New idea for Developers: Reconstructor for rebuilding a system from scratch

Discussion in 'other security issues & news' started by Devinco, Oct 11, 2005.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Maybe this has already been done (or can be done with a combination of existing tools), but I think it would be helpful for techs and people trying to rebuild a totally infested machine that requires a format.

    Here's the idea:
    More and more it is looking like the only solution to cleaning an infested system is a total reformat. Why not create a product that makes this process easier?
    When rebuilding a totally compromised system from scratch, it's a pain to have to go through all the hardware that is installed so you can get driver disks or trusted download locations after the reformat. It is also a pain to go through every single program that the user installed looking for specific configs, .ini, and data files that are stored within the program's dir.
    It is also a pain to have to decide what the best install order should be.

    The solution:
    Install Reconstructor on a completely infested machine.
    The program is a combination system analyzer, backup util, partition destroyer, and report generator/advice system.
    It goes through all the programs installed and backs up data files and configuration files for the programs onto removable media. It also creates a list of all the hardware drivers (including which RAID drivers and trusted places to get them) and such that will need to be reinstalled.
    Whatever programs it couldn't backup the data for, it would flag for manually selecting data files to back up.

    Perhaps the program would also include a tool to totally delete the partitions like Fdisk or Partition Magic, but easier to use. This would be on the bootable CD to make sure nothing is left hiding in file system.
    Windows XP can do the partitioning.
    After the reformat and XP is installed, the Reconstructor could be installed and load the previously generated list. A logical ordered install list or report would be created that would include trusted download locations to get all the necessary drivers and software. Maybe the database of trusted download locations could be stored on the Reconstructor website (recurring service?).
    The reinstall report might have profiles based on the type of user (gamer, business, security, etc.)

    The point is to make a product that when everything goes to hell and you need to start over, the process is streamlined. Including trusted places to get the user's stuff from.
    Because when people come for help, they usually don't have any backups to just restore from.
    Maybe call it Worst Case Scenario.
    The program would be geared for the medium to high tech skill level (just due to the nature of rebuilding a system).

    So people, what do you think? Good idea, bad idea?
    Developers, what do you think?
    I certainly don't want to develop it (or be a part of the development process) and I only want to buy it from you.
    I haven't seen a product like this, so let me know if there is or what's the closest current thing.
     
  2. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    I thought you could do most of what you stated with a Bart PE disk? Make it into a dvd image so you can add more stuff?
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi beetlejuice69,

    I haven't done enough research on BartPE yet (I have the links though).
    But as I understand, one could put fdisk on it with a batch file to delete the partitions.
    But is there a system analyzer (with the features I listed) / backup util available? It would go through the whole computer and find all the user's stuff that would need to be reinstalled and data that needs to be backed up. The reinstall report/guide part could be as simple as different guidelines to reinstalling to a complex expert system connected to an updating database.
     
  4. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    An interesting idea, but one which I believe is somewhat flawed. If the Reconstructor was able to determine which files, registry keys, etc., needed to be preserved (a process I'm not convinced would be truly possible), then by definition it would also have determined all the items that needed to be discarded (i.e., the infections you want rid of).

    In that case, it might instead remove all the crud and leave you with a working system that you no longer need to reformat and reinstall at all.
     
  5. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi spm,

    The idea is that all regular disinfection procedures have already failed and to ease/speed the rebuilding process.
    It would not need to identify what is safe and what is not. Merely generate an orderly list of what is needed to be reinstalled on the system.
    Essentially an ordered reinstall list would be created. In addition, it would back up at least the user's data files, favorites, emails, and data files within programs directories.
    Most important would be the hardware drivers that would be needed after reformat.
    Next would be all the programs the user installed. Obviously, one of the programs the user installed was most likely the start of their problems. So some logical categorizing/prioritizing would need to be done by either the tech , end user, or expert system. But at least the person would have a handy list of all the programs installed which would then let him decide what should not be installed either from a high/med/low risk list, or from personal security experience.
    The point would be to get the user's system back to a clean usable state (with maybe better security).
    It would give known trusted download locations for the drivers and programs.
    And the user's data files (game saves etc.) that are stored in the program's directories would be backed up, ready to be restored.

    What do you think?
     
  6. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Well, you are still wanting it to intelligently select what is 'good', because you talk about it backing up data files from folders, etc. For a start, later reinstalling a program and then copying data files to appropriate locations will often not accomplish what you are looking for. Such things are often much more complicated in reality, requiring configuration files to be restored to users' profile folders, and correlated registry entries to be written.

    Given that backing up is a crucial part of any such scheme, why not simply perform full and regular backups of your system anyway, and in the event of an issue arising just restore back to a known good state. Usually, the most effective solutions are the easiest. Don't look for a complex solution when it is not needed.
     
  7. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Okay, then how about no intelligence (should work for me! :) ).
    Just a good system analyzer to produce the complete (nice and orderly) list of installs. The tech then creates a complete (or selective) backup that can easily be selectively restored (just data files, emails, ini files) based on the the list of programs and their locations. The backup could be a separate program. Maybe it wouldn't get profiles that are hidden inside the registry, but this would help to speed the process up.
    Yes of course it is a crucial part of any security. But nevertheless, the majority of people still don't make backups.
    So this system analyzer/ backup combo (or separate programs) would help the tech rebuild the system.

    How about that? Is there something already out there that can do this?
     
  8. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    All Devinco's idea really entails, if I'm reading right, is getting a list of installed programs.. such as jv16 powertools does, maybe taking a look at the program components- put driver run apps in first, then maybe follow the install dates for the rest. Then search for .ini files and such and back them up with full path, do the same with common email file formats and bookmarks. Then just do a backup of My Documents and the other saved files, and generate a restore script. This is actually partly done in XP with the Files and Settings Transfer Wizard, and is not unfeasible at all. I actually like the idea, although I would want some extra troubleshooting tools as well. You really probably could put something like this together yourself with a Bart's PE, but it would be a fair amount of work.

    Like I say, I do like the idea.. there seems to be a shortage of tech tool suites around. :) Auto-Patcher can be used to do something similar for the reinstall process, though.. something you might want to look into if you haven't already. ZipGenius also has some pretty nice backup options for saving a lot of common things with just a couple clicks. That's another to definitely check into. One day soon I really need to sit down and put togther my portable tool suite. I think I've got most of the components, just need to sort through them and assemble a good CD. Maybe you and I should sit down and draw an outline one of these days, Devinco :)
     
  9. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Sounds good to me Notok. Thanks.
    The Bart PE disc is looking to be the malware solution of the future.
    The tool kit wouldn't have to be "pretty" either, just simple and effective. Maybe it could be streamlined with batches or macro automation.
    Having to go through all the programs and hardware configurations people have on their systems takes a lot of time.
    Anything to speed up the process would be great.
    Call it Notok's Worst Case Scenario CD tool kit or something.
    Put together the best tools to get the job done. Clean it if possible and if that doesn't work ease (or semi-automate) the rebuilding process.
    I have to research Bart PE and the rest, but I think it could work. :)
     
  10. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    Devinco, you will let us know how you make out?
     
Loading...
Thread Status:
Not open for further replies.