Regarding RollBack Rx

Discussion in 'backup, imaging & disk mgmt' started by bgoodman4, Jul 2, 2012.

Thread Status:
Not open for further replies.
  1. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Dear TS,

    Thank you for the above. Thus, it becomes the responsibility of HDS the maker of Rollback Rx to warn the user.

    1. About this rootkit.
    2. That it is legit.
    3. The purpose of this rootkit.
    4. How to protect against this rootkit, so that it can't be accidentally deleted either automatically by AV/Rootkit programs, or manually by the user, thus rendering the system useless and unbootable, which Rollback Rx is supposed to protect.
    5. Assure the users, once Rollback Rx is removed, then this rootkit is removed (deleted) too, thus it stops calling home.

    Best regards,
     
  2. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,230
    My level of expertise in things PC is limited so if my understanding of terms etc is also limited it should come as no surprise. I expect that more companies are and will continue to implement this sort of "security" measure as it gives them more control over their intellectual property. Is this a good thing? I guess it depends on your point of view.

    Personally I have no problem with Horizon having this piece of software on my PC. I actually trust them more now than I did even a week ago. The fact that they OFFERED to refund your money rather than you having to fight them for it is worth real points in my book. In addition while I have not had a lot of direct contact with the folks at Horizon the few times that I did (as a gold support member) they have always treated me in an understanding and professional manner. This has been my experience and when you get right down to it thats, for the most part, what I have to go on.
     
  3. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Wrong!

    They are legit ways to protect one's intellectual property. No company uses this crappy method, beside HDS. Your fewer is getting to you again.

    Wrong again, check your temperature for fewer. Neither they OFFERED nor I wanted to fight them for some measly sum. They were simply afraid of legal consequences, and I simply let them out.
     
  4. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    Mohamed, FD-ISR allows you to have up to 11 snapshots (10 normal + 1 hidden needed for the frozen state) on the boot partition. And unlimited archives everywhere you want.
    So you can have 10 different OSes or 10 different configurations, etc., ready to boot.

    Panagiotis
     
  5. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    I think that when a software company resorts on concealing a rootkit on a user computer, just to prevent the user from installing their software on more than one PC, that is bad business practice.

    Microsoft, Kaspersky, Symantec, Diskeeper, and few other companies monitor if their software is installed on more than one PC as per EULA but they do not resort on concealing a rootkit on the user's PC.

    Furthermore, RB Rx slows your PC down to a crawl, adds up to your boot time, heavily fragments your computer HDD thus degrading performance, it's quite expensive, it won't allow you to use your own 3rd party defragmenter and the company who makes this piece of software is somewhat arrogant.

    If planting and concealing a rootkit on someone's computer who installs your software is "not" a bad thing, then I should bring up the SONY's rootkit that happened a few years ago. Was that good business practice on SONY's behalf ?




    Carlos
     
  6. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    There is a way to get around this (at least if it is not damaged the hidden filesystem of RollbackRx).
    Steps to take:
    1. Install RollbackRX. After the first reboot and the installation/activation create a new baseline. Do not create any other snapshot (only baseline should be visible in your snpshot tree)
    2. Shutdown your pc
    3. Then create a normal image of your disk from a cd/dvd/usb (outside of RollbackRX enviroment) (you must load it before the disk). This will capture the baseline.
    4. Backup the 1st track of your disk (Or at least the first 24 sectors)


    When something happens to your baseline you simply restore your image and the 1st track and you're are ready to go (hopping that the subconsole and the hidden file table of RollbackRX remained intact).
    ps. avoid booting to your last snapshot because if it was caused by a malware it will happen again on your next reboot. Just save the files that you need and delete that snapshot.

    Panagiotis
     
  7. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    Carlos,

    While I'm no longer an Rx 'fanboy', you are off-base here. The primary purpose of Rx's MBR bootkit is to intercept Windows startup with the Rx sub-console which provides the means for restoring any Rx snapshot (so Windows can boot to it) plus some other functions, none of which have to do with 'keeping users honest'.

    TS
     
  8. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    Correct.
    -------------
    @ bgoodman4 and aladdin
    Guys cool down. No reason to fight over such things.

    ps. @bgoodman4
    Don't worry Easzsolutions sales do pretty well all over the world.
    Some of their main parteners out there
    http://www.horizondatasys.com/ (main american distributor)
    http://www.njanyue.com/ (main asian distributor)
    http://www.radix.co.il/ (main Israel and Mediterranean distributor)

    Panagiotis
     
  9. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,230
    Again you resort to insults and contribute nothing to the discussion other than your opinion which you present as fact. Perhaps its a language thing or perhaps its a cultural thing but either way its not appropriate.
     
  10. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,230
    I am not at all worried about anyones revenue stream. I am however concerned that folks who could possibly benefit from the program, as I have done, will be prevented from trying it due to the statements of a few who have a grudge against the program or its developer.

    Anyway I have posted my opinions and detailed some of my experiences with Rx, if this is not enough to add some balance to how Rx & Horizon are being portrayed so be it.
     
  11. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,230
    I thought it had to do with activation. Thank you for the clarification.
     
  12. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Barry, you need to take a nerve pill or smoke some of that Californian stuff you once profess to do so. Chill man, the stuff is good for you! ;)

    First you insult me by opening this thread and specifically referring to me in your OP. Now you insult my culture and people. Careful you can be accused of antisemitism. LMAO!

    BTW, Arabs are Semite too!

    Anyway, according to my best friend Panagiotis advice this will be my last post on Rollback Rx in this thread. I will not feed you .................

    Best regards,
     
  13. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Dear Panagiotis,

    Thanks for the above correction. Being a very new user of FD-ISR, I am learning everyday new things.

