old backup image and recreating a week's worth of work. Needless to say, I then said goodbye to Rx (my conclusion, bootkits are bad news). I then tried AX64 and found it to be unreliable (albeit it didn't trash my system). Finally, I moved on to Shadow Defender and haven't looked back (nevertheless, SD is not a substitute for a reliable image backup program)!

    Cruise
     
    Last edited: Dec 30, 2014
  11. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,690
    Location:
    Texas
    Regarding CTM, I've known 3 - 4 people who have used this, & reported no problems, so I've not done any looking into it's issues. I also knew it was not being developed, but still available. CTM naive :oops:

    Regarding the rootkit thing, wouldn't the AV scan for "rootkit" repeatedly identify the same RX file? & hence knowing this we could not delete it, then perhaps exclude it. TDS Killer & SOPHOS etc, find and alert of suspicious, files, for further investigation.

    I do make regular backups using Macrium, my thinking was an easy restore, on the road. Also SD best $35.00, I've ever spent
     
  12. TheRollbackFrog

    TheRollbackFrog Registered Member

    Joined:
    Mar 1, 2011
    Posts:
    3,041
    Location:
    The Pond - USA
    I don't believe RootKit identification has to do with file signatures at all. A good RootKit can use "normal" kinds of files to do its dirty work. RootKits are mostly found by examining process flow, not file signatures, especially where normal, expected BOOTing process flow has been disturbed from what scanners consider the norm. Some known RootKits include known bad files associated with their nefarious deeds and these are readily recognized, but general RootKit scanning does not work like virus signature scanning at all.

    As far as SD is concerned, any partnered imaging tool you may use along with SD cannot use any sort of file system tracking mechanism (AX Time Machine, Shadow Protect, I believe, etc.) or you will get pretty screwed if you try and save any of that virtualized file action into your real system. Macrium does not use any sort of developed file tracking info other than the normal file system files available for comparison.
     
  13. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,024
    Location:
    USA
    All very true, but my image backup of choice is Drive Snapshot, which is extremely reliable and has no conflict with Shadow Defender. I know that IFW also 'fits that bill'. As far as AS64 goes, I guess it has some promise (eventually), but at this point it is still in the beta-testing stage (at best). So I'm very satisfied with SD - which works perfectly in the presence of DS, IFW (as well as with many other 'traditional imagers') and vice-versa. ;)

    Cruise
     
    Last edited: Dec 30, 2014
  14. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,024
    Location:
    USA
    Rico,

    As one who has been burned badly by CTF and Rx, I would leave you with this advice... Use them if you wish, but make backups (with Macrium in your case) a very frequent practice because sooner or later you will have to recover your system by restoring one of those backups!

    Good luck,
    Cruise
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I am using Rollback XP for testing malware and security software. So far so good. Interestingly no problem on a dual boot set up( XP and Ubuntu).
     
  16. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    533
    Location:
    UK
  17. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,547
    Manolito your reply reminds me of bgoodman4, 1-2 years ago... Unfortunately RollbackRX has this effect.
    One is becomes great fan of it until it bites him in the ass... a painful experience that one never forgets...:p

    Panagiotis
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Let me make it clear that I use it and I know what I am doing and I have full disaster recovery in place, if needed. I will not recommend it for any one.
     
  19. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    Question for The Rolling Frog :p I've tried before, but it didn't seem to work, and that is to include Rollback and all snapshots into a System backup image. However when I restored to this image the whole system would not boot :confused: So the question is Do image the partition? or the whole disk for this to work?

    Also on another note about whole disk imaging Acronis True Image 2015 says the size of the whole disk is 512GB but the entire size of My SSD is only 120GB how come this shows at such a large size?
     
