No more FDISR as we know it? Im confused.

Would have to agree there but I think it's just because they did away with the blue screen when XP encounters a major prob it just freezes, and you have to power down, so you don't even get the blue screen error code, granted it doesn't happen anywhere near as often, but I'd say it's the same thing without the blue.

 

why should we trust you ? I would have thought that BSOD with your set up was "Virtually" impossible.

 

I don't care about BSOD's, because there are not a problem anymore, FDISR takes care of them and yes they do occur on WinXPproSP2, I had several of them, while I was testing Primary Response and several other softwares in the past, which I don't remember and FDISR saved me EACH time.

I'm more interested in Joanna's malware : how do they survive on a zero-ed harddisk as an invisible (zero-)malware.
I can't believe that, it sounds more like a SF horror book/movie to me, than reality.
<Removed inappropriate remark>

 

BSOD. My system is XP Pro. Today, I experienced the BSOD...I think. I was just using Firefox and all of a sudden, a blue screen came forward with a lot of white text, but before I could read it at all, my computer rebooted on its own.

Is that BSOD? This is the 2nd time this has happened.... Is there any way of identifying what causes such silliness?

 

Polycock!

There is not even a proof-of-concept out there anymore that can match either a boot-to-restore or better yet recovery image after a zero out hard drive. All that embedding to disc is nonsense, you can strip ANY code off hard disk with software, including muckware in any form. Thats why malware makers are a joke, they can only infect machines left unguarded and theres still plenty of them around for them to play with unfortunately. Especially AV's because they always go after bypassing them, but an ISR like FD-ISR are INVINCEABLE! My whole hard drive = 3 partitions was affected by a thorough file infector virus and all i had to do was Delete & Wipe each one, reinstall XP Pro & FD-ISR!!! (Archives) and ha! ha! i was right back in business again. I done this to myself deliberately. I venture to say a KillDisk attack would done no more damage since i could either hook up another drive to wipe it or use one of my MANY zero CD Disks. So that concludes my friends the final end of malware on any ISR/Imaged protected system as regards XP anyway. In real-world and not deliberately released, my HIPS + SandboxIE + Power Shadow would stave off any such attempt, in fact Anti-Executable by Faronics would have aborted such attack all by itself.

If you want to be concerned about tactical stealth it MUST be embedded in the hardware FIRST.

CHECK THIS OUT and be very concerned about HD Vendors.
https://www.wilderssecurity.com/showthread.php?t=191115

 

At what version number did this change in FDISR happen?

 

Nope. Where did you get that idea? The concept is simple.

The idea is actually similar to Erikalbert's theory but now it is actually being used against him. The irony is judging from his comments he doesn't understand it.

Simple. They don't. That's the beauty of it! Why borther to surivive when they can reinfect you over and over again....

 

http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Rutkowska.pdf

page 6 - the server will reinfect the client.

So if you have a stand alone machine there is no server to reinfect a client ?

The concept is simple ? Could you then explain how a machine which reboots to a previously clean state re-infects itself ? how about restoring a full image ? would this get reinfected and from where ?

"Simple. They don't. That's the beauty of it! Why borther to surivive when they can reinfect you over and over again...."

Infect you from where ?

Does it not help that I reboot every hour or so and that machines are turned off at night ?

 

Has anyone an answer on this please?

 

HDS 205 has no Freeze function. But if you purchase it, you can submit a support ticket requesting the "pre-dropped freezed function" version. What I am NOT clear on is whether that would be 205 with Freeze or a prior version without whatever fixes 205 provided.

 

Thanks Peter.

I am trying ver 3.21 bld 203 but I don't see the freeze function on it.

 

I'm still not scared and quoting Joanna.

I turn off my computer, when I'm finished and certainly when I go to bed.
I always did this, not for malware, but to spare electricity.

So what ? The backdoor damaged my computer for several hours and I turn it off for the night. The next morning I boot-to-restore and every damage is gone.
This Joanna never heard of a boot-to-restore and she had nothing but normal reboots in her mind, when she wrote that report.
My reboot isn't normal, my reboot removes any change on my harddisk.

I don't have a server and if I had one, I would turn it off at night.
The next morning I boot-to-restore my server and every damage is gone.

So what ? Worms are also removed, when I boot-to-restore. Worms are just another "change" that is removed. I call all malware "changes".

Of course a malware doesn't care, it has an I.Q. of a brick and can't think.
I don't care either, because I remove it during reboot, malware gone and I didn't even know which malware it was.
That's the beauty of it.

This was newbie ErikAlbert vs. Joanna Rutkowska, well-known malware expert.

 

Peter I take your point - this thread is about FD-ISR. But Lusher has made a claim which suggests/argues that FD-ISR Freeze is somehow inadequate because of some points made by "Joanna". I do think he ought to be allowed to reply and explain these claims as the relate to FD-ISR Freeze. After all if he is correct then the fact that Freeze is no longer available in new versions of FD-ISR.

 

The file is dated 30 August so thought it was before. Presumably the Freeze option is obvious. I thought in the modified version you could only keep to snapshots but there does not appear to be any limit with this, or else I misunderstand it.