Microsoft Says Recovery from Malware Becoming Impossible

Discussion in 'FirstDefense-ISR Forum' started by Leapfrog Software, Apr 10, 2006.

Thread Status:
Not open for further replies.
  1. Leapfrog Software

    Leapfrog Software Leapfrog Management

    Joined:
    Jan 25, 2006
    Posts:
    251
    Location:
    Northern Nevada, USA
    Greetings All,

    Here is an interesting article for your eyes to feast upon. For those that already have FD-ISR, this is probably not to much of an issue on your systems, or at least the recovery is a simple one.

    http://www.eweek.com/article2/0,1895,1945808,00.asp
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    In a way kind of funny. I bet the malware, couldn't inflict more damage then I've done myself at times. I've trashed this system pretty badly a couple of times. Oh well, reboot do a copy reboot, and move on to next disaster:D

    Scary thing is programs like FDISR almost make you fearless.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    FD-ISR is the best all around program I have ever seen for a PC. The misery factor drops to zero if you have this program. Misery meaning formats of your hard drive. :D
     
  4. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    The real trick is not to catch the malware in the first place. ;)
     
  5. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Wow, coming from you ronjor, the quiet "masked one" :ninja:, that really means something (of course, that's not to take anything away from Peter or any of the others :cool:).

    Acadia
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Tony

    I wasn't talking about malware. I was talking about stuff like testing a registry cleaner and having it hang the system. Power resets at that point have rather nasty consequences. I did it once and oh it was badddd. Probably would have resulted in one of Ron's miseries. Not with FDISR.

    Pete
     
  7. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    That's the trick, but even the most security conscientious users will eventually come across something, unfortunately. Therefore, the trick is to be prepared when the inevitable happens.;)

    I have to agree that FDISR is one of the best all around programs I have ever seen for a PC, ronjor. However, Image for Windows/DOS by Terabyte Unlimited Makes the race for the best all around program ever seen for a PC. Since you qualified the category with the words "all around," I would have to give the edge to FDISR, simply because of its versatility.
     
  8. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    So, Dallen, the Terabyte program works well with FirstDefense? Have you successfully restored images that had FD contained on it? If so, what do you do when you make images and restore, that is, do keep FD installed or do you kill the pre-boot option so as to release the MBR from FD's control?

    The reason that I'm asking all these questions is because I am considering the purchase of the Terabyte program. Thanks.

    Acadia
     
  9. Leapfrog Software

    Leapfrog Software Leapfrog Management

    Joined:
    Jan 25, 2006
    Posts:
    251
    Location:
    Northern Nevada, USA
    Greetings,

    After seeing the eweek article, it reminds me of the days I used to troubleshoot systems. All those hours spent trying to remove something new in the world that has made the system crazy. I have to admit, my troubleshooting skills have probably decreased over the years. My answer to everything is now, "just reboot". The ISR technology has made me lazy! ;)

    Acadia, to answer your questions about a restoring an image from a BMR (Bare Metal Restore) type product, we have a special feature added to the MBR. If you do leave FD-ISR "MBR Enabled" during partition or disk imaging from another product (Image for Windows, GHOST, Acronis, etc.), when the BMR image is restored, if the FD-ISR boot code is not found, it will simple boot the active snapshot(last snapshot booted) and immediately fix-up the boot code, making it available the next time you boot.

    I hope that helps.
     
    Last edited: Apr 11, 2006
  10. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Excellent, Todd, thank you.

    Acadia
     
  11. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Arcadia...it seems an expert has already addressed the MBR question.

    To anwer your first two questions I would say that Image for Windows/DOS works very well with FDISR installed. That being said, I have never restored an image on a system with FDISR installed (primarily because FDISR is my first option and frankly it works well). I have restored systems without FDISR and I am pretty confident in saying that it would work just fine. I have sucessfully imaged a system with FDISR and successfully validated those images. I've just never actually restored one.

    Please visit this page and view the tutorials: http://www.heffy.com/image.htm
    It will teach you a lot about how it works and what to expect. I tend use Image for DOS and not Image for Windows. Mainly because you get a cleaner image from a system that is not actively running Windows, in my opinion.
     
  12. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    And, Acadia I can provide the rest of that affirmation having successfully test restored my system drive with FDISR installed both from Image for Windows and BootIt NG images as I attested to over here: https://www.wilderssecurity.com/showthread.php?p=721371#post721371
     
    Last edited: Apr 11, 2006
  13. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    :thumb: :cool:

    Acadia
     
  14. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Could an acronis backup archive of a c partition be restored to a firstdefense snapshot to test it's validity ( no errors )?.Is there a mbr issue between these 2?.
     
  15. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    I wouldn't touch that one with a 39-and-a-half foot pole.
    Follow the link in my post above to see what I think about ATI and how ATI has the MBR issue, not FDISR.
     
  16. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    dallen, no truer words were ever spoken. Looks like we share favorites !:)
     
  17. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    'Ere 'ere, just what I was thinking, and can I say thankyou for a great software, one of the best on this machine:thumb:


    edited to fix quotes - Detox
     
    Last edited by a moderator: May 6, 2006
  18. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Meriadoc, thank you, but ... where is the article? ;)

    Acadia
     
  19. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    He was trying to quote post #1... I'll go fix his quote tags to clarify things ;-)
     
Thread Status:
Not open for further replies.