    Best regards,
     
  14. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Dearest Panagiotis,

    Excellent advice my friend. Many thanks! ;)

    Best regards,
     
  15. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    This is the main reason why I'm still using RX together with Shadow Defender. SD (for as long as its rootkit resistance still lasts) is my safety net for the 'kits that RX alone has no defence against.

    Regarding the RX 'rootkit': Of course any program that is MBR resident can be classified as such. I don't think that it has anything to do with activation though, it's just there to enable access to the console and allow the user to load a snapshot before Windows loads.

    I think that the program itself checks online and verifies the registration details after Windows loads. In the past I have noticed the RX icon appearing in the system tray first, sometimes before everything else. It may be doing this even before the firewall actually kicks in, to check and verify registration.

    This icon is the same as the normal RX system tray icon but when you right-click it there is no menu popping up. When I saw it coming up I thought at first that it was the regular RX system tray icon coming back (which I had already disabled in RX settings), before realizing that it was probably validating my licence; so I let it do this for a couple of reboots.

    I then disabled my network adapter in Windows (by going to the Network and Sharing Center in Control Panel, right-clicking on the adapter and clicking Disable). I now always boot with my network adapter disabled and the cable unplugged, to stop RX (or anything else) from snooping around. I have placed a shortcut for my adapter on the desktop, and before going online I plug in the cable and right-click the adapter icon enabling the thing. I leave the cable plugged in for that specific Windows session, disabling my adapter when I no longer need to be online. Before turning off the system I always make sure to disable the adapter and unplug the cable again. On my laptops I make sure to have wireless always turned off via their hard switch, enabling them access only when needed.

    That RX icon still pops up every now and then when I start the system, but with my network cable unplugged and wireless disabled there is not much it can do. I can't understand why this is happening though, I had already let it verify my licenses when I first bought the program and surely it has to do this only once; so why does it have to keep popping up every now and then?
     
    Last edited: Jul 11, 2012
  16. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    Another irritating thing with RX: I always have Remote Desktop disabled on all of my systems. After installing RX I realized that it had automatically set the Remote Desktop option in System Properties to its middle option: Allow connections from computers running any version of remote desktop (less secure). Changing this back to my first option (Don't allow connections to this computer) and rebooting doesn't work, it reverts back to the middle option. After uninstallling RX the problem stops, proof that it is RX that is doing this. I wasn't feeling safe with it resetting my choice, so I have now disabled two services in order to be on the safe side: TermService (Remote Desktop Services) and UmRdpService (Remote Desktop Services UserMode Port Redirector).

    I haven't seen anyone else noticing this or posting about it. Why the hell RX needs remote desktop for?? WTF Horizon?? o_O

    RX is a lifesaver for overclocking (undoing of crashes) and for testing software across several reboots, but quite frankly I don't like programs snooping around and forcing their own security settings on me. When the new Comodo Time Machine comes out I will most certainly switch to that - if it's any good.
     
    Last edited: Jul 11, 2012
  17. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,230
    CyberMan969

    If you right click on the taskbar icon you will see that there are a number of functions that can be initiated such as taking a manual snap or initiating a rollback sequence.

    I find your other observations very interesting and I would like to see some response from HSD. Would you consider posting these observations and questions on the HDS Rx forum? I would love to hear what they have to say about this.
     
    Last edited: Jul 10, 2012
  18. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    You misunderstood me. I already mentioned that I always have the RX system tray icon disabled . The icon that appears on the system tray on startup is identical to the normal RX system tray icon, and it occasionaly loads first before everything else. There is no right-click functionality on it, and it disappears after a few seconds of (assumingly) trying to call home.

    After each RX installation I have let it do this a couple of times (with my internet connection on) with no ill effects, I assume it goes online to verify registration details. But I don't get it why it keeps coming back on some (not all) startups. Most people leave their normal RX system tray icon enabled so they wouldn't notice it, they would assume that it is the regular RX icon loading.

    I would love to hear HDS's comments on my observations but if they want to reply they can come and do it here, a neutral forum and not one that they control. As customers we deserve better than their silence.
     
  19. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,230
    Understood regarding the taskbar icon. As for the other thing it would be nice to find out what is going with this.
     
  20. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    I feel the same. Unfortunately HDS has never really been forthcoming with information in the past, and I don't anticipate them doing it this time either...
     
    Last edited: Jul 10, 2012
  21. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    It will be interesting to see comments by Panagiotis, Mohamed, and Froggie regarding the things I mentioned on posts 115 and 116. These guys are very knowledgeable with RX, and I'm looking forward towards their input.
     
  22. MarcP

    MarcP Registered Member

    Joined:
    Jun 9, 2009
    Posts:
    737
    I can confirm your findings in post 116. I have RBX as well so I decided to give this a try.

    I disabled remote desktop, rebooted and it came back enabled everytime. Tried that 3 times. Everytime remote desktop was re-enabled.

    I uninstalled RBX and this is no longer happening.

    This is a surprise impact of RBX that I don't quite understand. I will not reinstall RBX.
     
  23. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    I just wish there was another true rollback app compatible with SSDs. If there was one I'd drop RX myself in an instant. At the moment disabling the two services I mentioned will have to do.
     
  24. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
    About Remote desktop.
    As long as I remember from 8.1 was like this.
    It is documented in their knowledge base. If I remember correctly you have to change the "client.dll" in another name/or extension like e.g. "client.dll.bak" or you can even delete it.

    About the online activation check
    It happens at least once a day or after a logon as soon as there is an internet connection active. I do not like it at all.... but I do not think is a big deal either (there are a lot of paid apps that do the same).

    Panagiotis
     
    Last edited: Jul 11, 2012
  25. MarcP

    MarcP Registered Member

    Joined:
    Jun 9, 2009
    Posts:
    737
    I found the knowledge base article. Makes sense now.

    Article
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.