  20. TheRollbackFrog

    TheRollbackFrog Registered Member

    Joined:
    Mar 1, 2011
    Posts:
    3,041
    Location:
    The Pond - USA
    DVD, I haven't done much of this in a while but others have and it works under most circumstances... only when an ALL SECTOR (Raw) image was taken. If this is done under LIVE, Rollback-protected Windows, it will never work due to the fact that RBrx will never let you have the specialized constructed MBR that it needs to operate, it only gives you the original MBR it replaced when installed... only under external non-LIVE imaging will you get the real RBrx constructed MBR (the BootKit, as they say).

    The other thing needed is a "real" imager... one that reconstructs the storage volume EXACTLY as it was when imaged. IFW did this very successfully until v2.77 or v2.78, then things went haywire following a restoration. This led me to believe that IFW no longer did a block-for-block reconstruction from that version on. Drive Snapshot in the old days worked just fine, even Acronis was successful at this at one time (I know not now).

    If RBrx is protecting only one volume, only that volume was needed in a RAW (all sector) format to restore snaps. If it was protecting multiple volumes, then the whole disk was needed.

    These days, almost all the imagers have changed somewhat and I haven't done any additional testing since IFW v2.78.
     
  21. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,690
    Location:
    Texas
    @Cruise, Thanks! I practiced, restoring an old XP machine using Macrium 5.3, seems you make so many backups, & so few restores. Forgot how easy it is. Next much skeptical regarding Rx
     
  22. Gaddster

    Gaddster Registered Member

    Joined:
    Dec 11, 2013
    Posts:
    38
    Location:
    UK
    Since Horizon keeps (ridiculously) advertising Rollback RX as an bomb proof "I can do it all" holy than thou piece of software that will save your day in all cases, I'm actually glad people on here and other sites are so quick to warn others about Rollback.
     
  23. TheRollbackFrog

    TheRollbackFrog Registered Member

    Joined:
    Mar 1, 2011
    Posts:
    3,041
    Location:
    The Pond - USA
    I really can't think of a better way to describe a Rollback RX experience. I, during the days of v9,1, was one of those RBrx champions, extolling the virtue of this great application... even going so far as to discover ways to backup the current system image and all its snapshots. Then the butt BITE, as Panagiotis so eloquently describes... not just in 1-system but many others I held responsibility for. Mine was fine due to decent system management policies but others were basically unrecoverable. I can't even describe how much pain was involved under those circumstances. If you want a typical example, see the RickFromPhila thread right HERE in this forum.

    Nowadays I occasionally test with RBrx but not very often, and when I do, the system is fully protected... there's really no other way when using any REDIRECT ON WRITE snapshot tool.
     
  24. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,690
    Location:
    Texas
    Hi Guys, I've now uninstalled Rollback Rx, on two machines. Thanks for the heads up regarding the potential disasters, with this software. Big THANKS to Froggie, your RickFromPhila, was the tie-breaker for uninstall.

    Thanks ALL & 'Happy New Year'
     
  25. manolito

    manolito Registered Member

    Joined:
    Apr 23, 2013
    Posts:
    341
    I said it before, and I will say it again:

    Anyone who uses Rollback RX without an additional image based backup software is just plain stupid. Wilders forum members should really know this, and I feel no compassion for anyone who has been bitten by snapshot software like Rollback without having a secondary layer of security.

    But the same is also true for AX64. Neither is it a reliable imager, nor is it a fast snapshot software. Running it as your only backup solution is also just plain stupid.

    So the alternatives are
    1. Use an imager (like Macrium or IfW) plus AX64
    2. Use an imager plus Rollback RX

    I prefer #2 because as a snapshot software Rollback is just so much faster compared to AX64.

    Some folks mentioned how important it is for them that an imager should be able to backup the Rollback snapshots. Frankly I don't see this necessity at all. By default Rollback deletes all snapshots which are older than 7 days, and it is not a good idea to increase this number. Make at least an incremental image backup every two or three days, and you are pretty much protected.


    A Happy New Year to everybody...


    Cheers
    manolito
     
    Last edited: Dec 31, 2014
Loading...