KillDisk virus versus EAZ-FIX/ FDISR

Discussion in 'other anti-malware software' started by aigle, Sep 26, 2006.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Tried KillDisk virus yesterday against EAZ-FIX/ RollBackRx and FDISR on a test PC.

    It destroyed current working system in EAZ-FIX but I was able to boot into previous snapshot/ snapshots without any problem.

    With FDISR, It erased every thing on disk. On reboot no FDISR prebpoot was available and no way to get back the system. I checked via BartPE, all the disk was blank and all partitions destroyed, had to reformat.
    I did not tried it in frozen snapshot, will try later after I reinstall OS.
     
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    As I know freezed snapshot does not use any virtualization so I am pretty sure that KillDisk virus will do its harm here as well.
     
  3. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    scarey results aigle. so rollbackrx can save you vs killdisk but not FDISR? if that's the case i find it odd, dont' they both more or less do the same thing?

    ps aigle, clear up some messages in your wilders inbox, you're full :D
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks. Sorry I forget the mailbox. It,s a bit clear now.
    RollBackRx leads here as it does same as FDISR but in a totally different way.
    Details I can,t guess, I think Wilbertnl might explain this.
     
  5. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Wow, that's heavy duty testing :D .

    I must say the result is very interesting, and I wonder why there are so few comments about this difference between Rollback/FD-ISR.. Ususally people say the opposite, so I guess most didn't see your post.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I think because this topic has been discussed so many times here.
    Both are good, same work, different approach and different features, EAZ-FIZ still has some bugs though.
    I wish u could combine two in one software!!
     
  7. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    I've never tried ISR-FD so far, but what I don't like about it is that snapshot switching takes some times - according to what I've heard. ie with Rollback, it takes just the time of a reboot to switch from one snapshot to another.

    I've had one bug too with Rollback lately, for some reason a "group" of snapshot was damaged, you could boot it, but system was unstable. I don't know what happened, but I just had to delete these snapshots to fix the problem.

    Then I'm still using the same baseline (and of course Rollback build) since march, despite lots and lots of testings : This program has proven to be reliable for me.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Assuming one could repeat the killdisk test on Rollback and FDISR repeatedly with the same results, and I suspect you probably could, far as I am concerned you are still even. May just be a matter of convenience.

    Since neither program supports the problem of total disk failure, you still need to in some manner image/backup for total disk recovery.

    So. Last thing at night I update all my FDISR snapshots/archives and Aigle creates a new Rollback snapshot. Then we both work all day the next day,a nd at the end of the day killdisk strikes.

    I totally lose my disk, so I have to restore and older image and update with FDISR, but them I am current as of last night.

    Aigle only has to reboot which is for sure quicker in this case, but he losing his current snapshot, is still only current as of last night.

    However I still feel safer with FDISR, as I know the worst case, and can deal with it. But what if Aigle feels comfortable after several tests that his worst case is losing only current snapshot, and then a killdisk variant wipes out the whole drive.

    Personally I still find FDISR the prefered approach because updating FDISR archives is so quick, and using these archives I can reconstruct my current system, from a 3 month old disk image. Rollback currently offers no such protection should there be a total wipe out.

    Pete
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    So far I will put FDISR as my chice for my working PC. Only problem my laptop has only 40 GB HD and attaching an external HD is a bit inconvenient for me.
    However If I test a lot of software, EAZ-FIX is my chice without doubt, so easy and fast.

    BTW, I don,t like the GUI of FDISR at all, seems so inferior but it,s all personal liking.
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Snapshot switching need only a reboot just like EAZ-FIX but snapshots are not like RollBack, they retain the changes each time u boot into them. Snapshots of EAZ-FIX are a bit like archives in FDISR and swithching to archive takes a bit time.
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Of course this happened, even a frozen snapshot won't be of any help.
    That is logical because there is nothing to stop the execution of this virus.

    How can I get this KillDisk virus on my computer, because this seems to be a good and extreme test ?
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Not sure what u mean?
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Well you did the test, just tell me how to do test. :)
     
Loading...
Thread Status:
Not open for further replies.